From 3ba991b9bcb65153477768fb7725e1f3969fbef1 Mon Sep 17 00:00:00 2001 From: v-sudkharat Date: Fri, 15 Sep 2023 16:08:44 +0530 Subject: [PATCH] Checking GitHub validations for a Solution --- .../SpyCloudBreachDataWatchlist.json | 117 + .../SpyCloudBreachDataWatchlist_CL.json | 81 + ...pyCloudEnterpriseProtectionBreachRule.yaml | 53 + ...yCloudEnterpriseProtectionMalwareRule.yaml | 68 + ...lution_Spycloud_Enterprise_Protection.json | 26 + .../Package/3.0.0.zip | Bin 0 -> 31483 bytes .../Package/createUiDefinition.json | 145 + .../Package/mainTemplate.json | 7412 +++++++++++++++++ .../Custom Connector/azuredeploy.json | 2056 +++++ .../Custom Connector/images/logo.png | Bin 0 -> 2863 bytes .../Playbooks/Custom Connector/readme.md | 55 + .../SpyCloud-Breach-Playbook/azuredeploy.json | 484 ++ .../images/deployment.png | Bin 0 -> 18105 bytes .../SpyCloud-Breach-Playbook/images/logo.png | Bin 0 -> 2863 bytes .../images/steps_to_configure.png | Bin 0 -> 33463 bytes .../SpyCloud-Breach-Playbook/readme.md | 51 + .../azuredeploy.json | 491 ++ .../images/comments.png | Bin 0 -> 82425 bytes .../images/deployment.png | Bin 0 -> 18105 bytes .../images/for_each.png | Bin 0 -> 11975 bytes .../images/logo.png | Bin 0 -> 2863 bytes .../readme.md | 50 + .../azuredeploy.json | 536 ++ .../images/comments.png | Bin 0 -> 25427 bytes .../images/deployment.png | Bin 0 -> 18105 bytes .../images/for_each.png | Bin 0 -> 10025 bytes .../images/logo.png | Bin 0 -> 2863 bytes .../readme.md | 53 + .../azuredeploy.json | 491 ++ .../images/comments.png | Bin 0 -> 85529 bytes .../images/deployment.png | Bin 0 -> 18105 bytes .../images/for_each.png | Bin 0 -> 10025 bytes .../images/logo.png | Bin 0 -> 2863 bytes .../readme.md | 53 + .../azuredeploy.json | 361 + .../images/deployment.png | Bin 0 -> 18105 bytes .../images/for_each.png | Bin 0 -> 10025 bytes .../images/logo.png | Bin 0 -> 2863 bytes .../readme.md | 47 + .../azuredeploy.json | 519 ++ .../images/comments.png | Bin 0 -> 20222 bytes .../images/deployment.png | Bin 0 -> 18105 bytes .../images/for_each.png | Bin 0 -> 10025 bytes .../images/logo.png | Bin 0 -> 2863 bytes .../readme.md | 55 + .../azuredeploy.json | 686 ++ .../images/check_managed_asset.png | Bin 0 -> 29855 bytes .../images/comments.png | Bin 0 -> 77253 bytes .../images/deployment.png | Bin 0 -> 18105 bytes .../images/for_each.png | Bin 0 -> 10025 bytes .../SpyCloud-Malware-Playbook/images/logo.png | Bin 0 -> 2863 bytes .../images/update_user.png | Bin 0 -> 22599 bytes .../SpyCloud-Malware-Playbook/readme.md | 51 + .../azuredeploy.json | 718 ++ .../images/deployment.png | Bin 0 -> 18105 bytes .../images/logo.png | Bin 0 -> 2863 bytes .../images/parameters.png | Bin 0 -> 25220 bytes .../images/recurrence.png | Bin 0 -> 10690 bytes .../SpyCloud-Monitor-Watchlist-Data/readme.md | 56 + .../ReleaseNotes.md | 3 + .../SolutionMetadata.json | 15 + .../SpyCloud Enterprise Protection/readme.md | 88 + 62 files changed, 14821 insertions(+) create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/SpyCloudBreachDataWatchlist.json create mode 100644 Sample Data/Custom/SpyCloudBreachDataWatchlist_CL.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionBreachRule.yaml create mode 100644 Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml create mode 100644 Solutions/SpyCloud Enterprise Protection/Data/Solution_Spycloud_Enterprise_Protection.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip create mode 100644 Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/steps_to_configure.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/comments.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/for_each.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/comments.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/for_each.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/comments.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/for_each.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/for_each.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/comments.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/for_each.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/check_managed_asset.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/comments.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/for_each.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/update_user.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/azuredeploy.json create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/deployment.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/logo.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/parameters.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/recurrence.png create mode 100644 Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/readme.md create mode 100644 Solutions/SpyCloud Enterprise Protection/ReleaseNotes.md create mode 100644 Solutions/SpyCloud Enterprise Protection/SolutionMetadata.json create mode 100644 Solutions/SpyCloud Enterprise Protection/readme.md diff --git a/.script/tests/KqlvalidationsTests/CustomTables/SpyCloudBreachDataWatchlist.json b/.script/tests/KqlvalidationsTests/CustomTables/SpyCloudBreachDataWatchlist.json new file mode 100644 index 00000000000..e8af541191a --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/SpyCloudBreachDataWatchlist.json @@ -0,0 +1,117 @@ +{ + "Name": "SpyCloudBreachDataWatchlist_CL", + "Properties": [ + { + "Name": "Document_Id_g", + "Type": "Guid" + }, + { + "Name": "Domain_s", + "Type": "String" + }, + { + "Name": "Email_s", + "Type": "String" + }, + { + "Name": "IP_Address_s", + "Type": "String" + }, + { + "Name": "Infected_Machine_Id", + "Type": "Guid" + }, + { + "Name": "Infected_Path_s", + "Type": "String" + }, + { + "Name": "Infected_Time_t", + "Type": "DateTime" + }, + { + "Name": "Password_s", + "Type": "String" + }, + { + "Name": "Password_Plaintext_s", + "Type": "String" + }, + { + "Name": "Severity_s", + "Type": "String" + }, + { + "Name": "Source_Id_s", + "Type": "String" + }, + { + "Name": "SpyCloud_Publish_Date_t", + "Type": "DateTime" + }, + { + "Name": "Target_Domain_s", + "Type": "String" + }, + { + "Name": "Target_SubDomain_s", + "Type": "String" + }, + { + "Name": "Target_URL_s", + "Type": "String" + }, + { + "Name": "User_Hostname_s", + "Type": "String" + }, + { + "Name": "User_OS_s", + "Type": "String" + }, + { + "Name": "Username_s", + "Type": "String" + }, + { + "Name": "TenantID", + "Type": "String" + }, + { + "Name": "SourceSystem", + "Type": "String" + }, + { + "Name": "TimeGenerated", + "Type": "DateTime" + }, + { + "Name": "Computer", + "Type": "String" + }, + { + "Name": "MG", + "Type": "String" + }, + { + "Name": "ManagementGroupName", + "Type": "String" + }, + { + "Name": "RawData", + "Type": "String" + }, + { + "Name": "Type", + "Type": "String" + }, + { + "Name": "_ResourceId", + "Type": "String" + }, + { + "Name":"Infected_Machine_Id_g", + "Type":"Guid" + } + ] +} diff --git a/Sample Data/Custom/SpyCloudBreachDataWatchlist_CL.json b/Sample Data/Custom/SpyCloudBreachDataWatchlist_CL.json new file mode 100644 index 00000000000..bc4325fb60c --- /dev/null +++ b/Sample Data/Custom/SpyCloudBreachDataWatchlist_CL.json @@ -0,0 +1,81 @@ +[{ + "Document_Id": "a888d0f7-5688-471e-8230-8fd5ab903289", + "Domain": "example.net", + "Email": "sanitized@sanitized.com", + "IP_Address": "82.66.91.250", + "Infected_Machine_Id": "833ca19e-bb6e-4b42-867c-d4da26f5e47e", + "Infected_Path": "C:\\Users\\Pc\\AppData\\Local\\Temp\\Rar$EXb17664.13499\\Setup.exe", + "Infected_Time": "2022-05-26T00:19:15Z", + "Password": "password", + "Password_Plaintext": "password", + "Severity": "25", + "Source_Id": "45775", + "SpyCloud_Publish_Date": "2023-07-21T00:00:00Z", + "Target_Domain": "", + "Target_SubDomain": "", + "Target_URL": "127.0.0.1", + "User_Hostname": "DESKTOP-R9UHSL2", + "User_OS": "Windows 10 Pro [x64]", + "Username": "" + }, + { + "Document_Id": "f4328f85-9d5d-4bdc-bd31-fb21844347eb", + "Domain": "example.net", + "Email": "sanitized@sanitized.com", + "IP_Address": "154.118.62.47", + "Infected_Machine_Id": "04a30194-1e78-4bbe-bbcf-927c5a7ff9a3", + "Infected_Path": "C:\\Windows\\SysWOW64\\explorer.exe", + "Infected_Time": "2021-11-10T21:52:27Z", + "Password": "password", + "Password_Plaintext": "password", + "Severity": "25", + "Source_Id": "45775", + "SpyCloud_Publish_Date": "2023-07-21T00:00:00Z", + "Target_Domain": "sidjisanggarrias.my.id", + "Target_SubDomain": "", + "Target_URL": "sidjisanggarrias.my.id", + "User_Hostname": "DESKTOP-I2737MG", + "User_OS": "Windows 10 Pro [x64]", + "Username": "" + }, + { + "Document_Id": "62a47fd6-4c00-4e11-9ee1-d0d3f9b92d2a", + "Domain": "example.net", + "Email": "sanitized@sanitized.com", + "IP_Address": "41.199.16.142", + "Infected_Machine_Id": "40c31de2-d2ad-4f3b-9a7b-0506578cdd03", + "Infected_Path": "C:\\Users\\CHOICE COMPUTER\\Downloads\\pswd_9787_portable-setup\\Setup.exe", + "Infected_Time": "2023-01-27T21:50:06Z", + "Password": "Chancery1", + "Password_Plaintext": "Chancery1", + "Severity": "25", + "Source_Id": "45775", + "SpyCloud_Publish_Date": "2023-07-21T00:00:00Z", + "Target_Domain": "cytonn.com", + "Target_SubDomain": "stage.careers.cytonn.com", + "Target_URL": "stage.careers.cytonn.com", + "User_Hostname": "DESKTOP-R2LML9F", + "User_OS": "Windows 10 Pro [x64]", + "Username": "" + }, + { + "Document_Id": "7720e6ec-ab63-441d-9b06-7551e45f8ca3", + "Domain": "example.net", + "Email": "sanitized@sanitized.com", + "IP_Address": "41.199.16.142", + "Infected_Machine_Id": "17ccfce3-b74f-4dbd-abd2-5f879caa7068", + "Infected_Path": "C:\\Windows\\SysWOW64\\explorer.exe", + "Infected_Time": "2021-02-11T01:45:46Z", + "Password": "password@admin$", + "Password_Plaintext": "password@admin$", + "Severity": "25", + "Source_Id": "45775", + "SpyCloud_Publish_Date": "2023-07-21T00:00:00Z", + "Target_Domain": "", + "Target_SubDomain": "", + "Target_URL": "127.0.0.1", + "User_Hostname": "DESKTOP-Q8BDVTN", + "User_OS": "Windows 10 Pro [x64]", + "Username": "" + } +] \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionBreachRule.yaml b/Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionBreachRule.yaml new file mode 100644 index 00000000000..7251d4c1aa7 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionBreachRule.yaml @@ -0,0 +1,53 @@ +id: cb410ad5-6e9d-4278-b963-1e3af205d680 +name: SpyCloud Enterprise Breach Detection +description: | + 'This alert creates an incident when an malware record is detected in the SpyCloud watchlist data' +severity: High +requiredDataConnectors: [] +status: Available +queryFrequency: 12h +queryPeriod: 12h +triggerOperator: gt +triggerThreshold: 0 +suppressionDuration: 5h +tactics: + - CredentialAccess +relevantTechniques: + - T1555 +query: | + SpyCloudBreachDataWatchlist_CL + | where Severity_s == '20' + | project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, IP_Address_s +incidentConfiguration: + createIncident: true + groupingConfiguration: + enabled: true + reopenClosedIncident: false + lookbackDuration: 12h + matchingMethod: AllEntities +eventGroupingSettings: + aggregationKind: AlertPerResult +alertDetailsOverride: null +entityMappings: + - entityType: Account + fieldMappings: + - identifier: FullName + columnName: Email_s + - entityType: Account + fieldMappings: + - identifier: Name + columnName: Username_s + - entityType: IP + fieldMappings: + - identifier: Address + columnName: IP_Address_s +customDetails: + Document_Id: Document_Id_g + Password: Password_s + Password_Plaintext: Password_Plaintext_s + Source_Id: Source_Id_s + Domain: Domain_s + PublishDate: SpyCloud_Publish_Date_t +sentinelEntitiesMappings: null +version: 1.0.0 +kind: Scheduled diff --git a/Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml b/Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml new file mode 100644 index 00000000000..53d5b8e42bb --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml @@ -0,0 +1,68 @@ +id: 7ba50f9e-2f94-462b-a54b-8642b8c041f5 +name: SpyCloud Enterprise Malware Detection +description: | + 'This alert creates an incident when an malware record is detected in the SpyCloud watchlist data' +severity: High +requiredDataConnectors: [] +status: Available +queryFrequency: 12h +queryPeriod: 12h +triggerOperator: gt +triggerThreshold: 0 +suppressionDuration: 5h +tactics: + - CredentialAccess +relevantTechniques: + - T1555 +query: | + SpyCloudBreachDataWatchlist_CL + | where Severity_s == '25' + | project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, Infected_Machine_Id_g, Infected_Path_s, Infected_Time_t, Target_Domain_s, Target_SubDomain_s, User_Hostname_s, User_OS_s, Target_URL_s,IP_Address_s +incidentConfiguration: + createIncident: true + groupingConfiguration: + enabled: true + reopenClosedIncident: false + lookbackDuration: 12h + matchingMethod: AllEntities +eventGroupingSettings: + aggregationKind: AlertPerResult +alertDetailsOverride: null +entityMappings: + - entityType: Host + fieldMappings: + - identifier: HostName + columnName: Infected_Machine_Id_g + - identifier: DnsDomain + columnName: User_Hostname_s + - entityType: Account + fieldMappings: + - identifier: FullName + columnName: Email_s + - identifier: Name + columnName: Username_s + - entityType: DNS + fieldMappings: + - identifier: DomainName + columnName: Target_Domain_s + - entityType: DNS + fieldMappings: + - identifier: DomainName + columnName: Target_SubDomain_s + - entityType: IP + fieldMappings: + - identifier: Address + columnName: IP_Address_s +customDetails: + Document_Id: Document_Id_g + Password: Password_s + Password_Plaintext: Password_Plaintext_s + Infected_Path: Infected_Path_s + Infected_Time: Infected_Time_t + Domain: Domain_s + Source_Id: Source_Id_s + PublishDate: SpyCloud_Publish_Date_t + User_Host_Name: User_Hostname_s +sentinelEntitiesMappings: null +version: 1.0.0 +kind: Scheduled diff --git a/Solutions/SpyCloud Enterprise Protection/Data/Solution_Spycloud_Enterprise_Protection.json b/Solutions/SpyCloud Enterprise Protection/Data/Solution_Spycloud_Enterprise_Protection.json new file mode 100644 index 00000000000..d042f068302 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Data/Solution_Spycloud_Enterprise_Protection.json @@ -0,0 +1,26 @@ +{ + "Name": "SpyCloud Enterprise Protection", + "Author": "SpyCloud", + "Logo": "", + "Description": "Cybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.", + "Playbooks": [ + "Playbooks/Custom Connector/azuredeploy.json", + "Playbooks/SpyCloud-Breach-Playbook/azuredeploy.json", + "Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/azuredeploy.json", + "Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/azuredeploy.json", + "Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/azuredeploy.json", + "Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/azuredeploy.json", + "Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/azuredeploy.json", + "Playbooks/SpyCloud-Malware-Playbook/azuredeploy.json", + "Playbooks/SpyCloud-Monitor-Watchlist-Data/azuredeploy.json" + ], + "Analytic Rules": [ + "Analytic Rules/SpyCloudEnterpriseProtectionBreachRule.yaml", + "Analytic Rules/SpyCloudEnterpriseProtectionMalwareRule.yaml" + ], + "BasePath": "D:\\GitHub\\Azure-Sentinel\\Solutions\\SpyCloud Enterprise Protection", + "Version": "3.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1PConnector": false +} diff --git a/Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip b/Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..c1bba90795de56d33d05b283be338ca37e4db033 GIT binary patch literal 31483 zcmY(qV~{4k6E(U!w#^;e_Kxw4ZQHhO+qP}nwykGu?ft#~i>h0dRMID%u6*d~ld7D^ z13nF z0FzWDb+}B~xtY!O3(;Oag;I&yyo2(Y8t2205;oo80s9-*9<2Hp zX>XW{J>Q@><#CtGt2#mq&jLh5zk!Icu&`^-To@Yl(Kc(U^^+KO+?ish5PP*DO$%R8 zzfOyq6qd?A2K4f2!z8J&S6p9ZYty)=N*C**qMW83DBIAcBU0;*TE2L7n**)w|4#IB_WN9%Dz7kzwuMuQ$10bYUVH&Zkk2ft)! zC3iN}M!9}BKwuJq8ap%KEnZ(8oolrwx90}vu<`J7^T(D<;GBw1^~9xv%1W= zr0s|nvVlk$iXGuIN>-6Bn!9QsCRXX3?hX-*QA>Zb9nh7f+Rv;_WLmqFqOCvylXs-+ z(A3(>;}KGKGyCf`X-r-!lm}3uV@9s-?uz|&*sw%1{;o*Vj_GH^=J4*gxDtfO7l4sA zfRXLsq}%ZGgSLGYVCu1iiq|Spgv1wdfoRiGJ#PKhIu8(I@Om&LBTY(9kRn++3048RipLGXo3rZHi+ohR?!^y#+ClFmqf&4i`OLOr~(m3N7U z?w8YeHOr7!UX~uUCRx{XC-;F?hOskQ^>>I68pBa?ZnmltK^NujP%f+mdo9=Hd7>DW z?=2Hp%--PjB1zz6MaQv=VlVpGyUfeHuU%!GH^;<}krI0y#h){)%c^Q_dD!BOzusQ# z=g!=)P6Z67w~4vPVHcey+A^gp(W^@u^W!egA@G{mqB&Dc+8J-FrNFB*f;b5gd5SI` z#8l@7E6Qy%tQGif5hZ?XmJP)shZTj}a^eui)N<2S{}prVMI@~#h~#^_*yxUuUiQg@ zh=@mYhua!}7G%aIY%V+~`29pOcT#-GnfqsmP$srF3y+W6f6!+a-)}rB3zGY8*ckir zyMpbVs?t78^S(r0WH&BU+klJ>#*MTvYM(GU!b@aNP!J>n+65X{nXPpER;&txR5RS( z4+Ujb3ytFT15})}&k;Ng64I2HFx4L~^?-@@9HM`KvXktAsp?$pdIGT^EB}Mz=@bvo zrUh~?PX4W`MfWS_FJrQ-TSUw|E@`t-|cvv+&jtSE>pb<=?={Spsu{$2jsha_kpSi`A}}bFMnd&Kn_NP&LWo zOX@*6AuAb|ocVd0=veHtt~1$%-WH>BI-iPp{pk`!h<0(|{piSJU5y?szL#mn`@@($ z8mrgP1H5H91qa)g*z|a<7bKlV5^NXk6_@Utuqk?16R3CPIm?xFQ4cXd7EyH1-#&J& z-~Bc8+}TwfF%>k$2wcwYnV|GKvP2?Nu7+hGGExd&6$DgK*e+xr&ehRS(UXVDT>^eWTU&eA%4g0L=`L|C#3hPDQ z|G+(q?opYZnDBt&rsk1VoP`R|$f#lOQ8tRw1?uHxL^Opt3i)l1V?*qwdH93(GhRPQ~5 zKSPOobq9HL?=hzT=*aqdS8GR?Xb^hPm?A>#d0It-BHd!J(5LJ+V57oREOVz41%y=w zhtM2K8{8FZ(0W6~{hk@+`y_hHY3%Hk+;M2;t|6P96OHVn$nyA_%zUFpCB zr-b4fUh#zGWDK?XFh|&Q6E6cIG!uZ6hxWcCt?f7dV7W@T9&s%^NmS|K2FlzA_4$Fy|Nr=%!Ti^;G8(f6RW}^R9R#)x_}eFQ)xA|85s~{`ctmD4bPYkL}X* z%(3ZpsajZ@^;GNM)NLF%(;RdM-J|YZkHjn$#feN6vMEq`Z~Q$Ftx6&q7MlN>-@mWE ze{p}%ewNIii+k1Igejk-o%FvHs5kPepG8%!rF0mPY$n?(f`{}j|m@S9mzf^Tm~cjDR5pOtjA#Q!<<-U3S3F=SW+ z{pKO>63jFBWW?ii5yiYBO3=jNS%b&(PB^?dTDLP?ih zW|B3}H$W`U^t#Rh%A@9a;HH<_3R^_J@;{Ni&0`@@E*BVGG=PZ%`2$mz8O5$M1m0Q% ze%qI`hp8>qa3onRF+dvRY&r~PCY5^VvMzdN zDph&na_VMa1vKaaBbdT1rpzNWlwtbdzih4?v^uZMlIEy8%ljy0UW{i~K+xKcnGDhm znV>4X63SM&%D}bc;6Glgk0d4}EyV=5N59~+-0e%~Mxtgi9Ri^=e4VSKu{l@pS8!>a zr^mYQC>ir~k#Ds)0-}!@w#gyfd>OyGtJ{X7tf=2dGd0Lpz;C7G(luSZw zTJP%hucl`1)65gHhwsHQxxU4-n=Hq{>BEi~%gNVb0l|;}!wk-)&cRx0Y7!+|?E2J1 zdgwDpz#3eQ5zN{j`9^9ga}W55W{83c_h3`X%f@wO(z|(-qd+(@y5;KX*2%1`D_q>ImWLNto1IlT(V-0Sgl-j528kQSL7y#|f6iwu z-K;;R(5Wfi^=8=Q^~1TPm5lIOd?EZ!T5+D6TjFs+ zecf?`PDQ1qd|Y6(JeO=w-?=rxa+@c|2I2y@`0j5J<@fPa+K9y%hLMeG7(FP*Fk_2l zDu%_5+)qn06#{WH%3UqcB>6 zRgF$)PjkSCs!CuqVtfb|Y)GZl=`;r|J0#U(qy{ZvDGk^(p{wYsgI5;GXgL9dV=DtW zP^{KV6B-Xo3yZ0n!qwAcy%~QzvMLhWGF(g-=*TAbOq;)KPRaeUlpoqU{2$sRY5cNa z|LYeI|L5qpw(yeTH(K290AFs+A4RY5l)hmO)MGmum7mteS=!DLk@v00)V`YSW4kD+ zpH>X{pH}k|J1c_|I~tvzz$WMS8*SxW(QpcpNUig!dS}rdLMrJ2NK|7p9u?PCsxa(t z!@_cF@u*2x+rmZ}GU_c@O6slV!p5HZ!p0nW>H&?|4QVBla5S`A(WVt8V^CguS8wL$ z1gM4x8yZb_VnR8jf*fV!O#>YFr>ls-W>h)}o(||mgp@x(+WbGjd6>o7L6}9^&OhL0 zRNR8^G=KyUCT+wb&pgNR12AZlnk4P99eX{+n2L%fh?5 zauJk!Mui1m_-pAo&?6j5W#lLHz%*B{EWMSI1)9#A< z!vWWl7**A3m97|;4*39K4bK z^^{)>7~7=(KqTMMX7xB!-puQY4y4_N;ff%8H}e1Vn#R{&yQ0Zz#U2*j^Pe4nWa%PL zjNGIhM;|CoNM^(FVkVGZ=E{y{q>R{`mX!S_4s9K@S6fZnyZAcD`zumd_L(E*{uInP zitA<1uGma}Nqr}&FC8NGuqDvr9P7s_azAXqCi^l(B235(H)|2(=zYg}gaq792{+)@ ztA}&h#sJy_IVi)T5eDJ$-e2L?9*Jh;zio=)oxWJ7kmN37c3g3vXlFU1-$Om?e^$%I zczr`m)=AIN@R~olp5uGy6yVdl`wl0lNCwwO4b{v2I`B&;C9( z3NhtYBA!B$yiI)2bHl?xrPZ(??LCK|MjBF-Gp{VR(QH_=3mB(G4sBWLoCtg*3 zg_|Z_tw^3R?ed1Q7q5y<%Y!yRgyVcse2YvE#ADZd&}Q(gol!zRNbG z=8JlMj%Q$sKa%bpanY@nsM2uPC}2lx4@rE^cP7Sx!mEXXIrF7>XODo1xtdPM9%l#N>a3;a=2VlAGDQF*_aI$3%AxKL2r3dxJQ z+S(nk!SwC=`u(qMZ*Obl-#0PBr`Fxn#cYz}9q`6dxTm^xu6K{ss;A}%C_B+uyb8Ry z-EAXzfBgV*D0T28UVV(DF__Ug-3}&pg^l&)#d2echv{`a96avNb8->_^Ugo#9v%@- zj_Z3C7ilO=N)#*oe0B&_HE~y_X3~06mdf@@o);Q^lrOIZ?AH3syUIAW5P7!Dy2QKG z1bTCBfIeLRT%T2T`M3nQ-X2c!{Tvs4c6<1^*FRTN>=0c0?#)gCd5>37QO}njcN!bZ zQox0QT|@u@zHKV^_vBrdF1AXQme$P6WX8QG(|MNXQg!llqq*;1L+d6+_iJTOYOC^5 z)WdS0FPERr`%jS{3yR$;Pv6vQ5peC1q{h+NyJdH`v(IBaAth?d#%g)H>I#u#ZqWxQ z*ug-PhUoVFIqBop!)!g32Kh~*|29=Kd*yoe^kZvQ-n**$QF6A{^BmjD;@#ut&bL`# ziJ8)?&eTizax=N;_Goa@^3!O+=4U6>6IA-+T&ufm>#BMw9+xwF^f+3x$a-8=r{!Y) zczg&a=I7$RuxD9!y*+iQb|KkY35a7zshYg)T=Ar?NUM2{Vo?1y>3ZSx-r*DYeChPF ztJVgpO)-dZmsk# zpnT48xaoQArR2xj%9DUOBS1O4gc^Hjj*M8=a`A zq6I8sjQOL%h-lf#;F8cU)*b9R=>&TbL4W~O8Sx38+ho2FIG zJ}(b0|9)yeij=zCJ9(?%?P}>~ZS!iaRGz1Te3{-HR$5wRtBQa#X+tk@Ge@_tB}ESn zn>Yw1pDDNETUlCNaba_7dedEdrxIMeTdA8lniY-zyxh4wH&qdHkL^HPT6`b>OEzz= z^4!z_Y){<9dlg{sMqh2~(_YrW*qtUUq5E{2gCi1;sVd?kzetsy`%`8U`F$yWQ@|t@wU^8`G7L>d7Uc1q2jotcNfBN`x z;`@E-@%b}#buU`yRjY?*$&t3D5??VX&)0kIyu1)Zno3QRGCB1se012N!neoHvAK7f zeCbp3;j*PE@ConjOxkPfDi${;Fe#2SqS&T4g$dck!6DF!cw1S=Q6%ei^59@3j*mbP zsz>j)&6i4ZSoJ2a^t{^U3gpOskF|^&owTW02I}o)_t>WO+PQEGi&EL`*}-qRTr{@% za#_FV5rzg4;?8`>tX`NtLuUE`3&FfCYn7iLOfMb|PX9}=pSv15TSSCgQ5T=b3f{Mm zhaM+J%>}fJgS(U0gw;;3-&`rWdVmto@2~4ZIDW6^vC@yD+9n_Fbx*$DuI;4CvXZ2* zGO7RQ&SPVV07Avc$o|8tgwA60T)*h2-J{RX?f&!0(7g3?aiMK1rK(P!QG4xpuV*05 zag4Lkm++^3eK(mKUv#hg8lkl+i^k+=Qoe;b-eg>ihcA%df}BIpmzD zd#e&KqX2AU;>AsQHj;Vo)mxF1n)|M!`#!j;>h5UZ*?jX<1Lp1BR{x_+3GET*1ngWQ zVgjdTXRKP_3^%$deY}9SI<`8!fwFvBdmUVxl=yYGYO`%|d8*5i9($@UYa?S}HP2NK zvD}_a2%Q{le+b)pY7Sl>WUs1hZLHyFXjY^~>MOl)YtB--Dn0IK0c#JdT#Ro!q2Oq)1xc99m`v5AnyvG zP0y;&?uC0R)Zl4NuXjbNv7_BQ~X#N=oz z?K`SQv%}MYi+b66d$joou>T;I!N*7uOobEmUnU2A0tVOptjZGZ&? zQCHcRV4bOM?B83R-RtLCgx62Y$Gew81Z!RPUjD$+^>t2PuDV@99C3;n-1{+u79F5+ z{A`^%O^KohfP*0V?BJ2ynxsz)lH(PTLtKFR&;ocxP_0!}+>^Q`x6_1abm!UoExh|x zY2*6zGTUiBG5L%L`0!-#*-K_O@wxqaaw)S=N!k2%Q}S$Y*YfiBm@>gBS6g>dHexz%!;j)SzMr=l?_ohtGPEMstu()@Ix0j)4Wc zs?k$pDNA8tmOZUX6)rceeLGhSh;@6@XEQlxz_m;JE>ujENZcaOWbe1d$Fq&4q3X>AM!OJg+G+mjlAIL5G* z^Dq_auEOu_smt|aI$osK4A=ANxps~lFOXkdE_aef=W<){sAAi@+8g}@d32#^P0)tW zUoC){71Yapp7zG}mcotkx)y4i z?!K<6Th{NYX`V~IT=4;ZNi)yQ>P_R$cz^HKu1VoHeK6v=q(oKO@p$T0_g?Qw&8!Y> zL~U3hp!qm&Zq#mD`+UB%tX0GNr4g(IJ?sX#s|ajVe2=yoz6*L(x)QuXXzj$<@#sMc zc-D2TEG5k(m}erUYIM*6{kC>_xe3+(EAn-5Wr^JGY<_r8V)ZYoepSZXufBvWD|HN` ztGgKpuDWOEZf5O@K9p@*dwRXQh?aB}&y7ExOSjnNwz0$yi)gI+2@_Z4b!y6v828w+_i`m%r=&` z%x<@s5c(-^v27P7Oo^~h6K?v=Wx+iU^|kvGFo)L0C6zH9Iy!{<*D$|9Wc?!^ZsH*Q z&9S%+9bV+d)vPvbJ{%1PO{xsD^;@IxnGeXVLC@p&>FAR)Ij=P>J37ejz1LGv-j@Zg zu%x&VBab+Bp~)~tJ`#_h@W>aext;NgCzAasXs)g-=7M`BLql|i?+q`yPs!a&n&T1& zoGXGde-I@uiJ6d#&?KxoTDJhUw4-%-A12vC^=5|8pM|keZ3R%=ob4fYsl{>iMq30W zNJ*qABIC`it0=gS!EVA1jlt1{>P*p6Zh+%8)>dqW%k~+RT&qJI@*0s**;m>ff6B*b zub$8u)l8SNwn}IoLouSa5gafsFV&)_xNq1s8p3J3;fXXoG1=V5 z!*Wby)X_+vqnIuDx3Devjt7i3-1Z&)E%=9D(GVW}bfJirOxeqr ztJ<6uuuL3v*fAjv!b*(jC=9l9%W;}#qk-Q;F(KO6QMj<%>h&=p0ZNa*r6C?@IPmz( z5B^^I(N@3zg-DMZBAVYsgNq0bq;6s**%o5le)RWiXG);)axe3ifj_D$;vBvP9_q0m@FE%XfnQ zev*S|F4(@pjJXv2*JT0WuhvB(k`{0BNO-uV9gL}nBK)GpCi0_10iF|@+eM z-2PWObT(a=CH=KkI{{Oh4uAM7Nu~A6;X2*yIhdKVkn+wQs}@;hO!hVEWad#5tK4Z? z*v|mHc6K>_g^3jKofGHWGw)(FfPr>1@Rx=6>>G{`Ml#_)#jM%v30& zI)>beXBcNfFFadv(_+a$Q$|J8LaN`jm){#fqq*0(i0KE~^y9l7 zf;QWyAAfU|8H_l6*ph(!xI-!~lW@mQn&BR0XT6drR?YeKB9jyuKX5o8!bzdvrlgc8 zi>P@ioI{({Oxf!-PVwUX-D5_tD}ClLpU_ArEzHo06pocKP`p~0t#C9l2H!;)XI%yp zSX#yr!ncsznHf9(juk3*H~%lH8U>VQWLfY9@6S<8_n*`zBUsWB7G%!9HSbW;nfw## z*+Q=asWl*rv*+{(2E-r+%@O;~316{Vu6!yKWSVSzT<~P`EZ8fT9Ar5*%%k9go28l=&4*Ck%Cj57F z>uIQ=p&}RUpMC{`4r^=%QbqU_)U;Ih7H5Y3%GmB*wMDun6QWQ~N%(^xsv%ffeYc&Y ze4v4%SxDV%0=is4bf7ssyJfSkZakun&iW?rC)N(qNX0u9N&GZi0Jh^yrm}dFx`epW ztW(-G&{y1(&|Pzc5kYPTS4~bT`ixVLJ!`vz1V(y^6b=iP5@7vT!EI%9Iapwx99}OY zvnP_oz0fXN4U*3)f7#2=>D=hcR4LE~CJ@#=lWtFnTV|88Rlk#wexyZMu)tOc2|wOZ z14p37lv*NJ&Iy%5FG~rN+Ro1Us^hjmf&c{Kqn#JF<$ka%X_7?vkR*F z8u1ae^lwwf!bAfka!jdc99Ana}#b1(K zc*RTzaALPEqhOr_ssrmoz%vf9Kwu0-Cg{fT3*PvNc~z2+_`-$_NQbkI&^|d9`35=q zvEw=}niyl~mtC+I+^}=zyusGuR<)L*lz%{?bN#x{#w7=LWO{f`VihZQ4otbysK#23 z8sdVxQ+nU}hs{Jjj{NfqmzF3rkB#^$yi&i>N|80W81YRkMNSrxk;b%QdX9Tr8^!0K zz3?ya!j=FC1jZ%xp12W|qhOjv`QgAa*z->2bW;2SB#8+9+WJe#k+XGzNVpgS9+Qm( zKz=W=j}UypR=kaQK)F~M11rub`ro=^L6@-PCT4bJ_zSiU7WOxPYA6N zCH;>63g-dEW_%_k9#&LoAWwcn2k9C&V&-$dZOOY~T-n~t;MHM~Z<%75_7+7u$Pz%+|j-8S~q9{juiB`o+gD8 za6^-Cj3UN^kds6e(CjQ2=4@n+{yo=ZaI0mqA+8#w2BE*dm@Bz%S6-XG+4#wn8J*gS7%l2e1ZFVmK9-Rp@mAzf5qHFvj{k@OL@!@yr)oDWU?Ow4I> zEQ>l%tdHdufIW|0P{3E^^k=@MMz>YxdZ3ZFo zS^F*ZNkB!Fk34BQ!LxYzdK$WIYp|=~FGPF*rSb|Z_J!cz2{Qm3uEWTNFlI1{dM&Gw zE{cl>pU;k;2OoHq+bI}HtA*Ispa-AbYDN@0IoUlkv&in`3ZDdmNE1gIpWcEzC7eqf zZ@qaIB4JP2`J??@hKtBA>d8`pU$cL0r|Xt7I01SU4 z_^%n8Nyf67jSS-VVQy^cGrYi@Yw}0;&6h5EYXtBXHB0^X zW5tnR!tfAy_G4K07SG7)g+66uCP**Q){mu)O?dW?6Xb;>GsP3xMHCU?vrycDCA{Gh zK0<{Gcwoz(syy_93!@%rAkgOdSP23}iEwZuqT8f6JRU*U^GI5Dhe#B=VQyCxcYMPa zaGa?A%<;;gAWyEcEnbH9jso-i2+-J+ey1ka?}NywI)UxIQrL|5<%l@;_M6IX6gu5Z zVIoXj;1q$@V|)R=l%Olg0c{GzVDYyh_TdujGVnmLtJhFF<2fjQqfd?XUdR2u~7Wv#%IIUlFVUlJr*(OlvOw&CF zIBYCMAda?e{V2YPn^go^lS$^Ww7P4S z;A|mIcWgR0lhg=!NT@4!6tL@STs`j-Z$Eip81&(!>0?J^g1`bW5--t@LT((6Ez}rY zNky%X@m}IEF@311wXv=fl>_g-R%+!}#9B4*32PJGg6@Ygji!*tc{|t~GQ3%&UhXL? zTm!)JU6S<1|+Q*R-F4Cr0Sf9_S_%Oxetw{sf1{Gw^@uBT{I%{Q;BTZX@5~%q4iPf5fZ<8r zuMD>LgjB`m3Y+%@%Gcypd2TJ+fF5Ynp~s?)WYj^v+^2KiyDy;<-U)y4>^+wXQUZrl z0aQqVq zhTOV=M>h9fG3{Tj2p2fLv5(WMoE4AC@SnP9b+OUwL1mVIsPB~Fb1Mgw*xV~ayR07m zKLbK;WxoPvLV#E0Kd)heBah1e8-booDzm&(j@jp*RASo|;e*n}^ZySx{BNN0IR!2obG0^@fGG?Ircd382eifa+~<6T3(l+GF$K9Wq99=Ks9UW zj{_H;#FCh`4E1ep)b3=;-c(k*<~1{m=vk~mCsCyI7dqNcZnnPll+VaJ#X=>+=T}v! zCs0pVj~%+Mn^gNGr31PfmLqII;kmH`u}&yLuK<7#%HRI z`@Tw+*Mmss&HX{hpO}!*BS5W0h6KJ&3NRtXYZFvvbJrXbjMm3hYy$!{iM7dlj~*hzUxank?g+!lPmttIk{&XrLgjl=xW#77tEef;dyPs6?ZZ ziv{K;)(hiBelEHgswYo2_81bSPnO)o-gY)&kf|B&H$IiAr%)u`-`XH2 z>sq~*eKZOn#ZLMQmQdB%JB$gCv>)2#y2#+kb1{{14Wue*T3%aBd^af2EQ?6Pv-nN|(^2!}h8> z^Qxl}F_5l`MMZ*F@==)FqE{I5-o+Ndkibm85Y66MIIYwECe2yiaI=Yf$S8bB{pbgL z`=9d>64TwO$K7rctEFY(t}SKZX3M;!N2%8D3*A3ELk7Ew4LcFZ8z;}K=AKgAd`@TC zdg!o#yc`QpFBgnq>wCo!QES0sk-1F1y9?qiJ-qZ(SzY7>>VDfLAV}5w3#x+7aA(yv z-A^uz(g91ClX}|_48pJ~mi(0nx@;{&2yo_^*%nNks{efrbLOr9BhQ3{BI|X*Rr7$* zd)j8Yj6j|gMR|y8I0UIcc?OKm(WkYKnw4$|7KzMNzi$$hkh;%O_(l2DF)laA`kq_m z8slukR|0RW6(V6o8rSiLtb5ljhuX}NOAHAI;kT)9m78X;K8M*a@YoVFql*I3nS}`$ zNh}+S(_Gc%3qNQZs6e;~G5gV^nSU_Q*o;xUhJxc#i8CATxpg@R2?OLXmH1eLPro0% ze!1eq6a`F(L4<;3g!dZdqtf8chWvTwd_k}@Z1V-#6K0(CM?UM^2hfR* zXkD4wdN3;lNld3id~kMZjgv1AG?+)Fvb|+}rGp~`@J&eu~l${Lv zPwNf}Qzijc$(H*nv=qOBnpL&p&(kQyl`%hXj=cjQTNs2~bBSMxY>MdGUuE&Rp(s8n zi>Bj6@EgbFM=hr`nDulu7gJ&e0S$I&@UYy2m_4uu{F~KO3a(Q193+vJE!on>at4(g zJ?bK!*A~#Z7SL0+#GIa6KfokEGL6(}$$^)}EQb-UUKy6-alXSwBySJ(1nKPlm)2F{NGd6MJi5>JT~l%UhzK> zC_VVdXbU@p&gfB+P_G(l^Bq-xn<8f$ycX0P_t4|-f5Yz~P0~_CymA>*Sz%HY5LN5A zn=D*h(yS-uq`R`nb|9PjD3vX71cj8HO74)6*;9jY9o#*VUguov6&EI~`Hh|iR#Y-ebP-C-}(uW*4mN$aFFzhWLZBv)CqQe~hhf9?2_=h>em3s|Oy{Ri0Ii^f^Np`k0LoofT zl=}VyzCqe&63+1TNO#n5toD3|DZgKdS`kHCXrSH6i@8mN1j$p`2A6ezehZ8|J|6!3 zP@E1`S}J~Y(|#R)YS2sC%(*u()=+5Bc5lWw)xfI;fSw0fSt|gvif(-{F?m1pA6~aX z;bCGq6#{}>y+}D}U~yKI0%uAwyj!jPu*ml)ObyVxr@{cmGPJ$eTp+MdU8hhG$a#lnZvW6NlkRNiRsIGVUy~~)086ge&cTXGus)!1v7rK zNeuaAnZt`b6;rj*iY`a6EalQJ5f|r^4c7&hr#r*?6KH$?ge8$w;)OP2(*_nt$|z@G zRIqxBiI$C0STskf6;UAAJeP5ijj}q92CGoj74^~J3ROYUK<_g7sGLvO8^n#YgjnpQz)X573AOGorP!ei_zFM2ba%Hvw%Q&bi5*s1rAayT#QqN2v7iLZA=e?%zrCZn zGBDPs@g3WDF%*`i^4HL(j2`v4rf%Y2FIFxME@rHzXvO=PT?-z|T-{n!!Vs5Uh~7O2 z-Gp{n|Fz7mqsad#udtA#05ad0UZ8$`MPk`%8qg&R!gjH?(i+G*=!me!keJ59pY>jQ zvW%#quho3)#SM;)pQ>m%FN0n;Dak5F+@<52Y(gM_c zCVHx*r$Wijq|a}X7=Guci72Op}Pj9FzWH8zVpxfT^#8S5eIPe|S z)Yg2anW2;bcKJ-^J3?CFy5cyAl_d@}7x@`Iwk*luncnoxi?LYgj=JEwKs}}mmZ5 zXf64jO&twbVVDicTZEm4g8!5v#>H}{+tEuiuK;tEId<=l4rq4`oDo^wO=Vn`&35;| zaI5Yynkkqs(G_>W1foohbP78-Gc5d!h&?)E_*1eI(biJZ%B)hAN5KBG(D!(~(S4!# zPtqI$U07o*;|-1oy*ZM78?9*4({02e4V@~rAa>5RIPt%a1_x^MB8<1?q(gIJ6|dDW z!Q`=#PtMc775j-Sfq%Qq z!Rs8r?Ij&p%bMKYVo?C@6+p#h_vbSzMw4MDVq-Umo}|HIOsHl^J5}+0rj8e z)9**HMzK_0PixxP{}hcPtPr+j57)xEl#|ryrsr5-GaFyqyZGZ`6C6`eMuqcGbHhtX zuT$l1M&f~5#H8<%Ppinr9B}?%vqO{(V&5s-wN*(*$?Ah$Mk5w;Q&oJQ5u1;@ReY!j zIRQ$-{xXt&$f-Cp1-K6V=|8!2Gd>jUEh!vPS9f*U?#VCG6oRUSK-oR|*Q8jIqD`W* z-Y&;fBjRP*!d-?9lZ1T1Bw{wRE1-BR1iXk0PW9$c^p-<`d11#L>@7+3XL$c*M8Wb+3 zz~81XG-ValfM+0!)BK`Q zPs&f8E}zuVm~3~`+@Ujs5=?;tIs9yiL6ALcu&ieK1}=K#!l0~xDWm?RZn4iw3wn7y zms3+XfIQ!inZXi00X}jhJeR}l&slF~S#&-4pn#O|PE0NRYKm=yIACN5879AMR3i1%yQ_Gw>R&o2XND}g%p~(8a4bMjW9esF@Nlsv~S7{ z-ZNjtojW3Bgj11;#)3w~aaQQUS$j0zXH?4bA;@@_Io_hu5ScAPwzF2BxwckL?APM{ zweSG{3rfAC?B>xMG1zLklUZX=F4$K5wuOJ2LATGO7^syZ)DVX_{2`3RdTqQ2zqCs1 z8x<70|7Co%Sc60GWcj+HR2<0hR(sNfOo@9pkJ~|$k(YNsUz)(TpFo@(g6fzg?m6~RVru#X8gJdcO4x!>dhrhR^gKv2W zW7is8{KhA*>i^^TXC&TJM84KrfiXOXk>`;$;Yo@TYH|gyW=m_&;5$eg4O#Jg z{FOn8rWWg*X-MSA#jJ$Iqlc=-Y}@3Qa4c*Um3b${`+^b9sdKAoV;L+^O5TKtJyEp zkVa$zNVJtFZM=KHwhoj$7_0Wz988PGX%$I1dDUz)` z^a2h~Cl4%a?~>drw92%M8?|Q9H~DazC;H*@grNNtA^xC*LXw=IYRX8QXg}i}M(uWS zrWb13J`tj@cOs-*-5ukyq1mFV(f}_H+}Q{A?Cw(!6Ya%KW>$7-oS^wD?NlVJ-bxv# zn^^v(t%9|Pc7{E4NtI#fenwV{-_3Ad78w#{o=GAeiuTl}2sXC;g(YBRm1Pr3Gd^)jAyJh)qyFV45#orjQ1IoN?nvl zDy3r+hyHy16KU${&m}_YMk@FSOZGYmZXkn$l@aGN#A7qzw|}oK>4l{R3YpZ0Gb{{C zBipOT*wD#ZO@$R*uz3|1z!{IIOADoPoy^Go`Akl9jQcsHJIUK(I-HgS74rY2H8z`g zMnFu0z}Mnu*xM~-;bje$>~?F2ELJ4HOHA$(a%3veWyynQwrM0&he|vrJ5mM^*OdFT z-AQNq?5EB)gn7_i2xH#|{9kpwV~{9K6eK#fZQHhO8+UBmcWm3XZQHhO+l_s@ zu`gbCM5C&s`cI?soXkAR4rGOCU);2eg%p;DOK~w&*o%pq4E00?w5=PeA|?l6hFXft zkvoFX7UC*~6H)Uisbp@5<`a_Y4>aVstAj(!MMj$hqFo2nP(;z$^-u+mT(x+zt-}u& z^Ha-(+Xa&~@)Hgs*=4x0x108IqJ#rRs1+O-!DRcCe=LEkIT*#tuZ2|OE7n2&gl5Si z3PmZm5P@I*t{zRcTa9cW;WGi+t7V}1M)?QZc#(A_CvdGcHP%QyQ?cf zxr^I4^(!T@47)a>-_*z`v~fSt4UT;FK)I=V?B8@jyWvZkI^YKiA&-cko8VW*wdPir zXpV6QZ$RsyWGjsV21vf(2w}GCJ36YJlI%FHFq;I*qW!=s>=lZt%z!os6 zLmD}%07F?Nl%VHjtf>Lutl|*<$wHYqX#}U7F4XK9l^*t-!t@H4%k zd)Gbtvlh@3nuv@w%6@7Fi<~W#!uNGa{k#Ugy(d-bL^0C-d`D0_hV}LsPu(C!+0zAG zS77*DZ!Nhx;vJzs0-wgo3dmRF9hE&^d-SE2|op%zx=A!1vB+g@npV?E@V)*4OQ5t2={Q@=*G+- ztY<3V&A@$5aZAkXx{W-M&kC2k6Gh7 zv$i(!Qk4wQ1EeY+o*%noGS)^AR%_6`BA0M#y%fWv1jY1q6o48YpEvd>l-dh#d$^eNrA#S#y3m93gO-BF^T*MqSfl3h zyxPzdmwHT3uqqbCv24+OTCgNAspvaU4RkPRVI}jdBO39lp`{+N-~>e`AUo#UE}6Z} z#mRs}4}1U5_LA?_-HTu{j&rGjeADu4)`=-LOXfsSJ09YLR~p9AN8X->({|aEb1@@V zIr+>+977BET9$|yMmw{Itn7b0QQ_w{5-Q}qL(~8k=kVp4SD4Ru7rLQZ#|+fiT&&2d zbAz;0ae~(}mXWc^Fd%43(vKY*!!z@g`8e4Lxc3ZFxj*qsDJv%SjZ(ce!0OGEgOYFoB70af0+(A^@Kva);&hi3gS0fu9}TW9tB*q7z548mfh&i76gP9Yv5^)DK6pP0mQAebZax2 zqPCe}CqcX0L~k`F_Gf-5Y7x@Ve~kc8;x?&Ys`;Yt?^6_-c_=5BpaYbO`%Hvwu#&8t z^twO*b2PXaJjgi5c0hJ6MK`U=Vu_cqWhKV#O(*^}A*mQN9^{q9a&p0nm+qgjc;G)F z^Ex;7X-{Zf(-@+7q?}J8dsy%lYn2u|1>!rD6|h67s$_GiD7O9O;tmpa0aFmI_pvW4 zsJjwh7{|&}LU8a3o;*H6l5J|C-Q%{cskZPkiJslLKw_i^N-c=4P(XK4j^;K+N73{V zk|$NE&C9OSeM0u`hwO6!T>}(|GhzIeLGpbk+={lUyMY56!BhJ=wBh{A9g9xa32T7k zBfarLVM1Pl!dRlSG}_CwRFjPWGeJ3bRK1ym2rPwk5SMN&EbxRVBWurQ9{><67HU-< z7I3|ayyq4+l`lmjN1%uRD{M7h){_HUN?1W>j{>TNvVVGdYUWFcR*R7zpT9~n7!>cv zET9rp$__`Ktil@`CKP3*DTyX+PH4N~XfNNaA1vsX1 zrVEyM;o~o3V;@&;;U}~I4vvp*G%>5XIFc4Y&K8<>fS`Q5%X?Ik;jo{qn~O4@|N z1h!e2u#7_(U*S{@pruZRlRpYJ2n*2B}j%tDrG)@)%U8Hhb!jv zbi2+Xfrpmw`&NM0xDE)b8;oh4Igm{1C&pw6wZ^IZ84yauPh5J*U zHFFSMW*_I6;N1>f1u=MkAt5Gse`G#1c)vCXLKl17`AGZ?$AazSxfa4VwgIZbt7A4_2OAg8N9g9~x&owNO(%wwEv-RG7!$Q#)B@o-nW;Fm z4kPB_ivnGdRPcTDzcxzE?fL?4J(07>%t|0mj(nc2dzm;S@qr{G3{>Ef#vmt01mTP* z2L$0av(9i-I3$egAYo+ zg#Ug^;)W1pIV6Y-Vc-&8Lj;hnhe*jO+5t4epWSgvbHJJAU)otHoej4TBCz?@LmFwtiAZ01 zdWbE)Z^MDUT7j+`4orL?A<<2`l%vp?#c)3YVl^j5K@m%sQ>S8nfbG+^B5=voFbJR~ zK(jf56cjD^bDhCC#eQfYVGljSP@hRkB9}OVbZVN2b56ZM(9aU-k-QZ$7r8nMMP5hr zIng)((xV*W&{021|DfE(Y9e8%KgvF}^;s_tJ&lY&4EnR+-GJN$a*{%Lw>->)h0z12 zTbHlH9YdEp4iAmZ4*`vF(sL7^+;^Jm_OD1H^-o4jIURk^8=kLIh+4fdmEm)K{~(8} zhCL^TE5*q6kWr|Q{uP7A9i9L09g9Q|*tGW1#|!}rU07`+-$m;AtV{f1gM+Ec zHb5OEXP49feWGz*P<1jPkrOMlE=NOPf${DgVQ(^xLPQawj6#O(kw#&lUXg`{MCqFjFks9j6#-zh)Q*t!wtu3?%t+n5SxmIZQP^;YVQ((+mVt zep{7?VYoF!rs^n4Ily6zbd}&R*d(KTaP;6;`qC)hVTAL)DNy`|DW>TuSpdmW4pG5j zv?2QHT2n4Y<_9@EHGbbO_`@>;&AGu5O}Hfi2^`l;**@FxK#VEcciGFuk3P?b`&YxX zL_5TD%3nmHW}kCa>40-^jw`_PCO?=!FPkI$B-2kk?2x0u9-@c&l#$6>9S{@&l?Al; z0@9IrU|V6C;WuYXg>!1rk2aL(KLwK@WQF|u(*-}5Qusu^{p}ck+vku+#-?bX`u#&! zzhvA};G9A}`nT2y3(dn9#Bt6bk9tTgQRAFaayx2zMt6?yO){;_O(G9QDI80zRssGU zeu3-?oSG~eXr!HFXy&6MfVT6JUWz;COk8+ctFTPJAe~nMf>F0(9=6qKAI#YTJ2i_} z33R$lLxPK_XmUSxR8?^pAYhQt=h%l@M^4J}W#^D@Ey2B)n zSVOHnj>$A5?H&_*06DASMtepuj93y76~iWz{gO)Y{wZV1i%dTBO*C`m*PdP(^Q;Cw z)fmxfX1(-*Kar|Nl)y!NK^(hpaG(wMtURq<$Plu-@ajNb);Fo@ozU`fIRWh?uWHVy zP7vbhY}oeysaj`8N=e0Gn#~iduT&oOSVXa8HEPyZpE?5E#s(C8+=70Tq(-Z{2U)0# zYlz_|u)&L{PvMO@TDD?9UZT@B*pnIdccNf8G0?h2bux2E<@@T?8f(X!?^P}vlTp7k zi6M37p#g&-r*)o2JO>qmvOg>6ha031TazfxfN@#2ipGj1amucvEF)Z~v!sM--uj$S zwl(eK&UGfEtz~HueqeVWej!T{w`Sw03fLsF<=jHG7;bG14b9^qP_ZMoSbH9Qo{p5{DR1?8C- zV~gu;oIyvEt(Luwl|YAM6>@&iM%H3ikN(io+16EJt;39wQH(^5HS*39;4OgTV-MWvy5#Hm7w4@kf4#D%mFuB}pV-mCz?^yYE zSuwBgVpiv(T6g3jDOa+&PmFlKjJn`uVwh3SlPqu7$O@Q5EDT9V9R+8-?dfw=CfGmy zxRq0{@yrH1Y+V6IIe}-}ojr~mJ?F#%Q#k8fB`4aB9jy6zM%C2fVI z&ACw$p%-bUrteGnKvV{EL)IxHS5l)W?F_;S?1dqcoMhq@IdOX{(p| z{WpexxUKwafaM~M0`c!RH0|nKS5B6!%z|&D8_^rqvIMWI*7)47X*#weR%aqM@(jQM z1XG6HD|!FQlWqBwxE!OA6k>a6e8sjNyI*quX}e+zatId6dO| zw)2v)%BM4^og)O*V)OH`mom}`EnT2Euz?u5?j#i`;Hb4H#w5$i5B|E}3J53Z$F2o! zO5K7}7(pM0XmV@KKJdIY_4$JTyd`A8D)lpUhXJpkYxQ&wqvX9zAPNt0&R<`GSVh8o zzbO=31}F61J3c5Os*pzzj@o!5FyNgz7S#DH>Vc*=3${v^>&{v>-8rr*i<~m1w`}GV zRIHrqgbA7Ypt5Wpj?|JZEJKxC{cIDh{)}S1E>H`9IuWgQSFE%^ZQc-d6rD&ScL@fa zv&YM_yRPCu$0!#H)()?z!>dvbw*8<BA3lT!R-W8y2IDb?i+e_HOups&~9@fq@zMyW} z`n1*@7VCj4>Q$okUVZScwy`jp3A?Cs>ZTE5%UZjGq>5MThRz}SchA#}j-M5xmBl#V z;ZHtR^{o;lg9$wu!)O9UP=e3GZAw_g0*bc$Sq-fm;=6b}tkdk<(|;gB@f_LCed^pX z^7q@CIZ1PairR29jMkxwc6^>=k=zf!@nKt8tZ6Bg+~4ZvOR!3<8MB7M#~ttkdOVfy z%>iqbRIFEa<8Ot#&ri4lRMX5x==v~y8%u(A$o+?+N6c+p+ObRn$;Nb=77%f}f?q%~ zmRyAWu!CxR0D&$VgII~fWZ{dLl21l+II)|L!sqgJ{MYA(=8Uh#E|97Zv4Un-mA|-G zu9^afS*iLj^0N3DOU>C02ED+WDAjdBbrRq-*|o*`p90&Sb<|FlU`1~$L_qR@f-OP>>*B{5j%bh0xlp6A2s-WMD zPT?JNljQcpsV|ROoA&d;Vz1^VbkEBhzIKvuvSU8H-fq3ei#tPLuX)7vyh=&lIuer& zY~v=;)_+-__iEyXO6_aoc!>4jwFLbM3qmSDoIhet1xSlN8LXBX0|nr|AzBuX+~oLDs}E%zET zE3BLEj4t<)y<*z&{^EVGIN5y85ze9H79Fp7Ig{v;Hb{J1W1IR3k;_2&EM>)lS#w;uwkAlU{IY~&(7)j6h=KY|; ze$t&vxozVKX@}2nd_DWW!er@^ze2l;mQ{+xwK5yY6p@ywa_dGJ)5({piJS#CO(pDT z8&2NfX-B1E-u#6#rV*6v@kJ*keV?2n(rr`(4{J8u{q{gWOqik8yIX7 z-Ybmi1!J|;MsVPX!#)967!-IokzWzAecruVru!`I2WlDs_bl#aj7%C{?9io4WCwp> zw%x1Jl`|b8<8qYQGMh?=O}+CRN_t>5ABU*!TbXxTQpbZu6%+64;Ok_ zk#p3%W^TvT2I+-j8MNiqdS~1wqjypRT`Y+(mgn@QEE5Ne+Y3Sd-}9>7XcTTGcHi;EQeZSyXx<5okTr89o2O+@z5I1#_zh zeqnAU?Z*ELbCo!Ra}mMaGWqPB>{}T*y&SRIx+I>acoB^XkPAgVCzcZx!*w{5xQa(w z?e~LrxY{;Xmio5`ULmjQ=(L#u+#;_713QDw2l}^1NPP(l;`D!IDy^V^Zp1ftpa5=8 ziKlz?5YGjUvbF$v|1*x&RRUW9ylzKAedlA;7tfUzf4H{2+1b_ICV820IOYL)@HSXk zXE1Ba+iwx5U!ZHn=BPq=kd6^n6tdrS=#4Kz=(OV+o2pnVmPJ19g-F&P<#5#UFcM!l z;xZ9K+{y|Vqw^cq$~^bkAG2}7Y4374nh`z5jDf_5W}BH6Ukr+dPDm{ra!BHcL25<7 zGl@Y;6+wtWI!)uNd1OX7+NW^9A+@!>9_dKqkiroUKcsMwK>8m?$PM_gg*2krUvp08 z&ib^v0wNr#f)T__<^^!kkfGwgL+d3k? zNDVsFvLrnAmNC=-q1PyEPw3FUL{neHbB05?U+|4oA6Oi&(GDyhOIq<9xv8d?6bOTi z;Fj#Ns6QCW1MisBfaXT;>l~+wGNnVy#(&-R0_Zb} zFTruEronbmQ{eeztA*!9)c^B0&!hb}siW%o7yUSs+5f@>wRvjK6WRz?IpEr)F<@Qr z#nAsnK%N*TQw$qBzb$Sw%71_<|F)R$?wWJa(b`JKlY)P%J4$S_=+z6en35V!k4)20 zIqFIu33=~9*0xR*LYhsPmYQRiB?d1_z$cN>0IaVk*jShhp!X_@-G`vJJm5_han8;_ z;OhkBie1>g7Zd1H7Wc@GPQX_g{38=^Zx=`K#}wj|-RZ739ROek0mObnz;6*0I4j0w z7y^a^Fz=6;U*EbPh-t2RkG_99Fqj+&RvNPX9!eiDCLl;UekpqgIlynq5Ot7|;P4GR z`HQcd9VasxGunJ#PS|;j)x+FR=FGuE)PpSLUWX(L)r786XGXoDK|s^gzfpvL3ZV9? zE(KXoTMl=JiFk;Vc{X_uVM{SdK2>fM|P;P(V~{d(+UpIz!f-5LQ)xL4O z1d~NtQr}DazA-jcwuHCRy&XDaC6z_>{pu6FSgDS!Q5vZXsVZ6S%8CbYLem%SGqkmuTvS0NGexgyjKzp(1g8aZ5MKLa} zTyz2?2nsWa`mPN`_CCOTcCof9CJfQ68L)<%Va!&S;Vn5*7>v77H89(MiDQL{9CUFh z_VY#?SrKZ~YeSnM00uf6~XJZgG4~ zHRuX`Mt1$h)!QUFqyMTDJ-K)5+RhP7djFT)SYj#F@p;12!vK?dVqAD!TZF}))oSh$ zITDYtg}sP}pSm3`fb2A3P*50#teL}aHeeyCa-<$k6`hm9zm5~3%&pLNQpr6T9E>u% zr=i2qNNcPr+Y{?4kC+v@fRYJl0h9wlLHonPDjPqvWQ`r`G_tgx>hXxJy8_ldj#doG zIeVO&*I@2RJ8NuYxL9LSAl$!c! zU$g^_#)mSdyR_fDxc_Px9-WIff)kDD7diZ$*m8c90(nO8G>0^OT#Q7eAikH&SXA*6 zcr0%P4LXG-T;vJUIoDGnZtY>Z#XU5+_SBOM}ou$`@G z&w|<4_T#yA{<(6lIw*sY5Z@J!S!t_FdQ+nFh)gky1Cv0z+wxVo=c#G@C#03`3y- z`it@Re-o4sqsoPNrg%4cMkf(jMa-HFKk7W_Rze7b+g4Dhzimr9M-=xPNt``r5r`;E zII_j0MWPIXT+7|F@&2PD|Ej6WFj%e+9?}?{hJzh+wHMLE4;#_ViBClLlyu|^=q|{p zXc50q(!k`;%0UR=Hy~R{Rb=IXeAT)v6#Q@jRy5_>hVkuGkyZxm3p)e-4a{_-T903^ zdH%FzRn6abZx#8(D!ER~Z-r8#|GTHpxF*S)>Gu78fNk5eJe(s!u|Ft~zmceV9}2uy zLLnMr0#V*g+4{n1c3(_{RZ&7m7IIHP6*ZR%NK~e54mM)|1qF#0tr&aG&XLUeZQqueX$JTl+l&i5$dt)khI1+qWK)v+R<{Omm_Hn z`EX+qK&fcoWn;W@V=%5rHawP^6=L9Kr(IoC4~h>1JJ0E5?3vpCPH4xuCCV|0nj}eM zYL>;WgzqUPv>(H0&8QxEi5-vjxTX}725Ir`Nzgnebp869ZSaq6s?&uJ_!0HWWTykB zfD6vu^GMd8$>8Ekr4h&XPAo^^826z0do&=y@HW1&S%AtR|8X?Y*k;s>VYLnJ*1_0m zmDkA9?M|OjokN6eiWtb@$tKuHo;JgUFiaLSjEV|NK8dyXJx-k z7X51m>H$ou{D~B%=;gxvklDy9=md5#?1Xa0$INXOFo6!M{_=-XR?CdB~MzgN-7<6yU0VC?Xq12$1q z(wj6b^Ptj`Ku>JnbfMGrH84rc$AEV z@7M+9I^FWTHR4j+Li+dplyS8kVkY*sBTm-7n*0RMjrvfFCfJHA?G9Jw z)$K3hJK9W^)S-^mB(A0);IJ`s^YDO5g9{}Q&0=ZaHzhU?tl5_d~2=5|kC}=dGq^ZK)wWYp< z5~&uzW_kcKgWse=C6J{8rl~;so8Pz$RMh|o0W(;vh2cqay;05~@jw67{@Z+I9gcxn zE=#QWMeM7=+y(Q*06@s{gu%xadJI*nxB%LMS*1vKGU}TsDS&WeaOcV(k~yoNBZ_BQ zLzukehJ4<-1_z3IjR(2zw?%0$v`5FT%fn?#8LR8XWd~d9xM8wShAzYm?r!O!LU9Q> zyb++0U}AFn5RwPE2$@rp$hV701ssP1CR}cC3>p&3=zMDXK5kmpSYYt;qq5DLA1! zeg}XXxWkt5M+o{?Jx^=UGl*hXILSGaH!c83sV3*O6;#(xmVN7mfLhkn&8TY{I#tw4~gn^R6!#)oVZFJbNZ2>}Q z9jVYBX6Ng{ztPp3R`3%pmS!MGnf1_F?1GcQt|_3*x9#h-E|rj(gga#CYXQa}>|isQ zuN;F*Z_#Cg^R@kXp)w!QG#6v%R~wcMFW~3p$j%;KE+Y%+#mpB%twmXvU=o+()qWw! ztn1vJT_v|-%xm2G84&4%*73e&ed`Od^jwv(<2yrk7=03Thz%R5iTTAQO!Z7+cL!a^ zukP(xEyeBI1RQ8mNi3E(`6f(UiK;>|0AMI`YHESA8?Xvpmeap`e^ga9|t79iUs=lju3sGVq`N*qRju4N7fxdywdnIl+acaw(n zB*FlRyt#mHYS*yJjnoD7^uve|3!utpl0*~Xr7d9w>yhj;I$w%hdQyf|KZ=c}Gr zqL2VqLcmu2Rp!e%dO)68p*5De?~cnUP2J{(`#w$Y!{(xsWjx|<^y`JX+?%XV*Urlg zeX~I6GV4Yo9N_@`0aUZ zj5wGj3E{tn_|A;om1p#fo!Kaot|MBfjdH^oI0gJv`Mclmm4T1fsTTik{;YA8oaqwB7a+#NH+%Sq&&t=!5I^aLk$qb4aS}PV zvo@%5d7xm^+eI@|AVo_b$z0mN;bFEI6foF@C&yCn&YR_?0B=@bvFlzzOH|H1bgWjQ z_&k(L(}?kW0$%NTXe{RHY%i9^TVAitpD)K|xO~m{`Ojd*HzGaZ?MSkOQTpJ7r}IMM zTev^e06&DMN^?mhTrpw^7kWu9n#0a zm`2OgO7L?RjOM}cLq#1+K<>etNBy=~&%KAbwP|^p%w+IRb@bytO2rdmP7`y_X|M0` zNHpNgc)o-WLRTR5Fb-{@+hpjoD#0U|XaO0cdIJur)_8yGb_c1Y)sx z@*p#an#XBEdNYL1BQ1!=Jus-E2}pNBT}cs}cW@=Ob5brN~u? zZq;NIbf`=QMHJQ%iA}}F2|!GCsG`m5?K>Lcu>3FxS^sS9a+KA{GklQt(1xe1p!~}^ z4H&Sui-b_08pOOp>zJ+oumKq9UZn%=a zTJxGi-SYzka?oEb%iSS@I71>wJ(V_*etsSgamYY`~I(Z(=eDj=y zKDOZ5U<07H$&dxg(sMaWgu6ELl#fN8Ik7V`Uj*eZbstdMQGE?xUh_9Fk3ibx*OI;o z_`vK15M^-qA8g`3GqlOY(~k&SoU;A0KQvq1wHsaOM>j5V4yV z)lu-e0*z??Co(stT3 zCx~HqGq5O}>cpS_(hozrj_)w`>D6_}7z48%kakN(Aq5S_f^f!je^GM z#!|+{I6$`WX!>f80hyWP26>>lR}mOZKmQhIaZQMlRpj;pneP>xnJx(UW&wG@q0Q?x z_+a)5IHy6H_Z8BpQ0xY1ND&OyeU%5U1g*6&^=&ZCb)9!@4uS6+6LIQcmP-Ej5Hqb& z+|pScFSmjREBgiCi$@NGQ%K+KeadS4Y4ghK^7n8KoFD%)#$IuVOvs53mT{s6X!0sK zK1@Tb!n=Kgjc3tZv1TaT@l^q2aw&w4DC%pV5l)l=#Jv<2SeW$Bo~CtfJ6h^)Pb3fTh&AgUqv;fux>h7Oe^5zL z>d>$Vr;h?W!SXU0qD99q=r* z*u@-v2|c;7!82FV?H$9brhVd%oOxM#EXK?($Hl-uo*4ldu@&{92Z|-Z@bI0&8hLFT z(t!9Z&gIvSsaVeW(_{Dfmu%H*S=j@4Pr*0=1r5-EWD+-!{QsyMbjz2OO*FP%OYA0^ zwW3>iS-_l}>EOWZ5h84u>D~={Wh1BtW$e2L+syGuL@2JCYLGexqx}X~FFI%J#4nV( zHq6uJI8CdBr4{csqh=1q2=ttb3=GOy)!1P`v>^<$m&_!|YpG20P|5{Tq3g|$-5`kj z1liK~KoaBmiFZWFT{}CLhA%R+u+%zwvrDA zbd15Hedg4m=3BK#yO4Bo=`7`AEc(>Lri~DW{+VHe7bR&$%?n6d8@BfMEX8*oUbD}@ zM!L=*pW?d1h`tntuDiU3R2bx%ply=vNcC%|8VrOiJ;M;&zKq^d*eBTyV9r_TBvIGD zLEHBMQNxSd$spk-FBYTr!#;gLa`uU@@WRt~<{ipyWwuY#_m?8j-uma?MGitE`A8OK=;SQ%SVoIp&0K+MNT1kK=Zhyyse4dOW>r{>|?9C*&TW; z)?HcuW(*bqU2eG(yOcdILz+^jMGec z5Z)Mp#&K@H`XBawA#bGBcd>E% z3f4GmiIKz#-pU38Klp#Q1A4FY{ojwX39qSsXE1C$9kLO%EfZiML|5wS!GJwIlmg-j zw!XCg^4&m0=*Fmu%BbT`=5;?BK?Xk>Sza&gP)q9AEv2|*s_B7KF@cD>s{IEO@Z?_UqnWBg(q?e1zWMEAQTH?$sp*< z2Yl65T7pVo9zh}@cLZCGHeOvN<(0s|hTQDgtlW*yZtCbNLRLn(Bv@qQ$c4>gKt?ke zg}No_A+pP^i38{;pT}4QLAd^b7jV7z{(Ssk1Vo=l)apXW`N(=pmeB46;Tg%coeR1e zx0=naCT=xStsO7k4<3QZ4i%rG$zXHH%nv>P=xr@Gv%mGdydMQ>J8-pjLx2i` z6%^D4RB4|>%?NF_qx*KTvv*r;u%45HOyto>IxUd3w{yOb>|KMX5Xf~|G?e+*fa`-`xd6W&1=&}|7Vr8}{2gnzXbb%Uq9hV?0Gv^6jqQ|hHNS3o~6rdrUIEfVpoREK9Q4@qjU zf(U^f8kh+ZVvesP_OAo!D|+7_lB!F2dC-96UAFYkT9oXt@`YLcJgfaTF9T_}a?ZH) zC*%}5U?>O*Gr-Ukepoq9b_fm_@E|ExQDJ*SG#ER&FtDQ$+VYEytDs$1pH0b#@?)Rpt?{bh>}Sk$l{8`#lc2hp06 zMPPk-wDRSzt9@!lTIfNbmp<$?^yDYP)Cg0lfDPQaW2M0+{3eHGN^E~Czem{ntzP~AscNYp4GQ+(B|yJx M(C^;B^S`tI2R-OZj{pDw literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json b/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json new file mode 100644 index 00000000000..2064ea3437e --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json @@ -0,0 +1,145 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "config": { + "isWizard": false, + "basics": { + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nCybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.\n\n**Analytic Rules:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "subscription": { + "resourceProviders": [ + "Microsoft.OperationsManagement/solutions", + "Microsoft.OperationalInsights/workspaces/providers/alertRules", + "Microsoft.Insights/workbooks", + "Microsoft.Logic/workflows" + ] + }, + "location": { + "metadata": { + "hidden": "Hiding location, we get it from the log analytics workspace" + }, + "visible": false + }, + "resourceGroup": { + "allowExisting": true + } + } + }, + "basics": [ + { + "name": "getLAWorkspace", + "type": "Microsoft.Solutions.ArmApiControl", + "toolTip": "This filters by workspaces that exist in the Resource Group selected", + "condition": "[greater(length(resourceGroup().name),0)]", + "request": { + "method": "GET", + "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" + } + }, + { + "name": "workspace", + "type": "Microsoft.Common.DropDown", + "label": "Workspace", + "placeholder": "Select a workspace", + "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", + "constraints": { + "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": true + } + ], + "steps": [ + { + "name": "analytics", + "label": "Analytics", + "subLabel": { + "preValidation": "Configure the analytics", + "postValidation": "Done" + }, + "bladeTitle": "Analytics", + "elements": [ + { + "name": "analytics-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view." + } + }, + { + "name": "analytics-link", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef" + } + } + }, + { + "name": "analytic1", + "type": "Microsoft.Common.Section", + "label": "SpyCloud Enterprise Breach Detection", + "elements": [ + { + "name": "analytic1-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data" + } + } + ] + }, + { + "name": "analytic2", + "type": "Microsoft.Common.Section", + "label": "SpyCloud Enterprise Malware Detection", + "elements": [ + { + "name": "analytic2-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data" + } + } + ] + } + ] + }, + { + "name": "playbooks", + "label": "Playbooks", + "subLabel": { + "preValidation": "Configure the playbooks", + "postValidation": "Done" + }, + "bladeTitle": "Playbooks", + "elements": [ + { + "name": "playbooks-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub." + } + }, + { + "name": "playbooks-link", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef" + } + } + } + ] + } + ], + "outputs": { + "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", + "location": "[location()]", + "workspace": "[basics('workspace')]" + } + } +} diff --git a/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json b/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json new file mode 100644 index 00000000000..8a768603fba --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json @@ -0,0 +1,7412 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "author": "SpyCloud", + "comments": "Solution template for SpyCloud Enterprise Protection" + }, + "parameters": { + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + } + }, + "variables": { + "_solutionName": "SpyCloud Enterprise Protection", + "_solutionVersion": "3.0.0", + "solutionId": "spycloudinc1680448518850.azure-sentinel-solution-spycloudenterprise", + "_solutionId": "[variables('solutionId')]", + "Custom Connector": "Custom Connector", + "_Custom Connector": "[variables('Custom Connector')]", + "TemplateEmptyArray": "[json('[]')]", + "playbookVersion1": "1.0", + "playbookContentId1": "Custom Connector", + "_playbookContentId1": "[variables('playbookContentId1')]", + "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId1'))))]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]", + "blanks": "[replace('b', 'b', '')]", + "SpyCloud-Breach-Playbook": "SpyCloud-Breach-Playbook", + "_SpyCloud-Breach-Playbook": "[variables('SpyCloud-Breach-Playbook')]", + "playbookVersion2": "1.0", + "playbookContentId2": "SpyCloud-Breach-Playbook", + "_playbookContentId2": "[variables('playbookContentId2')]", + "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]", + "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]", + "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]", + "SpyCloud-Get-Domain-Breach-Data-Playbook": "SpyCloud-Get-Domain-Breach-Data-Playbook", + "_SpyCloud-Get-Domain-Breach-Data-Playbook": "[variables('SpyCloud-Get-Domain-Breach-Data-Playbook')]", + "playbookVersion3": "1.0", + "playbookContentId3": "SpyCloud-Get-Domain-Breach-Data-Playbook", + "_playbookContentId3": "[variables('playbookContentId3')]", + "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]", + "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]", + "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]", + "SpyCloud-Get-Email-Breach-Data-Playbook": "SpyCloud-Get-Email-Breach-Data-Playbook", + "_SpyCloud-Get-Email-Breach-Data-Playbook": "[variables('SpyCloud-Get-Email-Breach-Data-Playbook')]", + "playbookVersion4": "1.0", + "playbookContentId4": "SpyCloud-Get-Email-Breach-Data-Playbook", + "_playbookContentId4": "[variables('playbookContentId4')]", + "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]", + "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]", + "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]", + "SpyCloud-Get-IP-Breach-Data-Playbook": "SpyCloud-Get-IP-Breach-Data-Playbook", + "_SpyCloud-Get-IP-Breach-Data-Playbook": "[variables('SpyCloud-Get-IP-Breach-Data-Playbook')]", + "playbookVersion5": "1.0", + "playbookContentId5": "SpyCloud-Get-IP-Breach-Data-Playbook", + "_playbookContentId5": "[variables('playbookContentId5')]", + "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]", + "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]", + "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]", + "SpyCloud-Get-Password-Breach-Data-Playbook": "SpyCloud-Get-Password-Breach-Data-Playbook", + "_SpyCloud-Get-Password-Breach-Data-Playbook": "[variables('SpyCloud-Get-Password-Breach-Data-Playbook')]", + "playbookVersion6": "1.0", + "playbookContentId6": "SpyCloud-Get-Password-Breach-Data-Playbook", + "_playbookContentId6": "[variables('playbookContentId6')]", + "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]", + "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]", + "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]", + "SpyCloud-Get-Username-Breach-Data-Playbook": "SpyCloud-Get-Username-Breach-Data-Playbook", + "_SpyCloud-Get-Username-Breach-Data-Playbook": "[variables('SpyCloud-Get-Username-Breach-Data-Playbook')]", + "playbookVersion7": "1.0", + "playbookContentId7": "SpyCloud-Get-Username-Breach-Data-Playbook", + "_playbookContentId7": "[variables('playbookContentId7')]", + "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]", + "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]", + "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]", + "SpyCloud-Malware-Playbook": "SpyCloud-Malware-Playbook", + "_SpyCloud-Malware-Playbook": "[variables('SpyCloud-Malware-Playbook')]", + "playbookVersion8": "1.0", + "playbookContentId8": "SpyCloud-Malware-Playbook", + "_playbookContentId8": "[variables('playbookContentId8')]", + "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]", + "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]", + "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]", + "SpyCloud-Monitor-Watchlist-Data": "SpyCloud-Monitor-Watchlist-Data", + "_SpyCloud-Monitor-Watchlist-Data": "[variables('SpyCloud-Monitor-Watchlist-Data')]", + "playbookVersion9": "1.0", + "playbookContentId9": "SpyCloud-Monitor-Watchlist-Data", + "_playbookContentId9": "[variables('playbookContentId9')]", + "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]", + "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]", + "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]", + "analyticRuleVersion1": "1.0.0", + "analyticRulecontentId1": "cb410ad5-6e9d-4278-b963-1e3af205d680", + "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]", + "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]", + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]", + "analyticRuleVersion2": "1.0.0", + "analyticRulecontentId2": "7ba50f9e-2f94-462b-a54b-8642b8c041f5", + "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]", + "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]", + "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]", + "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "Custom Connector Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion1')]", + "parameters": { + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String" + } + }, + "variables": { + "operationId-Breach_Catalog": "Breach_Catalog", + "_operationId-Breach_Catalog": "[[variables('operationId-Breach_Catalog')]", + "operationId-Breach_Catalog_ID": "Breach_Catalog_ID", + "_operationId-Breach_Catalog_ID": "[[variables('operationId-Breach_Catalog_ID')]", + "operationId-Breach_Catalog_Domain": "Breach_Catalog_Domain", + "_operationId-Breach_Catalog_Domain": "[[variables('operationId-Breach_Catalog_Domain')]", + "operationId-Breach_Data_Email": "Breach_Data_Email", + "_operationId-Breach_Data_Email": "[[variables('operationId-Breach_Data_Email')]", + "operationId-Breach_Data_IP_Address": "Breach_Data_IP_Address", + "_operationId-Breach_Data_IP_Address": "[[variables('operationId-Breach_Data_IP_Address')]", + "operationId-Breach_Data_Password": "Breach_Data_Password", + "_operationId-Breach_Data_Password": "[[variables('operationId-Breach_Data_Password')]", + "operationId-Breach_Data_Username": "Breach_Data_Username", + "_operationId-Breach_Data_Username": "[[variables('operationId-Breach_Data_Username')]", + "operationId-Breach_Data_Watchlist": "Breach_Data_Watchlist", + "_operationId-Breach_Data_Watchlist": "[[variables('operationId-Breach_Data_Watchlist')]", + "operationId-Compass_Devices_List": "Compass_Devices_List", + "_operationId-Compass_Devices_List": "[[variables('operationId-Compass_Devices_List')]", + "operationId-Compass_Devices_Data": "Compass_Devices_Data", + "_operationId-Compass_Devices_Data": "[[variables('operationId-Compass_Devices_Data')]", + "operationId-Compass_Applications_Data": "Compass_Applications_Data", + "_operationId-Compass_Applications_Data": "[[variables('operationId-Compass_Applications_Data')]", + "operationId-Compass_Data": "Compass_Data", + "_operationId-Compass_Data": "[[variables('operationId-Compass_Data')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "playbookContentId1": "Custom Connector", + "playbookId1": "[[resourceId('Microsoft.Web/customApis', parameters('SpyCloudConnectorName'))]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/customApis", + "apiVersion": "2016-06-01", + "name": "[[parameters('SpyCloudConnectorName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "connectionParameters": { + "api_key": { + "type": "securestring", + "uiDefinition": { + "displayName": "API Key", + "description": "The API Key for this api", + "tooltip": "Provide your API Key", + "constraints": { + "tabIndex": 2, + "clearText": false, + "required": "true" + } + } + } + }, + "backendService": { + "serviceUrl": "https://api.spycloud.io/enterprise-v2" + }, + "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.", + "displayName": "[[parameters('SpyCloudConnectorName')]", + "iconUri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOYAAADmCAYAAADBavm7AAAK9klEQVR4nO3dLXTb5h7H8f/uuecUKqhQGiq0UQtlVGiPrNBBLctCNuigFHqkGfNGFJgiFwpFsEMyDIrDwiwYlIFd+cr2I1l2/PJz8v2c43O6xC+Kkq/0yHrk/fDw8PBoAKT8Z98LAGARYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwMSNN030vwl6o/dyECYuiyF6/fm2vXr2y3377bd+LszNpmtrbt2/t1atX9u7du30vzoz/7nsBlkmSxMz+XYmTyaT0fq1Wy8zMGo2GHR0d7WTZ9ilNU8uybCPrZTweW5ZlW1lOZVmW2Wg02vdiOEmGORwO7fz8fKWV9vnz5+m/wzC0fr9vzWZzG4u3N2ma2sXFhV1eXtZ+zPx6ubq6ehEbrkMnN5T9+PGjffjw4UlbsiRJ7Pz8fINLtX9RFNm7d+9WinJekiRPejx2R2qPuck/nOc0NBuPx85jvzAMLQzDWs+RD31xGKTCjKKo9Hue5y0dmk4mE9ljhqf48uXLTFSNRsO+fv1qQRDscamwTVJhXl9fL3zN933766+/au8ZcuPxeFOLtXfD4XD6b8/zLI5jjhOfOaljzLu7u4WvnZ6erhylmT2bvclkMplZL91ulyhfAKkwXZ7bO6urmh+a56c/8LxJDWV3Yf5NkOL5vTRNLUkS53nBZrNpYRgu7K3y86xFdY6HXW/G1HncvveW+XG867AjFwSBtVqtylFL8edf5/2DqvOyk8nEkiQpnc0TBIF1Op3K19u7h4eHR5WbmS3crq6uNvoaYRjOPL/v+4/39/cLX3fdPM97HAwGlc9nZo+NRmPpcjQajYXHdbvdhfv1+/2Z+2xjvfd6venzh2FYeT/P85aup+Jz3d/fL/09VL1mfovjeOa54zh23m8wGNRaRs/zHrvd7tbX7bo3+aFs1Tu1m3B3d2dv3rxx7vnmZVlmnz59mrmv6/h3NBpVzsbJ7zPP9VzLnmdXzs/P7fPnzyudckmSxN6/f7/FpVp8vU+fPtVaxizLpM/pSoXped7C1759+2Zv37618/Nzu7i4sCRJSoeb61r1/F5xY1E2JKoKvex7ysOri4uLmf/u9XoWx7Hd39/bw8ODPTw8WBzHNhgMrNFoTO83Go22vnHNffnyZea/2+22xXFsNzc3M8t4dXVl3W53J8u0LqljzGaz6fyjHY1Glecn8z1NEATTY8FV3zTyfd+Oj49nvpZvBOYVj12azaZ5nrcQd5qmpaG5js+U5/gmSTLz8/X7ffvll18W7pdPeOh0OvbmzZvpY4bD4cK63YZv375N/91ut+3r16/OZTT7/0ZQda8pFWan06k1pJxXfEy+oleZFxqGocVx7Pzezz//PPMLN1schnY6nYVf8Kp7zHVOCe3K/IZk2d7m6OhoZp3s4pKq+deosyE4Pj6WDVNqKNvtdmeGQU+RJEntS5iqhpB1fsGuqFYN86efflr6Ogp836+1sSu+I+s6P71p8yOWQz+PLRXm0dGRxXFsvV7Peby5qsvLy1rHolXD3rI/wmJcrZJzi64Ay4JV3mMW90Y//vhjrceUrZNdOfTz31JDWbN/Qzg7O7OzszNL09TG4/H0D2M8Hk+n2tWdlD0ajZ70R19nyxsEgTUajYUh7vX19cJru44v2+322su3C4cw+V3tEwieSi7Momazac1ms3KomYdbdv2mK45V1B0ShWG48Pp195j73rs8ByqnlTZFaii7jnwWh+sduF1yHSPWDVN5GIv9OPgwc/s+2C+LqxiiK0rf9w/+eAib92zC3JZVhkiuY8XiMaXr+HLZMHb++8/tWApuhLlE2cQG17vGrsiW7TFXHcYewhsx+/DcjtOfTZhPOfivemzZ91zDT9ebVMU9nGtvt2wa3vwQveqqjm0pbjzqrud979kP/UJ5qTCf8sssm0xQ5/it+AkBq3xvXhAE5vv+zNeyLLPhcOg8vVNnGl4QBDN7513NOy1T96Nbbm9vp/+eXydm7hHHJh16mFKnS/IP3c3/YOte15imaenskjph5tOyOp3OTChRFDmnbFUNP1ut1sJjPnz44HxM3WFsGIbTaYF3d3f266+/2u+//17rsZswvw6jKKqcETWZTGY2aK5JCc1mc/oz1dkgLxspzM8Yi6Jo6frd90auilSYueJWeX6e6irCMKz9bu3l5WXteZNV0wZd82bNnjYN7/T0dGY9/PHHHzYajazT6Uwn0bs2QMWLi29vby1NU2u1WitfxTL/B56PTlxx5ueUixtK1+sVN4BZltnHjx+t3+8vjCDG47FFUTTz+bguR0dHM5M8Li8vrdlsOj+KZZ3P5925fV8QWrxZzQtw69w8z3v8/v175QW6695ubm4qf466FxOvsm7mL+pd99br9da6UPrk5GTt34PrYumbm5sn/RyuC6UHg8GTnnPff/+yF0r3er2NPE+73ba///679vnBVa7NGwwGS/fCrkui5q36buyff/755DnEnuetffnV2dnZylMHfd8v/US/IAjs5OSk1vN4nmeDwWDpz358fFz7d5l/2qCqH/63p5IxHo/t+vp6OtWuzumB/Ji07HN5it6/f78wrIzj2IIgsCiKKieZHx8f1x4aR1Fkw+HQsiyz29vbhWPgsmsalyl+nk1x7nCZfJibz5ByrZskSabHcEEQVMabpmnpm1m5/HrYOkPm/LXLPjspH3oHQTB9XbN/N35VFxiUPWd+zW4+xC0+59nZ2dLl3RW5MLetLMxtTotzXdP5/ft3ZvyglNRQ9rma3xDUebcZLxthbplryKf82T7QQJhb5vq/jnE1CZaRPI95qF6/fm1Zlk3fjCp7g4Q9JpYhzA3KI6yattZut2U/DQ86GMpuUJ1zjKenpztYEhy6Fxum7/sWhqGdnJxs7CLrfr9fGqfv+3Z1dcXxJWp5cecx0zTd+qmKqv9xEVDHiwsTOAQvdigLKCNMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQE/QNJ5aSYMcswbQAAAABJRU5ErkJggg==", + "swagger": { + "swagger": "2.0", + "info": { + "title": "SpyCloud Enterprise Protection", + "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.", + "contact": { + "name": "SpyCloud Integrations", + "url": "https://portal/spycloud.com/", + "email": "integrations@spycloud.com" + }, + "version": "1.0" + }, + "host": "api.spycloud.io", + "basePath": "/enterprise-v2", + "schemes": [ + "https" + ], + "consumes": "[variables('TemplateEmptyArray')]", + "produces": "[variables('TemplateEmptyArray')]", + "paths": { + "/breach/catalog": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Catalog_Schema" + } + } + }, + "summary": "List or Query the Breach Catalog", + "description": "List or Query the Breach Catalog.", + "operationId": "[[variables('_operationId-Breach_Catalog')]", + "parameters": [ + { + "$ref": "#/parameters/Query" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + } + ] + } + }, + "/breach/catalog/{id}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Catalog_Schema" + } + } + }, + "summary": "Get Catalog", + "description": "Get/Retrieve Breach Catalog Information by ID.", + "operationId": "[[variables('_operationId-Breach_Catalog_ID')]", + "parameters": [ + { + "$ref": "#/parameters/ID" + } + ] + } + }, + "/breach/data/domains/{domain}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Domain_Schema" + } + } + }, + "summary": "Get Breach Data by Domain Search", + "description": "Get Breach Data by Domain Search.", + "operationId": "[[variables('_operationId-Breach_Catalog_Domain')]", + "parameters": [ + { + "$ref": "#/parameters/Domain" + }, + { + "$ref": "#/parameters/Type" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/emails/{email}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Email_Schema" + } + } + }, + "summary": "Get Breach Data by Email Search", + "description": "Get Breach Data by Email Search.", + "operationId": "[[variables('_operationId-Breach_Data_Email')]", + "parameters": [ + { + "$ref": "#/parameters/Email" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/ips/{ip}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_IP_Schema" + } + } + }, + "summary": "Get Breach Data by IP Address", + "description": "Get Breach Data by IP Address.", + "operationId": "[[variables('_operationId-Breach_Data_IP_Address')]", + "parameters": [ + { + "$ref": "#/parameters/IP" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/passwords/{password}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Password_Schema" + } + } + }, + "summary": "Get Breach Data by Password Search", + "description": "Get Breach Data by Password Search.", + "operationId": "[[variables('_operationId-Breach_Data_Password')]", + "parameters": [ + { + "$ref": "#/parameters/Password" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/usernames/{username}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Username_Schema" + } + } + }, + "summary": "Get Breach Data by Username Search", + "description": "Get Breach Data by Username Search.", + "operationId": "[[variables('_operationId-Breach_Data_Username')]", + "parameters": [ + { + "$ref": "#/parameters/Username" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/watchlist": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Watchlist_Schema" + } + } + }, + "summary": "Get Breach Data for Entire Watchlist", + "description": "Get Breach Data for Entire Watchlist.", + "operationId": "[[variables('_operationId-Breach_Data_Watchlist')]", + "parameters": [ + { + "$ref": "#/parameters/Type" + }, + { + "$ref": "#/parameters/Watchlist_Type" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/compass/devices": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Devices_List_Schema" + } + } + }, + "summary": "Get Compass Devices List", + "description": "Get Compass Devices List.", + "operationId": "[[variables('_operationId-Compass_Devices_List')]", + "parameters": [ + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Infected" + }, + { + "$ref": "#/parameters/Until_Infected" + } + ] + } + }, + "/compass/data/devices/{infected_machine_id}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Devices_Data_Schema" + } + } + }, + "summary": "Get Compass Devices Data", + "description": "Get Compass Devices Data.", + "operationId": "[[variables('_operationId-Compass_Devices_Data')]", + "parameters": [ + { + "$ref": "#/parameters/Infected_Machine_Id" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/compass/data/applications/{target_application}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Applications_Data_Schema" + } + } + }, + "summary": "Get Compass Applications Data", + "description": "Get Compass Applications Data.", + "operationId": "[[variables('_operationId-Compass_Applications_Data')]", + "parameters": [ + { + "$ref": "#/parameters/Target_Application" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/compass/data": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Applications_Data_Schema" + } + } + }, + "summary": "Get Compass Data", + "description": "Get Compass Data.", + "operationId": "[[variables('_operationId-Compass_Data')]", + "parameters": [ + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Infected" + }, + { + "$ref": "#/parameters/Until_Infected" + }, + { + "$ref": "#/parameters/Compass_Type" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + } + }, + "x-ms-connector-metadata": [ + { + "propertyName": "Website", + "propertyValue": "http://www.spycloud.com/" + }, + { + "propertyName": "Privacy policy", + "propertyValue": "https://www.spycloud.com/company/privacy-policy/" + }, + { + "propertyName": "Categories", + "propertyValue": "Security;Website" + } + ], + "definitions": { + "Breach_Catalog_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "title": { + "type": "string", + "description": "Breach title. For each ingested breach our security research team documents a breach title. This is only available when we can disclose the breach details, otherwise it will have a generic title.", + "title": "Title" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "description": { + "type": "string", + "description": "Breach description. For each ingested breach our security research team documents a breach description. This is only available when we can disclose the breach details, otherwise it will have a generic description.", + "title": "Description" + }, + "site_description": { + "type": "string", + "description": "Description of the breached organization, when available.", + "title": "Site Description" + }, + "site": { + "type": "string", + "description": "Website of breached organization, when available.", + "title": "Site" + }, + "confidence": { + "type": "number", + "description": "Numerical score representing the confidence in the source of the breach.", + "title": "Confidence" + }, + "id": { + "type": "number", + "description": "Numerical breach ID. This number correlates to source_id data point found in breach records.", + "title": "Id" + }, + "premium_flag": { + "type": "string", + "description": "premium flag.", + "title": "Premium Flag" + }, + "acquisition_date": { + "type": "string", + "description": "The date on which our security research team first acquired the breached data.", + "title": "Acquisition Date" + }, + "uuid": { + "type": "string", + "description": "UUID v4 encoded version of breach ID. This is relevant for users of Firehose, where each deliverable (records file) is named using the breach UUID.", + "title": "UUID" + }, + "type": { + "type": "string", + "description": "Denotes if a breach is considered public or private. A public breach is one that is easily found on the internet, while a private breach is often exclusive to SpyCloud.", + "title": "Type" + }, + "num_records": { + "type": "number", + "description": "Number of records we parsed and ingested from this particular breach. This is after parsing, normalization and deduplication take place.", + "title": "Number of Records" + }, + "assets": { + "type": "object", + "properties": { + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target Url" + }, + "av_softwares": { + "type": "number", + "description": "List of AV software found installed on the infected user's system.", + "title": "AV Softwares" + }, + "infected_time": { + "type": "number", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "infected_machine_id": { + "type": "number", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "country_code": { + "type": "number", + "description": "Country code; derived from country.", + "title": "Country Code" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "User System Registered Owner" + }, + "keyboard_languages": { + "type": "string", + "description": "The keyboard language found in the OS. This usually comes from Botnet data.", + "title": "Keyboard Languages" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Password" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS" + }, + "country": { + "type": "string", + "description": "Country name.", + "title": "Country" + }, + "username": { + "type": "string", + "description": "Username.", + "title": "Username" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + } + } + } + }, + "description": "Catalog Breach Results Object" + } + } + }, + "description": "Catalog Breach Data Response" + }, + "Breach_Data_By_Domain_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "full_name": { + "type": "string", + "description": "Full name.", + "title": "Full Name" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Domain Breach Results Object" + } + }, + "description": "Domain Breach Data Response" + }, + "Breach_Data_By_Email_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Email Breach Results Object" + } + }, + "description": "Email Breach Data Response" + }, + "Breach_Data_By_IP_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "IP Address Breach Results Object" + } + }, + "description": "IP Address Breach Data Response" + }, + "Breach_Data_By_Password_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "full_name": { + "type": "string", + "description": "Full name.", + "title": "Full Name" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plain Text" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Password Breach Results Object" + } + }, + "description": "Password Breach Data Response" + }, + "Breach_Data_By_Username_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Username Breach Results Object" + } + }, + "description": "Username Breach Data Response" + }, + "Breach_Data_By_Watchlist_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Watchlist Breach Results Object" + } + }, + "description": "Watchlist Breach Data Response" + }, + "Compass_Devices_List_Schema": { + "type": "object", + "properties": { + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "infected_device_id": { + "type": "string", + "description": "Infected Device Id.", + "title": "Infected Device Id" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "application_count": { + "type": "string", + "description": "Application Count.", + "title": "Application Count" + } + } + }, + "description": "Compass Devices List Results Object" + } + }, + "description": "Compass Devices List Data Response" + }, + "Compass_Devices_Data_Schema": { + "type": "object", + "properties": { + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "cursor": { + "type": "string", + "description": "Token used for iterating through multiple pages of results.", + "title": "Cursor" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "user_browser": { + "type": "string", + "description": "Browser Name.", + "title": "User Browser" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document Id" + }, + "source_id": { + "type": "string", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source Id" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "country": { + "type": "string", + "description": "Country name.", + "title": "Country" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "USer OS" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "User System Registered Owner" + }, + "keyboard_languages": { + "type": "string", + "description": "The keyboard language found in the OS. This usually comes from Botnet data.", + "title": "Keyboard Languages" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Subdomain" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "PAssword Type" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "country_code": { + "type": "string", + "description": "Country code; derived from country.", + "title": "Country Code" + }, + "severity": { + "type": "string", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + } + } + }, + "description": "Compass Devices Data Results Object" + } + }, + "description": "Compass Devices Data Response" + }, + "Compass_Applications_Data_Schema": { + "type": "object", + "properties": { + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "cursor": { + "type": "string", + "description": "Token used for iterating through multiple pages of results.", + "title": "Cursor" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "user_browser": { + "type": "string", + "description": "Browser Name.", + "title": "User Browser" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document Id" + }, + "source_id": { + "type": "string", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source Id" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "country": { + "type": "string", + "description": "Country name.", + "title": "Country" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "USer OS" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "User System Registered Owner" + }, + "keyboard_languages": { + "type": "string", + "description": "The keyboard language found in the OS. This usually comes from Botnet data.", + "title": "Keyboard Languages" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Subdomain" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "PAssword Type" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "country_code": { + "type": "string", + "description": "Country code; derived from country.", + "title": "Country Code" + }, + "severity": { + "type": "string", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + } + } + }, + "description": "Compass Application Data Results Object" + } + }, + "description": "Compass Application Data Response" + } + }, + "parameters": { + "Infected_Machine_Id": { + "name": "infected_machine_id", + "in": "path", + "required": true, + "type": "string", + "description": "One or more comma delimited Infected Machine ID to search for compass breach records.", + "x-ms-summary": "Infected Machine Id" + }, + "Target_Application": { + "name": "target_application", + "in": "path", + "required": true, + "type": "string", + "description": "One or more comma delimited Compass target application (subdomain or domain) to search for.", + "x-ms-summary": "Target Application" + }, + "ID": { + "name": "id", + "in": "path", + "required": true, + "type": "string", + "description": "Numerical ID of the breach. Both integer and UUIDv4 ID formats are supported. You may also use a comma delimiter to request more than one breach at a time.", + "x-ms-summary": "ID" + }, + "Domain": { + "name": "domain", + "in": "path", + "required": true, + "type": "string", + "description": "Domain or Subdomain name to search for.", + "x-ms-summary": "Domain" + }, + "Email": { + "name": "email", + "in": "path", + "required": true, + "type": "string", + "description": "Email address to search for.", + "x-ms-summary": "Email Address" + }, + "IP": { + "name": "ip", + "in": "path", + "required": true, + "type": "string", + "description": "IP address or network CIDR notation to search for. For CIDR notation, use an underscore instead of a slash.", + "x-ms-summary": "IP Address" + }, + "Password": { + "name": "password", + "in": "path", + "required": true, + "type": "string", + "description": "Password you wish to search for.", + "x-ms-summary": "Password" + }, + "Username": { + "name": "username", + "in": "path", + "required": true, + "type": "string", + "description": "Username you wish to search for.", + "x-ms-summary": "Username" + }, + "Query": { + "name": "query", + "in": "query", + "required": false, + "type": "string", + "description": "Query value to search the breach catalog for.", + "x-ms-summary": "Query" + }, + "Type": { + "name": "type", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter lets you filter results by several types. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records, email_domain to just match against email domains, and target_domain to just match against target domains or subdomains. If no value has been provided the API function will, by default, return all record types.", + "x-ms-summary": "Type", + "enum": [ + "corporate", + "infected", + "email_domain", + "target_domain" + ] + }, + "Compass_Type": { + "name": "type", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter will return records that are verified or unverified, meaning those that matched the watchlist or not. By default if type is not used, both types will be returned.", + "x-ms-summary": "Type", + "enum": [ + "verified", + "unverified" + ] + }, + "Watchlist_Type": { + "name": "watchlist_type", + "in": "query", + "required": false, + "type": "string", + "description": "This parameters lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'subdomain', 'ip']. If no value has been provided, the API will return all watchlist types.", + "x-ms-summary": "Watchlist Type", + "enum": [ + "email", + "domain", + "subdomain", + "ip" + ] + }, + "Cursor": { + "name": "cursor", + "in": "query", + "required": false, + "type": "string", + "description": "Token used for iterating through multiple pages of results.", + "x-ms-summary": "Cursor" + }, + "Since": { + "name": "since", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the starting point for a date range query on the spycloud_publish_date field.", + "x-ms-summary": "Since(YYYY-MM-DD)" + }, + "Until": { + "name": "until", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the ending point for a date range query on the spycloud_publish_date field.", + "x-ms-summary": "Until(YYYY-MM-DD)" + }, + "Since_Modification_Date": { + "name": "since_modification_date", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the starting point for a date range query on the when an already published record was modified (record_modification_date).", + "x-ms-summary": "Since Modification Date(YYYY-MM-DD)" + }, + "Until_Modification_Date": { + "name": "until_modification_date", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the ending point for a date range query on the when an already published record was modified (record_modification_date).", + "x-ms-summary": "Until Modification Date(YYYY-MM-DD)" + }, + "Severity": { + "name": "severity", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to filter based on the numeric severity code.", + "x-ms-summary": "Severity" + }, + "Source_Id": { + "name": "source_id", + "in": "query", + "required": false, + "type": "number", + "description": "This parameter allows you to filter based on a particular breach source.", + "x-ms-summary": "Source Id" + }, + "Salt": { + "name": "salt", + "in": "query", + "required": false, + "type": "string", + "description": "If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used.", + "x-ms-summary": "Salt" + }, + "Since_Infected": { + "name": "since_infected", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the starting point for a date range query on the infected_time..", + "x-ms-summary": "Since Infected(YYYY-MM-DD)" + }, + "Until_Infected": { + "name": "until_infected", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the ending point for a date range query on the infected_time field.", + "x-ms-summary": "Until Infected(YYYY-MM-DD)" + } + }, + "securityDefinitions": { + "API Key": { + "type": "apiKey", + "in": "header", + "name": "X-API-Key" + } + }, + "security": [ + { + "API Key": "[variables('TemplateEmptyArray')]" + } + ], + "tags": "[variables('TemplateEmptyArray')]" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[[concat(variables('workspace-name'),'/Microsoft.SecurityInsights/',concat('LogicAppsCustomConnector-', last(split(variables('playbookId1'),'/'))))]", + "properties": { + "parentId": "[[variables('playbookId1')]", + "contentId": "[variables('_playbookContentId1')]", + "kind": "LogicAppsCustomConnector", + "version": "[variables('playbookVersion1')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + } + } + } + ], + "metadata": { + "comments": "SpyCloud Enterprise Protection Custom Connector", + "lastUpdateTime": "2023-09-15T15:51:43.853Z", + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId1')]", + "contentKind": "LogicAppsCustomConnector", + "displayName": "Custom Connector", + "contentProductId": "[variables('_playbookcontentProductId1')]", + "id": "[variables('_playbookcontentProductId1')]", + "version": "[variables('playbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName2')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Breach-Playbook Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion2')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Breach-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + } + }, + "variables": { + "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "_connection-1": "[[variables('connection-1')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureSentinelConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "kind": "V1", + "properties": { + "displayName": "[[variables('AzureSentinelConnectionName')]", + "parameterValueType": "Alternative", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Account_Name": { + "runAfter": { + "Incident_Email_Account": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "account_name", + "type": "string" + } + ] + } + }, + "Astriek_Variable": { + "runAfter": { + "UPN_Suffix_": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "astriek", + "type": "string", + "value": "@" + } + ] + } + }, + "Check_if_the_incident_is_created_by_SpyCloud_Breach": { + "actions": { + "Entities_-_Get_Accounts": { + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/account" + } + }, + "For_each_account": { + "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']", + "actions": { + "Set__upn_suffix": { + "runAfter": { + "Set_account_name": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "upn_suffix", + "value": "@items('For_each_account')?['UPNSuffix']" + } + }, + "Set_account_name": { + "type": "SetVariable", + "inputs": { + "name": "account_name", + "value": "@items('For_each_account')?['Name']" + } + }, + "set_email_address": { + "runAfter": { + "Set__upn_suffix": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "incident_email_address", + "value": "@{concat(variables('account_name'),concat(variables('astriek'),variables('upn_suffix')))}" + } + } + }, + "runAfter": { + "Entities_-_Get_Accounts": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "For_each_incident_alert": { + "foreach": "@triggerBody()?['object']?['properties']?['Alerts']", + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_if_the_exposed_password_is_in_use_on_the_network": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

Breach Playbook successful

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_if_password_exists_in_the_incident": { + "actions": { + "Set_Incident_Password": { + "type": "SetVariable", + "inputs": { + "name": "incident_password", + "value": "@{variables('incident_custom_details_object')?['Password']}" + } + }, + "Set_variable": { + "runAfter": { + "Set_Incident_Password": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "incident_plain_text_password", + "value": "@{replace(replace(variables('incident_password'),'[\"',''),'\"]','')}" + } + } + }, + "runAfter": { + "Set_custom_details_object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@variables('incident_custom_details_object')?['Password']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Check_if_pwd_length_is_greater_than_required_length_by_organization": { + "runAfter": { + "Check_if_password_exists_in_the_incident": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Check_if_the_exposed_password_is_in_use_on_the_network": { + "runAfter": { + "Check_if_the_user_is_currently_an_active_employee": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Check_if_the_user_is_currently_an_active_employee": { + "runAfter": { + "Check_if_pwd_length_is_greater_than_required_length_by_organization": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Set_custom_details_object": { + "type": "SetVariable", + "inputs": { + "name": "incident_custom_details_object", + "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])" + } + } + }, + "runAfter": { + "For_each_account": [ + "Succeeded" + ] + }, + "type": "Foreach" + } + }, + "runAfter": { + "Incident_Custom_Details_Object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "@triggerBody()?['object']?['properties']?['title']", + "@variables('incident_name')" + ] + } + ] + }, + "type": "If" + }, + "IP_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Incident_Custom_Details_Object": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_custom_details_object", + "type": "object" + } + ] + } + }, + "Incident_Email_Account": { + "runAfter": { + "Incident_Plain_Text_Password": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_email_address", + "type": "string" + } + ] + } + }, + "Incident_Name": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_name", + "type": "string", + "value": "SpyCloud Enterprise Breach Detection" + } + ] + } + }, + "Incident_Password": { + "runAfter": { + "Incident_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_password", + "type": "string" + } + ] + } + }, + "Incident_Plain_Text_Password": { + "runAfter": { + "Incident_Password": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_plain_text_password", + "type": "string" + } + ] + } + }, + "Outputs_Variable": { + "runAfter": { + "Astriek_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "password_enrich_data", + "type": "array" + } + ] + } + }, + "UPN_Suffix_": { + "runAfter": { + "Account_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "upn_suffix", + "type": "string" + } + ] + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[[variables('AzureSentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId2')]", + "contentId": "[variables('_playbookContentId2')]", + "kind": "Playbook", + "version": "[variables('playbookVersion2')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + } + } + } + ], + "metadata": { + "title": "SpyCloud Breach Information - SpyCloud Enterprise", + "description": "This Playbook will be triggered when an spycloud breach incident is created.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "entities": [ + "ACCOUNT" + ], + "tags": [ + "Enrichment" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId2')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Breach-Playbook", + "contentProductId": "[variables('_playbookcontentProductId2')]", + "id": "[variables('_playbookcontentProductId2')]", + "version": "[variables('playbookVersion2')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName3')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Get-Domain-Breach-Data-Playbook Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion3')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Domain-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "_connection-1": "[[variables('connection-1')]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]", + "_connection-2": "[[variables('connection-2')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureSentinelConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "kind": "V1", + "properties": { + "displayName": "[[variables('AzureSentinelConnectionName')]", + "parameterValueType": "Alternative", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "api": { + "id": "[[variables('_connection-2')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Entities_-_Get_DNS": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/dnsresolution" + } + }, + "For_Each_Incident_DNS_Domain": { + "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for Domain @{items('For_Each_Incident_DNS_Domain')?['DomainName']}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('domain_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_Domain_Search')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "Domain_Breach_Data_Array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "type": "SetVariable", + "inputs": { + "name": "Domain_Breach_Data_Array", + "value": "[variables('TemplateEmptyArray')]" + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for Domain @{items('For_Each_Incident_DNS_Domain')?['DomainName']}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Domain_Search": { + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/domains/@{encodeURIComponent(items('For_Each_Incident_DNS_Domain')?['DomainName'])}" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Domain_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Domain_Search')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_DNS": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "IP_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Outputs_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "domain_breach_data_array", + "type": "array" + } + ] + } + }, + "minimum_records": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[[variables('AzureSentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId3')]", + "contentId": "[variables('_playbookContentId3')]", + "kind": "Playbook", + "version": "[variables('playbookVersion3')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "Domain Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a domain or set of domains associated with an incident.", + "prerequisites": "https://www.spycloud.com/integrations to request a trial key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "entities": [ + "dnsresolution" + ], + "tags": [ + "Enrichment" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId3')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Get-Domain-Breach-Data-Playbook", + "contentProductId": "[variables('_playbookcontentProductId3')]", + "id": "[variables('_playbookcontentProductId3')]", + "version": "[variables('playbookVersion3')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName4')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Get-Email-Breach-Data-Playbook Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion4')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Email-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "_connection-1": "[[variables('connection-1')]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]", + "_connection-2": "[[variables('connection-2')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureSentinelConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "kind": "V1", + "properties": { + "displayName": "[[variables('AzureSentinelConnectionName')]", + "parameterValueType": "Alternative", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "api": { + "id": "[[variables('_connection-2')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Asterisk_Variable": { + "runAfter": { + "Email_Address_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "asterisk", + "type": "string", + "value": "@" + } + ] + } + }, + "Email_Address_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "email_address", + "type": "string" + } + ] + } + }, + "Entities_-_Get_Accounts": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/account" + } + }, + "For_Each_Incident_Emails": { + "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for Email @{variables('email_address')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit: https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('email_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_Email_Search')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "email_breach_data_array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_empty": { + "type": "SetVariable", + "inputs": { + "name": "email_breach_data_array", + "value": "[variables('TemplateEmptyArray')]" + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for Email @{variables('email_address')}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Email_Search": { + "runAfter": { + "Set_Email_Address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/emails/@{encodeURIComponent(variables('email_address'))}" + } + }, + "Set_Email_Address": { + "type": "SetVariable", + "inputs": { + "name": "email_address", + "value": "@{items('For_Each_Incident_Emails')?['Name']}@{variables('asterisk')}@{items('For_Each_Incident_Emails')?['UPNSuffix']}" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Email_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Email_Search')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_Accounts": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "Outputs_Variable": { + "runAfter": { + "Asterisk_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "email_breach_data_array", + "type": "array" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[[variables('AzureSentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId4')]", + "contentId": "[variables('_playbookContentId4')]", + "kind": "Playbook", + "version": "[variables('playbookVersion4')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "Email Address Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a Email address or set of Email addresses associated with an incident.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "entities": [ + "ACCOUNT" + ], + "tags": [ + "Enrichment" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId4')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Get-Email-Breach-Data-Playbook", + "contentProductId": "[variables('_playbookcontentProductId4')]", + "id": "[variables('_playbookcontentProductId4')]", + "version": "[variables('playbookVersion4')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName5')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Get-IP-Breach-Data-Playbook Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion5')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-IP-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "_connection-1": "[[variables('connection-1')]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]", + "_connection-2": "[[variables('connection-2')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureSentinelConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "kind": "V1", + "properties": { + "displayName": "[[variables('AzureSentinelConnectionName')]", + "parameterValueType": "Alternative", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "api": { + "id": "[[variables('_connection-2')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Entities_-_Get_IPs": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/ip" + } + }, + "For_Each_Incident_IPS": { + "foreach": "@body('Entities_-_Get_IPs')?['IPs']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for IP @{items('For_Each_Incident_IPS')?['Address']}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('ip_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_IP_Address')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "IP_Breach_Data_Array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "type": "SetVariable", + "inputs": { + "name": "ip_breach_data_array", + "value": "[variables('TemplateEmptyArray')]" + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for IP @{items('For_Each_Incident_IPS')?['Address']}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_IP_Address": { + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/ips/@{encodeURIComponent(items('For_Each_Incident_IPS')?['Address'])}" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_IP_Address": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_IP_Address')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_IPs": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "Outputs_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_breach_data_array", + "type": "array" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[[variables('AzureSentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId5')]", + "contentId": "[variables('_playbookContentId5')]", + "kind": "Playbook", + "version": "[variables('playbookVersion5')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "IP Address Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a IP address or set of IP addresses associated with an incident.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "entities": [ + "IP" + ], + "tags": [ + "Enrichment" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId5')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Get-IP-Breach-Data-Playbook", + "contentProductId": "[variables('_playbookcontentProductId5')]", + "id": "[variables('_playbookcontentProductId5')]", + "version": "[variables('playbookVersion5')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName6')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Get-Password-Breach-Data-Playbook Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion6')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Password-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]", + "_connection-1": "[[variables('connection-1')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "manual": { + "type": "Request", + "kind": "Http", + "inputs": { + "method": "GET" + } + } + }, + "actions": { + "Check_if_records_exists": { + "actions": { + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('password_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@body('Get_Breach_Data_by_Password_Search')?['results']", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "password_breach_data_array", + "value": "@outputs('Compose')" + } + }, + "Check_if_ip_address_exists": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_ip_address_variable": { + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "Set_ip_address_to_empty": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Compose": { + "runAfter": { + "Check_if_ip_address_exists": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'), 0, sub(length(variables('ip_address')), 1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Set_ip_address_to_empty": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "type": "SetVariable", + "inputs": { + "name": "password_breach_data_array", + "value": "[variables('TemplateEmptyArray')]" + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Password_Search": { + "runAfter": { + "Provide_Password_to_search": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/passwords/@{encodeURIComponent(variables('password_to_search'))}" + } + }, + "Outputs_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "password_breach_data_array", + "type": "array" + } + ] + } + }, + "Provide_Password_to_search": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "password_to_search", + "type": "string", + "value": "welcome@123" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Password_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Password_Search')?['hits']" + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "SpyCloud-Enterprise-Connector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId6')]", + "contentId": "[variables('_playbookContentId6')]", + "kind": "Playbook", + "version": "[variables('playbookVersion6')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "Password Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a provided password.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "tags": [ + "Enrichment" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId6')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Get-Password-Breach-Data-Playbook", + "contentProductId": "[variables('_playbookcontentProductId6')]", + "id": "[variables('_playbookcontentProductId6')]", + "version": "[variables('playbookVersion6')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName7')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Get-Username-Breach-Data-Playbook Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion7')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Username-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "_connection-1": "[[variables('connection-1')]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]", + "_connection-2": "[[variables('connection-2')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureSentinelConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "kind": "V1", + "properties": { + "displayName": "[[variables('AzureSentinelConnectionName')]", + "parameterValueType": "Alternative", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "api": { + "id": "[[variables('_connection-2')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Entities_-_Get_Accounts": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/account" + } + }, + "For_Each_Incident_Emails": { + "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for username @{variables('username')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('username_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_Username_Search')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "username_breach_data_array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "type": "SetVariable", + "inputs": { + "name": "username_breach_data_array", + "value": "[variables('TemplateEmptyArray')]" + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for username @{variables('username')}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Username_Search": { + "runAfter": { + "Set_Username": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/usernames/@{encodeURIComponent(variables('username'))}" + } + }, + "Set_Username": { + "type": "SetVariable", + "inputs": { + "name": "username", + "value": "@items('For_Each_Incident_Emails')?['Name']" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Username_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Username_Search')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_Accounts": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "Outputs_Variable": { + "runAfter": { + "Usernames_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "username_breach_data_array", + "type": "array" + } + ] + } + }, + "Usernames_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "username", + "type": "string" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[[variables('AzureSentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId7')]", + "contentId": "[variables('_playbookContentId7')]", + "kind": "Playbook", + "version": "[variables('playbookVersion7')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "Username Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a username or set of usernames associated with an incident.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "entities": [ + "ACCOUNT" + ], + "tags": [ + "Enrichment" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId7')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Get-Username-Breach-Data-Playbook", + "contentProductId": "[variables('_playbookcontentProductId7')]", + "id": "[variables('_playbookcontentProductId7')]", + "version": "[variables('playbookVersion7')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName8')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Malware-Playbook Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion8')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Malware-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "_connection-1": "[[variables('connection-1')]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]", + "_connection-2": "[[variables('connection-2')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureSentinelConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "kind": "V1", + "properties": { + "displayName": "[[variables('AzureSentinelConnectionName')]", + "parameterValueType": "Alternative", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "api": { + "id": "[[variables('_connection-2')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Check_if_the_incident_is_created_by_SpyCloud_Malware_": { + "actions": { + "Entities_-_Get_Hosts": { + "runAfter": { + "For_each_incident_alert": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/host" + } + }, + "For_each_host": { + "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']", + "actions": { + "Check_if_the_records_are_returned": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Comapss Devices Data for @{variables('infected_machine_id')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('compass_device_data')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Compass_Devices_Data')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "compass_device_data", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "Set_IP_Address_to_Empty": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Set_variable": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + } + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_IP_Address_to_Empty": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "type": "Foreach" + }, + "Update_incident": { + "runAfter": { + "Add_comment_to_incident_(V3)": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "owner": "someone@someone.com", + "ownerAction": "Assign", + "severity": "High" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "put", + "path": "/Incidents" + } + } + }, + "runAfter": { + "Get_Compass_Devices_Data": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@body('Get_Compass_Devices_Data')?['hits']", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Compass_Devices_Data": { + "runAfter": { + "Set_Infected_Machine_ID": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/compass/data/devices/@{encodeURIComponent(variables('infected_machine_id'))}" + } + }, + "Set_Infected_Machine_ID": { + "type": "SetVariable", + "inputs": { + "name": "infected_machine_id", + "value": "@items('For_each_host')?['HostName']" + } + } + }, + "runAfter": { + "Entities_-_Get_Hosts": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "For_each_incident_alert": { + "foreach": "@triggerBody()?['object']?['properties']?['Alerts']", + "actions": { + "Check_User_Host_Name_exists": { + "actions": { + "Check_if_Host_is_Managed_host": { + "runAfter": { + "Set_variable_2": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Set_User_Host_Name": { + "type": "SetVariable", + "inputs": { + "name": "user_host_name", + "value": "@{variables('incident_custom_details_object')?['User_Host_Name']}" + } + }, + "Set_variable_2": { + "runAfter": { + "Set_User_Host_Name": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "user_host_name_trim", + "value": "@{replace(replace(variables('user_host_name'),'[\"',''),'\"]','')}" + } + } + }, + "runAfter": { + "Set_custom_details_object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@variables('incident_custom_details_object')?['User_Host_Name']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_custom_details_object": { + "type": "SetVariable", + "inputs": { + "name": "incident_custom_details_object", + "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])" + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "Incident_Custom_Details_Object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "@triggerBody()?['object']?['properties']?['title']", + "@variables('incident_name')" + ] + } + ] + }, + "type": "If" + }, + "IP_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Incident_Custom_Details_Array": { + "runAfter": { + "Is_Managed_Host": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_custom_details_array", + "type": "array" + } + ] + } + }, + "Incident_Custom_Details_Object": { + "runAfter": { + "Incident_Custom_Details_Array": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_custom_details_object", + "type": "object" + } + ] + } + }, + "Incident_Name": { + "runAfter": { + "more_records_display_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_name", + "type": "string", + "value": "SpyCloud Enterprise Malware Detection" + } + ] + } + }, + "Initialize_variable": { + "runAfter": { + "User_Host_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "user_host_name_trim", + "type": "string" + } + ] + } + }, + "Is_Managed_Host": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "is_managed_host", + "type": "boolean", + "value": "@true" + } + ] + } + }, + "Machine_ID": { + "runAfter": { + "Initialize_variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "infected_machine_id", + "type": "string" + } + ] + } + }, + "Outputs_Variable": { + "runAfter": { + "Machine_ID": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "compass_device_data", + "type": "array" + } + ] + } + }, + "User_Host_Name": { + "runAfter": { + "Incident_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "user_host_name", + "type": "string" + } + ] + } + }, + "minimum_records": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_display_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[[variables('AzureSentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId8')]", + "contentId": "[variables('_playbookContentId8')]", + "kind": "Playbook", + "version": "[variables('playbookVersion8')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "SpyCloud Malware Information - SpyCloud Enterprise", + "description": "This Playbook will be triggered when an spycloud malware incident is created.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "entities": [ + "ACCOUNT" + ], + "tags": [ + "Enrichment" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId8')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Malware-Playbook", + "contentProductId": "[variables('_playbookcontentProductId8')]", + "id": "[variables('_playbookcontentProductId8')]", + "version": "[variables('playbookVersion8')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName9')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloud-Monitor-Watchlist-Data Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion9')]", + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Monitor-Watchlist-Data", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + }, + "SpyCloud_Custom_Log_Table_Name": { + "defaultValue": "SpyCloudBreachDataWatchlist", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom log name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureLogAnalyticsDataConnector": "[[concat('azuredataconnector-', parameters('PlaybookName'))]", + "SpyCloudCustomTableName": "[[parameters('SpyCloud_Custom_Log_Table_Name')]", + "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azureloganalyticsdatacollector')]", + "_connection-1": "[[variables('connection-1')]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]", + "_connection-2": "[[variables('connection-2')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('AzureLogAnalyticsDataConnector')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('AzureLogAnalyticsDataConnector')]", + "api": { + "id": "[[variables('_connection-1')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "api": { + "id": "[[variables('_connection-2')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Recurrence": { + "recurrence": { + "frequency": "Day", + "interval": 1, + "startTime": "[variables('blanks')]" + }, + "evaluatedRecurrence": { + "frequency": "Day", + "interval": 1, + "startTime": "2023-05-06T00:00:00Z" + }, + "type": "Recurrence" + } + }, + "actions": { + "Cursor": { + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "cursor", + "type": "string", + "value": "start" + } + ] + } + }, + "Custom_Log_Name": { + "runAfter": { + "date_": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "custom_log_name", + "type": "string", + "value": "[[variables('SpyCloudCustomTableName')]" + } + ] + } + }, + "IP_address": { + "runAfter": { + "Is_First_Fetch": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Is_First_Fetch": { + "runAfter": { + "Cursor": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "first_fetch", + "type": "boolean", + "value": "@true" + } + ] + } + }, + "Until_Modified_Records_Exist": { + "actions": { + "Check_if_this_is_first_fetch_for_modified_records": { + "actions": { + "Set_Cursor_to_null_2": { + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@{null}" + } + } + }, + "expression": { + "and": [ + { + "equals": [ + "@variables('first_fetch')", + "@true" + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_for_Entire_Watchlist_2": { + "runAfter": { + "Set_modified_records_array_to_empty": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/watchlist", + "queries": { + "cursor": "@variables('cursor')", + "since_modification_date": "@variables('date')" + } + } + }, + "Set_false_to_first_fetch": { + "runAfter": { + "check_if_data_exist_for_date": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "first_fetch", + "value": "@false" + } + }, + "Set_modified_records_array_to_empty": { + "runAfter": { + "Check_if_this_is_first_fetch_for_modified_records": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "modified_records", + "value": "[variables('TemplateEmptyArray')]" + } + }, + "check_if_data_exist_for_date": { + "actions": { + "For_each_response_2": { + "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['results']", + "actions": { + "Append_to_modified_records_variable": { + "runAfter": { + "Check_IP_Address_is_Not_empty_2": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "modified_records", + "value": { + "Document_Id": "@{items('For_each_response_2')?['document_id']}", + "Domain": "@{items('For_each_response_2')?['domain']}", + "Email": "@{items('For_each_response_2')?['email']}", + "IP_Address": "@{variables('ip_address')}", + "Infected_Machine_Id": "@{items('For_each_response_2')?['infected_machine_id']}", + "Infected_Path": "@{items('For_each_response_2')?['infected_path']}", + "Infected_Time": "@{items('For_each_response_2')?['infected_time']}", + "Password": "@{items('For_each_response_2')?['password']}", + "Password_Plaintext": "@{items('For_each_response_2')?['password_plaintext']}", + "Severity": "@{items('For_each_response_2')?['severity']}", + "Source_Id": "@{items('For_each_response_2')?['source_id']}", + "SpyCloud_Publish_Date": "@{items('For_each_response_2')?['spycloud_publish_date']}", + "Target_Domain": "@{items('For_each_response_2')?['target_domain']}", + "Target_SubDomain": "@{items('For_each_response_2')?['target_subdomain']}", + "Target_URL": "@{items('For_each_response_2')?['target_url']}", + "User_Hostname": "@{items('For_each_response_2')?['user_hostname']}", + "User_OS": "@{items('For_each_response_2')?['user_os']}", + "Username": "@{items('For_each_response_2')?['username']}" + } + } + }, + "Check_IP_Address_is_Not_empty_2": { + "actions": { + "set_ip_variable": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{first(items('For_each_response_2')?['ip_addresses'])}" + } + } + }, + "else": { + "actions": { + "set_ip_variable_to_null": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{null}" + } + } + } + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response_2')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + } + }, + "type": "Foreach" + }, + "Modified_Records_Compose": { + "runAfter": { + "For_each_response_2": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": "@variables('modified_records')" + }, + "Save_Modified_Records_to_Custom_Logs_Table": { + "runAfter": { + "Modified_Records_Compose": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@{outputs('Modified_Records_Compose')}", + "headers": { + "Log-Type": "@variables('custom_log_name')" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" + } + }, + "method": "post", + "path": "/api/logs" + } + } + }, + "runAfter": { + "Get_Breach_Data_for_Entire_Watchlist_2": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['hits']", + 0 + ] + } + ] + }, + "type": "If" + }, + "set_cursor_value": { + "runAfter": { + "Set_false_to_first_fetch": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['cursor']" + } + } + }, + "runAfter": { + "reset_first_fetch": [ + "Succeeded" + ] + }, + "expression": "@equals(empty(variables('cursor')), true)", + "limit": { + "count": 60, + "timeout": "PT1H" + }, + "type": "Until" + }, + "Until_New_Records_Exist": { + "actions": { + "Check_if_data_exists": { + "actions": { + "For_each_response": { + "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist')?['results']", + "actions": { + "Append_to_new_records_array": { + "runAfter": { + "Check_IP_Address_is_Not_empty": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "new_records", + "value": { + "Document_Id": "@{items('For_each_response')?['document_id']}", + "Domain": "@{items('For_each_response')?['domain']}", + "Email": "@{items('For_each_response')?['email']}", + "IP_Address": "@{variables('ip_address')}", + "Infected_Machine_Id": "@{items('For_each_response')?['infected_machine_id']}", + "Infected_Path": "@{items('For_each_response')?['infected_path']}", + "Infected_Time": "@{items('For_each_response')?['infected_time']}", + "Password": "@{items('For_each_response')?['password']}", + "Password_Plaintext": "@{items('For_each_response')?['password_plaintext']}", + "Severity": "@{items('For_each_response')?['severity']}", + "Source_Id": "@{items('For_each_response')?['source_id']}", + "SpyCloud_Publish_Date": "@{items('For_each_response')?['spycloud_publish_date']}", + "Target_Domain": "@{items('For_each_response')?['target_domain']}", + "Target_SubDomain": "@{items('For_each_response')?['target_subdomain']}", + "Target_URL": "@{items('For_each_response')?['target_url']}", + "User_Hostname": "@{items('For_each_response')?['user_hostname']}", + "User_OS": "@{items('For_each_response')?['user_os']}", + "Username": "@{items('For_each_response')?['username']}" + } + } + }, + "Check_IP_Address_is_Not_empty": { + "actions": { + "Set_Address_to_value": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{first(items('For_each_response')?['ip_addresses'])}" + } + } + }, + "else": { + "actions": { + "Set_Address_to_null": { + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{null}" + } + } + } + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + } + }, + "type": "Foreach" + }, + "New_Records_Compose": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": "@variables('new_records')" + }, + "Save_New_Records_to_Custom_Logs_Table": { + "runAfter": { + "New_Records_Compose": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@{outputs('New_Records_Compose')}", + "headers": { + "Log-Type": "@variables('custom_log_name')" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" + } + }, + "method": "post", + "path": "/api/logs" + } + } + }, + "runAfter": { + "Get_Breach_Data_for_Entire_Watchlist": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@body('Get_Breach_Data_for_Entire_Watchlist')?['hits']", + 0 + ] + } + ] + }, + "type": "If" + }, + "Check_if_this_is_first_fetch_for_new_records": { + "actions": { + "Set_Cursor_to_null_": { + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@{null}" + } + } + }, + "expression": { + "and": [ + { + "equals": [ + "@variables('first_fetch')", + "@true" + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_for_Entire_Watchlist": { + "runAfter": { + "Set_new_records_array_to_empty": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/watchlist", + "queries": { + "cursor": "@variables('cursor')", + "since": "@variables('date')" + } + } + }, + "Set_First_Fetch_to_False": { + "runAfter": { + "Check_if_data_exists": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "first_fetch", + "value": "@false" + } + }, + "Set_cursor_from_the_API_response": { + "runAfter": { + "Set_First_Fetch_to_False": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@body('Get_Breach_Data_for_Entire_Watchlist')?['cursor']" + } + }, + "Set_new_records_array_to_empty": { + "runAfter": { + "Check_if_this_is_first_fetch_for_new_records": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "new_records", + "value": "[variables('TemplateEmptyArray')]" + } + } + }, + "runAfter": { + "modified_records": [ + "Succeeded" + ] + }, + "expression": "@equals(empty(variables('cursor')), true)", + "limit": { + "count": 60, + "timeout": "PT1H" + }, + "type": "Until" + }, + "date_": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "date", + "type": "string", + "value": "@{addDays(utcNow(), -1, 'yyyy-MM-dd')}" + } + ] + } + }, + "modified_records": { + "runAfter": { + "new_records_": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "modified_records", + "type": "array", + "value": "[variables('TemplateEmptyArray')]" + } + ] + } + }, + "new_records_": { + "runAfter": { + "Custom_Log_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "new_records", + "type": "array", + "value": "[variables('TemplateEmptyArray')]" + } + ] + } + }, + "reset_cursor": { + "runAfter": { + "Until_New_Records_Exist": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "start" + } + }, + "reset_first_fetch": { + "runAfter": { + "reset_cursor": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "first_fetch", + "value": "@true" + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "SpyCloud-Enterprise-Connector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + }, + "azureloganalyticsdatacollector": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]", + "connectionName": "[[variables('AzureLogAnalyticsDataConnector')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azureloganalyticsdatacollector')]" + } + } + } + } + }, + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId9')]", + "contentId": "[variables('_playbookContentId9')]", + "kind": "Playbook", + "version": "[variables('playbookVersion9')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "SpyCloud Watachlist data - SpyCloud Enterprise", + "description": "This Playbook will run daily, gets the watchlist data from SpyCloud API and saved it into the custom logs.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00Z", + "tags": [ + "Feed" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId9')]", + "contentKind": "Playbook", + "displayName": "SpyCloud-Monitor-Watchlist-Data", + "contentProductId": "[variables('_playbookcontentProductId9')]", + "id": "[variables('_playbookcontentProductId9')]", + "version": "[variables('playbookVersion9')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloudEnterpriseProtectionBreachRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleVersion1')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRulecontentId1')]", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data", + "displayName": "SpyCloud Enterprise Breach Detection", + "enabled": false, + "query": "SpyCloudBreachDataWatchlist_CL\n| where Severity_s == '20'\n| project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, IP_Address_s\n", + "queryFrequency": "PT12H", + "queryPeriod": "PT12H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": "[variables('TemplateEmptyArray')]", + "tactics": [ + "CredentialAccess" + ], + "techniques": [ + "T1555" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "columnName": "Email_s", + "identifier": "FullName" + } + ] + }, + { + "entityType": "Account", + "fieldMappings": [ + { + "columnName": "Username_s", + "identifier": "Name" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "IP_Address_s", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "Password": "Password_s", + "Domain": "Domain_s", + "Document_Id": "Document_Id_g", + "Password_Plaintext": "Password_Plaintext_s", + "Source_Id": "Source_Id_s", + "PublishDate": "SpyCloud_Publish_Date_t" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "12h", + "matchingMethod": "AllEntities" + } + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]", + "properties": { + "description": "SpyCloud Enterprise Protection Analytics Rule 1", + "parentId": "[variables('analyticRuleId1')]", + "contentId": "[variables('_analyticRulecontentId1')]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleVersion1')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_analyticRulecontentId1')]", + "contentKind": "AnalyticsRule", + "displayName": "SpyCloud Enterprise Breach Detection", + "contentProductId": "[variables('_analyticRulecontentProductId1')]", + "id": "[variables('_analyticRulecontentProductId1')]", + "version": "[variables('analyticRuleVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleTemplateSpecName2')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SpyCloudEnterpriseProtectionMalwareRule_AnalyticalRules Analytics Rule with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleVersion2')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRulecontentId2')]", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data", + "displayName": "SpyCloud Enterprise Malware Detection", + "enabled": false, + "query": "SpyCloudBreachDataWatchlist_CL\n| where Severity_s == '25'\n| project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, Infected_Machine_Id_g, Infected_Path_s, Infected_Time_t, Target_Domain_s, Target_SubDomain_s, User_Hostname_s, User_OS_s, Target_URL_s,IP_Address_s\n", + "queryFrequency": "PT12H", + "queryPeriod": "PT12H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": "[variables('TemplateEmptyArray')]", + "tactics": [ + "CredentialAccess" + ], + "techniques": [ + "T1555" + ], + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Infected_Machine_Id_g", + "identifier": "HostName" + }, + { + "columnName": "User_Hostname_s", + "identifier": "DnsDomain" + } + ] + }, + { + "entityType": "Account", + "fieldMappings": [ + { + "columnName": "Email_s", + "identifier": "FullName" + }, + { + "columnName": "Username_s", + "identifier": "Name" + } + ] + }, + { + "entityType": "DNS", + "fieldMappings": [ + { + "columnName": "Target_Domain_s", + "identifier": "DomainName" + } + ] + }, + { + "entityType": "DNS", + "fieldMappings": [ + { + "columnName": "Target_SubDomain_s", + "identifier": "DomainName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "IP_Address_s", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "Password": "Password_s", + "Domain": "Domain_s", + "Source_Id": "Source_Id_s", + "User_Host_Name": "User_Hostname_s", + "Infected_Time": "Infected_Time_t", + "Document_Id": "Document_Id_g", + "Password_Plaintext": "Password_Plaintext_s", + "Infected_Path": "Infected_Path_s", + "PublishDate": "SpyCloud_Publish_Date_t" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "12h", + "matchingMethod": "AllEntities" + } + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]", + "properties": { + "description": "SpyCloud Enterprise Protection Analytics Rule 2", + "parentId": "[variables('analyticRuleId2')]", + "contentId": "[variables('_analyticRulecontentId2')]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleVersion2')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_analyticRulecontentId2')]", + "contentKind": "AnalyticsRule", + "displayName": "SpyCloud Enterprise Malware Detection", + "contentProductId": "[variables('_analyticRulecontentProductId2')]", + "id": "[variables('_analyticRulecontentProductId2')]", + "version": "[variables('analyticRuleVersion2')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.0.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "SpyCloud Enterprise Protection", + "publisherDisplayName": "Spycloud", + "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Cybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.

\n

Analytic Rules: 2, Custom Azure Logic Apps Connectors: 1, Playbooks: 8

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "SpyCloud Enterprise Protection", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "SpyCloud" + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "LogicAppsCustomConnector", + "contentId": "[variables('_Custom Connector')]", + "version": "[variables('playbookVersion1')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Breach-Playbook')]", + "version": "[variables('playbookVersion2')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Get-Domain-Breach-Data-Playbook')]", + "version": "[variables('playbookVersion3')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Get-Email-Breach-Data-Playbook')]", + "version": "[variables('playbookVersion4')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Get-IP-Breach-Data-Playbook')]", + "version": "[variables('playbookVersion5')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Get-Password-Breach-Data-Playbook')]", + "version": "[variables('playbookVersion6')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Get-Username-Breach-Data-Playbook')]", + "version": "[variables('playbookVersion7')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Malware-Playbook')]", + "version": "[variables('playbookVersion8')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SpyCloud-Monitor-Watchlist-Data')]", + "version": "[variables('playbookVersion9')]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRulecontentId1')]", + "version": "[variables('analyticRuleVersion1')]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRulecontentId2')]", + "version": "[variables('analyticRuleVersion2')]" + } + ] + }, + "firstPublishDate": "2023-09-09", + "providers": [ + "Spycloud, Inc" + ], + "categories": { + "domains": [ + "Security - Automation (SOAR)", + "Security - Threat Intelligence" + ] + } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} +} diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/azuredeploy.json new file mode 100644 index 00000000000..1d52d4b10b7 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/azuredeploy.json @@ -0,0 +1,2056 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "comments": "SpyCloud Enterprise Protection Custom Connector", + "author": "SpyCloud" + }, + "parameters": { + "SpyCloudConnectorName": { + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String" + } + }, + "variables":{ + + }, + "resources": [ + { + "type": "Microsoft.Web/customApis", + "apiVersion": "2016-06-01", + "name": "[parameters('SpyCloudConnectorName')]", + "location":"[resourceGroup().location]", + "properties": { + "connectionParameters":{ + "api_key":{ + "type": "securestring", + "uiDefinition":{ + "displayName": "API Key", + "description": "The API Key for this api", + "tooltip": "Provide your API Key", + "constraints":{ + "tabIndex":2, + "clearText": false, + "required": "true" + } + } + } + }, + "backendService":{ + "serviceUrl": "https://api.spycloud.io/enterprise-v2" + }, + "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.", + "displayName": "[parameters('SpyCloudConnectorName')]", + "iconUri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOYAAADmCAYAAADBavm7AAAK9klEQVR4nO3dLXTb5h7H8f/uuecUKqhQGiq0UQtlVGiPrNBBLctCNuigFHqkGfNGFJgiFwpFsEMyDIrDwiwYlIFd+cr2I1l2/PJz8v2c43O6xC+Kkq/0yHrk/fDw8PBoAKT8Z98LAGARYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwMSNN030vwl6o/dyECYuiyF6/fm2vXr2y3377bd+LszNpmtrbt2/t1atX9u7du30vzoz/7nsBlkmSxMz+XYmTyaT0fq1Wy8zMGo2GHR0d7WTZ9ilNU8uybCPrZTweW5ZlW1lOZVmW2Wg02vdiOEmGORwO7fz8fKWV9vnz5+m/wzC0fr9vzWZzG4u3N2ma2sXFhV1eXtZ+zPx6ubq6ehEbrkMnN5T9+PGjffjw4UlbsiRJ7Pz8fINLtX9RFNm7d+9WinJekiRPejx2R2qPuck/nOc0NBuPx85jvzAMLQzDWs+RD31xGKTCjKKo9Hue5y0dmk4mE9ljhqf48uXLTFSNRsO+fv1qQRDscamwTVJhXl9fL3zN933766+/au8ZcuPxeFOLtXfD4XD6b8/zLI5jjhOfOaljzLu7u4WvnZ6erhylmT2bvclkMplZL91ulyhfAKkwXZ7bO6urmh+a56c/8LxJDWV3Yf5NkOL5vTRNLUkS53nBZrNpYRgu7K3y86xFdY6HXW/G1HncvveW+XG867AjFwSBtVqtylFL8edf5/2DqvOyk8nEkiQpnc0TBIF1Op3K19u7h4eHR5WbmS3crq6uNvoaYRjOPL/v+4/39/cLX3fdPM97HAwGlc9nZo+NRmPpcjQajYXHdbvdhfv1+/2Z+2xjvfd6venzh2FYeT/P85aup+Jz3d/fL/09VL1mfovjeOa54zh23m8wGNRaRs/zHrvd7tbX7bo3+aFs1Tu1m3B3d2dv3rxx7vnmZVlmnz59mrmv6/h3NBpVzsbJ7zPP9VzLnmdXzs/P7fPnzyudckmSxN6/f7/FpVp8vU+fPtVaxizLpM/pSoXped7C1759+2Zv37618/Nzu7i4sCRJSoeb61r1/F5xY1E2JKoKvex7ysOri4uLmf/u9XoWx7Hd39/bw8ODPTw8WBzHNhgMrNFoTO83Go22vnHNffnyZea/2+22xXFsNzc3M8t4dXVl3W53J8u0LqljzGaz6fyjHY1Glecn8z1NEATTY8FV3zTyfd+Oj49nvpZvBOYVj12azaZ5nrcQd5qmpaG5js+U5/gmSTLz8/X7ffvll18W7pdPeOh0OvbmzZvpY4bD4cK63YZv375N/91ut+3r16/OZTT7/0ZQda8pFWan06k1pJxXfEy+oleZFxqGocVx7Pzezz//PPMLN1schnY6nYVf8Kp7zHVOCe3K/IZk2d7m6OhoZp3s4pKq+deosyE4Pj6WDVNqKNvtdmeGQU+RJEntS5iqhpB1fsGuqFYN86efflr6Ogp836+1sSu+I+s6P71p8yOWQz+PLRXm0dGRxXFsvV7Peby5qsvLy1rHolXD3rI/wmJcrZJzi64Ay4JV3mMW90Y//vhjrceUrZNdOfTz31JDWbN/Qzg7O7OzszNL09TG4/H0D2M8Hk+n2tWdlD0ajZ70R19nyxsEgTUajYUh7vX19cJru44v2+322su3C4cw+V3tEwieSi7Momazac1ms3KomYdbdv2mK45V1B0ShWG48Pp195j73rs8ByqnlTZFaii7jnwWh+sduF1yHSPWDVN5GIv9OPgwc/s+2C+LqxiiK0rf9w/+eAib92zC3JZVhkiuY8XiMaXr+HLZMHb++8/tWApuhLlE2cQG17vGrsiW7TFXHcYewhsx+/DcjtOfTZhPOfivemzZ91zDT9ebVMU9nGtvt2wa3vwQveqqjm0pbjzqrud979kP/UJ5qTCf8sssm0xQ5/it+AkBq3xvXhAE5vv+zNeyLLPhcOg8vVNnGl4QBDN7513NOy1T96Nbbm9vp/+eXydm7hHHJh16mFKnS/IP3c3/YOte15imaenskjph5tOyOp3OTChRFDmnbFUNP1ut1sJjPnz44HxM3WFsGIbTaYF3d3f266+/2u+//17rsZswvw6jKKqcETWZTGY2aK5JCc1mc/oz1dkgLxspzM8Yi6Jo6frd90auilSYueJWeX6e6irCMKz9bu3l5WXteZNV0wZd82bNnjYN7/T0dGY9/PHHHzYajazT6Uwn0bs2QMWLi29vby1NU2u1WitfxTL/B56PTlxx5ueUixtK1+sVN4BZltnHjx+t3+8vjCDG47FFUTTz+bguR0dHM5M8Li8vrdlsOj+KZZ3P5925fV8QWrxZzQtw69w8z3v8/v175QW6695ubm4qf466FxOvsm7mL+pd99br9da6UPrk5GTt34PrYumbm5sn/RyuC6UHg8GTnnPff/+yF0r3er2NPE+73ba///679vnBVa7NGwwGS/fCrkui5q36buyff/755DnEnuetffnV2dnZylMHfd8v/US/IAjs5OSk1vN4nmeDwWDpz358fFz7d5l/2qCqH/63p5IxHo/t+vp6OtWuzumB/Ji07HN5it6/f78wrIzj2IIgsCiKKieZHx8f1x4aR1Fkw+HQsiyz29vbhWPgsmsalyl+nk1x7nCZfJibz5ByrZskSabHcEEQVMabpmnpm1m5/HrYOkPm/LXLPjspH3oHQTB9XbN/N35VFxiUPWd+zW4+xC0+59nZ2dLl3RW5MLetLMxtTotzXdP5/ft3ZvyglNRQ9rma3xDUebcZLxthbplryKf82T7QQJhb5vq/jnE1CZaRPI95qF6/fm1Zlk3fjCp7g4Q9JpYhzA3KI6yattZut2U/DQ86GMpuUJ1zjKenpztYEhy6Fxum7/sWhqGdnJxs7CLrfr9fGqfv+3Z1dcXxJWp5cecx0zTd+qmKqv9xEVDHiwsTOAQvdigLKCNMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQE/QNJ5aSYMcswbQAAAABJRU5ErkJggg==", + "swagger":{ + "swagger": "2.0", + "info": { + "title": "SpyCloud Enterprise Protection", + "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.", + "contact": { + "name": "SpyCloud Integrations", + "url": "https://portal/spycloud.com/", + "email": "integrations@spycloud.com" + }, + "version": "1.0" + }, + "host": "api.spycloud.io", + "basePath": "/enterprise-v2", + "schemes": [ + "https" + ], + "consumes": [], + "produces": [], + "paths": { + "/breach/catalog": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Catalog_Schema" + } + } + }, + "summary": "List or Query the Breach Catalog", + "description": "List or Query the Breach Catalog.", + "operationId": "Breach_Catalog", + "parameters": [ + { + "$ref": "#/parameters/Query" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + } + ] + } + }, + "/breach/catalog/{id}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Catalog_Schema" + } + } + }, + "summary": "Get Catalog", + "description": "Get/Retrieve Breach Catalog Information by ID.", + "operationId": "Breach_Catalog_ID", + "parameters": [ + { + "$ref": "#/parameters/ID" + } + ] + } + }, + "/breach/data/domains/{domain}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Domain_Schema" + } + } + }, + "summary": "Get Breach Data by Domain Search", + "description": "Get Breach Data by Domain Search.", + "operationId": "Breach_Catalog_Domain", + "parameters": [ + { + "$ref": "#/parameters/Domain" + }, + { + "$ref": "#/parameters/Type" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/emails/{email}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Email_Schema" + } + } + }, + "summary": "Get Breach Data by Email Search", + "description": "Get Breach Data by Email Search.", + "operationId": "Breach_Data_Email", + "parameters": [ + { + "$ref": "#/parameters/Email" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/ips/{ip}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_IP_Schema" + } + } + }, + "summary": "Get Breach Data by IP Address", + "description": "Get Breach Data by IP Address.", + "operationId": "Breach_Data_IP_Address", + "parameters": [ + { + "$ref": "#/parameters/IP" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/passwords/{password}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Password_Schema" + } + } + }, + "summary": "Get Breach Data by Password Search", + "description": "Get Breach Data by Password Search.", + "operationId": "Breach_Data_Password", + "parameters": [ + { + "$ref": "#/parameters/Password" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/usernames/{username}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Username_Schema" + } + } + }, + "summary": "Get Breach Data by Username Search", + "description": "Get Breach Data by Username Search.", + "operationId": "Breach_Data_Username", + "parameters": [ + { + "$ref": "#/parameters/Username" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/breach/data/watchlist": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Breach_Data_By_Watchlist_Schema" + } + } + }, + "summary": "Get Breach Data for Entire Watchlist", + "description": "Get Breach Data for Entire Watchlist.", + "operationId": "Breach_Data_Watchlist", + "parameters": [ + { + "$ref": "#/parameters/Type" + }, + { + "$ref": "#/parameters/Watchlist_Type" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Modification_Date" + }, + { + "$ref": "#/parameters/Until_Modification_Date" + }, + { + "$ref": "#/parameters/Severity" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/compass/devices": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Devices_List_Schema" + } + } + }, + "summary": "Get Compass Devices List", + "description": "Get Compass Devices List.", + "operationId": "Compass_Devices_List", + "parameters": [ + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Infected" + }, + { + "$ref": "#/parameters/Until_Infected" + } + ] + } + }, + "/compass/data/devices/{infected_machine_id}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Devices_Data_Schema" + } + } + }, + "summary": "Get Compass Devices Data", + "description": "Get Compass Devices Data.", + "operationId": "Compass_Devices_Data", + "parameters": [ + { + "$ref": "#/parameters/Infected_Machine_Id" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/compass/data/applications/{target_application}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Applications_Data_Schema" + } + } + }, + "summary": "Get Compass Applications Data", + "description": "Get Compass Applications Data.", + "operationId": "Compass_Applications_Data", + "parameters": [ + { + "$ref": "#/parameters/Target_Application" + }, + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + }, + "/compass/data": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "success", + "schema": { + "$ref": "#/definitions/Compass_Applications_Data_Schema" + } + } + }, + "summary": "Get Compass Data", + "description": "Get Compass Data.", + "operationId": "Compass_Data", + "parameters": [ + { + "$ref": "#/parameters/Source_Id" + }, + { + "$ref": "#/parameters/Since" + }, + { + "$ref": "#/parameters/Until" + }, + { + "$ref": "#/parameters/Since_Infected" + }, + { + "$ref": "#/parameters/Until_Infected" + }, + { + "$ref": "#/parameters/Compass_Type" + }, + { + "$ref": "#/parameters/Cursor" + }, + { + "$ref": "#/parameters/Salt" + } + ] + } + } + }, + "x-ms-connector-metadata": [ + { + "propertyName": "Website", + "propertyValue": "http://www.spycloud.com/" + }, + { + "propertyName": "Privacy policy", + "propertyValue": "https://www.spycloud.com/company/privacy-policy/" + }, + { + "propertyName": "Categories", + "propertyValue": "Security;Website" + } + ], + "definitions": { + "Breach_Catalog_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "title": { + "type": "string", + "description": "Breach title. For each ingested breach our security research team documents a breach title. This is only available when we can disclose the breach details, otherwise it will have a generic title.", + "title": "Title" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "description": { + "type": "string", + "description": "Breach description. For each ingested breach our security research team documents a breach description. This is only available when we can disclose the breach details, otherwise it will have a generic description.", + "title": "Description" + }, + "site_description": { + "type": "string", + "description": "Description of the breached organization, when available.", + "title": "Site Description" + }, + "site": { + "type": "string", + "description": "Website of breached organization, when available.", + "title": "Site" + }, + "confidence": { + "type": "number", + "description": "Numerical score representing the confidence in the source of the breach.", + "title": "Confidence" + }, + "id": { + "type": "number", + "description": "Numerical breach ID. This number correlates to source_id data point found in breach records.", + "title": "Id" + }, + "premium_flag": { + "type": "string", + "description": "premium flag.", + "title": "Premium Flag" + }, + "acquisition_date": { + "type": "string", + "description": "The date on which our security research team first acquired the breached data.", + "title": "Acquisition Date" + }, + "uuid": { + "type": "string", + "description": "UUID v4 encoded version of breach ID. This is relevant for users of Firehose, where each deliverable (records file) is named using the breach UUID.", + "title": "UUID" + }, + "type": { + "type": "string", + "description": "Denotes if a breach is considered public or private. A public breach is one that is easily found on the internet, while a private breach is often exclusive to SpyCloud.", + "title": "Type" + }, + "num_records": { + "type": "number", + "description": "Number of records we parsed and ingested from this particular breach. This is after parsing, normalization and deduplication take place.", + "title": "Number of Records" + }, + "assets": { + "type": "object", + "properties": { + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target Url" + }, + "av_softwares": { + "type": "number", + "description": "List of AV software found installed on the infected user's system.", + "title": "AV Softwares" + }, + "infected_time": { + "type": "number", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "infected_machine_id": { + "type": "number", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "country_code": { + "type": "number", + "description": "Country code; derived from country.", + "title": "Country Code" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "User System Registered Owner" + }, + "keyboard_languages": { + "type": "string", + "description": "The keyboard language found in the OS. This usually comes from Botnet data.", + "title": "Keyboard Languages" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Password" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS" + }, + "country": { + "type": "string", + "description": "Country name.", + "title": "Country" + }, + "username": { + "type": "string", + "description": "Username.", + "title": "Username" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + } + } + } + }, + "description": "Catalog Breach Results Object" + } + } + }, + "description": "Catalog Breach Data Response" + }, + "Breach_Data_By_Domain_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "full_name": { + "type": "string", + "description": "Full name.", + "title": "Full Name" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Domain Breach Results Object" + } + }, + "description": "Domain Breach Data Response" + }, + "Breach_Data_By_Email_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Email Breach Results Object" + } + }, + "description": "Email Breach Data Response" + }, + "Breach_Data_By_IP_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "IP Address Breach Results Object" + } + }, + "description": "IP Address Breach Data Response" + }, + "Breach_Data_By_Password_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "full_name": { + "type": "string", + "description": "Full name.", + "title": "Full Name" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plain Text" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Password Breach Results Object" + } + }, + "description": "Password Breach Data Response" + }, + "Breach_Data_By_Username_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "email": { + "type": "string", + "description": "Email address.", + "title": "Email Address." + }, + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Username Breach Results Object" + } + }, + "description": "Username Breach Data Response" + }, + "Breach_Data_By_Watchlist_Schema": { + "type": "object", + "properties": { + "cursor": { + "type": "string", + "description": "cursor", + "title": "Cursor" + }, + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "username": { + "type": "string", + "description": "User name.", + "title": "Username" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "Password Type" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "user_browser": { + "type": "string", + "description": "Browser name.", + "title": "User Browser" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addressess" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "user_sys_domain": { + "type": "string", + "description": "System domain. This usually comes from Botnet data.", + "title": "User System Domain" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS Name" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "System Registered Owner Name" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Sub Domain" + }, + "severity": { + "type": "number", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document ID" + } + } + }, + "description": "Watchlist Breach Results Object" + } + }, + "description": "Watchlist Breach Data Response" + }, + "Compass_Devices_List_Schema": { + "type": "object", + "properties": { + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "infected_device_id": { + "type": "string", + "description": "Infected Device Id.", + "title": "Infected Device Id" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "User OS" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "source_id": { + "type": "number", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source ID" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.", + "title": "Spycloud Publish Date" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "application_count": { + "type": "string", + "description": "Application Count.", + "title": "Application Count" + } + } + }, + "description": "Compass Devices List Results Object" + } + }, + "description": "Compass Devices List Data Response" + }, + "Compass_Devices_Data_Schema": { + "type": "object", + "properties": { + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "cursor": { + "type": "string", + "description": "Token used for iterating through multiple pages of results.", + "title": "Cursor" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "user_browser": { + "type": "string", + "description": "Browser Name.", + "title": "User Browser" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document Id" + }, + "source_id": { + "type": "string", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source Id" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "country": { + "type": "string", + "description": "Country name.", + "title": "Country" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "USer OS" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "User System Registered Owner" + }, + "keyboard_languages": { + "type": "string", + "description": "The keyboard language found in the OS. This usually comes from Botnet data.", + "title": "Keyboard Languages" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Subdomain" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "PAssword Type" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "country_code": { + "type": "string", + "description": "Country code; derived from country.", + "title": "Country Code" + }, + "severity": { + "type": "string", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + } + } + }, + "description": "Compass Devices Data Results Object" + } + }, + "description": "Compass Devices Data Response" + }, + "Compass_Applications_Data_Schema": { + "type": "object", + "properties": { + "hits": { + "type": "number", + "description": "hits", + "title": "Hits" + }, + "cursor": { + "type": "string", + "description": "Token used for iterating through multiple pages of results.", + "title": "Cursor" + }, + "results": { + "type": "array", + "items": { + "type": "object", + "properties": { + "user_browser": { + "type": "string", + "description": "Browser Name.", + "title": "User Browser" + }, + "password": { + "type": "string", + "description": "Account password.", + "title": "Password" + }, + "document_id": { + "type": "string", + "description": "UUID v4 string which uniquely identifies this breach record in our data set.", + "title": "Document Id" + }, + "source_id": { + "type": "string", + "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.", + "title": "Source Id" + }, + "email": { + "type": "string", + "description": "Email address.", + "title": "Email" + }, + "ip_addresses": { + "type": "string", + "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.", + "title": "IP Addresses" + }, + "country": { + "type": "string", + "description": "Country name.", + "title": "Country" + }, + "infected_machine_id": { + "type": "string", + "description": "The unique id of the infected user's system.", + "title": "Infected Machine Id" + }, + "infected_path": { + "type": "string", + "description": "The local path to the malicious software installed on the infected user's system.", + "title": "Infected Path" + }, + "user_os": { + "type": "string", + "description": "System OS name. This usually comes from Botnet data.", + "title": "USer OS" + }, + "user_hostname": { + "type": "string", + "description": "System hostname. This usually comes from Botnet data.", + "title": "User Hostname" + }, + "user_sys_registered_owner": { + "type": "string", + "description": "System registered owner name. This usually comes from Botnet data.", + "title": "User System Registered Owner" + }, + "keyboard_languages": { + "type": "string", + "description": "The keyboard language found in the OS. This usually comes from Botnet data.", + "title": "Keyboard Languages" + }, + "target_url": { + "type": "string", + "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.", + "title": "Target URL" + }, + "infected_time": { + "type": "string", + "description": "The time at which the user's system was infected with malicious software.", + "title": "Infected Time" + }, + "spycloud_publish_date": { + "type": "string", + "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.", + "title": "Spycloud Publish Date" + }, + "email_domain": { + "type": "string", + "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.", + "title": "Email Domain" + }, + "email_username": { + "type": "string", + "description": "Username extracted from 'email' field. This is everything before the '@' symbol.", + "title": "Email Username" + }, + "domain": { + "type": "string", + "description": "Domain name.", + "title": "Domain" + }, + "target_domain": { + "type": "string", + "description": "SLD extracted from 'target_url' field.", + "title": "Target Domain" + }, + "target_subdomain": { + "type": "string", + "description": "Subdomain and SLD extracted from 'target_url' field.", + "title": "Target Subdomain" + }, + "password_type": { + "type": "string", + "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).", + "title": "PAssword Type" + }, + "password_plaintext": { + "type": "string", + "description": "The cracked, plaintext version of the password (where the password is crackable).", + "title": "Password Plaintext" + }, + "country_code": { + "type": "string", + "description": "Country code; derived from country.", + "title": "Country Code" + }, + "severity": { + "type": "string", + "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.", + "title": "Severity" + } + } + }, + "description": "Compass Application Data Results Object" + } + }, + "description": "Compass Application Data Response" + } + }, + "parameters": { + "Infected_Machine_Id": { + "name": "infected_machine_id", + "in": "path", + "required": true, + "type": "string", + "description": "One or more comma delimited Infected Machine ID to search for compass breach records.", + "x-ms-summary": "Infected Machine Id" + }, + "Target_Application": { + "name": "target_application", + "in": "path", + "required": true, + "type": "string", + "description": "One or more comma delimited Compass target application (subdomain or domain) to search for.", + "x-ms-summary": "Target Application" + }, + "ID": { + "name": "id", + "in": "path", + "required": true, + "type": "string", + "description": "Numerical ID of the breach. Both integer and UUIDv4 ID formats are supported. You may also use a comma delimiter to request more than one breach at a time.", + "x-ms-summary": "ID" + }, + "Domain": { + "name": "domain", + "in": "path", + "required": true, + "type": "string", + "description": "Domain or Subdomain name to search for.", + "x-ms-summary": "Domain" + }, + "Email": { + "name": "email", + "in": "path", + "required": true, + "type": "string", + "description": "Email address to search for.", + "x-ms-summary": "Email Address" + }, + "IP": { + "name": "ip", + "in": "path", + "required": true, + "type": "string", + "description": "IP address or network CIDR notation to search for. For CIDR notation, use an underscore instead of a slash.", + "x-ms-summary": "IP Address" + }, + "Password": { + "name": "password", + "in": "path", + "required": true, + "type": "string", + "description": "Password you wish to search for.", + "x-ms-summary": "Password" + }, + "Username": { + "name": "username", + "in": "path", + "required": true, + "type": "string", + "description": "Username you wish to search for.", + "x-ms-summary": "Username" + }, + "Query": { + "name": "query", + "in": "query", + "required": false, + "type": "string", + "description": "Query value to search the breach catalog for.", + "x-ms-summary": "Query" + }, + "Type": { + "name": "type", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter lets you filter results by several types. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records, email_domain to just match against email domains, and target_domain to just match against target domains or subdomains. If no value has been provided the API function will, by default, return all record types.", + "x-ms-summary": "Type", + "enum": [ + "corporate", + "infected", + "email_domain", + "target_domain" + ] + }, + "Compass_Type": { + "name": "type", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter will return records that are verified or unverified, meaning those that matched the watchlist or not. By default if type is not used, both types will be returned.", + "x-ms-summary": "Type", + "enum": [ + "verified", + "unverified" + ] + }, + "Watchlist_Type": { + "name": "watchlist_type", + "in": "query", + "required": false, + "type": "string", + "description": "This parameters lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'subdomain', 'ip']. If no value has been provided, the API will return all watchlist types.", + "x-ms-summary": "Watchlist Type", + "enum": [ + "email", + "domain", + "subdomain", + "ip" + ] + }, + "Cursor": { + "name": "cursor", + "in": "query", + "required": false, + "type": "string", + "description": "Token used for iterating through multiple pages of results.", + "x-ms-summary": "Cursor" + }, + "Since": { + "name": "since", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the starting point for a date range query on the spycloud_publish_date field.", + "x-ms-summary": "Since(YYYY-MM-DD)" + }, + "Until": { + "name": "until", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the ending point for a date range query on the spycloud_publish_date field.", + "x-ms-summary": "Until(YYYY-MM-DD)" + }, + "Since_Modification_Date": { + "name": "since_modification_date", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the starting point for a date range query on the when an already published record was modified (record_modification_date).", + "x-ms-summary": "Since Modification Date(YYYY-MM-DD)" + }, + "Until_Modification_Date": { + "name": "until_modification_date", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the ending point for a date range query on the when an already published record was modified (record_modification_date).", + "x-ms-summary": "Until Modification Date(YYYY-MM-DD)" + }, + "Severity": { + "name": "severity", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to filter based on the numeric severity code.", + "x-ms-summary": "Severity" + }, + "Source_Id": { + "name": "source_id", + "in": "query", + "required": false, + "type": "number", + "description": "This parameter allows you to filter based on a particular breach source.", + "x-ms-summary": "Source Id" + }, + "Salt": { + "name": "salt", + "in": "query", + "required": false, + "type": "string", + "description": "If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used.", + "x-ms-summary": "Salt" + }, + "Since_Infected": { + "name": "since_infected", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the starting point for a date range query on the infected_time..", + "x-ms-summary": "Since Infected(YYYY-MM-DD)" + }, + "Until_Infected": { + "name": "until_infected", + "in": "query", + "required": false, + "type": "string", + "description": "This parameter allows you to define the ending point for a date range query on the infected_time field.", + "x-ms-summary": "Until Infected(YYYY-MM-DD)" + } + }, + "responses": {}, + "securityDefinitions": { + "API Key": { + "type": "apiKey", + "in": "header", + "name": "X-API-Key" + } + }, + "security": [ + { + "API Key": [] + } + ], + "tags": [] + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/readme.md b/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/readme.md new file mode 100644 index 00000000000..8b0b55ff80f --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/Custom Connector/readme.md @@ -0,0 +1,55 @@ +# SpyCloud Enterprise Protection Logic Apps custom connector + +![SpyCloud Enterprise](images/logo.png)
+## Table of Contents + +1. [Overview](#overview) +2. [Actions supported by SpyCloud Enterprise Protection Custom Connector](#actions) +3. [Deployment](#deployment) +4. [Authentication](#Authentication) + + + +## Overview +The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.
+ + + + +## Actions supported by SpyCloud Enterprise Custom Connector + +| Action | Description | +| --------- | -------------- | +| **List or Query the Breach Catalogs** | List or Query the Breach Catalog | +| **Get Catalog** | Retrieve Breach Catalog Information by ID | +| **Get Breach Data by Domain Search** | Get Breach Data by Domain Search | +| **Get Breach Data by Email Search** | Get Breach Data by Email Search | +| **Get Breach Data by IP Address** | Get Breach Data by IP Address | +| **Get Breach Data by Password Search** | Get Breach Data by Password Search | +| **Get Breach Data by Username Search** | Get Breach Data by Username Search | +| **Get Breach Data for Entire Watchlist** | Get Breach Data for Entire Watchlist | +| **Get Compass Devices List** | Get Compass Devices List | +| **Get Compass Devices Data** | Get Compass Devices Data | +| **Get Compass Applications Data** | Get Compass Applications Data | +| **Get Compass Data** | Get Compass Data | + + + + +## Deployment Instructions +Prior to using this custom connector, it should be deployed in the resource group where the playbooks that will include it are located. +
+ +1. Deploy the custom connector by clicking on "Deploy to Azure" button. This will take you to deploy an ARM Template wizard. +2. Fill in the required parameters: + * Connector name: Please enter the custom connector(ex:SpyCloudEnterprise) + * Service Endpoint: The URL to the SpyCloud Enterprise REST API + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FCustom%20Connector%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FCustom%20Connector%2Fazuredeploy.json) + + + + +## Authentication +SpyCloud Enterprise API Key diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/azuredeploy.json new file mode 100644 index 00000000000..22052073996 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/azuredeploy.json @@ -0,0 +1,484 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "SpyCloud Breach Information - SpyCloud Enterprise", + "description": "This Playbook will be triggered when an spycloud breach incident is created.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "entities": ["ACCOUNT"], + "tags": ["Enrichment"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Breach-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + } + }, + "variables": { + "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureSentinelConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('AzureSentinelConnectionName')]", + "customParameterValues": {}, + "parameterValueType": "Alternative", + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Account_Name": { + "runAfter": { + "Incident_Email_Account": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "account_name", + "type": "string" + } + ] + } + }, + "Astriek_Variable": { + "runAfter": { + "UPN_Suffix_": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "astriek", + "type": "string", + "value": "@" + } + ] + } + }, + "Check_if_the_incident_is_created_by_SpyCloud_Breach": { + "actions": { + "Entities_-_Get_Accounts": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/account" + } + }, + "For_each_account": { + "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']", + "actions": { + "Set__upn_suffix": { + "runAfter": { + "Set_account_name": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "upn_suffix", + "value": "@items('For_each_account')?['UPNSuffix']" + } + }, + "Set_account_name": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "account_name", + "value": "@items('For_each_account')?['Name']" + } + }, + "set_email_address": { + "runAfter": { + "Set__upn_suffix": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "incident_email_address", + "value": "@{concat(variables('account_name'),concat(variables('astriek'),variables('upn_suffix')))}" + } + } + }, + "runAfter": { + "Entities_-_Get_Accounts": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "For_each_incident_alert": { + "foreach": "@triggerBody()?['object']?['properties']?['Alerts']", + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_if_the_exposed_password_is_in_use_on_the_network": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

Breach Playbook successful

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_if_password_exists_in_the_incident": { + "actions": { + "Set_Incident_Password": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "incident_password", + "value": "@{variables('incident_custom_details_object')?['Password']}" + } + }, + "Set_variable": { + "runAfter": { + "Set_Incident_Password": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "incident_plain_text_password", + "value": "@{replace(replace(variables('incident_password'),'[\"',''),'\"]','')}" + } + } + }, + "runAfter": { + "Set_custom_details_object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@variables('incident_custom_details_object')?['Password']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Check_if_pwd_length_is_greater_than_required_length_by_organization": { + "actions": {}, + "runAfter": { + "Check_if_password_exists_in_the_incident": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Check_if_the_exposed_password_is_in_use_on_the_network": { + "actions": {}, + "runAfter": { + "Check_if_the_user_is_currently_an_active_employee": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Check_if_the_user_is_currently_an_active_employee": { + "actions": {}, + "runAfter": { + "Check_if_pwd_length_is_greater_than_required_length_by_organization": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Set_custom_details_object": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "incident_custom_details_object", + "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])" + } + } + }, + "runAfter": { + "For_each_account": [ + "Succeeded" + ] + }, + "type": "Foreach" + } + }, + "runAfter": { + "Incident_Custom_Details_Object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "@triggerBody()?['object']?['properties']?['title']", + "@variables('incident_name')" + ] + } + ] + }, + "type": "If" + }, + "IP_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Incident_Custom_Details_Object": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_custom_details_object", + "type": "object" + } + ] + } + }, + "Incident_Email_Account": { + "runAfter": { + "Incident_Plain_Text_Password": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_email_address", + "type": "string" + } + ] + } + }, + "Incident_Name": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_name", + "type": "string", + "value": "SpyCloud Enterprise Breach Detection" + } + ] + } + }, + "Incident_Password": { + "runAfter": { + "Incident_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_password", + "type": "string" + } + ] + } + }, + "Incident_Plain_Text_Password": { + "runAfter": { + "Incident_Password": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_plain_text_password", + "type": "string" + } + ] + } + }, + "Outputs_Variable": { + "runAfter": { + "Astriek_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "password_enrich_data", + "type": "array" + } + ] + } + }, + "UPN_Suffix_": { + "runAfter": { + "Account_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "upn_suffix", + "type": "string" + } + ] + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[variables('AzureSentinelConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + } + } + } + } + } + } + ] +} diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/steps_to_configure.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Breach-Playbook/images/steps_to_configure.png new file mode 100644 index 0000000000000000000000000000000000000000..cc9e34ded9fe08e8596d62fde14f8f00d2885a21 GIT binary patch literal 33463 zcmc$`2UL^W);1cf?2U?Sr6?eR+eQ^Zkd7jv(nVTm3L9w>q=XVmuz?Z*w*{2mK}wJs zItm7qNDZNdA|*fwAwYltA<13wob!F>|G$6Saqsuv;uwy1@RGdmT63*6=X{>|OkS9o z7##fl`0o%1s8DdWTX=64nk@3{&gXXx_2 zx^-ilRRSFtMV(zA@23~4ak1(_28e8yTK)L z-yffOz*TqmZ$H81|CO(Qz7?>770y@lpMC2xCQP|54uPyWfzd_2n<=j7x`od(Hf$I3 zH;TVnV{>*OR=rDu*5D@%fv{r1i0_`Rr!_HSPI`|wgpl5LVav-*ibePFpRjM(1?k~% zr)>3_#hB2cRuf_RYL6>j;U7F9^(Y;Sp`rR_d2T9niE#>H}6%&H3U!J9nObjP=tQ9oP& zlZp{`{mkzB_Xoss z*X6sPV<1aoOk{@GZpdBzota{#y$>PO!{EbKdmc8|kQ4kKkS7HGVU)VqIRUnS9tL_0V<8tJouS%oZ%-U(xy`fL{yh(^wMntd)Vt&$q*rpN6 zwhJOf{;9dy)9T$?M=7@ZLE+cl`fe(y_x$q`bAscjPBygYt7@*1_pT%7VFM8N7l+C` zMk@XB8$=%`laC55*}Q+(g&GA^u{W*_*&K8VwGh+5cWL=Ni_aV{%$Io@0)gBCr!`6U zsqNYH9a80BT4>c?`{5=g)%xjKR_D$Z9j|1nliC(5Y7O=aMC3i#KgK^Zqfbb;6sHCa z=YrYSFVz*zuO1t-$i~`NoxT&G@Wa8H0_TerG75>H*4fJ9#~Vg}mtF{G)Nhz1It1Dx zs3xT!iO()!4##-MY%h3Qz(ZXM0?98)t8*_UgHm6*u2wdrR*hZBwjay0!KgcyoQfKO zo2svTb>3Rouo`?3;y?F8E)SDm7dGA{l9i%k_`tMZkeH4OadcD}6j;YL3{8|xV1^Mz z&W&cYMo+?k1m)|t;+=`?G@Dr$2@TnBYLSy%0uKH(F0LJso|$HY9!V;eAqo*+&0!Bu zSFO)g@M$KX$eecJoPtoBz1)!^7-?b$ldO{D(-jQ@`^kD zE{b2m(d47ghJ|S^rIcg2JxsFBsb6Y3YyAF#WGZ~%1Ga(pfYizN5fmL1x~TV(a^3UU zp7YWBYrQCs_Mf=((i(d)UVGbp`wM@>(7mGi`6V=fP%UC-&-hec^Fv zS)=*f$NaQ`YUB13p+XHqc`0$I)U!OZW3blXnZ4b}f z9C!I3GTW7!e7`HjR=$_bc+1*M@sB~!L+#AyMh<*ugyz|#GE`I#rs(50_xLbn<&zH53kx~;{9arz9g?=+oxs%_Sc50IBbb? zv(HikM?7j@QKwMy(hKTKH3|a<@d&AE)m`}uD*88$l;mBl3Z;TCTFFY>`%CDH?Q>U^ z;lJKwX@+hrR=WaUj)Ln2pknVet`8WNhEuz+eq}x|u%wmLKw{N1e}UggjM%{;pE6Fl z!^HML_1tq3+}UZ4^#{+Lr{?SZcG^&twx(D!>4nsqtyz7qV&17$hHZB^W5T+jZKtGq zr10FJg-?2bepr-P9yW+xp4c2#%bNHAcJyZ4bbTB`?*U$Pe7TvNknAJhrhy-?)*lmg z3hVWoxVMNOVOf+~dWdn3oHdc{NDVigY@~%cA#mt=AyRPsW%*Ub-ymEs8hNO)vNGpI zGR!_sjy@%qFqYwV${_9rrIhj5^^{?v5T#$fB5O*`Q$XliaQ_j3GuIv-9^2y|RNJXC zmg9cuXr}%F@v2X#1Z``Fa7*>oZ`mUUpCI)5#V2iqzT91E5^<3Br{vhkKmN>nqtJmP zwMUKp^a%dTesLS4?vjDkxtN}_QNrGvS!->ojURalelj&H)9o1MXx+gxM(%uZo^Xb3 zP}$CIe$7{b$T^tzgnn4H``?MJCA^O#SQIDWM|Tcwd+L8a>dcy-vhg8a4Q2l2ipr3V zE4qA$9`SryDLO`rK%iw;xHQR39MP>frXJwFeT{S{iTV)iItVgmFuEH z)Ah|Rg8|D18wyveAGGY7#w!|#JMQtFR7%(Uv+-VHYK))Hi-+f09*R_rt2^O@_^Rt?Ny#s(CN@ClVH3J;A0e z%xe@E2K{JP?}c6nAcgLNM500J7I1gqO$C0&#nfoO#PXxHtly^bGEOUf0W*qcb8-z6 z6AW_#+FyPk_v4YT4tY4t!Zn)DXeqhD)T#A4vU3}8yb)P4_LXff=5AZ2YIs8vua*Tn zT0K=*Pw3=vTHmr#9evp9hg+&0bkw*0F@9ij>e#(RCw7IOY;I9$U14yn{4;^5uPXY7 z|ByO|llwWvn)Y|=&62zJ>5lihkb_tS@7Pj`;wjeL1n0cAPk`ymlcdFgZZYPWnGAGY z`qZU1`o${eRNlEPqRXMrQ^Vf9bwz155q&u~aazby>1rM5hWHBER9Nn3;lxcL3bvI) z-xj!Em7g76eo-F+9jhL{P1AUJfsxMHaWn6dibPE-v~1Zrk9h$r?6!^5>{c1BDdQ4^qlH>zWVda6a1w?mU`#=5bL@Xe&j9U zgDO|WwLJHaLUQk?_Vf59)`&QZ)~ycMmQ)Lu`S?)rs78DdN6 z1BTYdxrG<%h*OtexIHbY*iiST9ZQ!B^6%{4hjTc3>Su@CPv?5rhX_L=Lcj*gFL#c#U?!HD}nE|As=PoK~oJ5RV)QHm;>cX{E{b&Rm>Hw8V;s!#3ou;PRV_E~9AEH2XLnv)sM^6D$$FbNBN?F`uWC z$TtTwo=8g+NOP(9UH>i6l97;G(sA)~>g^%jFNB*Yo)CUXgSM0OLmnko`SRvxsDhBcm=$thAX$^+B1H zENDz@nIx%rLwi|Db%kku9p|wZ6~h)R(r=Z9bb7^vDE|1MbapI)NhKvYRIoOP7||Be zGBtAdp&MSMje%-{VCr{)-&X$M{#|Iy#A#=#RUbLq$k0hm6c7o>xm z=27V2ot1X{d~Y`XxxlH8^D=qITgLpmwE$3sL>}iF?~gHq?0PaSf>B?+l&$zxX)?>w ze&@2Do0JHyWU`!>biXsnG7j!^Xp&9iuuZwIGSdUbxaP;`9c3vKAGRJuS$PY5g`a6D zJDVPMkp-ZYLVixx`e-wUMe{3mb6knBKH3~C9R?T%n>5Iwj2G9;gqjga>C}XS650)$ z=Fj}Q)aF8T+RS7IVkO+3yV6TDxQUh)VxPTbf5nI=yJ8o3XOXMNn!_%UNUq=c=V@_V zFSO3pVXwrKhCVBr>8L`AJ-3PATqCnSf^YmUPTc?X9j~jSc>l+HE>cf)*{v5gzBvk> zS5*E#dy=7!AgrKuj)ke#rOq_1`jqko)H3x`>mfs*P$IG8JVdu*!DrA4!g>KYB=RX~ zU8>AA-LS8ZzHtt~`|bT;!I%NSr~WsHmjYLhqVfY5GK^9$o)*^*@lzYngl^RSDW~NV z@ArVPJVuMa$X;QH2mgG8Et-BVIC(isb!OTd)Ow@pY&JUAJ^DSYa%3m^To)HfS1VA5=sJM`e(DI_iXTr&kcGZp(q5;LlZ?A>pyuSH z=Xyk^t_R*cV3=^U)!$Gke@;jzQRtoCTNh}W1g>t&HN#Kavv?}(ZTBT#Z3KFK2d^#* ztt=2(4Tc|^I|bQ(3^^2OIZ`7&U`lCr!LQAvpO9-4W`{bijHLfa(vk^ZUXIWCz^N-r zSq&@uaklAU@CvjjJ0w;}6^(-h3+L;jgmc}5wUW~uYA(n<5TAnA`cWEe&LnhFzUcO) zcN^%`?zA`;$f>>wbF^)!Sr4l$SPxr!K-nsQ+kCov#rH&vWJd@>_6Sa0f~Q9q;P>Kk z71od;eghvU*C8rV<2|xuS1QxN>a0b^u3&*6S?;Cduzud@7*_|ND1xv0mbn{^;m}`1G#HI?w z92?g$R!MWd+mg+I^y0R7m$52x(OUn*crT(JT6yAyB=n8_!-;nuUH<;K+HPThd2Lim zh2h0UUL{pl>a+%WpOD=Ha}$r3M@%kDjs;K0l59Bm35<{B&#-=*S`Ck<9=>rOHZZ6@ zCBC`0{^<&{*o$Qkstlze$}zu|s-R@RguaBV%j~v|SxQIl5RFMg$a)|B#GWyo25YE4 z$`|{pK0x0Z-;G@7!ycy7nrLa&@;P*2*>fEssc)KD1n1O6ek5y}zEC8%&gq6}2;#1> zYP~#VCmb8cs+1pBoL*VPoF>Om(6=xXm$F-z|m_% z`$Rc+d+^xz{C+6%`mb|vT+{Ey@utZnj}0e|!^`;bz|^%_=Aj!3!MHXLoC4bvG3GR3 zXXIqgT-;b%OV$}Tdpo@^U|SrMm*~yv%km=U>eQUmQgX4Xqvh52(KxHo)uMPO*3$M` z^&k!ULqY>#q$qblLPa*5jsdUe2pna22A_{3~a zH6-qC5Yh4M=*6lPDG1KJ@_SCx*#FSM^5D-xIFGIm@L$TA3E}eOfeU7_BM54LIn)rb zssPS-qGtVN7PAnU>uox$rWH8GA_w_2)Vy!XQknS68L>GLe^hetNxbI!0Xw(G>bY8y zm7BuIy^6ItwL61;T$w7059eU`lpH214I1;%Ju>r`qY)O8)ft{qezx*-0E z7LD?I8tOAnGA8?A*o`9H&cnYba&}NU<|uKXuY6Hw%Sn^;Rj^q=fo6P48I?SMX`b}< zSiP6-pi;&sB#%(h5*{<1j$$;wD+xd{i4%RBE7L^S=b%yFcE7IGCVDFE=$9eD3#D=6 zuT*i&B9)#O-2Hx{20$zw@?YyV#pJ9ros0{RB%sHDa6WvAI0yYK*%E*{B-<7Y2nAgat7D9Z;;Kf3iK#lR9{H&W@-;sn`hIFR%-4d?Vi585(RS4kRg@zk)dqEV9aN8SSGU=DL) zVnep}J);`aDEBLcZ6h8j={$j$&&*o4tyC6ObiTH|VBHMu7rti~QF^#!NoB-6J8SfB zPs64H)rHc*1+kn$JEs%`%Jb00h>+F9J|+LO^IeZ* z`pN_Ku?z`GXhhRr)>T^ZAx9T8+%^fya?6mG%xq_<*v66dlvzHUv%)!#pg zWCGrr_HmRN(0OS=J|z^BERJU$8boG-LJ@d-KRbf@pF`jf30uW z7ez~b>xiVY$xd!Yra_#E34Gwh=xModGz0p_gHP;z`ZBM0N2N6R1UmGCdgg!M&h-gb zYjl4iEQr@wZ7vN77pTLkOK4AJ>sy!0a`XBi53S|K{grTdr}IvMo=&pk#;mmv4tqEg zI{I)<;^}kvbS-?0dS(EDf+i%KZ-a8?N-=D$a1zl;ArEdysbj5d1cGvfOq~mR!PV<#e4Y(X z0mxX!Zy|Qsd=!w@TK?eg^`w&X)8#uH2>9;4#6ro@gQ}xu2Uu!heBmM5o~9`hjt#>? zShbT~du61eeQJpwl}{;@!{|cQmhz_GN3Wxspxb1oifq(5x3Sbiy8gcV_TPPX@vp^C zmE?O0#zpa>2?OshtBkR+I!Ey|)|a&aQr(0J--)z0dB|B+@<=E0eHweNd>Q1g5~jfn zB11l3wtkq!a#cM#ri)Zwf9V`ygp!2W_?rn|vH5`-6j|k0{pw|eB;W$w?aoAvRw?HV zq9vRWj%T8V@;n;}@NAsT`0R+EV_qkH$vE-)bgD9I!w&y8+vHZOT|#(T+)-R5`e=6! z3eL3HW6fH594t?ij264yMYgX@LrGi=UO_q87fVPE0IGXnAXcfRawFpDBtD%T&}*#R z929UVwnql~1*=5Pvhy_JbR*gLfxVX&VwXx+v=tR_WBT;Kuk@L^zFp|La8X#zz3BAZ z=5LatsX^nm2Uv<>cE{$jN9b3m!8_h_bltZuyepV=4!el7ajj_lg{bKRyXF!NPg1mt zRn+DCE+UG-TW)d#M{qMFo{U~-f~VcV17;TaMmM8Pm)P_wt7-tP#)HvzqYu{xkh`oZ z(Ois2{=A!Cw!LoYb;2B`4)H})^%lpUv_#G{yq}lM&vb=u+H|KEt+gGKkTyIz0V8R| z(U`T^?p(L@aFxzv9UUz#20385nUfN+{zC%4le;bvsomh}ju=ZSy`|A~m#OSIQ=sg; zxm>xuP?Z1W$v(^&q_k{nXsW76^((<8Kfm3);&4%ot*P#B#p1VT>hzVL%{m` zkNK)`r{=QLa7c!OC37NqDr{}EoZg$F=HI8(t@#GsObH? z?=P&K^cIIgISLW3emxn4zJ({zIo2?6%hfjsytqMBI1qi=VhF^g; zq4Zc?{^dBUlVM(e&Sf_V@Ysv(_LaRBDRgCoV>F~KUe;-VpG-#nDPG;n#9t9zv^!uP z=b@;O@IBK`JI-oG;teF@6hPcOo}i?36UnBh{}Tf3OQNf=QPx8Avl;*h z=eVy}n0aGr;uB7>Bf>5t)USz~3-30gFq)yba?$b364kQS==d96FKtf6O1EHoy?N~a zHP5Li41BEM3Hk*rKR-R9ZYjSfPVDnRarMgJK<5CNk|-YnsFHJY?L$8y8Gr92?z{_JC-;}C zTt0ZBd@(O*vuDy{^V6iqU!yy5BDTLwU0O5j?VvL7ol;NQYjurSn*)FT5c%zuq&}{C zvNamB*O%}M_MAzGg%`phx~Db;0nK=PzWMP;`X;Gn)-3e$G*mw~u2A0nyzHsXVu8K2C3q)t!vl=0_*Ko7PKR4A&zJ1iqcn9eDm?SvT?UXf zYbdCxCkQ=cMO*Fe%p5&fTx6CjGJYR_I}8ZgYD4K502X(4GA! zBA?954JrO+?Bg@BxUcQyeF!7+J;D7xDu@L~OhYX^6{gsmOpMkEnk!cGZYI*7bITc%w9t-a83=q@T z37zsiq5z=J(?CGfjmIAJGKE1y>rUu~a&LBno1cHjseTe4`x@waEK-p0&fnNNfhTgD z%f28i*W0SqA!}8LxhxS#Mkzpw;NO2+rcx#AZJEHc@9js6yqwmvrtNXg43TVI3n2vUG%0z?jX7XO9d{a?^c z^A6HXJ$WJ}EqLmM zU&kt}VWq9VukSX{zChOYamhbh#Q2Fub>#{yN?4d@RAYQ4PC0ygEdW%1-}-M~Z$KV! zD0A=4`WNXcas#ZCatV{xtixh6noT9x%hC9}WLOf25)<$Ix7)ZB^4h!7uv~mX5MwOJ zNqu`h8((Z&0eCIQXI*eAGdx(pG^Ui|3KPUI&N0DpyDu>hB>VCJDOiw3-*PG50QS~g zzBgt}r34hU$u-k)h81qz@^kX^c;wD0YFYaUeGERh5$JC^)KWtUMUL;-b4d2t@M+Nr zch#qWOanmh{`OkFj>7{$A6{4nC7gLn|JffmfpR-H}89Hez4}fTuo}c!S&_Q)-mH`Solc;GYuNz{oiunYrK)wt@x2 zT>{#mfT4TQx%XP5a+7_U)WTQaq#Fs_KfI!b@p5F23<7Q#u(#h%#TzLEf8p!+$Th<$ zV21Ph!5f3k>`PqcPoGj{tTOy3mxOi*rB-1p283j7%-#l#!3U-OA_5`<&t}rnH^zb{ z%A?-GfaD{~ZhlUiQJeM7{%LUU?UMS1XAimD>`8z%dx{2ZTw25G8pK>SGiVHvp!%~n)14j%LLzM+|jEc`ZPOm8Qn@iG4uqag{^*HBTleY#KV@qkhdwN zKB8Gn&q~jF@HKo-rXC*LO6Q`HYAX*uVR@r?9d@w!q3QN`g_gR7N+f_Ut{<6xybP>D zg!z9y71a4Zus1Nxxd7QIQ5)!8-g+--U?Y$hib_qM?B|z{_;Yg9zuVX?#rJw0P(_@#);e<{c7w*ezWy;`#WtA_2^Jnb3 zGKD3_$e?d9PZ)b5XzO)?i{=TG5#0Xs`3z^s|iC1 z*1Q3(tSuSv|0~CvjXGk;6xtz(`qaqp8R6^~C%8W0-vxFVruu^xW2QXd>|gt@XCHj{ ze-x-KlDyqiP#fuKXBa$XpD z4ZpwC_Ca)g<}o~@sOt~jt9Sx=5u79v8RtMYgdqOr#Dqe(BPm zg>z0F($GwWx7m`bh_pLzB|_%^4*1N}e!WyjNBezz3)^NH1KwMEX5G(vV1DX%NY8|z zNpQ!$2&&*A@d5y zPki=PMI&%}e@^pQn7p zKI3d=C^QBL8J~Q&@`sSaFUS=qoB{8KuS6IeL3wh#i!~;d0a=4 z_c;&!0wlLVasrW!-i$1w$BI!6hT1z>n!S;?5P!iwd~&b8jnLSQYz>b?vrQLBI8q-D z^-3OETcYGkU+WuO8XahnyIM<23$Z$`7V)H7U2495t|=6?1;n#gT6fnxGZf0BpJ=!s z=N>*5^du-(;7OD)p#M+_zKkD@LAe1M)Q?pIjxynk%khE^rhqXyk;RmT=pwClM#vf) zw+tf?S5}_zVN0{C6HrbD)a=7(0IXVd7`1ETL5)Rn@0n9G*&U$JA!#q`&*tyCk$&0J zPoPDgg0VSUnjY<<%_95B0SR=eX~a{>=!bm5I?3Z;>B#!0R33zn$&9JZp(BKwVnr0C zVvlP{vsk4_g*G=WMXy>3+o8KH`^X>M(rzYl)>i#~hv;&wpZctL<-2Ys2uj*lK1Cfy zuTl!aCF|a3udm@ffSN?QE!%K`=Cf^Kj)o5ttT9yxyU@`ZW!Pf5clgTJ7g+U`mq3oq zE;QX$b69e8i{IgGf~>>qaixgTwbEKfZV@}&SPjE@?p7zhv!d7c(W2QhKtbyvCq9o~ zd^6K;seCJ)IW>phi;w67)W<$9=2)}FmZo0c9Ox=d6>5$!*2sDDRctf3R3i{?O-p{($)2n^E8F(r*W}^$slC;yL&VS`>*eVeENfgD+^8qm<6%=q8*>&mS(~S z#i4}cq-PHvyZ9$?IhrM9vjxh5B~|$40Y5`SLq&yVAm7*F4#Fy{<|yt9@f5%ItF(~q zkCg)>lpJ%HwmgAT20~x#o}YxVM{CI+hfVW$w zz5vF8B&aSu`r!Io2505K|J3*(U!aRG2)shTLfox<$%3s7wf=Z2CnfEScZK(HHNRND zC3@pr!+z8toiUsdT;jGgsz$CRV{+s$BYDBF6t@e;GZqP3Xzdp7V4z`R0fLM_5bC1im=(D+QX(8$*jFuHrzo0N&Kh+$w zd=Qd>1erHvEt9wXzSc@GG?WTQR3*EE2XrB(egpQ`)d2tlGQV3OhIDT!#jS5%(FLd0 z=yt~|)qhU2aWs?%@@bW8xa}KzoL62}KjRb1nLK5XU=eD%1JUbGP2asAIE0_pW{>hF zt^AEuNzSBD#Ffj=}))(!+DkY0BHf<>BO$jN4o5V%0BHxwh(Bl>?w+I?1XCLboy80sgM*fhX6|v?zEOD{b#L>z0CyXJd3G-jsAn(j zXagt1&u!Vz1{JLNG8g=jcvil3I$j7EI=lU)U=uL1(y!mYw#x&u6RCq<;wQp^yXuNT z)n%Fdnhu~@Ai5IY9u0XGl~^6{DrG)i`^jSD*80yK#amzN7XXi{WuJTsmg67G`X|N+ z<#bkD(eE#)S1KGorgZ;kv*SqG<~lwug69(GUCBZhC~;Ola+jF{+AO%s+?Mrh1PBaK zLSA~&{H8&p>Wv0+liWhm!t=VUt^zv%oBlOV*asm=+sZqr&kq`f<4jKt*eHz!;yTHH zN1s^i<5&6$IJn{?pnb;Ny8pxO%aUN|oZdbJ&tRxd^WGlaiZe#ChUa5L@7}jv5I1?I z>lEY9)m`;XVNrOX{z>HatW@4lUf-Pd=xy1nAJnG^P8rxad6IfjM=4(~(r3GjO*>cHfWhcz=|TApL5uv;5;~LUf*ac6*M%sq05G?GBCmZ3+QA($P0K2MpgMyXT=U zem<737@e}3BJ`-~Rre*JclJd9EpR$lo&VHZ?JZ#UwKu=;3*i9n(vjX(JsN(gxhq{q z=NDT7xCXbfl;wl-d=6@ZYuGK2W-Ie`177WEO|Q3t4UVo3-IsyE#&XeQDz~dB0O+Ff zfzDjW;ik1y__}hye2+7iBC?woB57(Ryl{2lF3V-k4*i*rZaTSR-NJwl*>_y-XJlS4 z9ywVYlvI>DK(NTPIMb611WYMw73r+vbEe#mfrl->>GufDC21}KDI9i(cUbB!uJ!R= zzCLdC^aK#)II}~?>1owg4`4PhJcy`Hu9%;TPeeCv5UYk3ktolIWEDJXOR%xuJ^dx%$S+=qp-P#(`= z`2u~w_8jT93FbKC_ld|TimVZiG%{#b52J3zfG2hW0!uj-?Rb}vHn1ApIJhzU%=1`A zuhi4}sTi3Uze`Vx_B|A6N(E$<$LtT+xz8X|-KfS0x<)pcDcBS>4J2EIcY3ym-r}wk z*Z|6iKR%QE)~nR}O>ol$>&T{y-XoO(q<7XrB)RG#De>^NUJpPx|z`>#K)((I43&bM^Zt7?$?k2%W-+Yl_Emu?ivwSNMBn$%WA_g5=Q;5mLi z;=yEL5n8(A%^Blcn6W@R^YJixC!Sk}c{?3_ED+E&Tq~|Wt_UuXYd_pPVlQ6W)lDjf zE}j36&APa&$nmaFDfJ)$f`+2eiIzA>Y~c6PiIuDidL^5=7TsaHw{Ls9TOGtZ7ev9T zcsK(5C1+d@WQ`V-XwX;cn4?b+__p3INjY%T9 zE(E@gsj9$lnRe?{j_0f$bczx}xz_(>H}$&Dg~G3~UMC8#*oErBYc*#Og{6>iQWi@7 z7AQ7*n~wvnVV~&4W*eB1b>SD=h)zB4pH@Bv@`=&*rdD!6iI79?Lc1y@Q~Ay zMNMsH2MK;XLZ$g8sYwad35or(*5ZCzmQ~Y0L{~U+S2lhQBFC?G*G{g@4i_yR5p2hs z=v0KmzM_0=+Iae};Zz1aveb&zuT{VH$x2)*3^iH#(E=aK*|Dw_0)1`w+DlYSq7!)R zt)VThS_db&Yi?5#w%3LBuR*yU882qjQAWyX-K4P_Y0!EKoQgwvplZ!J?V?wq4j6$#b%C4KYSan0a| ziUIwCm-?Fm6NSLbK%8>-tl~r+o+g}>=ihR=R|Kf2#-i~{*6T^KcW}1U%byFcL-rT< zc`B?qe-nNTA{2U|%Id^wK;$DMaR0TZ!se=3ho(dsvwzq<%!KL{)L*Z?XFmRytM>rN-R^`` zSSYAZ;~AzJC5Alq_Ph~vud}&a6}eh&Xw&+-LT)^~91ZeM_do(K$xTv%VVYit8 zDEAAmK>y!?bL>u#X|LG(^T?V4quy4p8!GCeEa=~p#e4yg*xE$B+MsoF04_QyI&nD{ zUhg=h@-;Yk_4`?TX0%w!QWJB@xdF4Y)r~YU5QqN-1#&yJ-0(8FkkG3SaH1T>L2M6^ zNcb=mXQ)t{BWCAlR0?x*T3BKnC5{kS&C*`|D`OI0-2jamj%uzN@9R};DrdL`vDs5K z@zc$!3}fUU%uGzT{z~H#hNfLKGx0kMWbUBwD!1=bA@BpcO@b6Qr;fqWS)(i13!tc1 z?bkRNs-t;UYi&8(dpcE%Q&PWbj0j%Nj3!3G2W>I$2PMJ)D=i&$Shb6*i|)JWl=K?S z!oof9#;S68{K_)NH>geRC&)M_?b^%i?V_6Ac-?%}_||vFUT;*DxwPkb;Jb{u<5hDd zl$EzOvC)XG#g8M+?=BCTXfPUhLc3f^N6USrTP-^WU9X7Br=F>d2 zuc`S1H@BZ9=i_U9r@6HN$nJRVhc(xF^z`3X(dFykT8sn@Is^$iXlI9dR=zK)z7+$r zucdf4!ZLefq`FHTR8g)Y$%%H(*BWUNgX83KoV;P_82J*s-fT8OvCP=qiK+s`8csqa zPpv8k7ng|fjrZC?U8Bwj>q?AM)=~i_$qW6lK2}oO05D0(c2BTwn?vn~44s$@)~GE4 zEI>Tm)KWaWD{g?|UcWk*1X}-u>3%E%+__+hGZGS#I@H8%vKqfnDT(P8TMeBd(brz- z;BTHyv-wf9l-Pr3S&gX@)}23WE|&4vm3Pxu%aG2)4ODX{w8nx5?ecTUflj8zptXZG z?a7d7h!cq#+bzI6lV>@RpG|A3^H!v-oIRm17l6*DNslYFxqPD+wd)tatQ}SIuz^7V zC*}*fpaS#O7)4sqLc|YeXy}9wm2t;Go)$gQj2dCR;UugwZri!RL)D2$(195`lew){ zg!dOOgHb1LJus!N2;m0pbY{Ze$1_B-9RGnclfHt=OkYy=^;}TtOte@?X7yVD3Lp6{ zB5+HPjIO8MJaWe92B>V^S5$zNPvv=TmvCh3(ANih=B1K+j?xcWFO496KH4uhZCUms zJ6<~}V)=Z^Y>CwkWN z#H|AAXi)0q0egL|*E;w&~Io+Xhk^K}grulv`?-C=p})9Xb7*R+#@oH+U(6Eeb0pL&3;gftec8>gQjST zvrgN1TugIGn0-IYT2>er9oMy6oM7Ai;;fj{V!Vy^!gkwv3lvF}_@H7+;_PaO=%=uA=psKjm;Po0x$elw`%Ls{FO;!d}~K) zZ@7(zxDgqmaQlA5gZ4QOnoq8DQ?`wEsYI!wBa?BN+khFdI8lUd@T=WYZvJO?<=KB~ zyw+ZFyDODIcjeTXOR!nz=O?9MdDFAy8+ifA-qkm~&}H|1r;n>X@qL2%x6Vq@A(TR0 zK>?*^x@jozNMn|B=qcF(n8lt`zIvjn1Coz3MF#AA8rMb!m+YVZy%NHe6mokf1xdV+ zsft-@Oma_+BsC^(!%#@IHiQlG*0`xCo$B+|O4X_Zzpb##IMe>{oNU@hC2qlR3H9VbwKC<34d61I~tKFJ)*4*%Ds*MjZk2_qMHX@X~rPS8cHO_2eR5e;# z!z(A8!3Sv zDUElBzxCx})vIvD1;KI9OGfkPn%_{#>+^+g>qWe)$!GKpU)H=pWo8Qn_Nq@67M0#I zI1zG(80&HB+L%D)vj#a|yjUwrCCt3nSsHen-nj~7ps4Uan0aTrlPC|G1J1zATtY=_ zO$(>mHaCx$fM&vgyJaQRDl_u;K)?=awa;}kr8aQfX4W6^;g(dXL_0OY5vF|5%}yMR z-8H6upaG$`7{3$IOY+r+W>~@lQ0=D<3aZ`RVhd}9$#?z1U zYJPi}j7$6W#VWudM*ccM5_&&CXjz}~++m{Jt2bN*c3AZEesRfawYqTqpBtd6-B|NI zEBlH0N@2(9)>;CbtZGmf6%NC}4_;Bfqv~FCjS%O)QzA`XO z9bp}obIVGbj}n%9vbq)rRl}|vmHXs}`KnntC|IldHR8E^{+3p@=vYjpZqdTx<&VPm z*JgbWw{PaiofS;~xIOMG##NFIRr4km`aK-^Ajm>bDQ(R7_~={eIIZu9%%SF&Y)wNm zEh_(7Ja_Hoas>h=+e93$K=}o6RMd}*#boO{UDAEI40!VSF46V&iHNGbjt1(#i+Hu( zfMoarDl7H<`ply8))2SPH|%7id&}lphjoLpc*u|6aICLvai#lt7N(pl>N)TagVdd* zwI3<9dbi_1C?(*HBx(s5~a+WSeu$w%d~WQvMj4g+?|~WcJe6N!UwhP z%JB5?%xbtrfazlA$;#~MKQ{~wm>SV1Yc+fT-2=A_%i|sKOgDb7@AYZN=+ogx#+t1~ zGFCJ7G0p9~CquU}gW?3>em%S~!@=_QJDaz(k^M0)nk|(JZn1u0>>>X38T4{<6MK8= z(pNPKw}jg<#v;z&NFkm&SseKHL4h>v%8_>S=NV;1pc{1JtIl6{;>W^vs)XW$Za}1=e;Wk3D}XMgf4WV(sc7?rS3F@UjJ>pkSy%3ULrbh7w#fqr|4L4GY!!X4c^mHU?H}_3HB(Pf&v! z?2W>96Kf87Vfa49JBD?fCcv!SUi@a3!Vm4{Blzo=*l0%>#04$el}Y>1M2)ij#+JvT0st-&v&5R7I&+kfap*&#APFE=GPHWOkKhRGTQeXWCx~=<; zAah}rUetk`Txhkz|29Mf;5IJXI}#<Xar0j`v%|TySgh1<;u{d5kWcpw#7Gs z69#2z8bE#tOCtysf&x=FhB3|8cz#!#`#llb>98jowX?gp4SzNy?B2WUQayVm8_z#3 z;dVim)Y}A5W6+MhBrn&6QX;nSY~797Y1ydx@nd6}OzD&k2Zd~A*wP_lveZKqx?&4- z7z6dRn8W2q+n%NM_MtqLY5edjdz18o>N48A0(3g{mL4A;GtCxVV3=rC89JCTTXdJe zABQPEUg%(^gBZG}&%n<|L8%c*(Y!ODZ2ybJ<2ft8gz$R=2=aC=J_ZszE8DGIpT>a> z!==A|qht4H-P7Qn+PeIbrviIHZa3s}47uZyb)yHQNS#OQ(=B(}RWxEU5l3)~11gHp z{{qxc0}PMK+<1H#0Cfu*pdo?)L$sR<;d2R&%h(Li^Q`M~r?hJIRsQY+e*psKBf;?p z!Ev4>DZj@Hs5}tXjb7-5OST0G6(hcpmd4!D*Rc$zp!qtpN?|jMV)>=$u=dR-d+&<;Dxgi!5cm}IGssZqI0yj>9)f1N!-xA> z>RtPuTFPn{vzwJpVRK>6YTYqf_xgnLwc!ciAhZ5B$Xw{1BIh$TDlPB#xdxVlr8>8? z`p#?k)?AHKYz83myaxKVLiGOQ8qtzk$DkgLwI{eMxdOq>b>XuD&{N=D+SusgE^X%P zR|fY1$v~v_T*+yqzMw<8;6g6-o?DWKCp=kxGlQQtf?VeTh;_n1ssy+btV{E>-xL_#sugsQ^agUT^hBo6(oQG56h3LWQ@N+h(c5Eo$Oaz4e~( z_BarOBKEj3p~h!|PuV1p4a|jo7 z=$h}3v_jmy@VqK2ig#{1Z=%`kIJQ#Htk0hzilY8mT~t6;15roWbtE1IG)^N4&C-g{ zIFaqTXua4D6)S9oQF7exr_jkz<*l}Mr`C>*p$A(u)y^_W!5pe0&_FLE!$VfyBd2~8 zg6$8SdOz1hM`T5740w?34{V+ikx9l%1*!mPwAry_cF&ckU2V}WDcxj*?yZNxjuin+|)P*X$37yLw!^ zwNt`tcs+a|Zlr0UddCm1!99k|-LhX(!Z!CojQ&;$q!gyK#fSxvT<40T$Wv5hP^)Pf=DT7 zhKCQX@=v%j5?;T*y=}$t@|CBP%R7H`j-b^Iz@wuq^LuY&*9EdTwQq{lz zYppndJ2D5{p&3B7-b3iU2D0Np{=>J@bf%xFInlp7lBYjBU=Zc!_#E89GPAD1ZGazV z1`;fpd2xRTmXg9>&n^&5cEGHwa^&p8#(x(oHTCp@{gHE@tLOUD3<1EW_?a~DC;;tQ zO8uItl$ztu;*{}E%J;FS!EStazSzyL_qTf@N>?l%tG-vEOr_1;(=0y#aSW6n;IF8N z$u3rHiyCjynlB&bsX$BR-7l$bq@-wfTjSu=m2RY`Xf1T&0y`5839E?wJa|Jc}C-#hfy8xKui;M6+8_R!>fM0yknRR(1K|uu6Mk&0&-=%8%fq0m%FzC z-vYR$2<83UxswI7R1f!WU^h{~T<}Z**z#OdprZ?Wsc}bVeQ}hYW{8jC?u3`_1d-02 z;NVZh#%C;Pe%Y|B1wSsfeKTlDT2esd_n$x#tBygd{tDVF!M__uuAjcUj|%=koJ5GV z_`_Fwgfq|(QYi;ecYGif7;;cTlBdv|LCJurpUxH`7rPX&_t-&O6xx~wZZ4W2&~mv^ z^M>~CmqqkodDV;GoS~W!PQk_v&@_INVp&3LnC8GwzySIits@DVgXU2XvY_e4^*!`kAt^RoRR(_PUi;mtG=m>=t3%lN3YfFa4}N_wY6ySk=)F`0vJO+cSVDccxbDCa^Xd1&K&T<0xQC~G<3nI z9`@m_!-u|x`FotTFG+K)A7Y8oxP?^`yW#Zdf24J6=-^ihDttk@;I(`Bb#$LE9q^hg z#JdcylpN^|jn!)h^fd45<#|U&baJ-lHY=UU5zd_*YU(L;q8GbPW`c`_D!EPQYmk1< zNBmlH$ZP_zfwRH4*VPp^$zEJ;PLnrDL(p{Be5HV$9%MZLk_KGhb3S5va~H+0vC11& z#-A(zQ5bEQK$}XDQl7{mjHV@`*%V{}%B9%5f#=@c?D%|PVm$sQb57Y%2@blX+udHi1sF5_y z)qjRn^j!WkRx#8rq3KY4F(Q28_%v!r+mEc01J|ESIsx^%r5y)Aue+#cp|#g}DyB!Z zE$!$`WM~NlHKgkV$M)1iWGuA;qPinNSm7&Y(GQq5BFB@)4F~FF_;-sxDB=#q;~f&v zc2kt))xl$=0HDoj0aS5R~!CCGi5kn`e6{zWp z`HprNtLA16MxO9}`M&gIxuQN%-O? zgQzP<7f=uCHP)99;YjvMq_UWwftfaE?01h5W(vih+rA7-0P+p_u zpm>KfsXxT0Z~bY3()w1NKK9`1$|lSFUzLG%z51Qwd1dqsQ~LqT<%na`RNM58P5Q_? zN7Vo%@WAQ*@4N5G0olR~=@YGve|x}l4$>d`!UbZxdDRzmSjDzCz9Y1!<&Va!jCeaB zvB8{`!GysgX1<};#+$+p`$K>OraYb2x{E&$ZqJoUb9CQLW1*( zSdn~)(ui3(NabZ8zeTofAzVz)@2S6D-Vs$v5-!XcI-Lg#hm+N9=1<0A!ddS241Zh0 za~cjGb}(WRcQ(rUw!R_o&OBv!&4}UPZa<4f>j4txrdvh#W=EGjH?57#+xJRQ@tFu7hi6| zQ~KPM_iS(~c5&;VMlX-*JfJ;>TZPo^JC&a;{Lou+w}bs1YqFsep=Vp5bXuoX@uAOe z7G{u-*7m;d0=X^AeInvDhNY4>FNFwzgd0X17$T#tm)8_oaB<70m>M;!Y+HV$jm2&svFu&iF93vk?*wNMpttIOMsRp{;Md!PoGK z(6sr=+iGXEm~3Am3Iy4TDReT*l8;>s=nF{Sf#(hk6}oFL%CEolr# z{qh{K|MB44#tVjIQU_C`OGf5nst2=nxPr* zz|{u2AIoioqZHV^!LV52v@|@%mw{&o&z~uEJJ~L59?m|4l<^iOr{&Z;7e9{bx;$Uw z92;*%4tDY_c_49Dugx5-SOgz^cgJOq)M;DKkFaq0Hj5LL_WNhnMlhRuoGmUS5=o8vr_t@dzaZhFs4w$z)cOGd|sRW8RN>5xsp_sy`%9mvj(0>|VD$SE~LTYsfx$MSk5<4u}XV7|t3+E@r^JfSd{5 z!UM{v-c00lr_)Kh^b)7}9{j26mznEPq2_wwzQqF-OQa1#M|YM0g5$W*RQ)xxMb5j< zI=!Rsl;)cNF1%gUlac`-jxM3Tf9gDMyf0YkJ3szpGPqHPf7oO`nag@}^_v%{;;7$o zj?;F`Yafq^&l=(wgR2{!2sfuO{EBV!VBc=ai%3oKyQUp7JLa9o4dN~DeEA4ME?S=R zwP#P&!=~)Lt@;)yBEZ`VqG=#XJm&ebEp+MSZBdo1c6&q8=v3G~w5!!bfz&3U?PmcD z-7H|BLB*m|4 zD%$+kE%IOD`v1EU{ePwswLqs+Y1h1_4<;z#_F2@f_h5%YDJAwnMJ+kkUhYR+SBdob zF$o3YCK@0%uk*j~-;Hby0!SU@1~L6PFUDK8HdBJPd>auqd#QHkNFD$05&m;I!Zvaq zH}j)LUHZtAoq8#K^fr4p64{H+rG z@#9}BQRTm@M4wK0IzT2ldcD4X505ww(CBWAn7;U9$)Wdh7UH8>d7hV)5+)~UI|~8_ zVu-H>S0!n@98MfcZ6c7n-)2xDaL^Ejwr+V-@Q#%iT9EHyTrthH$z|5*=lD-P@XJ9< z>-1>`_PPQlr#CN$S+fFPuNkeK3vwGOSYC1(cxInFsLdTz8}sAoXIqqcW)CQI22qwn zyK~mo-D6p74C~S)T?whAPJ^+&b0oIoW83-|(tfSeS)XP;R`xPgP7hfKNW)hqO;9LMjR1+s0 z<^?5U3k}QYkk3qRHG1dCes5m$G}uv?aivCjLWV`^vj935N5P)im;SXZh7$`Gg0+7) zw5bdf_TUP|coe{&aMa53DdhNrdZsogVSTP>E}0WjHc<6OUT=x&KF)#1e6-fMcXB`Y zs(eQDI_&G0II1_wIkHZ5?1fq|&!}>f_mNt8WCT|HY#Do|91B&9Dd_jO4?iN`@ve2{ON+OZtr3yR0c|@Z=r)!nT*e;DqN! zsHGccZ4zB{xlZ5vA%&osB`#Xi?ArgSuGvkrh1h#7v3NqtUE=+Z{m)tefuQ(LHnxY# z$P7a?DEe#1J>7yC!9#rNTs#`5+#nvo0u_DcHrW6$KL%_EXFPhp7N>{2TC|*D?~O$d zpSiPXX{#QmK5^am5+h6(6ytr>l)j|{)%jDmq=D}_*YUY~jCm$zSYw9CH>dvDs9BBZSs|xYWlR>fehNDi@krm|JarAx<3+6&7mk28+yc0TWqvX%3X`Lrv78lw_kG?9-AXR1S*7M=PO` zd6&wXqM|0VYt61vKXUQ`=3z~a6zc7`Pg zpt%fm$^`1jUyM|VZu{;~C88W>QI0i@WrqX86Jy3K_J%U@-1;;k{77}_e7AjNj~EzW zWWo(ATtg3NTCfOoyNj0)cf8u}YEiU|U=2_ARM+Y=XZYyc^vcSVdvOD8$-gb3c)p=x zBYb^WtQIFr7#Mkm_u{wgJs#zxa<)Qz_k@!=zEx|%!8q*82iXj~3iX$FLqOgD$)MI4 z8$`>6xL7?knUJb&?f4%aAPPciP3Vv6lOD#apphz%+W)2LY^zrF6VR|=@I1e#C2J5& zURf6(iM)|ESfur-k>>U7pC%fJJbt>j+HY>Jn_sa1*x2qae1vWvz7~N2~ z+{b7+sW0F9@zvR;MvgQ?TI>z&fRSiGU*i6e#fY7(qEtKNX88jP1`mwA;>wi$iP)J) zuY%{A)}*Y|y_0@-$XGZj0gDLH%t{G*0Yb9YZ=lcdzo@A{+}oo$ zX}%w%Hz*Sndyui>{HVD;jBrgP5S8u??p8KWdy42kHQ|X?tI-$}dMyuG%GxYc3KGlq z8lC)(=C4TE6wez0h^x+@bg@dHgGur68Au6`u->fEnI9}O4c$jwdg%zkg+f!^^dk!c z+w>P-rAa#t-s`6NPs*JHQr?l#N#t~c1fU)+==Gl%OTxdd0}$!l{+fpXN8TYg>(x$9=b3nc`9XZ=u!2>+`S``p+`M-u zFN}sd+EWE3M0KPTumuIzj3Vk0?JB2)TZ}37mzT9tv&6J z0j@SdVzdxpl&|JZcFG?dI$!L_n(;Zz^RLD2O$GbEfob^jr;dM{mMZK2ocZ$yRe~<4K7 z1GZlyypRA4W&zw-2XQf>w~v9~7HarV1H=)$f1Lcv_}u|vlE8ewsc`V|6;k{NA*B2n z7*g84(|y2Jng}7L9^n2`4aC{|SaaH7FbDnQkDoSIzf(4u65M{hUZ&eY7{&uhx~m3$ zK#}`R8n)cg#s+&LxjU#*F9$WdJ#@zuD6vfbnzp{#x0Ag%8jFDP`*j9)umDB41)5yP zbFt~mQQ9=;{->bvM(dIq)pR@m-m8XzP;LO)f;ON$$yX^r2*ekC*>Pp>A6^OBNH1l< z%QK=w;16h-!J*fT`x=G+b==)U*6s=bHT}7j13ZYo`b6gZg>W^aItfmS^$*hRkl=&!;zB6p;tmt}CfaH1cD=|k|_N0~3$3x4HxYamfbDYJ@wQN;nS%L|XL zU2_dsQ`LLPhzj*k?#v4PmZ3>QM*JjB3Ooa7?Y{3za7`ByQ|Cy&QyKhBCMWQRwWXU{ zwOT{|MN9ED#R*R zWIz>Eo;iTQvtpbS6G+y$0LH`E0ruzgA;HXyFB^wAPgAjdr~(%lPv;tk=V2DvRxxHi zDJf``-r)U#p9X!GKh{eWRJ7%#kr0(yzPWR2 zp&BMb;k0YhGqIk}Cz4llirb#Os+~<;?X8%OyXi{a@&3=1Nidw~tx(;j{=#H6*oYbe+R-MDNIZ^f*bR^%sW7o<=D?&E8 zWtC0p+aYPN+46X%K(E3nRV=gfzNlg*Yw;eM?o6E{IQC5J5vZE!gt`^n_hKS?4$1hA zackYN5kYqRF1_}7D>QO*B)D{xz@;PlIh>7lopw`p9sAVTo^Ic-AHA3Q*~%Q(WS z=)F2B6{}ALoIr;!f1p7=)+k4P0)s9DUZ@+Abfeh4aVa4qTq4(616&98p5^+O!e$e? zRC?W$OY!_D8QghyLK%oHz8S=B>1NoK4jZ`+-&&fE6zC$sT%9W~!8KewN6Q z(i1Vp^$Jje1+TjpNv%ImY=4UosIk2J;P^@E4kY1V=s2qp*|5rbPoCzIX?w;8eQ8a5 zr?)UGj$(?ZYveYQ=VikcCzW;)BGOE*uxI%6R8z&tRjU%6D@r=JmgD0|%V}j-?DX&T zhaRo2n!5Ka%UCP(Zn;e5>e4u-@vM8%%z~k2-@fntaZ7p2V1SY=Lz1~R_F1;LnMUYM zi&^6bm{4ZhMd*nF=Q2lfKx&Tl0{wo-(NNylDBiDZ_PKlQoSS=5f11j@@-WlfoR&tv zN!nvlAqC+$^;w7Ay!PEF`6^0cypq_38W6i~TgTnI0Znkb0dssFRPQZ8=-V&g%e#(7 zqT(;5s3PO^cpY(uTJeH5&B`ZXp`96q{En%7DR%k1ECy{U;4IRJew(6~+A2zpAR7I~ zua1VMNqgjHA#v>e(r#rhESZrzud`rzsq5;z1xMg5-gF;)@{Ni;MflCgXA{cE$8tEG z4-8wmj61=r5&JdQjODy_OlAumvTO%B)De z8WC@#wHnbaY>@N5>4}qmqFv#K7(=T{$%*FVI5ySCNDY4W=q~0M`$ie70;@e*dtD(MHnIiId~hPo59MU%!B@9hEnd_WUrqA+ z*f~uo=FpI_kZ5lFURyhvw~!bC``<6^EZOk#csJE%55{1-jFvZ<8i1(4bn{w2S1=CSV= zbA{btsAoMDGjNL3vz#$K_#CGMOELUJVkxfMtEJSg;#*cP^tp`S@!I;_y9E*q3BPWl z8{SKKi8X?@?Rbzu`Er+xYQE#H#`bC*YS=EdHmAm6K%;vDLX&ErJ&S?s)W%Z8`0MCXYp6%Hs^xn7b)pu=c~cv8{gZ8#b)b}+!`Gm z$~^@$-O5(Z<%mIQNh7;RYYq(Wy#nr59gCxDjc4Ay&nn~qHd~0{ei4KYE>MX1PYOYEHvwLvhsq<( zj~&NZI1iz_o^nbH_$C33p1~3u9PhXR!+=P|Oju5o?9+%U6-ruu1VFTX4*rzYS4}_~ zx|e2MQ-$?_IU}j(1r#39G3bsnH-s$w(XsbFrxHj0qJqDgezhM*4KYROB_yxhCVsDs zEHRXX4VXFUZmfI;7-}88<}l<9sz&jAQedlis_JiSd5E{=wmQA8<$B$--E#CkXGj-A z=?YiXHx`q5;GOJbgyOSMTw=Z1r!CZv6bkQ`=oxq5 z5fVz;@m@-2itaZ$6UXz@EX?cc5)nrzDVEG%hV47VHw-*L3C#0k4f1?A=tc^u%l}n0 zcj1fy*tnWOpEF)6>ha(gRyY(BqR~7PJoOzJb9@9QasOgbf2aUr0^cH*9ogUmM}X{d1&&+1QciSLSPG+a4cI z*^p2sVr2D^fvw2siE(kA$1AERX5K$Ud(Ja0G>evCEQ}C{X3k-J6iuW?D&tYAR(Ncu zbIHJBqPT@-9nY~aSJfxY^$iC&;Z|yu6!^%qNZIaRMgo1f{baXuFv3KiJL}o) zTo<#hOWY(wiruT-2=IukN zi5GROSbPNQkS#HMZuQ1#;DNxw`yF!$j1)16kzu}gHHI`?>KL|JmZi5zz)4a=+>iQw({6USnTT0 z%XNI3tNSAuN4&CzVV6r@4Jlc@y;V+uzr0GtVJ(w)}npM^zo5 z^e&oEMza%MN7wlkl&|{&WkEe2;dJ@Dv zjc)XtKipesy38|aF$)g=@^EtPn%WalTfjHu|Andk|6X_X1HX0JE{^FoHZB4G%R%*8)u`Dfk#?^l1 zr{$`fvdp)8hL?9~90@x#>^!-aT~E8k6q7r*+W9o$HQIjwLKzdTvM{RMtK8 ztshHxZT?{^L_}EmJTjMqHARrt%iL*0Ak`#f-3c;D7gIr>Bst*cmbBuwZ^BLZEpCM6KcL{^Y z#888L)RLAG>Kg%3TIeD~-q;3hj8eXs0Q9Pm?@hoz0gpeUguy>=Z2f1a^T|Pw9itD& zDI{dnF`Gen&j=#peb@r1ITl~d)FMZq*ZaSqPx6o6733@b$0%gzpuZXvz~6ry{NFU9 zHh^XQ>Sx(72M0X4zj>YCozKvD2ams7&Hv=@{WHb)&uxQWiS$C2hm}`se~J&Phlc%` z0DA`@^ax#fx@Ute_U^R`8yL80K_gAUqxID9{im + +## Overview +This playbook gets triggered when an incident is created from the "SpyCloud Breach Rule" and can perform the following actions + +- Check if the breached password length is >= the minimum required by the organization. If not, exit the playbook. +- Check if the user is currently an active employee. If not, exit the playbook. +- Check if the exposed password is in use on the network (check AD, check Okta, check Ping, check G-Suite, etc. +- If the password is in use in one of the checked systems, perform a password reset, raise an incident, etc. + + + + +## Prerequisites +- A SpyCloud Enterprise API Key. +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the connector doc page. +- SpyCloud-Monitor-Watchlist-Data-Playbook needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the playbook doc page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to the ARM Template Wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Breach-Playbook%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Breach-Playbook%2Fazuredeploy.json) + + + +## Post Deployment Instructions +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- As a best practice, we have used the Sentinel connection in Logic Apps that use "ManagedSecurityIdentity" permissions. Please refer to [this document](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204) and provide permissions to the Logic App accordingly. +- Provide connection details for the SpyCloud Enterprise Custom Connector. +- Save the Logic App. If the Logic App prompts any missing connections, please update the connections similarly. +### b.Configurations in Sentinel: +- In Azure Sentinel, configure the SpyCloud Breach rule automation rules to trigger this playbook. diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/azuredeploy.json new file mode 100644 index 00000000000..a97dc00d5d5 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/azuredeploy.json @@ -0,0 +1,491 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "Domain Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a domain or set of domains associated with an incident.", + "prerequisites": "https://www.spycloud.com/integrations to request a trial key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "entities": ["dnsresolution"], + "tags": ["Enrichment"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Domain-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName":{ + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureSentinelConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('AzureSentinelConnectionName')]", + "customParameterValues": {}, + "parameterValueType": "Alternative", + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('SpyCloudEnterpriseConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Entities_-_Get_DNS": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/dnsresolution" + } + }, + "For_Each_Incident_DNS_Domain": { + "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for Domain @{items('For_Each_Incident_DNS_Domain')?['DomainName']}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('domain_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_Domain_Search')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "Domain_Breach_Data_Array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "runAfter": {}, + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "runAfter": {}, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "Domain_Breach_Data_Array", + "value": [] + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for Domain @{items('For_Each_Incident_DNS_Domain')?['DomainName']}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Domain_Search": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/domains/@{encodeURIComponent(items('For_Each_Incident_DNS_Domain')?['DomainName'])}" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Domain_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Domain_Search')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_DNS": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "IP_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Outputs_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "domain_breach_data_array", + "type": "array" + } + ] + } + }, + "minimum_records": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[variables('AzureSentinelConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/comments.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/comments.png new file mode 100644 index 0000000000000000000000000000000000000000..c00a690702b0d5e235d9f0a4339212653d725f5b GIT binary patch literal 82425 zcmd432{c=47&fYN4@aF2>XhQN+ENZW7+Qq3ilVA&9)eblG1Qm}N!qF^infZPhMEP5 zIV6%4MN!lkM5L%Ol9(bSlHBy1p8wu;@4wbv|6TX4b@y6XzHB=?-+sS$dfw;#5_|WK zk*Khwu#k|DsPV0v_k@J@9~KhY-F$Gr;EYZ96N2E+uHbt{H-wPACl>{8_Ih47yDlVD zl_aurf1lv}Z;x)-2MY-uKl}5w%lO`z6(J#hq4CY@R*#*R$-hO450m+;vKB{fU0B}x z&?x@d={ONZpTib`yU-3$hl&v(b)>kW+pRp!)_ zzx#!*Kjm|?CxX*&pF6ed2EB*d6y6h`9_*>@IXC$swCMWv>&-7FCY-u^d+Wb`z1{ug z%cG-$dHp>8+Wx?N@DZSK-yrfg>uv62&vL&@U6SfYOk8~YOt44o@qaH9x+eT_*GKlP zGG!yV-M>x=y}bFqG%iS&uD-NfYN<6UrnylmieC26qf89)LY=T%#h(n-PXG5!8R6`A zhr*VTX3I!(0y+`hTTA0>4f9sUTegZr1Ad&y@|||qZcDqHCVA}GG2bseJ$1{=zTIEH z*1mf6yXLN6cX?|bRaX3YUZbxQ7evF)gw;yOqiRK5lqruMk?&W~s$t3%;WM=5jyfu> zYE{X1;@NQ6e3hTyYLXsF)xmxI?c2~z_bDIk9SJjEGFvo^3Quz=_7J5#&u-k*_svW+ zlNx_MI&V+XtaJ`f@TJG)EH9@C)4r>Wg{|&VR+g`M+7lnmUDb3T3#)dkm!cdl)3SG7CpI6ptSSvK)9Y9N&A*D*m;)>LZkrJx!U z8cQ-~)yF2)RlW>ZQn+WKi~#HhI@tJW=StXYQrAYB?~dXy!zOK@M5L~1*FBC;k8 zRcBkwb0tuU(^Do!TT`8}Wn9X~ikTdn0*gPgGSzEK;S*yx(_Nu45=wjimEASru>lFC zVkzfxr{E^L6Tc)XqkZZlhRumX1e2ngo7m-3Dw^nw+Poye4&YkN~x}D?w>p~$RM3mw4W9a*>`yFwRI*`KF zYKLq^ZS4?@x9urG_jbO|zD@N4`W*sqxg z<$ZhkI&Z`4w3*|jjB6w|_rLRhjO6C#y6XG;Bi%hc9X&jX+#fz{_^s14>CE^zL*rXr zz(9d<Vzm?G6KYq0VuE@UauA7&X8R6QMBatP-}%s+gp&1>kI zAK;mSl9JMuF6EUepb_kL@www9Z(Oj_S53cn_u-?c^vt9iayNSR zN*(r6zIDn+r=$n`=g=nampSAXX{q~pxg0}QMQLl+ABg$U$d6hVh#)si@MNbqc+afM zY}(Sg-XTe@lw5M@lUP)Byc8Ei30S=_oxUO z6t4;&(iMpPX2S!57gNjeSfKM2P8r+H28yDA1s(MFRr4dEPY#urqic}*9S6dmid64(8$szFi)HE;sdjuOJ5W7 z-R{Cf@S}Up=j|=`1;^2*LAqq0dA#~2S|cng`*C2Aba1=l2>%C>W;;&+1t0gFJa`J) zBX8#7A>qu86}{qKAgV>v+x*de+0SfI3%itBrJ({3jO8UT% z@Wo;PfHKd!)(mPC(lqmcm9tsAh)!z?;D^JJrmf=zjDciTm>Y_qsVQ?0im~NxFJaf0 zw1b!DL+gU^>bPF^q3z&7<~Bu24}Jb}8kSR{nBSpXeIWaT=48|h zK_o!Mo6wdukB?{MXxg>DiW3#hyf^4J@>#RSc3c+4|B4BlXwK#m?{9u4?G1{L zj553=u+=POJG%!`^%jmX18zL9-Z;DBoeCm%XQhU*+$F-Qm8VO(_GGRZvMZ(tZulCs z?gvjkBjCVjOrKc2gse^rCS>#!&%5W_QXG}>Gwk59su{?r6+V98Ey<`m6^rG_K2X(p+`y!dwW#+d zX4-|yea<^u<~y8`Gh^yVe0M(CZ?saIydm&0ZTdaV5j1y+O$J=gOUV}bGA5%ZQfy?c5%A9eU?H1q-S%N=hB6 z4$pu5w}#)^D|i1N&8txuj9d7U8S=0OrkB`G?@ZF=_iiqXUE0*noIBX@c7H3tqRjvQ8A?uzAx)0&VCj zQS0;c2?Lhn{Af7+PgB-n6&EUDigh~>7MA0!=VIpU15bh`VZh3qEJQEMk<~zt>T6f6 zCQR%!a;dB5t0?&oNNBJWM=gwpk*7!gpxQZk+JyTL;sqjMjNuwh^PRD^uedK#Mu+Sg z2JBd2SCrp*V2nII!}jQIm49P*z|uCP#GO?itJuPV@j zJZC!o;z&cF8;6PFcd$3cIwaM{x40R)(2P)OeT}kRWZ37!QNG)2?(~ze)p&Znz|l1NMcO@b zG@nv!TKQm>eyMZ3-p?~j8(gY(i1$I_@AtM-k3l2l_3qtxG=;bMYLwDr=${D$D^tD~ zy@)nWK8GR9(n#Q2%K@9qyE#)avR%?{?XMQ;SG4J)x@%28bB({GE1YU3buNGBrH<6~0i(d$VD!tq*jBP;ry<{C`WEb>Mqht@@b`MBOq zdT70Z-~Q3R*#{DS2)b?S<6*?aLKGW7w^RQZdOrj z0#o$*UHxA!kDBG(Os4vfB%fXV}qzjH?T82SCjy{7H#Ab ztLPiW!K#O4BOY1rTW=(c4J*Ud!($Ups&~jVG5?5QQjEsOb4F6Ar;ut=VU~K>?;F`+ zGr$>OTOmYG)zQM|GCqMGUN--Y5@hWXp%vCU_<#r$pSnNQP!?pFQm*BH-`74V&my`> zF&c_Qly5$j z-sHSModTUgaUnc0z8ZNytOjbJ3-AXZuqg9|Qc*LMcy`{R?^aMd8Y8)_&CD6t{l+TL zY-!b8$|#O>`8Z<^&CYKGaqNIS7JEp3 z#7~&e-cUJFn~v$DDaSD?lDG>$UaG_%HXb&sF|%)KP}tN?^ES)W2u@b)_Uy~{J9}1d z{KM56rHx73Hg=wYNQGIZ4#^KqrcDH^*4k7!VEZ17clspGK^{ViQ@q3Uddr2N!*EP&*w;E6Wy!|Lq2{zAe;=HIL79`m zB!#ivg_HeW2cBz)TNub0X>=wdK7`X~5d~<->vzRN0 zBll7ohGz#2j~%c+i3TP6nFUFX=kla0T%D`R8d7i(b=4o1UyNKnZp2KqZL-=`>Q*KZ zdaN*Zvkn)5)Da{1I74_#=eleCN6aT6QvkAWcP zW%lBzi#ccV&;+(ZJrSr~XcRR{KrHAw9EnFwBh~Jjb2n*06JIjAcK+0!`#Pp{#5;GA zW+C^-v)TYMx|#K736Y>kN*P(Y2;a=n3nJd3oLArNtD=5rv8lct&=4}_gI(?YjSdyb ziLClo2!6Nc0nvdHnBev8U?D27rAY5SPa$AnJX!i%KKo6-U!ZO|sp#Z-?((zCOJ1 z@^?UnTT4M9vZYoL@!3lMnqMa<%dho?%tP}@z$Y_Xr-ov8_43FsgGE~=M8r*L%M=tJ z=8plwdSy0;05SGC&QcN6FQg&g6J!0 zCMr`bENMMfGX3M^rk1(&pI~}rRM}@+{TDJ3`CY52%93N7f*R(c^(%#!d0PuxnWo}H zJ}2+)?1-R;?_Q2@t`g^OCDVq^5}hMLUQ=;0A#7uEH#r^`QU3~l@0<_8;+P9i398xR z0})$_WR}P<>)~{l7}6W{9hleW_+Hy&S%dG3n9`?rM2}N??N5j)qlzd2fB}VxCwJ4A zCSoM_T@GAg6?L?EU$74ycwjo{Ygtc$MS#X@OEYgK?5Ds9wG&>?x=Mn0&qP$h62v$R zifX^3OOmV)(cef@6+-;9(4RB&7aGEExk$Lg*FO7e&3R#-wbL}_z(TS z-vbTmq6MX&Kdd`LoaTKqxvhORCm)A&701WXR;1Br9!=7bvrJQ#s~?k5zC_!|0#_zu z)T+$mG;Dmz?XZ*TioY*fRZZVPI96F(A}RsAFDi6{T2-8Sw{>Od5z~~fOZS_C=Zlar zHHxi6Wh?>q5FizGhBW>>qH;Kx+yS#brX9x2vpjKgqTKV&n;c&cWKuEqn-sQ+(ofUFAHo*4~6E# z@ZZ!`YW;^B2G;vPDZp81VcgPX^T{@RHV=p6(ImKf*DD+} zf|5R*kd2R$^w`jez=7P*^d2CCd$!vKJ5Q%Jn8;hqkQ2kN(zkhqAY$Vqy&$9cybk;G zFy5+0jO@fD^9g)mv6Oz;l%2R=YFF4;sr}zHLU2y>HsjV1Eb5qM+d8H1P7US5iU_f! zx{&o9Gs-fR%L)R23BggJJ7pjWfYh))d<=FnnJxmzHle6PC0cz1?u&C_=x%<$##Drg zi8bqEVln7r?a)=;()%o@C_8KKDxcv#dL&w{=h@KR$_H)2nh&m}EGz*jbs$?-x}o$- zMUrE^ulUuBTt%P9f6yG0gx2zR?{vp7?eakA%UnWWY)Kb@cLxH98vxoa9b#c%i8_f)DJDZ#GmcG(zrwfE| zD_Z6Eo8Iz^neKJw-~>Q#J8Y0F!^^9I;=iAem@{);%NCWT^c(gq__oSB|7aO$169=9 zn(99@@v8H+UqIwsB5B3+ zz$=jOGMTpERrMT<#0KJ7c(B4D!ZJ3W%Y*CH&h)`La8GPfu#N-S1?>ueHNzwqt)*{w zW}P?xPH6+abJhlT*5$yR8Is3zti$knm~V+%G&8A8mxpN|hP#6#16&rjJ>5Ng*YG}r zh$`;vGXSlPf2<*`f8@EdRT+0FV`+A{IBS%QTXAqu^ZPMrdtvJ zgDT;Aso4RfVwbzA^}u|%eGoTci?+1~4_%C`E()|A5mJD<<0;1W4pl19*w z4t7zMGd6V~&3eFp5l}KiUA;EXn#5-}E|hF+wwnJ}Ms@2{+ueTFP8 z%1-p^Ip0dy%^>joBg?uB+OF?tAI?iG=2EXXj6lZQH80#$zv<+ zrxgg@()foi@KV4Dqn5~NZ{AFuJCpSG?c1P$*5e7M8=wQi*pKGHp!B*d@=oU|o2}Mk ztTAJNe|0M+RsHyvk}-aDS~0h$2Ti%J$)PsOl30b*WsGVXNjyTW=FU~|81_SVcl$ec z?nIW}Ha6avx%ET=^220)(@b$=0ja{gNeCZJqo*_Hb4G&WB`+^MlSx<~aI7H*Z$Raq z7Hc&9g!*vNoM{M^x^MCt=B|5_+mNMvv7*|&Y`(E?Tzzbq%MjEf zCp{{*T1F~dJhkbSW$K;2-ofylG2TV*XrL5HSG6AcTITv-Q~217-LpSq|GB>ayo+Bv z^3g+p#hV5@f_D+Ncewb!IG@u>4Jj^H|(k&7&P`DtbW|11v=XQ$6aySefvc%mP+)6gd1KX z<>?%~S8x8KfbJcZJM8n~&B61xQrJEVzm<9Kc~%ns7h>1-kXI%9_x_sVHTK8Dr=kUG z-B?=xztbB+rO_QH3Ug)QJN<&%zm&_kRtPOq&HIQ;T>H$cC+tFvnAO#Yf2okSza?Ep zq<^1z<#qFx#o4oGZ5%M6ii>LOzvSiR@m5zA_q|En+EWw0h5PplJD+Q1XG~=sWIj>k zs{3_vL~1K2ef0$rH~GA;gT53f1iLs6Le{H;Mn3CRq>t5jj=gSH%%>G8JYH2G{Q zs+~9S;9HMXOfGn4uR0PPod68$X6fZaxSN@)0Be6it*idg)D7ylkNOW> zU;{xbCnKF&sNT}Q$+!%{d6x&G%ic_{b@RTrATBRmPvQ8urVG5a%xo&V4Ln zvRhXQFs^JHN`A(QoeRJ+=RRXhh${!h;l6~v@9K>k1Mx?w=TH7Co}c{^LvoPfXc@Bt zuv5v$T!Z-I{sT=d8|fpZpa=#IRaR@W4~M!UhM}`FmvI*S&~;TEy_P#yR?paa13)8a zIJ?3-nVxKMM#h+#@y_J`yeVH#N zr$^TFl|qo&hNy{fB2L9Dq&Eq`d#5d?uCUOghPal0TW!3cw$^teYGn9g=ni5*%g0gu z;j0ttW9Lwr12=M%U;qd`wZX>c`Q1HnhQ?lw75VFBT?{UiEe-J^u!x1aus*&s?RU-l6y^V z_tJAlG-`4g@yNNhWUXtd$SkwbBosj5&!#y)TF=r74HNG~d_pE<&!|^y9kOvn0kIk~ zm^X@_hihB{M+zo+Njf{Zz_3MwFcyH-IJuUG&Msr|N2*<$cY}Qay(Z#ICaUU>OIGFL z0*3yeXu}=*L#+g&)?bK3KbP56*#6d31*g;RTGt5K939SvhCL^TQE97x{44gqpx<6T z@$>)u(sL%*y$h0}30_BBQ;i^88*_^vDg%mdbeweDyp?m_@*LKAaj6jA5=#h5Iyx{D zqeJ6#$iiQ#rZ8PuN$ZCbgzvUBz)w^vR&*<(BpPO4h)SJ<3{X$*g!`IQ?$+7)q5wZ6 zX>bZrlJlNl2zs<2D3S|&kCDKkAUWmMWg{xL^CgFpVWwL~R~Id=X)nK~4%h@9%>o_c z`ya@vnbRE3{Rqm3vZ+NOclD#Eb8Aaf{EChK^47zQWMcd?FTp39J}(@E`=Q_U{!>N} zBqy3`r(H86I2HUe&JW8vwo1?qhEgvT6PbTXn;~9qs+!ptU{i;q@Sc5S;OOg99a!f% zgaV5*h>ud6zK+{r_U?uv`+tXH>4vt=G)i5r3^m^nCq-$QxET63Tt=(7YYTkZOI9-W zQE%gXhu+wioG3kWS}>W-M6Qto^wu*^_ych}4vh1E&@8DO2_@UKq%s~ckh!Ih1JjD3 zWWf-EcrM_N4224#di7Op{Ku;6$|8yNnojTvM^DQT>7lzHAD>t8$-R5Bx>^J9wzY#2 z!1|or*ZAUD7c!GzuHnw#bLeGLz2lAfUvab`bN{}5`=mAo$buFuVw9GgT&vkNJ3rld zCqO?}B$_!rxxx_|if~EdU7ep0aVk{5EAdZ{!pdX*zhU&&z9H(+D;X@k-{DEYyvthI zBwg*VU&i^VzV+5#D=9$Y8@g8&@+IYGE1i(gYvB@NY5MnDdnFIw^|Ly@J5(;6|78{X z?`Q7qN;s%4uxSmEl<0rY2;Dm@IMu5CUz3v1r*r);fBj2H==A^BV|4`uh0)iUnIJ($ zD>Xgc`^1S8{<~XDOiX5i9g9jzF6jR18~H0`cD635?=1Smhw`nHi2R0zE4qSCJ0Dk& z#_58tB$2L}acf!c=nM4Ngj?}miy11PwV^9ylmqlm4*R$!eRli}a~n7P#|6;@5|K<86oFG9Nts^@5ap;5E7jZmx*{XRmDa|Dj zeJbj}*z#D-^eOicUR?6DjjV!hGu2Wm5G%+_n2J414l5Z3(~BFS-hyaV z8MU(?wI+?gB*+2%ER$ z9Xs06oIEr|acz?7KF7qGQ`d;g%r^m!L?n6o<1n$@{&K|fYO(K^*E2JxMvw0VOdU2l z>CO*#d#F>(%MiqypIjc6|I}y#fIiP;vK~*hFnoDC;hQ@mD7ze8&S(9yqONU(;)3OM zXgsS9j&0W64k-^^_|~t>+sc3J#WqG$subeT)2NWq2|{a1KgFF39SQINTH_aZBTys< z7+6kcq46a>R7cA8P9cm1Ci#I`1VRq_g;kIIYZZ5bAN$T?z)QY%wR-odPCI*1A;+T$ z2XAQuBIy26`=$MI5@cwp%#KOc&6Sk>xtH2?+ysoPLcI;2vnA@(hECz>775PBa}CK2ZOTF2~)!fWFRp zpUQO1HJm|HV1xcL5dG`}>AdK(@ZN_zW@E?Nx{D30PUa7s8-BjN zzxfK)`5+%q9#8#K=RlU_3Ye4wUcp;WT2D=}6I>@E-%q<(15Adhp8O?w_;uLOQGg)D z%p{7dkm%^a$}hJA^bKKe-eY>;-ln-SE z0c@8{(wC&b z%G{x21JXD+K1Uf%61U~KOtTss(OG_@0B~bC8O;XVbN{NON?2&ge!O;-<@oN^{zE#a zSAmXoJ}F!pMhe*1ie)tRdGvmm8nO70B4e_rFxv3xBG>|O)EvOnjLn8fc8c>NikQi( zjC;@|w4%Zx0Zhr%6J*sYNqOrltVkFyEp}_+G8ZbM!dk3Bn`R0+0I(Dx=q4E)JyPpk zGfMe363YQnsh8Vq$Lm1z1I*X@Z22~>EKgd54?UsB6VddxCx!|T&ul7d)Xg0IGwo^& z8KnGOD3JM%D-J??(?B0DMl$pHu+foJWGG3YA|;i9W8KM``Z2>Kvts*BP@wSUU;QCD9IRD8WU`AQ90Y_)*bFz=$^J2RC zEENV_`z*!T(%80>BZ&@ z+Iki}=UD5t$om7Nr?`OlgmV5Zx@vbLrQNYIcUjEZdI!G~)=ZdVo={e>Sd0mSKgR5etbXGa1f%tbWLP7TmTQEHVSyxl<0T0?t{T%FS-x@GX(* z+EUU_k4xv9^+Ssz?pW=TEDu>FaGNPV?Dy@n=1o!qo+}0pmGx54>+^kRQ7Mgv880b5 zHrY4QZMoW=f_=QVCsUi)=CYW(aaU47*~;!EMjl~;eaOLDQD$f&EX7gG?Bjro>M9G_ z0YoHDge9ItBc&C_xb*h+hQVz;dp|5rS8!}o47Halqblrim=;`x+EG6FUdFlBUz%yr z=F^dwbwvDI9QaXVZAgMPEB&%ZgU(F?>;Nf(fuGr|2yG?Wc{^h2hm@%@B6DZm9VrL$ zI!Fr_H4!`CaHabTR=5Z%*p&dI?{vJ{o+!L-0{KafehQXS-%sl@*04XrI5{mN4oG#AJglHe$*=@`KuWcwOru zL3060GBiYt%CPT5$dVxz#Nu<_e>!WXobM}T;9>GR41!_s_D1=#HZHR55=*)tY(Pmj zBL|myST5ch3&6KfO@Hd0@x-30h8NxWAR^L?O?jQs)zuY5knJ*80H{@;KG{)%d1dvM zSnt=^^hE3LrAhJ!LQI`89GybP9Kz^@2At=HO6TE=omVg=u>5MR!_Xw9GNV|nRG93p zBtg<5?cOqc*mTlfRq`Z&oDXj_@?px3LFYDuw;(ccPVrsstb>`W;or?R{=j{}UX zkDVcLQR@f!(9W-4Lx@Bc-mO|gSHNWu*Xpwu4?eBvDjdVX|^*ezQ3@D!1rb-nxu;a{9yf?TiJID(bcnhtY3AGj8 zlKY8f?z+kwQn^&;^c65Byykc;>%fApMeCj7JHQD~=Jn8lvrC#TEIa6}v=V}>#YWa$ z$t{MFI{{t#Npt_Ug*+Q*)rNtAxFx^0fp!`K#ittzLr;)QRy4o4xN*6IlyX;R*S5IX zOfKt@={7+h|NAr{p54QeJLuH$W^|qwHc@qhSBH>yf1GJ4e5AZwGttFzct zWMGo|T`^fR`RtHtQ20o}eK&Uh$hXJtZ-;i5Wk+B`D8t-S_mt>g1G;2l?n;j*Dawa9 z0X+RDo35^!cdf&}4hz#|iAM|e$JX@f5=9+H@IFC@N?Y_Kjglc&=Z{*BF~^Q^R|lD! z74#BmUdCef@45k+aRFAAjN`!WXc38ayU$!tPQScPhqu|U4p5|{&rh=Nlz~$fhq(cz**TJTw5?r>$0>#E;{h%g z5fm$d+Q8yNorOuBIb5e`qeu2|TX8+>cO}&p>v{Vj;z%wRxp5b>rM6xRttRvFf644{ z@{Eby9r{V&-&Cj;o_Nb=ke%)D9GPY+5>x@oPET3XJt|#;WbENP&AWccgUv*?5eRe5 z)NMoyX%&9~j#%;0HOzm2M)OEbk_=5!iE^XGdPB%R+k1jDvte%R{4cNn44VgLCY~q_q$LT9_%?>zlD(2 zsSt^x_Io-U=K}7&*Bz7_ZV4iH%NMKveKIYA$MY7u|sM;^^N_{~`7^we??TwAcF3<&O zqt%}rH=xFZOldU87Fr@Q8o>jJDBn<^k_#Vss-@yawHy| z#)Hij3A;6su|x{^G4j@D@og{hV#;)OvSnb%c|}_%r;|BuXa1>sKPKfIoSV%PT$X4$}Nf=o-TH z%x*-&n}gr~AHZzG(?h?@{omIY6u<`@_{|2kkkcCiNR)_+uA7BwF`x+k(jtXIx&N z_>dhzKOvFBUc=q8<#A?FWq1Nx#x|6|W(X1Sy#4?*;lQ&zp2oT4F8Yi@3YpMMaIt_> z9$La@j?w$BTV5)*w{BT1E!Ds?QVN5CYpj?gusac>MTn|f#f=RC-v1rR-dZ0D&k1i2 zP>NJ7OHL%c?bY1k9CkKrqr`l#8*CCYuV-ky7LXtU)+e?ngIQsgtZT#vl35gffvK0gy71$iM05hNA>F%s2k`%czXE>CDIobaK_7e$RIMJ@!Fl6oDZE897_zvm4Nr>K(?jYrY9xB4YFabhrQ%0m!!O*q- zE0e=~kSP(M31aj17hnBL*Kb6HdYy zS_6p>`-~PR@I zRT9U3@=Bq$NT>7#vvolk)IMszs8hq1^NXcu&QNkIaL%68b-7Q+d!_?ErE6nwZ@zt4wo&G*80$0LMyKJhi7rIfC}P*3zG8`z?#_B#Ng>IAm&subOLY>JYCY zcEjhsF4CKZInGn~1Jwfti${Im{U!`Y-grA*&Q%nxH3vprh_+7Ub>2wPJ0Lqm?2!%r z>I$a4(@;rx5PjYn~1WEXz41(c!%= z)Tfcqmu{b~;He`K@P!=BUSGJR_0DtrMJJtSelNClo5tss1 zvPee|hQ$Co@8bvGbtX?lcBfYO4iun(ec^2`-sdgyua{*a>lOv@6&uVGu#pXMlO;MP zceivAf15Az_bc)+#gkB$A1i%$V9a3 zzl~Y@jN!4BukxE}Wg={+i%^f z=&gW98T(D1r?{%^WGgCtO;NC|Q0U2-Sy}gj-A@&taOD!_+Ahs0o-BJk@lpQ(n%vKx2E=|>=0>J!EA=1OsGtDtuGXP0VKnCA^4Kvqt*0io#?p|i&Z~t!9cGstznVs!*AY@~y&L}eBl1Umu z67VcXsY1;gK8_l==KXQEv0dfsBX{@@rxb6y?Yn0EcjN41h8o!s@z+aCB5$%3wZXO6 zu{vDNkD?T>KxIS87GSG4A365oQi$&>&*TnkOp*#$&Aaz9s3j3Dgeo?4h*1DjWomyz zk`u#v8zn~Pa}w@sc-;(&Ws}}7D`J!KOQuZ&*HdOJBHdE?oMofaR+@kf?PB4ZP`wto zZ7boa1ts~Rx7X&jbfNu)I~f~XR?^KO%92M<23BpjAe_%4vGQyj6#3%JKMit_-KkI) zPqlRoYprQs%KXfS`RFxo994JSlA-dlS6I2lezoStMG+pB&*rmy zBRx-XQ%eRWMO+-ovgzsRvuoQH33sMI1*O$g1a}E`YcA4ii?hgZUri`vE8BSHnyI(! zT1+$)5E^gaLD(hWG{_&`YXID5iKb`K4mrjuA~~{RR^jO3Te)wJO!W#i2km>(^^;<`c4RGm0?MLNFEwTi z3FTHc>nDQuX)$?&HGYMb#l6V1a>&lkPYm$%YMe~k_f4$%*!m+q?uMH{^T$h9-X)U@ zCe~maT0oi;q>+TGx9BqjNZ7A0+1Cm-qxcPWJXT0XwM3%*wLA1RG!jdQRlUZo7(wU8 zbg$!mEn<&!-bACRg!XDdG8tAU%l|;UP$+<7diEvv48-@wr44+sY>R`Wvcabd$^-^( z)4;Iay1BNV;xZKxVfl=OmozaTRAG2aV`VJal4tZ-`Ru@yWQavRUuN~r^B=i{fGI*k zsbR__;>QT(dphOo%b3)DZh6D`M4pUjcOSocf-=8J(*)YnWux<;)PPbM?;}jGHG-YJ zWwdwrEc5M1qZ6F09^3KCdkx;9UV5WSD-oc3qgQ(w34*1upk#ihT+5Nw z`3aF~5DS|9vbNr7CLw*)s!+&8%7A4;yMxVR#2WE7(S`^lT8Zj6N8)AX=NZhdwT7j; zmV?xc+uJ3|6F#z8^xe6LaOf{r-8^zi*_7|`9jcPme6Y7znXYxg}7#An(mOik#dbZ#Q63BdGb8sem^kwbKROI4~rojUgE@F6oqck9J#u+KS zn1P%ySMLZgf!wMKF`lQsHwoc|LHj#&hEu5T|d42z6;=^clsl!1*8SQDW z1%#YU5DgJqd*e^mXTt)6+7L5|=`7tXx^0DSu{kteiWNk=MGTpRA+EwK2lNqzrdlpW zZCQrT+2{Y?BiM%iXPdweDxE){(C3$)mv^JP(_7NzhT{42_VzTvZav~9-57Rx$pUA~ zDX63uYHK_1l*}-P8adoFC5D`uT#RDChL?ibL+FM;Rbpa@nJv9IV@C5VpuhoBupVkP zu`Uox+W%QBo@aL7>;4?;GWLo`Z1H=*Pb$st?(M}We>IMy-!LSzk^6lLn>R$OIq(=ao;Cf)UYsa z6Pi%wI497P(R*sA|8oD|xO?+(DBr$+T&uFAl4P%sLWB}2YqD1MeV-)Rm3v;hgVAnfPM)2*nnn7SY=G<(AQsm(#nT3}mIORYwUvRBYvxNM1q=ez@UimmIP8 zrM-Ug4`1@)mg8O^DfH;Ud~yRheYCdGhftI?qK>yqxXPiEjAwWAm&nTY69+~qEg`at z{nEHOOMx%g9u1jDLXlLyxXVxcN(Ndj`Pz@KpsDzSd{D8WVxk%{TIdyKHYHNWA!}zp z;IHIq0VHnsWZOU(D;1~Lq)hAgcIQ?gkSoF})#?f%^QCq$h}th_g-qxAS8@};g2NwT z*Cyqoc-q}prkk12qRlJCfdyH@%yS=b!~6~e8Q&VwOOC}e=}HZ6mDzN zZg!JqN1m7lJ!7RBo-Hd|_{eUeW4v2QfMcE!s?UEVzOfCen9{nI@&j}m0asRx~nQ>p-U~drUksU#g zYefUx&~hOF9hJfl+>y5L?Xd~r@F?s9<^r;U>8ixu9GwN?Or*M$lS-Z2Q3lRwp9wbt zDjfgjy6Y@m&17J>sbRtm$59DZxs+W7R=4*Xi#7GF-vmt8KnD7fD^)e^>h%Yf7GHa; zB{usEc85+#E<9yETlOTe2|&Q*qlH$9HRUkf(r>79;^lYJU&`oAJs|jPMubFjky6H0 z?YxM%yyG4}-zfJPO@X?BY9x|B9Q1sKT@vr%!f`+C{jyT8KlHZ8yc1vxJrxsIAYj*~ zS@mFd+Z{aDBtoZ~L#_Nfgy@@o1Ma)8`^~D|?!s-;vqb(jia8N1mhr+o>0YeK9UDc+8f-rW}y zq`coUojIfHb@8ppM8&AfyF?fClhG=o(xF9I`aw97V&YWS^n$*o)sJ($Vl$Of*SP=b zW2O_mmiHn!?5L_%!(@#>3>_No7Q<}r?vV+XSb3xt?*|`r%$n*1G8)&ZsX)c|Tn&?K zCScjGKftq2tNA>#_RG1lxiYAW()V_WIq-r3F)V!|yO^kq$-oD4apdFA>Sdn7bRcW? zSO)^8m4)V<6{^3c9SwePOCd2?H0{C_)7j4Sw>x}};}F631~cec+L2&>@m^n|_{aK2 zl;W*7Mh%(*Iv#|x((W7!tXV>dYZYogHk;DPQuRpA(Uz4gU(9{`R-q|SX5hMF$e3$Z z>w^h@vYy-*?8XahV!FhYBY);m2(0+Q z)bui^cX5LiTB?U#d>q0rbf6DppmKltavNcoQ9FrIac=bh}G~2`xr@C9kZ~o+J zt!IS#PC06%pKtZp))I3Hu1wU;!}GIt+<-`K`aUMd;=;$cg7AB896E{NJLKbOXi*xr zYtt+>+c)U2tWmD#*eZEx5{zIs+qa{x-w16P0>eafIK zOYid#5rtEa>A%$iZ0sh{Gm;Mq%)5XpC5`<$J>PMP~dZy{u>4lg8q zS~_5-in^kY^nxqq6A^z+U4pBQeet7fd&Py8#7S1R=%fA@8;z_J6K+1qPd~*XdK#?1 z7q)jz9F5?AVhCIHM=|eau9nH{edx8|&7GF!7dB&#nd7G=YIT3unb8TdVwLXJP0Tuz z>8|@CUc{oF>mGRT0hf3EEAJ{{Nz3*J6jSxllSU$TT4hQJGzEki{gR#uUJvlo9Y=|%5`95 znk88tZPl2XInp6rD+K6p!XRGTUY?OaG{B+AySPIuRNSG2I8FH^WtGWhZC!&co$w&b zE`sptF|s*ssllv2R1WyP!}XErjxxjt(e#{BpBi1aV~qADcePe7l>k}mNFK7zXvVq; zZ>k&#mqzK9Pqb3JLIq7LuW~*V5{d%H&!P!|KKsg*Hs;ebsNEZ!&`X*kBp8NS_}Iv(B|mNxX~3ib13RF11Gp{25@p2M-&%-)@#*Y$%p{7gV;H( z^j9V3#Nm2M05Qu7N<{p&WY43{IJRtJCfH%d#yFAoiXFe~5zoS`P7s!vTIWDmPUn+f z@|`D|%V|jm>pqwpO3%VP!d6;YH4>tjPHzsTSC|xpKGnF;Y;+`Y574ub5WOo!C`UC7 zUTt6$&+PyLC{XPS6@2aiL6y1u(aJ-7)yR?)>dD0JVol?nin`3cqT-PLp6!~2;=B_bA6_T80jgx#nUIP(hq|5S~~D>$Zjl+HcNO z6m0DU95`e~ghY6P72{Jr?b+07S6%badzOb{c5_V!B>YFtZxFkz0c&VhWXj0MsQhN^ zH3N+ci@uFlmGlmPc2AY}IA^LSK5XIgbW1xpvDFQHS3+?XfLHXBDJ!?_n%-oe-OBKTdH2B<^N>81`*ik;Tru>y{I1Wdlmhhfrte$P(9+Jhve`x#qb2Ug z35AA41JfAC;KGj|c|3jq&c^lzo`1m?6UM~USliJ8pG9BgPX-N~bzqJ3HkQ9ttki?J zoVB>#(^1F_gO3N>D+KubIIPUiH{&<9F);W>nKNc?K7H{?6^2I=6FpH$heRx8A&CQX zR8~LrPRT+MSQe2~X4~_1(SSTRZtlFaHiP$8rYJ#HgH+#JqV8>4 zg*}buz6T)xF>bY>;SeQlU;bp9M{=5vA3qMhDr`5QmLQgQk_V;37|!15y)?5eM<|8UK_=ciXb@pQLSAw3Y$pUp{1 zS0(4ZJzW9o;tT4_GpM?{XfTq8Z8rdHKhWfy=f?vw##!-&LF-S7*lfqX*C|JjL?{fp zB4w7YJIY$OUlB(->dqs(Xmi&QKi^Oba8xhYPWUWn6}Ch%w6>w$A})tTWloa!#cda< zF{D1{@AU(1aq@vyCxU}>KBh(9!D)UHQEWNEk?)>x(N>j&97&n&?u=o)9NyM1 zCayRBGQX;u6o)|zAg05+E|gQ2SDv?=11|)$Q(L!swT|qOu!$HY7Eyp23!l&*j4{~x z4oL6@<58l9CtEM#6~D2vq+FFI>##i3U|Jj2CwF4ex`di16AJG)GurlE z�^D_QIT-`#d%%W-}t|5--Yqm!FXr{seS{r8=Lgug?G@H6oxBYpg-f+7S0P(Y2lQ zMp&i)*7g?PoYV;k;_Gi$#bUEp?pS;X6xM@E)7R{}?Ug&l;fy2?X?`)&*<&88tG%c0 zF_HLTM3I()n)Rnqvfci@4fm`LQq&Lo6>OBE%6m4au4+|1RI|;IEQlnuGHbQ;aKDH0 zx#0Qt4K4Wx!A|b}ha$4(LeziZn|8Xm+(4Pq<)nXlbZMaAgNnd&XAK91f4^c(^(wzxVv!(E$oZXlp{(OQrwF4)VXTOMm?q@O%C*g>WPBw+JFYH#TlSMka3b zm+x8R^z_3mgulNGuzy44550WNFDt|s^*_Ut8@K#$CZm;c_R7_n0$VyiRubNFY73fm zlO!^=M{O0d;~#Jz%>P9=1|RF6t@om?-zi(U$^CTk+;%K~c|W1A|I3y&clRI0)tR&_ z>Rj-xJpJUJEL3xZZ-FycryC8P3P-KsMv$JwB-buy2UN)q{jmKpFy7~>nYe7=7?QA z<{Q47SJ*_nUQ2I{UU%XG_AAa)NffEd2)>$2Sf5)O7(^WU=2ViWl zbXEKf$9)M4wi5ymJ0s2jySR4ibmf{hzh08A625+Q_5MnR4S-h4yV7Mth2!Y~)Z*FJ z!ihkG3iGl23wA=R*e*%fVCX`~dK405)&bjm{K6*5U{MjQV#Sc)WVM>SG%(=DGbL5@ ze67C$PAbjOInA^=qD?erViI)09F5`9HTMR^!O}MH=&K>}Eu=HZW{Zx?X|445Cn2Vo zDiYC<3cv)UW-7+~bnAG}r$9qk$Qwnl=ml87R{hq-0Lf!R4^ae5h6g6Z)eyF=s~k&V zu)*c%?tl=Ikj(PsI|rln$?yj5@J3r;y+9Sr@?@HZm=|%ZVW~52p~iXPTyw=UhB^@K$bg= zd3boQb4q)b0HmsF+3_+wzyI@Pcg)e?GW!b4w1sO=Cr>R=_+pwRS*F2*hmuScA2!<4 zL7xFT22yUBJz=B7D;=6!3u3_8Q*Yw2KGPE}cv(}1kJ6iiJv^%CtV6h*Kj9K)N@g`Lko%$&m67N%JoJNXemBh3OhRfbd zX71BHgB@-kkRD>thqSz>pN<=QcU}r-t|2{|MD~HG@1S@0E`XR5*AV09Y{?NmPjhrIT-Y0N7as<6&-XV`B5OD^CT(5?g?RO9N5O$+ahl*6jw|7FD@s}`HN>~A zqc?n>zh%8x8iA+?+ynu%@D@06y0u>zuuPadso{R}Mqd%dzbiYKC)U!@Em=v=rYjCA}-;^SoPN};%) z@cF0(B*6o|_tM#Wb>>jy7gesSM~;Y@*KUnVE)}Vwm+@;5D|;klYqvWibfyh(3dBH9 z>PNWGrOT>kuNY454Up_68n9oT1i}y!nn7R>+;+^fHNT<9M}X<=iQ|e=(TsUn{<`DF zBuh+a4D|r{7@Ri&+U>edn&xIJ#+A#G;?s95G^B5h7SvnV1Rp)KvT`C$F*ht3Ej(ON zzQU1?8`%X>t(*gDKt-?kL1g9ZLrfQYgEEynk_sM7D*y4wN~{=`yejK4l)+r(9_<~8 zi`b~?(QqG`GfG9jx32><_YueR%eeSm^dLD&rfI24U^TcIr}wF2H$A-f^+_2n$E>*2 z7$&>OibeuWz90ES=(vv0LboEbnf3)8g6}EYZmgY@)`f;-*SmM`roAq57!twv*)xa> z;~GAlVmE%$o9#K1>Yi@f^Vp*?l(#t!Ckz#bf0k<});jQqp((kllM|ttaXk1_S^m%S zc`%_25_7M=)t0SJp<4uy1*d37s<|VcBV&|KW{;*6KSR^)GH_`258aJ=5D{$45hI7% z^LZHT6%ss?_4Sx6?oR?p(;nE{{Dl$JeZGACde1MAz%l<`H`JYOwdVre>70CfEY|_1 zKC0;48{+xU%f>)OwwIQOy_r_9wZn6)v2jtDCOARtiSZTDX9PN z`8q%w6!2*lh9Z-%Ym_hv=zo!Kg)G*bICcrx5IW9BCDt8b$f7QYtK))*lHPtfq7Hmx z^YdJf36U4E0BpbTIosxqneUH2CnE~dsDuZFEw;q(C`|cF2U9nRMzE~KliOOjaYULt z^=+_=sX%p&o$$c_2we^BXadExaFYW+l1uN!avuQg zs>TMqU9rQw$&qD1aW@J{K#05;zqKFYo8#FOW6;eTfdb_QjEhw6zBnw1`l`eXbBT{& zlPyB;hRXCv49B(0ar*9Du2_VGy!FzHp8ddWhsFY6^oyCP6_temwX+A2RsGSpwg2^| zMP(4X%aZsQ>z__}Zno})48xFB?O&tVu+wfpDLACe<^KTaiu0ac$@#q~wp_RR$(@q? z<(fMcpI-z3omd=l%X?SGZ_~N8Vsx7!ZomKq3-sR2N@C|Ug4P;mtCLkZqZAz4E{EZP zje9{2x$C+_FMf?2Q%vjmIP=Z=H&$1us5B|i11f`)L`KS#8SHzr-`Jlw1SY+-Tj|Gp zX|Wk`=7o}b&Up~E&~bfE!&Gs%fqFx2Jt^lN5IB!gP|T6#z*Xy8@Vuc!W@Nr=XO$NW zeyx9V$hw}W9iM%b=>(uGys@D=cXRnAk@qo(vnA$rn@`t3+_S!J-ChbEQf7XAu!T1v zT&4Yv!<8LrM9cY6<1!}>1}JfS?Vvlq2dYU&q%^tG3Nsai2}D0{y`!zGt6M-<1ay?* zKDTuWce>NDPEO>fg83S3I;29eSd$ze&&;r7x56oK<0 zN{26&fug)h75~|2V)*A>SWU~08*X%H>zlyF(2C#8p zikod)^ha^t>723+<~KdZ-I1VS(wScYdIO%SetQ#9GOD6~WN)>DaxZRbv(du;+;Xm7 z9{*y_bs%yinzD%9+=0{z1n!8~o2%c_7oy@|3#@0)FbjKKv05f?j!gg#|H>x1Re0!> zGF=!FTL1a@oR2Gjs}~=ah2U#r5kBkPyQ%T-U1kN z|1oONR?s2<7QcI0gc9GJG&SpNUPqQjLadGE>+Gu?;x-ChRU|LfwhrNet7+!SxJ#cJ z0|<-hGtZ+kHbmDA@qD0X`XwJKGS1(+TwkDmXJF!LDLTv>Lx|ZL*k-+u-!^cZ^izQOD4A*&MCSr%qt0>6dtpDwnN*obL?oH zy`1#(=&t^vo$MpR?3qat@<$n5M)WscUPw%c3gM>&9eFu|is{vpWhtn; zb&(e{53#qs8JnAviKn%X z4-{ZSKnVgNIcJurc9$V1 zR%jm1!Q?p}swumoewb<_jDHgU@OQHTCkag**ih27)Nlv6FLWuSgAeq&*oN-cKeNrC z-t&({$rg2K%tgskgseC{hfh#Ufe|CcEj@&@TDB-M6X@!~=+@TbV*$x;ezu9+YppdB zI&njlTs_z5I(Eajr3Xc*UOU0ee7s-_LcXseq?-GX%!EjIC_U!hq~>o218djXO*Sp>-i7CUek!&Pc-!zB zmfH0VFV#>i?1!V7#lVyAr4D~cYNh7#5q*4A~M04oKgg>73peVuj=X2jl0n56ccF8z2lSrbq3+s?F<0x1y13WuZhm0p zxp{;=>fVtPf1rE#g(U$fzVbRkS8g1PAs}iiPVKDV4EHMT$2kefB6qeyKrME*?XVE~sZs@i!DD={?hEav zC31)1Ec0NxxBOIkpyjQt1+S6+g+q zygAz^GDTqX90gYm_J%#9wUYEfJWKLe=vRdj7_?m+d`eAZI*sI&`niZW-eU# ztL~tF1hbvZGIo;fbhItyh5pdv&3a zvP(9;oAFr=gLR%&R|N%j0G#1=`EyHwI~p<>OI=4biUG&w^Ot_<-;ZSw0E`qG)kY}65No# z!`#ZEWG`~NI*LwPZ%5a>3*~A#Li7~qtssL(?;r_|=$y-Id0mH5-M)VYJX^A|1?UHJ zq_FN`-zndQtFUJU^I-x7<-Z{MqIcwlowatCDCSjym?i*`CS+aaKD|>fD0IB(ioEA5 zcGX5wO{)%mCImvh&AgkFMZ|3^r*=@&bArp>#o-&fW!R~T6w#x z>H|C^Ru}8rWv|V-h0fc;i$$7qPakwhflfeYlpWv&r)&;8r2v6QHJxc``r9X-rh{g zv^?n_KSpRsG-S@d!M{yT?oc^QbsM+FP1E?h^IT2`pyq(+Q+=8#PfI;fVn=?xZ(X&8tC(be@F3|^882;#V0uA$z3~{<@B5|tiWFF?yay*CaIS5 z9P-H_P09Ya&@Y=7S}n^fn^Y|kB(4MAr2R}{hrOmmLL=FjcqFJ} za?Je})jUr?d^tfQQ{5>qe*2uZjG6gbUDPT@7|M>FbcTVU;`JQrT0@b!Q~xM_PGc z+v2T2__YThZtUEJlB&kKC(-f#*u)Bl<;j_8`{*jlp6{3ssv@d?L)xX3Au$e2EU9W0 zsu|AJyVPG#p{j7Q@^FCNXlvcttXkT(2c6hZ+BIwjQP8M(FgV!v)V$%8rA-Yu?)%%N zW-2f=XZDx+f`1Gg&K4tpMCNphpNs2~>DjlSp=;7H=Ha;pdc;pAn9f!gKg)a?uP_qQ zL_>?Mc|#W-ccln2zHT>gTpKp_P>-ag<Ua#O|nM%~mUfw87ECDCl_D3KY6JBHNr z*pa7ZpN))rmpG%ulASu$5W?wh0kW~CSRu31uo|feK4*totw!+^bCo#9Gwim`Q^Cw5 zX=#f3#>OA!nA}?PJu9!0ApRIe58>XTYw@Re(&4C7zwPn+A0R83*B=|Lg0Bu7E40%C z=z)cW1>A`{;x^~i2M>aQ%YK=?z;nz`QRnp10VK@8VnV>+bN0zuKbhIRb85SG{z$2_)%kcSTkYvCrPD(1_UqP<_nje)juD_D@{L|q)9#(aT7 zdIf@m4583L45M*3_4Tjl6ns5UA31Jy6|uMTMUvjBX5+EAgAq0b8)YZSArC^zSZjCb zB8&CTjg^Bp@{x0-ljFUJOn@;1YS^4bm3`h-QIZ9K-ldFhY7{F) zuvTr@KLl#jF&WXnu;U6yVJavfgVdWRHopHL%H_A$#-28O4#cL^b&*&fYK#X(L_%6B1L8z+mD=YqNJ!T%LE^0_|uh z4H-%*!@|yjvR-+_H+>I}KHt%@YFh0-<#N~RcTEjsu$7CtJRk=egjnO<+Fz^m@ck

SpyCloud Breach Data for Email @{variables('email_address')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit: https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('email_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_Email_Search')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "email_breach_data_array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "runAfter": {}, + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "runAfter": {}, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_empty": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "email_breach_data_array", + "value": [] + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for Email @{variables('email_address')}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Email_Search": { + "runAfter": { + "Set_Email_Address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/emails/@{encodeURIComponent(variables('email_address'))}" + } + }, + "Set_Email_Address": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "email_address", + "value": "@{items('For_Each_Incident_Emails')?['Name']}@{variables('asterisk')}@{items('For_Each_Incident_Emails')?['UPNSuffix']}" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Email_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Email_Search')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_Accounts": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "Outputs_Variable": { + "runAfter": { + "Asterisk_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "email_breach_data_array", + "type": "array" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[variables('AzureSentinelConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/comments.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/comments.png new file mode 100644 index 0000000000000000000000000000000000000000..9d437ca130b677610abfc990255723d1751d2ae2 GIT binary patch literal 25427 zcmb@t2UJsA)Gmrgib^|*ihvXwC|yeE1VphQMQKta(t8a(L`6ZR2}rLB(jnB)g9ri= zdJ7?hfOJ9#ErBEiE_%-Y-*NwY-y8S6d-oU_S$mDW_FiSqwdVKDIo})T-Df|;dxn95 zf&JlwyH6Pyn35P6PW*j}`M9R%D1GGk?}YEu`*#>B1}?82-!M9A>S{7DRK>9#*f1U6 zpZ0oS=F7lv@y74piHA?GZ!$2vSb2C?((N1q%Rn@55{;mFq`BF8l&MrE-@OwIbUkeB)@f5+elmFZ? z*u~_^{96=qWlTEpZ`tfx5!=7T9$roRe~TIur$qmwVYRlwe||*%b??7VyevCw^m}oB zUw>Ymzpo*}aTz5T`fo>noe?dXruO=mQ+mbwm5$6Iq|ut)azVrr?xzhqrq1rrBa7Us zM$~QHCnW`My&?9G3@4#ne#YU*kSBsG<0Ks;inHNTy&Lhz;sY|=x@FPaSa7qI-+Pt? zt3t%yZVd=4cic$lb3-o4FIQl#PI(~;3k0G1I9^{Z>GIpGq(sxcSuO{R$`Ok)Z}b=# z{g`OfnjI^SGKHma6iLeGr{+Yd(p--hX7bi{vhw8iBCRh|;L%{6GvNfwC zT~pB58m`~Q(R#EL8i?E5ji?9z>c*N$wv8g*3a%iVt;b~b^$p((ey9l4rzJxz1|jRN z!7HC`q4uoDB8d7U_YSeK6pj0)VTOBqPT%Z$Sd~J_-NSGOGvC`?193Ixk zl}GBSE+^yDK;@&RZ7aCJ>lqNcC55^!y}_1b+<`Z+l2!6@;k`E59se|wof zgV?f(A3D2<`19rlfo#*%r}Vjf~%tb)X)$uF(8>UBBS)=<43x);|KY8}Zj^(Y9i&m_n%? z)<>c#sNs>MDu^BtW(~@sP-Y3q!D@7pP&nGbSsj6Nq%^X164zF{H&|zyUF-Gah!c-8 zhAFGf#*l9;*46xjimikY>cjO)a((k>##ag4_`yy} zz5{1HqJW!QYS%1FVbz(hXnV8-fiHLlaGN65^8B>XUb(vWU9(jmos6v~=O1?|AacRujVK9E zqb7T(KJB7)X>VP3_>;#+70ngn+sog}`c3%RQN&%M3&>YdarA&M4PJUG~uLn@-zQQSXka3r@wOHW#|C-8xli zH7+JOECDppOSku4Lk_VOK$LK)l33WUUAeic38nn&FWv}M{jxo zrSUH)U8p{j#P_$3h+(E82!y2$k-z*3clL7R{aOK(tW8iDC8S;1$y4y>O&S5;*|pd- z8f%+8XAuPn@|TICg+mo?NIPY!%Z`yLLC+}pOBr-zl9_MT#6H-RLh275AG|viRCyIM zX$ow$Y}R862ksO6f&7LW7T+Oo_hswA_mW3l5OXist;qE7_U$%9n9Gr0cjoP5xdx?C z^bMEF>-4FQ1Aw?J#4T@gpvraKv?JaAoTKHYS+8=|?Wx(-_QRubwwjKkN5jt!E!vby zN2*e28XLe>QzBL24tMN`_+F#u+QjyXdwCwUylZ7}-MmF65PE30n#Oh#6 z6wuR9wXEwE6i_gB&jMDvyN9EIjHfP%Ygzs+G~=f@%_AYZo>tQ&N(c?kq3%2nJ690& zih{~FeZlv}J2-^{;rp3~$?f4Q$OA`ghBaXL) z`BKSIDTjlsY|l;4j1pQT$g+YR8fcWr2^*`wc$DFRKFTaXv7w^yYggl{9B*59n3PZN z-;$vIhzec`h+A80TBQDjO-FuBfx_Z&B()t1xM^+-xE93soOcHm?10i$NBT5Y@Slt3 z-Pd3_obynFxTFgx+saBS;FG2QZXoT6HbQ+r@?>tQ(C}*)@Y6ED9iYg{cnKlcILCA` zByP<-=E8TS*cS+F(_JnP9AOf+fKt`U4~Ff{{eInZ-`@(%;uC`v zb*`%ULjUgcq`E_m(LTFPCQ|ErQa3S+BtV5M!UT7n0=7aAKD zR3gE%s}IwS!Vt7K@G<<6<=#h1pMwOi1x#Md-IuFf`2p~V;BKnD<6mwjiQVpKn^=6< zJ_mxEykGuEjT6gje^j$gAy;l3cRd z2HbOYfFbahEhx+srDLkkQ@(r821&g_pTpzBw+}LWjp}^b+ zLcQx`Kz~yRQK|eOD!BZ>#w+m}U6m0ti5Q%L)j_3+bdUGKoIZIOkg^HFIc zztL7Mj4N6FK1j*kTI2<;S<%Up&aFP=zpRG#^)(AT?l^2bA-Jx?kZx@LouI~-_zS0p z$3~U;VzAmR#;$-j$4W1nRtDsoV=35~F!Sx{If(x8V=-wdMmAf#h{O7o7 zEtY=Wdt@Uxs;<9$=slD%d$-m4aP?A5&Sl0-8pJuhBJ04FpRRl9eB&eAu1pd7*0Q`q z#BLf7mt5!LLR`@xUY74jJ|S!3FtG4wPc!R~5M@qTY?g<1`Lym2P?YISgVy}`lOfR1 zV(n;(MofRPS^4|0!aPoB?&+jaxdr`$+@Zd}kJ38NC18{?*0U=E7?KssanP!FpyzV%!yn?5yu}KT9Pw;GNDE&A^4Xx@Af*qbLWR6n z?6A_blk{!VEqDbi`ygmd#HGtw)D*!Yo1A z>Xw2Bk*oA;J1&vfSiQT*Suus8g+f@-ZLMzuN?RXd1>U8!-veDPx2X`T@uj!i#ZcL0 zmfX#9#-#)hgKpgc_(K-XQcy<*fwAt|)qaqXHhjDc4qJkl`=+1|MUL$!{t!b!|EsJD z6P=x&%cZ#V<~j!p)fHY$*gC*>A4K{U+6jx;9bKl^{ zyuf_3Pg!N9w(2=r8O(eOYgeUjg(y=eA7K@2D~_#t_2Na`h}~fZi5zKK>-^bFA(1#? z3rsS%0PYg~B1e^Jw1DxWCZVW+-nWr;Qfy6A&)1WRPfRls1tx^K%VGewHYdlw^5*>g zSiM9dlIj|qdgC&{W($_1lcSXRw%#QNg%%6%TSFeoXfaoBnIM~&0=FB5xG1H0yBnX! zge88(uGP1-X>dm-HtqW)A$It38bgg}17Uj5i;d2I3{efx&Ev!4<7ZyL%1e%es~PK! zJAT>vdW5r}v_g4{HtrCK^qD%cRfmve#z?3m9$sf2h}+6AtHpQtzZ0ZLjL%rzKdxV+!{1bwFkPBXofO2Uqp0&k(t*(Q%~sbq9_X13!V|RzMm__oCi)|e zrmxJ)IY+c^JwHibeLR{K4{`7B^=>Na59;x%5zi{?T~g!6f;E<7>4xZhqN!lBK2Yfh zR{H|4tcEz8dj9ErH)(erIuQhIo$kXaV~^y44VX_wM@(BnYxYp;tyav7ybeu6o*Z{E z7Gj9;q*TnYLrip4UQ z^}E|j0@AporWm(JJG#Kwh`MZW1k=u7xHX((#UqC~i$wf^Sh;Z*9%S_9ph%o?!=Bud zCSXE_3uIZXE@IVRD*`WT%i)Bp5E`u^EnASLk%@ALYa4OmDWPPUti41lo(%V%l`Ipw zAdYA67Gx=Qr`FRoOAq5V$|eJGEWPz|M{O~Z7f=%L*ICP9X@T@Z$l!FgogjwUg9Lj`z{3N z>`6Uz@>S^q+@6(n#T?i)9_?#*W+{uYQ&Yb;x|fx5R$Ey3<9`Td7nXL1PO+mtZl%lh z_RX(_H#w0Rx#h;VJ;x+!IE$ziA|#|k4JZ}T!Tco=O<4INVZ+l>2=bUN;|h2@w8;HP zP|)kW-|Pi>^q_oO8H7eqjA%|Xgh3o~YV^jmdxLxAB=(Tpa#23-g|W~?^=A#1u3;|Z z;R(*&ITg<}&MLx&p=j%mPs_fmQ$2w1kn6{iw>#5T3^o8-*~w1iA(J15;BY<~V2gf# zz%RovjW<{aX2QgV`$L7ZGW}W&F|8jzKTfEV^@O)TDV0jv6S|`cOUy**=1hhIonxqx zs&PMn->>7vi|((Sq&XP#%9j%ktZsC$NF0;(!}pT=kW_GpIZVzvcQCfHU+uuUjfDOQ zJHQjc?Jv*mke_7nn+Tk)fX|oLR0&_PrkJjlNV`rRYRt4viO+Sy(`~gwB|keyxwULd z4eFrm2OjHrdqZpH1=#=k2|xWeNxvTvTUTsZ4AjY9f9I0~P=~qSLZkixXfekCP3MMe ziqnt0l;W+K#*)iEiK4L7uar2nTkBlYVx*37^`b{gd%&_<8)`uUH?p4{7`p!v=R|yF82aSf6%i-}uh*efS9NU8MU+S_rZBu_+X?=!E1P%B8s zG6_jqb{<)fHlTZ3(N^}1C_iw{{dT`)bsld^)WarMq?RuNo9;GyRASoQ$|(dn2|97! zFFpuwxz{M@x^+*%>2MD>Ap+x2f8n_l3Z6%eQD@6HSk6L65{xDuQe!Bt^!ZmA`6O2G zaxS0Taul=>;t*Crhq`I8ExT@iSfnn%X-3W|w9%Sc88(E&^!=+>-9;mT&(o5wnBu3l z!_CvG-T1lS#RucJkBU%j+aH&3A2$ldy&&ka?un8Q&!@d|1{68N_;&1N9Q%4FIZ5EV zik`m0;=?;f-gzeLbO$#T`uc9$M95Kp3-rf1ep=##9{JCG!1Ap)L}4M&yB_vC22zoq%5y5GS42;v5~yc{lJCuHG?|6$><+Ii6F@2ip@ z)SUcyrfASDs07(gKzR8r)&(z(X2{qnv=xFX4hl>FP~A8vG=cTh$)KOiQF|#XCVba7 za!n7vntR6RCK50LJ6RTCzKst4)sTP4v=5qXVS>I;R$)UPr#SYWFj7SSnrWRSXrSYz zPljbkQ%&6xx2f~+nZJ5_d~YPGTrhx3(vW(LpCop&7(e|v-g`LG{*!g{k1zfYx^Csz zi2b9S$0Pc$WZXaX{{zn_mYKV~Dq$YDc+=_v!bFhl>34^IZEJNB^;$w10nWx-8xy-% z&j4Yp_1Rk|TNdmqVHM){GdNt6vJhtQi@@ty*GdzYx?85C!exW~U-8sy?Q8%Of2i7j zDmZ9rLYQC0t4(1s$~#yOEEq1%-xhNh6c3)N+dhTbyQcgr(l630yQ0Y_J6jFQ|1Zh- z(vInzk$Rc&XsMCulf3XqjtrEZge1um{E_t$_DP-+p5XV|lw@?|AjMPfS4f*7=!iU! z$6I=pc^Vf@rM%55WDm$c{Z2&ja{(P8YeCX?eoKiK+Z&ga|HioyU3svM&mInYF2bH# z1-B>|r41C#H4xX?xN~6!w)x`NFmTJ4jMud%!SgOE{r7lRBmJ;8?$6*Tw+gairHMka zU)8_U{L#dQF-c#cXgGkGd98~luMa297htU#KF-vcP~!(VTI;XMHIjR$=+pHWG93_k zPByT^4e6z<32?k4>?jvC!Tb$-$z26)w{)+=$mCrAw_4bPiw=r?QaZmvndX@eS}3Nf z&3=W+ksURsE^?$k`TE25YZHG+e?$EGi@oZ_=WT^|_||*m)fv(ifvVc*X`r$b8her?rG(nsg&&Q?;Aye+u)V1|56hMj47~JBNr`yzoJ& z9iKd|RTSXi$Nwm1e2c>I7j1P3!;$gp_3jkttFyyo+x5_TL8I>bh(KGaC^SoiEMg@Uvq!$w8>X*n!ASE zyQN9-S-MKyAal%GK*RH~Onte=w)sbqllt~{C-sx$)k`NFJY&nB*k_zT3q3I9b~vbj zZFY>7S^$1X+~4GXe>^=GH_T(8KL^5dtlb(1oEH94(I*?{DNU7L5L*wWyu?h3x(5*N z$#_E04P{QUG3*59ZsroV21-qvrid-NAWXon*QU-dj^@$f5It2kpO6+j2KD?1v5Ieq z)t35@^j>U~No#lgFFv7Y@f^zIJN~tUkMvVCFDHXkZ(d5RorJdCO6eLA1!<2&nDc#l zTrY0(u}&gS4m}XO4L1r)gN&x;{=oFf=_*C*H+!hI36xmfPQ3sU80fYpgx#v1HY9{% z+y^9=4V4r85&Ee%?TSA5(D=jS0}M1UpFC3%pEePN*}*<*SE6&*>o7rNB-q}c=c2nQ+u`(yi@`H zIGlh>kYSgFx@ow5lQ(>EqWM~#yyT|bvOeL#NTm)7Grx1zFoGWt-f$<;O2ap|OJ5$x z$9!Ql2ooCDpIVm6%Lr#qNh1!3UtBQ<%_ZO9eaXHgkr~NrJT+T97|L-Hq6z=X-V&sq z7?PPb_{rf$D4MNdEcx+r!{agk8d&)HQ@+|`W+{JrTY>%c`ih3dtE0f&A;7Cy7HTxn zODWvv@|UN4eyTHnXL$G{6P)ZC*w(As^zLIdytnJ<);#~iO*n?-; zoWcHb8M4RcNVvbtveCd80}xuFYB*IF%i4RT=LNgWUCdd4<2eT?b$zThZ327ac!+}v zubvokp%Dq!?V5dv7*s*}hMZ>vP%=!l*vFBz-iP*Ien&_zFThua#;g;BJ0B-P_}< zL)Jg;u5Y5Lj~Bb1sWbsrlr*Eb2csF&LS@gAhmTg`HYv|bMVGqLA6B}b!#K!Un%F6- zWu)=h)QE(WO*)9B26gT#&+)+No0>dt&if<>gt32A9ggesrFk4(xavmvCz@3t^(^K`}o%0SWQ$fe5 z7TA@drMsyG35Ur3<Q<^)Na^UX^4w0L%)58367sUwHsNf^v*XFD3 zL{2?0=Xw3n#v!z~X*G3rC*ECkJ~UE6*NvxQ=*Y`Gn9o0}p*rYpZ>{ws2bZ5u(+DBi zyberen{flF#UY{Ep-rTZ-Z__AZ&qjN4SS#=S808V`*8;p|4-bX0-j^uC2NjwlF}&E zw4hLn+eDhpocaYf{6qKK|IDPua;V+@hBa!6iXg7t0?1Zf-G8Oby{r2RT82Dqc-Hhy z!eGoTQRpE-F2EgB1*}%MC-%t(`j4+vLl2K4+HQEpGbcg3km`UoKgS84N(SYdO43=Y z%$)yNH$K+!|J{v=y}~BS{W#-44WjJ(|65MW|An3Of5RV2$c$sdVe#e`xIHT?-?g#R zIHrHT#ISPO-rj!0vz;-Cg`M{o?IU}yxXLHPEt{-D)0M^V+lx|UGX_f8WUNhQoDbjf z82N$=Pt}IuqHo%H8nth6QR)+T6o%`b2Bo+C`@;V_e%-pOY@#{CHLTjJC1Ufiw-$r@ zdp?%*YYt({tLRY#&K0e!Zz?hQ$g=VJ-^#;4A2W<`17Yp1%Ih7 zgYnz<)&#P~_fQvq(qNFqF7@febMTW#y&01_Ea#Cv5ea)D++00{O)jq&f^9vlV2fI2 z+@1wK_hL8%l*_{LVn+3Dk7BJBmVJNZ-5G~la*jI<9E$4Vm)OI;Mb|k@Mahlq<#By? zhmsz%Z-y)9+Z71N=d?N267O@S|31Z=rjD%^dHk8R?=_2Gvr70Zz7oucgA}l(_{yS6 zt7-Ed3&sK7{ptWQc{faSdS2v1W?O7&#boJ)j5D-`scLW*puxAe+`^Ao=XfXUJCj6+ z?6-hte946IOj5fKn3}HYc!9bN?$W?IRfJpeqj#C?YmQA)MxuYDWy{1FvTR6;jN0KO zX(jqqdj>X_=y{RxgT2x#Kc~YNyXEGpCQ}BkoZsFD{B4^=d(ait8h#dAY>PeQSo_XY zfQxmFP;=#6hpVVIi0F#2UF}q#-$=#;6%8@(Y(%I`os#aXp4E1yZ~(;%qen8oa^6el$e97RDCUu3aVOsRwr*M41JRF(fPdHImXc{>}oFu|HOuWMuUC>0nS&=WT5&Q zGO@lKrs9M7h^{Y8>y22C5eX1yCog;Pu}P+W>Byb{iU@KW#ug6GKTh&*zM=+GNEzgp z#qQ(BRw8yQ<+@qw#g9QjVXOIVHAR#Aam04-E5Xx&cWHgJBzXrf-M7Gs{9AFEz``p> z_uwi!kI*Ir_$4$4w+Cdrm3tl9?$|+B*-Gz(st3EzN1}-KgBA~q^)amDez54M%; zjUkn4&2#at$_iPVip1_1tHk@{m<7n!?l?3pzy)-tQeo>dS1DHmL_Sao0b`!Ow>Q7( zOP)SY3tea->mQxxP?+{1TUII+LACELDOsj$krJHw(LuVBiJgS2iZdj{!lF(E4NW@N z=januD5-B*K#(;IkoNGfwz!)z>RA{cq-Tw4C#6coV{tky5HAusa} zh7Eku{6+HjaE2=7p-#1jon0@b)MdWEimA;(E!aM(1u6oTD|-%8eFV0UDWOZP)ti|!rf`rnV~ zlE9{6`3sAUC28o5UERfYzt`Vfr1=9(eJqk{%S8QOJyi&;NQ1Y!n&nxM$dV2R91aC4 z+xG!!QG!tJb@JSjP+~ZnG~dp){RcZXP3jeTtn(cAaDPN zv{D;dIFTTsh6shZ4Rgt>@Azzen$-!3Qd6I_tuLL78&QK}>|a%k$9%Yq>%ZNZt+0po zT|L|^PP)env~^eY?Xb*ju-BK2Q&lXyg1asV?1$swKZO!|m{itsK6sY;gJRqw;|BJl zyYxvkKRQRiXko?b8*^({In1_Ej2nKc3s?spoK>Ipe9~|Lw){%5aE~pviLg9SbQet@ z-)cgt+AK*Xs*&s+gvjM&bJ9ZUDueC)006S5ckf>-*w4yzr}q`rtVIKz_8k&~H0^ zY+K;y>B#neocWgPyD@^S*#^kMuEOyxE&VE*s#8E!811}3wn_{vPeMM8Gdql#Bxic0 z<>6;QK!m^RcandFeMfzLraw?OAm*bdGEHc;$wedGb{K|z*X|SG2nf)BC!n?7Qc&8# zcmM`@s{hQoXBOE_-wgEmOxWt4ovf==W0`Wk&c-@PE$26>FVjpU$VC2ZIBdSdm;}~l z@7C2!;qc}*j>y57tlHu=?|rQLqxd%mBST%}8)t;u(OO{VS{ zc28xV7W+08JE^rP?i@!~uVSU11tHTdUW0=Q?izk z3&2FgpJihGe1U=$+OK8(@64XQSJ!;nrcbbLd<67(!dEUF-svcVSprw#{lp`a zUcmXwgRehypZE2teU)MQ+BUOzx}eqTQGlx2#ml7xa_Ne9zUl73_6@=NAyF#oid#D- z(JBbqnYQBD$(^M+)4rm5zc39V3j6cgka zGNPrdApH*OY4)f0?CXhBka2l6`Frz8R;^;?329AOpe}nwhdp&qY*Vn`2)JgN!>-Lm`&CUHwrLOt6h@TeUKdd2qwG4P0?5jd3 z>m!wIPKn8@+ti*l?O`eIE_)vMot)Xy=L{3X%mAt8A;`2t-YZARvYI1cW1V!{Cp&HE zv)90dmjNP7c-W*{l!_UWm;aPR&|u6T54G zzPBHqTO}rKTB$DN!n!Tf98T*)--HeYu(Z1EpS1j8dbyVYQ746~m)8yhV z+vS!$yq;QV8!-`bDONXx7d~@$1}y z>~~KF14?gx#W_T7z(zjs8lrAv$PIJ{%na!B&%AJ3zwcX$TK0{map)TkZ9584;b%NP z{#Y5f0?-nJ!>CR7x$#z#AH6~g8=2wuzgWnB?^z{hEO+8lpKTUr1s94Xt^_IcH#Wku z{i7s63D36USM?-+ubi_hZP$MJHNUqK#68|!P3(%g&8~*!=e>NO!`BDaOSP!D#?1Jv zMV|u8YYW{z%nI0kaAH;f|3n3Ejan0**F%)?@>hYV0y;M>&GJ{Am`!URNUF)U4eF!b zAgNk#0#fPG^mIZ2F6e{wf=qKjV^3f3G(h9L8`fgA4L950`+tiTP3iI=hGLrE`c7cj z7;35~Sb$61)1MW&EZOzqyn{;CSZ!sPpsIim*B(@b8KR!xuD#6qw3 zT4nSZqYIv^_@iDXk_;$}ZVmu=jRPETu`Dc?V;|1b;wA)ciunC6R~M z%(N1yy7pr%Uo8Pnll;v4SG%1Q4u36lmxmBj`H{Q6W;Pd^uw!ChNb)pm1Jg69@8S%(DEC?5CUeh+THW9G2uzNE2!CI;d^H#47avxUb zW7=eE@?{s9*|5=pUlp2l=yLZIB!UT2js>o7TAmH8v|#3q1KB_MS%K&6ArSFiJ->{a z?lK_`r;MwomsC`(WAtl0f-Ut^z)kph^1kommH!H**m)O-3s=QHnfc!={MDhX4;wT3Vu!IQcVf>G*TTx~26=^PYOkW)EBO}&m37;&1u0=6F)3P0ghm2A*OPJQyct=b!FnxfQSVs= zAi0EReo%4yrpvXEKv~|CkXUZ)F z*oj5}!9B>N&^b!2zEMz*4NfHJ@ENb3MBWD&7Y_(_a|ry3yr6Z=FXU#_w$vJeZA*<> z<#-K90Z0OWKhrT#iM&Vjlf=zMQn-8$DxBnMI&e2)rj@`V8w-aka-mGO$#i#zGk!4T z9o~9qAsO9!?A~=RDjK@H7aLFB@JzRt=PiW@-}N(dtCwnf%X$u{Uw_berOAWPRE@Ow z%)XSx9&lIkyT1{|JJ{0-Y;1vFKzm_W#SG%XIY1s0hL6CfvZum#;?$0v$NjS1t3BS6 zms1KQFkI~z$w{(TAJkBkym-`+Ok6Os=a)UJSIIR0N%@-2o>eHDpyR8@@W{0tUGdRZp%9y|JYDCY+uw+ShF4n7#S0rf=Mkz z1oBImTPq3o`}3A}OHNZ=o@NPm_@{cS)m3@Oj&X)OeU_6WtGpuU)qg(5FvkBaUSt}2 zR_mC;Y5KuKz*L#e7w8T3=tQRVq6dU>UG$pt$M(y{e;B@g60?#ufQiiLwfw|~co1H1 z;{5h?^pJ~enGd);yS!q!;j0REd4tDYul6*Zyx^v{wy~p9HyP?ri71@M;WEtFItrae zCWUNi56aWJM`Vs7=47p{x*~uN>nH88f(|}+mwa7}KN9$o9jo*A43paiMbE>(xJ$l# z{MACI)X(E@$=BDq~?{bD>N(tLY?CE;^Knb6^!e`6v1S=7I|D6rkQ^UqVH-GNu zOIKxEc04E2l8w*4V|Y1GRP2?s{%EIu%BUglb=i+u#f;TyC1-ChH-Ck1{Ypw?#@@BG zr@eKNN+1dNsLb*h6TY@RwtiL^YgIIXaJKWe6Rde3jvU2{b5WT$aj=qdS!e~~&)CwRFrn}H~@0NgW8OY|%|9i7NtB3t-H z#$xV6)~Db8JGlzKcX&Qa7s-{&^+9b_Y?nHqS!TJBvdNRP6k@jFbGP+#%p3<*9~ zXt;Sw^3>V@2e{pedv^V+O3SP2=QI9Bjk)A}*Q=U~lUZxC75?+Cj<4;@Q`67w3ivx? z;uN}YxYB||=j684yPN(n){~UEYw7J)APfDuAHl&g)U9}oR#5ryUBmKSR>2B zD~$?>YG=l{M_7#hoRwhEVA<~tZOZsj^|&p%+YGAvg5YVejVVS6EQK1&80xrv^fR-YUA+#Y1i`(>oc!zs+!wpsV0B`3QPdNUVTK5S^^CCawRnARIlP+_TSaj1CH zmF(=5PU2~EU{7uz=Ui_%z4$R$jYmAda@Tys+IH{F=92N>`(Y(n)VCm!jj18UL>mh| zL&p#O(AvwE-=wx1-k{+K(3^H=0aTdr|8XJ z!&%a!rzC~Ln`<_%w*?nO+?V|2=6`4R%YZ{$6PM5Wmv1c>KjFK^;VP>YUQ%9htZ8SQ zu#>lV1slKBry<)_nFH!1>dUOcGJ8NDuZu%5Y0|A-fD^y!Ih!j!B*26i(H!ligEcY? zxw-p=1?yaoB@-LwN325Fym;QU*Y!rYRM$}TF8z&1;7V3}54*Ifu5+E&qm9&EQI5HY z1J5w8fip6G1jCq<)ACP#QTs%zgt{w4th{c2XF8L(rgGb6X!1wEs2fspCG(l1i&SIh zBU4z9gyu)NK2gqe(+6dIi)D{7&I3Zg&=TNt{dwl}<%oF?rz>}V z?^EJMo%dwju@8sTU&sf>H?HiYeHZhm2Cy*4B~Vpb^e-#S7u|ygaz8EaHbyxDd(QmT<1Y}d zGM;QPQKgQ_XXP2ch0GC)YiML$d`_9p^6v)OX=98eoeH+=XUcptirrA0aWN+}6j(hf znnY493w->ixo!aX`Yxv=`4GGnoq%YQb*s&R7Dqu%ay#>s(Z&sR3suF)3d6j?1*D^m z#aHswO^Uf<;F&>nu*qkPEd3@ZmEu%C_@ObK3_94%8ot)2QwMMAR&3%WOmL?ui=5s4wGz#9ALIocGfaDgDMD7QSL?4& z&KB)hT!O3hqm>d)7y;;3CxUiccmT1Vsn!SD1nCJ7%pH_|BE+CGAC>|zDR22}ral*sTFb?tjO&n_2rf&udKIM+;wMZRRN zmg3v=YDwz2)tMorXJxwf z{Y4`$n9_Oyc|pdlf~OgVN(U%Co7mQhIuZmoE?=mZHI%EV6)IS*nPwm9BdT7uvwNo1 z@)_dbhdQfJ&IQcv=$$7X^O;kKI}+C>ASI!ai7!AojV%Xnt39YBS}IMa;Qu^@uI@M^ zFf;(>>JGsLfcuLLMMAlchxYr*75S8u)Y!(vWwe1J-oZt>)xr^4Y4)%Fzjc(Eop<(d zW_H|^yf?;(Ej8-fL@l%mQ`BSz^K@+j}2v;o91?i@9}PFw)0hI z2-Z4AQ;LF%fPrFy*qF=)R%q=o04T%KZJf>j6M2al)6`k!OebxjZXQdxR=K3sO z2yUzlr9?ph0gJs=Z8fJ<^AyhizfI~XQSL@EV4=c@vAOx&1U6|TwhvS#7_B0TI(dpQ zN##GG9YhRwvb*)Yko?Fkxb3Coyy-5bI>=jd?J}AX#ZveOLftor!fKEG+ep%f;NF9M z@^C%2*HGWcB;;z*^f+Z5|G}Y(k?E9Zz`wvO7_Z3gcR|xW-_Q-kf9zzPzaptaw(Hs#5y~YsIY?8hTcrbQQN(|pl!szdx!YCUU8}U?tQ0_O*?9i@`DwBJ z=_e4}9t*5a*&!kuGG~p0!r-m;-K+>P<=C+=?t2uQIDW9!87sM$Y5k?CB<-NxPPyZV zi8jF&nL~*em*=)c*G$SK>966 z3oT}GETkf}oyS(C-&#m5*)t2x>?!YRKR-03g*m@00G=OHP|%;wbBujJhlNb0L>Av4 zNH4djkVTPBgOMsK$%^Alj+_tc8-ma!+iHB^KISNe2d)HZ3+}MViL}x2IKvb%G@3j6 z)5M$6u%WS(QC${>A=C%yqRWioZEC}N%EbY9@&c?4_4+y8n_NDVl+nR?;4yDu|0 zO%l@;usm`>22Q%n0=L26ly>}Li2c{yw&#fQ7Nb(+lQFg#y7Y0D1e}wH50uu6<`(cn z%6zYo0*V{Ipev60Fqw}{uc#R2|B;C^n)dTCOEJ{QjPSCBpp3qso8>)L6RDMrQSVD) zYFEKzgT!9XM`r}|Lk*e~w%;WqgJ<%#BP#-U29B3fV==^`fmqY;#YWF>6na+&G)^VF zT}=4AQK9swui!0``D$V)fD=-UN(Zk56(F7|42wwCNw{tN!URii*DgL8UxPoBCUa@& zgvY8s&sg6NQTtmQ`QvLrc9Nb8T@l>)ol%nZX_JAS|6+8?%^+ooDtKDZxeE+bW=;EL z9V%Z=aZAWxNBimE(QLMMtiF>|+2_)Wt+n@gd7GPE^xZ;?1oS#?i?l_4^%SW+c@ciC z&UkSzZNp4y32*=MillKR_az2NC&6)11k7U3zMn} z1a#FJhf$w#)J7Mp1d}GJw`FMKuQpS=lVdrTrt-}LxY{S`-62X?zhCaM-ODE!hB8ix z@?ArCXQV?4d^TBYm-6A->D=rRM5;NS|(B%9(SVkAlKte zBzm=b$~9JxRYUy2CS`E7x{a3RPsc7B)m@Y6;{<}&jOm*I+!3X1v|?fQ`*7hdSi$;l zyM1aRjOux;x#{~=YKmc|X|`~}At@1BC@4_Zz4yF9IPBJ(g2Z~>*07Bu$a8!7?W}zq z{q!_8)Y|zsB@Q#^+ z4faE>PyAYML}t{5o$Qh_e{iH!tx!Zi^WkBq3h5fkF(c;ZN3;0u4|K-NhyRpV*h&qThUA16NvBwq&8@pxwao^FYTc z&;0-07!R!-?t8I`+W%{Y^Z)Toj`(9|9qT0n1HXx%=3E`?jP2BZ9`XEj}MMG zvWQAGfWG;-Z$D8$Wi2Fue|#^o4H-*}z?QmuGKK$X+G8a#tPDNY!%Rsu&|c+He3f!}mb^v1rGmzv z?cT=17~z-)tO6%1UGbP)X*SG)%sq70-M8XQPfXzlnY*?fb#oavD;Y}v6PSH@_OBYw zl8HTYM^KcjSfvUK+#+#pyI92c|q65)e8dBC8=;CE*W0JYJ3U8m)k zk(kad2O=H{f56cX!mfEW2XZ4+H)e^zQ=rPY_7BDVapNbg2u6vL`#cafLk&?QEdBN-w6}&1So!LE{V|8-@6O^w@+#E%Ly20H~$L3e*TIOGi##y^668pGnEN` zxaHqg$FN&^E5l34n*+Jq@oFvtyqO!~7%wQHLAm^K;JSUD3&cXt5yVN%1Qe4E;2M|CBzP{HWKc`>;;PBjd1#iRrc?IQ>*E z>%@#z3@5#_M*K2 zmYmRzm$o(ErCaop|&sQZT2uhu`S+6-P74&X`a+&9w|8jX`CA1{k>@y1R9e5-<#>nrC0y6S_d{= zNh#B-Ygg}3$0U8~UrUUfwbQFq8Cj&%EpHCqRnU^&`dqu4XtPk%2=SqntS zs4p>}R;PZDihu4F2o!CwbQJb8jx89j&DL>WbvSiCj1;s3rFeP`F3M3PerGpOCZA{= z+38%J^N#G|{D?yTGDF;P2Z|;U_wMf7&;5Xs*$2nh2+P~h7N6Hk=zZvX&-i{cq*vDC z-YFl zgspU*WOKpnJ+Te-9G*&UT(5M4ND`SKrw+%j_RE|`w5%PepUmd0`VxmJSTNuGB)H{$#F>ZE!s z7mBWTuZm<(Gy3jD(LjqF3+b&L1}}}2S|9z2DzT*uDQoM0*pQbQb!N>@v4(d@Gg1<7 z?1_jEg)R~^SO`L1hucFiQ#ohIolaztD=caQ#?Dh^&6adQVVDm(;>5J~Fw+gf1B>x6 zq?}JyvCPIQuU(Yz^rb#wz=kZHoVYDKj8-xyiNy(MBtOpZmhkS?Q>aCK;qDcWpSe2O zqq%1$#0qi#2otlpePfs~9aH&qNh(VC z#doW|)g5qxLAB|G$QEqT7Eg-|QcdA_)e1~f$*BZ7lwPz`Uo-3*0GL#ef+~G7b)6b- z0c1(iE6+3Z7c$0WV)`U2L4LzT#KtF>*DkHvYMV0WDhp%;w4Sor)ygu*kGEtvn8V7O zOcp`+jz}eoMhXIjudv)tl$0R=V2_5{a}uB*HfBra9k({aJ~FGU5J}l~wEJ)+S%@zZmf!B}e{&<$NY1#^DN`Vg|D5^J3_}-)ndb;EZQDXn8=# zjqb;l*O~x*#9S%R{XbQ{l!CoD!u96p^C9QF(TN6WwVNnza)*`kez5nmMw z$0gj?HawmERW76HvWmnV})PvyqZLaG{n^-0FtYPD*1 zFDwq08YDcBofi3Q5TkoN3g-{H-K&7eYVqIFlxYK+p}JG@tj!S%yTgC#xR>9Ioy`x> zZRgS*LD}Y`}_$qf3-{#ospC*d+L}d zjG3C!>_^qv%e0+x!ihnwA~?;@(`wX*Tt`NhTqcul1=|b zgWu)#P50p;O{@M3f}W)@9u*f0QB`tc)-%#KLFq+j?DTFPJ8~`Q?#z}NG1b!uUh1FC zEW(aR(3S)nyOJxojaPr(`JOIr<$Q4@KWXGJ}tP^(nF)#QM) zG8Xr!^jbj4e7n=T6RXA4yPo?B!wHH@P`%bo?Vc}v&s@lpg}au*C|C|-GB5e0(F#@V z`^F!$0qXpq1Ia0A6xh0*9DMoq12ah#P0P35FmQeXydej@YQm}Ib+TQvF@6{J>C$z+uX+Lub5M+=krd{)7Py1H#HuK#9hz`+l{xed|$BvziK+m{NZb9ey|ARPCBXAWwWr2q zSwMvA@%#+siG@Pj!QDTQ=`n7lp+Eq_!VARo;!`E(xi3`pu5oe3I!Rg(K@x}> z#Hp8N};=CpFnTtYB73~S-6)<1S+61U~C$_WDHXi zN2dPXF+G<*5fiR~Zx)x>v=;w(x$Phl`smgzQI3Z8U9Ve6F~1aB9tgLO>vk~B#w>zi zb}o$*4+&SuCifnNbXbqvF!6(=>bXzxW1&A3=d;Y$t#71;^g#vK2UgQM74W-U(Aj!2 z0UGG_bfH56gqAEJ9de)75Qt(|aKC=QC8T?TOquV!$kgLt z5Lgz_!h}*vK?Cg^uUSOb0Fv!O;d1egb8By4tlHZP9>@8HzR~wJ&=Q;~V<9;RgVl+3 z@3Rd*QN8G^Ip-D3xMU4K+_cXx!$H(fN003k^p3V+4c>djWvRk3#f?&PjDb-B(GPSB zx?d$?dtc|;Z5bPE+bdDM{Cw14O;FHxLC#||$F)1R4XL`YuVS#Bq9GHJe0@Zvs*moa zSC~GlYw2rW=_&Ek1Le{2;B>xUTF ze*YvWIde6L)Ekz_MLc6R5B(Zz%Y}yxEuA%=$HT71r6E0* z$S0dnk9G-S0`1C!DW)^eA*UxHe3@VF;W>p#Qr0d}3e>78Z;MsrW81l05<;W8rYF#? z`>KH&3adVN@v;s5;#%0f0Ck)4G9Hv}_hlD;2lIz9b4LY|scw-9VZ#Fe1*ED(%$1}2 zc^lctq|kskiBA0;sE8teMN_207r6%6Ixd~*7l2Tz8QnG?Oa2~>saRhmpkbQRPhv_( zOx5~>G78E5Tjm)&&SseHz9mPQsW2B2&Tm_v0Us{$Q1#w);#3%!0CSJnR4e;|vgmQD z;WCrcWh(7=;_96vtT!~%6Bg_#3y$pEW;@Tyc;UHbrpI@-6ZXrCLgJw(u9R67qY>yYH^c}=<0s}!J3}MFv zOG7uJr~ETRPl&SKRxSCbk>?))%s?C$VSO)Bpv$C?H;3*_%=am+^_EMO(l$T@1VZk& z>TTYUDDF4R-(EcsnpsFTXOjj%{9O$-4Cyr+uX%r3iENB$+w6H!)k5w}Qc1fmcGpOmPju+fO!NS4c5)|YOA zO5tt|)b+_Z@6sue?mJxlPq_@raDBB14bIzAtFt(Rz$)K-qxiU*KAn-r;l$z0aQRV##CxL=J@lT8A@m3U{Z9J1yX(4*q3%Q#ZC`7O&1K0h~0CmEL4 z>o0~AO|JAH&F4~l#IS1(v#q^-5OqJNBS02Qcn3gS1H$f|4uQ@{)w~#q06TKr+fCM( zn@YF}>57m_sOyIZ4UaqOaUJ6q-{v`zm|-HRxng*pT2j@=vbzCZwx=FG2-IXL=zDcZ zNmPcAmd_tz^0Pc1alRjk($I!U(GBGcO(Z7*y+x8t(yrABDIR(s$R}%u-pF2jsIi{f z<=pEt%JNJd;_+s&#H=&h;3sw|Y?1cb$x-7R9jGiDKmve<`Z;nQ^If9Pz{L4nm{;s5 z;^c^4D%zun=iWP3ho0Ual=!O-BX4_%!o%qntlTNC&qo8e_PL3rTwT?Oc1FoQLsxjK zVPPkI;F`pkj^PYC`6moVfTA%qmPS=gmn>fa?M6Y27Evh}gS^WtLh30Gs>puby*L^Wm%;m_7HxsY%pnYt4-zTG54d9Aug~#xu_Bb7 zE&;6AZN=Q_OMZ`QBu>gUl_miUSUrHN>iPwFMdXyFSt&r2P{_2&zgumytibJqtaldF zd?iEWmuHqhw>S$X54eSt_l|ioZAK>mdZv}1Q2SGb(ceST_0Prf4T-I);D8|vyw zXZoLz0&{%ljxg03mPk|LhZ{}x-%3_Ugu1Q2q%ItT*WQ6#6}^pU;v4ElUwJ8khy2MO z)ir+<znv}exl1jvW?-{hoqJzYO;Pqcr&>;PiUX~vfpv# zhjwA>N8hdtUbN&3sQyU zT>Ep%@XpEerl&*n2Qlkbd?3Qhf6T5WTsltyqzgSKfF2ReLXxfhRctEhplx<;cyMwm z^v%ePY;=)c>$89~!L-(og9FYY*TOSCC5P?E&+MLa{42Lk_xpFSDfAqV`cB`#cf0Iz z7rXfZJFI*CIn)vRU*Z8E#V+2QPvXI7^E`QfQ-*Twu0`#r9u}dbTs6-+XhBiu`<5i| zDXpJ73H*vy1t8B498LM2prG`YrwrZ=DSACWa>1@Lnn3&w{@v`G^NNRO(#%WhA!?;} z8-VuCx84}bZDY-`}-aw%g!?--FD3}~wa5|1E%snLKy zXAr-8>`oRNS87dPF)vY=$7g&K>6A69wzT;6!M`IoxBDnOP~)s4cwSzJ3%Ffr09E@* z4;W#z8g>YAo+-{eA;@D^tAiK`&001UANP+0H$7FFx*!Pa(BQ6ZE>Dxyigx7Z=`WmG z0+o9F7%DFfWx?7VO!qP^5LAw4Wo8p5a-UwOS#^J$Y(W!^uX%*V%l9qVyf78OTx^EsV zKPX!FH2QB!J6HcRrJc{|%Ya6L?VG}??iynro%3kh7v|e>Id2OnkC%!w#K_9;w8 zVS7rmcZwe%w!HWp&7)8)tFhgm3!FzU6Qh3G5&#<@3u4mm?-&4D2HE?K%Wg(4MztId zf{Wnu#emEWFT2oWvDEy#%mt_INFY#RI|+#C^f}fSE4v5StBX2ScS8f=t|$*Hfr9cK z8A;bB1Ch8CFZP2)TtNd{P+r5YUFDQc;x@C+XdG}uxdp?dt|tHHz|w?#3RV3x1Qz>v!q*gR^?JCbzew`pupyIfyZoN3rc@~E-;yxozx$p8CB_`YiYZMb>9(P2qS92$>>Kj z5n{ZBdC{rbwTbiY4TEMJKOX3rv` zjiuE&)p`T4<0A?cT15Hl^WD5t4*_+P?Jc|HCIi67bDr{ku@M6vNF!D!WIKw#4}>w$ z5Wk_6&Mh||bpi(->A@EqhcU}%WWfc~COl^Pob;-54^~*Q<4RTfa)jnI@@WAd>Q%|i zWm@Nz`Dl9FA~M`vqKR4XN`gltasjPvq?M9Bk;vThbeLDX0?0tR5p)1hBMtK^O&iH= zu*Y%&79yy}l8s%y0`vJ*@?y280o(JQ*WegkJ)$k-PNXIxD*^2eWK|SNEl05Th%dLr zv^WeaPXmZr1Dn3tLCadD)qy|=dGhS}Q+V_JXV4J~+n+DM2rocPp9qa^n zcCkX4bM|$tmV3L)i0ZOv!8>k;->S9trF;Bk*#+7Rb+&L!WNb*;0z8>Av+HP#HJ*0mh*yW)o@t@!`4rM3B+rS185EbZZ@|D6KUKSDp^t$%BkH3BhKwAy8Z3nUOmv;Yuu8#lfNqsQ~zs}g&Vl{cQ zFxB9Hu}YRc^+y-I#~lCqu7yqJfB6**sK$Br LbGz`C?c@IfSwTY? literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/for_each.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/for_each.png new file mode 100644 index 0000000000000000000000000000000000000000..db8da7ef89ece1840ded4a5997160ff181104a12 GIT binary patch literal 10025 zcmd6NWmwc*w>K(CN=pcWbax2|$k0;KGBil1;(*f9(j(F!5`x5#L&G2?-7s`XGqemy zpFiHueLdGX&#CKN?}zup#GbwP`tQBhTEDf{Z_kJ48cO%@9^heMVBAwtmexOE7; z$Z&20zkpC=Ux1HW?%GNqjFJJ`O`w5kE2}Pxfl(fde_??Iv~k^(4c##?C|GV@w^X#5 z_c1V75i0Vsx^GQ)G92AZ##8bx{Uhi{rN)2R<|WgcD1?@%rItKXSJx(=i+^Jip3lEa zp2SQH3i^<>8E`A!+{(SG{2@O>K#-grjg=2uqDoqT0M$O0Pe%o}Y9hC4g^Q9Wb?--( znYVNquJ+d6t}2O-PkiU|5z|$?3t;bze(^z5+g{~(1Qq>Yf2O|$GlF*Qf`2_!oGX~v za`rLgv*h|qudBvURFav*k|_b$BM^~XS_1K`X0E=iZxu&_W_xq2zMpV@vs%tp#Ks*tJvur%H#avv zKAw^*hr=L`Da2eTpKM3=E_GqJU}v^zD#PQBjb<}aPGgjP5x)I67K=C~nBgT5A75 zhDM_y5J;6u3_e4!vZcO!tTL${qZ<6f6D@W|h5Y&LW8ojgj(0_A^371QQrqt&%qSX1 z>z2v{6T4nJIye*-6%`d0a>naoK4uIiR`?KaPU_C|Q9c2O%$ZS>JVLo?iiA5=p?dh9 z_gR&T5&G)tYJT1nA(%XR9Sa=pCxOZweauLk%g{LjCsB=9q_g5op*vx--rnx+TI3xu zYJE8?upK!lJR1|5t&QDEe)TQR}y_2|{^Cy-Z9@tgXKS{o&a6?%msK zI+>3;-@6_ra%H_bJ)SXuc~w?dBO$h=H%oNTMQuzxNhg7w``;ZM9v+^Z?JG(ER(G)Y z`(U{l47WS2uqH3Y>UEvgJ=|{->g^>mQeESRG3kv(m|x0-cE3k*adK9CK~tLfywd*Y zSW=f)T-;Y>8WBe4)um|iZZ(14|KcE9A@YX|vhvlk;=nFv+wYY3m=h1o+qKAkPL^BM z%)agokH=>iA-wC4_H35>Np3vK-{7(1_4A+;(73Ub5O4;m-Y|E~NQWl>-xJu_SyJw-+caDWxv@9&&vnl;uU5c7rf ze)}!cB96rbrOk+o9rZM07NKM$)Pc8Zer$|<+)G8JJJ#II`8`(g_|qdx+h8j0CSm9VQ~^vt|>M2;7o5~m(BIg+YP z>6?~YV(lbuAAoH^Gj=oc^s+)}tBaO1k95jt*XnYS)FAvyLqz66Vn0W5Z=v+*)%hM< zijGl5Mo38rKBYEGKLzary29z(fP%FvUNJ3kMn^Yz`d3@`QW#Jd?)n{cEYv=;*#|4Z zPQRjS7W}+ts-3wEN{lOBc4v6bzgvzL+nsATNiZ;N**uay+sJWW>ocsh=|{qh$^mWm zDtn{H4V<}aCn#@SP6d&hi4@$zBG`a9S-Tgpc=vr&6SVFj$AiDH(M7e;lB(6p+R+Lg z>@PnI{Q^ETBr@YJ?ob>CRj6A>x4fj#X=3^tT5A%vId;RWoDL>PzM<$iXBczK7_RAp%+_@=aJJ5JM z?Kt&%{>`YmrWAUN$ZtRB4mM$5hGbH&{DjoWY+H=q>ESBTlYNZoYz&wEWEsH@>&c-{ zl(XD9qFpyn6Y31F8nMsR;I&cMn8+#xL9lGA zu|_vs?T4qhb#S1JjuRzwjqfUp9dk z06v|5LnkIusI?RNju+~AA8)@y!D(9RmNLJB-(fc!Er(GK%UkW?`ki8d0%tf|E_#UQuFu5dDvg!_LT*U5j14g;Doj)6 z@~B2N@$FJ5{OUMQ9fgEJ68hqr!6%bMp!1LZ%VXdlLEgSOR=dk~Htk-=+kt{SEgl!D zYeUHv3TV)CqU41XOiVSH_~8 z!fDoc4BFVfGDkx}^gd-GzvEVhvgC+lp14nxn3Q}Lh)_jofzqt+bXq($;J{QvT}d+s zcZvIO`d^~f_fkF918qMW!rhkSh@|(sn3|usEe45it^>()C#wK-6p#Z`g2G=g+#qRj+zsUFE2Dt0$dwBqbol*u`H+!dVvvvZU(Jzv zVo*EY4Y*r|++b@t=)ax)?}nRhbA#a<{&)b)?ZN=#Nq=&Pc^mdnojCie7Pnv zeB5@w$IKxQ(9)=Hy9;bOUz0dzuF zd2vgxNcqv!-m2WMb5~M7fj3ie4`*u53pNe?KVB7eZQB6MIOCKdl zz0l@n>qrQ7@~}_;a8I6YPcZH$#k-c1@~ZeouRl7|(R@s|!I^>GIYcW>*J;LS=HX^| zNHWC{r!S!9^>6#(SYU;^IUK4~cDw`vYWPJyJDe_XDQm9Y|8*-=kX1y-=)K~vg8Q7D zoRgB3>ebPe6GbFr_06}QjtuU8mK~@3{_*mH)g?_vyo=`tQMqLBpoKuUeZ~7f>x=?- zrfvJHL+?hw3&qFM#_$++veAns?=e+HLEv@yPxdDb5J@Os0L%HQ=gzb>8JG~Wh}?-& zk}!IZ@s9=s93B#XlS*bC`dT`@Oz5i36%1E>uSlbMTTk({{7v+4r#aRYJBMQ|oc_W7 z@1@bSIME_m*c0jLtTcbAr4Vv3PIa*Jdhz?MX^Y+2y4iGN$K5it+Z(j;clD&Amf`V` zF2=@d6MI@^RL4NLDdqYo1*$f=y{91EjuItie{l$e0>xrM{@>uh@%}V1oq$2<^C$*x(ic2D z)i#1DY^Qjkh245MP@A{Sbt8}CkdYZA3%sT+tb)M`_=vU+oZ;gE@-k7S9(bI&AVh~5 z;>4o{Di!&t24skfZyKnR@2TWD#ZgQ@nxWnl#2O7zNl7{7S=h%lXJhQ7_)fiZ_o-xv zoyc$S#f!8a3aej3)~a9UG&+ZyG0PZ0xk)54`8f65e3G+*Js6QtGRlQb z#UN5?8RS!;$PP>@brk%L_lwdeLJzQ3tOvjNf`?q_9FMSK5}*8V$)ND+F7JHMZ6C@H z3-c;SwKdUxP3ekD%W*CwSf^PHQbv(?mA_OJNQl0N=-a4-NJhfa84!=;r+;Wq2;2hT?U4Rv$mItI;M>i6FuUo0 z0(z#~8%lWqteim$k}(>sj8$-;rD_}QoPZu~+#(jv%NlUwU`((`+($5c=(RG+^7bE# zAE{5q_F9E$~AWMYW;BnZpAbm}6w9M3IZYHUgA z^v`~jB@@6Vud(R9^4Fdey&Jv=oeT9}4YnGdQ}M4L&UY(iEU~Zn#;5j4s^|pws3r+Y z1X=x7motsSpWJNOJRPire5w5f%Rsxj`BzFGu~EHhpE?;$XgB^X=&>$COb)XYg8nhlcQ*pWj#fK&Hj& zpcINc#?Fr+UAT=jfQ^usA+d>QCA^Q4iM!JsR@xDNWBW_x3K6yptm;D8)+nIHop=LiJ8(uhv2+5v^>AXxG`=gM&_bvoiA* zrr0MHHvJDwV^CbeKXM?yD(-KgP|j@lvY8(TDJG{?azb+SNLa?>kOdk(yEF&cZ5l{<~%H|JD{Y~Dtp zQbg}mHh3M%#pHN8EyT1Jc*Tw)ywF?UkYdi93=5boVTsPtM&6DB6L+wBiCTX`wGL)z#gKq&?F-354V0b`A3r!Mcu~B5>LVVdYI^j4nTIp$x{5A zLZqx5rBVciMPF1?bKiQ5rMG5S>y`!QJ$#=%B$4(e-Opg;@OW@%WQCdz;7xnn>OMH9bIBaKW=U78q>#fGEf ztGg`h=H})Bw@a-r&(I#_c#*hGCKY$3tJa04!mjhO&Vz}?^Qo!^5_?29KOG#}5sjKy z*Y>dI4nloqU^IP|UgMk(lxB0XAg0g+)o0Iu42j*%xZE;?15wr`2eTSqY}V}-9I5Y; zi_k*lz2-{$3Dk1D1rV-TFBA{+OeN&pRtPSXmdW29M(@|f&gBgg6BD~$BJwZ$(aI>} zi2{W`>iC9+FJ}(Q+XFSe)qv`kK9A1^^6xfBzSd2fanQ)=kz`OMwQ;@awYPItWA>9+@sVY1M`I0}i^1n;m z0HpapXKMddVi(e%a)r<_OV`b1sZHLkP@FuRZ-}JmGx)0+(f0^ODas(gp-tdv$n=QG zfRrOAGQ~a@-OBosMImB|*AX*?J$l2^=7D`v8LpuU)Uvksfh_AYruyU*MKGTeNMAdb z3XmH2VI-W_CJ&0lPm4<+=Ll^mCV81Hoc-U3;^-Zo8a6dFGz5da_7__!D&+e6)w6;H zvKxvjE3&goN<_y#&$uOtfC$ywm29rBF2!cu+N_gIJb<#5&!m0~l8bRY?t(bAk@hP2 zY?6ysW4hT0m$i_@^h_@iJuerRqm!MTI(%$wOjtxT^z{!M7u+x+`VxQy;A>H$_dSYs z^#KaXc{@kPqLPyNGK(OT@-2I*d1X|Hde^h5sO3&a!iN%{?Cg(uY#gp6EBrerI%6K@ zU?|1X?QHJ;lo7B#Mz08qh`i1vxPM=1gQfE$HM*mlPR2H|%>;>4C#dD>x~J)XrjzcH zDHk-@8|!~zCAw!|=8K+h@;*O1^Eyi@`z{ch0KR5K`Ra7ge?Tf(lioADBa%`Tb?}$cdu$$AGER~TLm+zh zja+pt7Y}~?xErjI@=&6w<>eYKt2@!YyN&p)b#xpT+0w$E@18fUi4-pVxAjc_&qTcw z%~z1%fgkD1F%Km-1kEbN@+YcykiU0a{m&Z~E_roYa$==>#uJfNQE=1A;NnmH=1hkA z`bcEzJ`V$|vh&EqX&g{+QE8EtXKZ^8*j6+%z3s+QO4Qmtybo8pU7OH}MQj!gO)tAi zrRBf*5WtKgMdn}k@>IKvajS!4xkkJ!$SSl&b3}#%ky8O;Vj_$upLa{X6ri@YCOs?V zJiB2Zvgk`hMVY~=y*-5QU=w3wL*CmjL`F23!QA3ufL8?5rrM#m#tlp$ zw=w-ZNJin0rHKoZ&{KGzZY(QTC7!qW;*iqxt;ODa(}J3y>wF_g)qrgw4CV}&5#T#h zfT@+cE+8(?PyE*<7cA};J^Ndw|5rc$e+UWxB5L61B&0p}cTY>lnEs zt!XYwGfn{b*HRpSLQxhegd922vGVAE0WZ=uFfd?*K7RF69w3GPBcrK_y1cwhF9izT zs;a82tgO5|#lP1;UXXpmp48Up6&jWOxu8|Sf-~4HWt`=9I zLS+}lD&u^VB2%_AK+!2pjC_6biN}j6g-bZIuS6Aod z<<-~M0{|tcq7c9YS_uSzOfy3wA*To*3Q5O|Po{zXgL2P)?k=H?HbQTZQ2~-#M7NKF z=h8Cx2tUXNCWr_Nm$d_tyS`o`5x+B}i({|(S{l5*u?1QotYq|(|M-p6B3pgs1E^{A zQU@|q7(_kklr9Pj0x0+kG7nb|gy0)b&&s^xV-J_d+~q7Pzxa!d!qaauEaw?fI6xEB z5;9c8kXgD{QvZ{QM{Cd@6x2igU~*mCK871RJ0f-NMHa6BV!4=9BDjmhNB2v~@o#8_ z+`05jmG}CwRD*{P!jnkv0c_$c9u(3S_h(UL5`ey$Bp#-Rj}}47ro`jL8l-IZ_V#Q= zW?%O0nYS4h5l@8;;+oy>CG_*FJ^F=|$KTWNMjc9jea2+MJlUxdzHJpMZ1iV$Bpeb| zwtQ=E%4$k<+&&6BKHR4DkaqQmmlUH;w2lyaQABJQN~GehvplcqY3X)S68)4CH+PEd zSvdDHd5W(1B;lN~MD-|x4p?lvo%Q6)f>g0yxKk@zZcfuZ>ytO04K>^BaZev~A7_y= zrae|*6>v{gkOPU$8hIoiInKG+(uhiyJ!qp~lRsXnY{6c0+iV$q}tq1} z_&(y%dPh>mW++mjJRoT>U3|GJrn8ff#u{u3Ov1ymHzCK*Ll2(pZtkUZ$t7P&hbp78 z1LFRS1|G#pn52HBlt(ZuN2T=?=y~xQph&T?vC|&V5GMKUriKD5U=|8~Kg@OrT45Wh zXQ$XdoT{|d%#`-s_;n}i-nku^E&63B|8p>9NFbay0>``Yv+@-pX_1czU=ELa?C-9yv@uOKAhD{C7tP+F~=!ZRBvUM0V{dcg79{8<3ClUO?yVP%_W(9(b0I> z)|_19xW*uv=~;;&YcU3-)sHIA9QmO#zkKJ?l5czbF(Kk{uH3oJhGIXig-c^d~r zP1zl|h&*xxs`MpgaCVc|)2!$05&XH35KvaQo-ztA1VmC4hrEv$!l=&x<08jXC8qI+6fJXDc%Y=NtewCMp1D`EJpnyDnSoV93KgY_zhvgLkHyT+>5(0MS}++Al)<1Bx`O5W z-FE0wQVT)fa*;H{V`OGH?WmWXXb4Da1=}7ae=IsxH7JQ4V&f4acu16I} z{g;*QeRa(+{w+3+U;!RZY&PV(L8_{~s7$R8Q*Oj&yLH_#>}4pCCoW7j>v=m9lINPqVs*>+gDstRB5+qhep-aa zGSK%w1g$q;#(VeuTt?H-Y)S9ni8kSQ3wZ{FEY6nl@${{29GU+~B+SLW|+J|eeqYu}wk9NXHmFC6K zGkeJX%fSRhQO)vf@%7uyFn)@+#94duV7lq`nDX;H{%WKz-&#kja7-3NhDg>X0$k(a zV$foLA5URe(bO?xUq;Yc#;+bVi;X`seA0W}Pz`f1NAE;SJ7>!XDtw~9d_{lzUZI;4 zEN4J~uJ!q&QP1JWsYsQ|^*u!7#iF230VY~cIJ5I&H_1Xq z@LoxeJ}IqgB&7VVX-C#hXOI<-Qr2^F_mu`@!xr}XC7R{RGxyX$*OQhWM!@y-ZsR^EzE7iI2LFPjfl$ki_AC3QwL(bcq026_tQfDhUZVl5{ zz#a*Zc4~%(Q)2}>;`Q~!AyGhr1?T;9yYc_SM??$~i3BqJx@R9rst~W1e*j=;K$7hS zK;5u_`6uKY-<8(Dc(RpWgw zYMIhaIXP`;T&-jv4ozAN`pr1kEFA${yUF<hgJeNwN zzzUQ~cGQt;hPw9b>9_yzBhTgr-&+4u$P9s(0QxBhu9yHlS>DI`f-bb`G$@(pSJc&; z2o5FAnkWGJ6-ZA@(2k|oOOkue_e4T1+k=Ntx&Y!be(;%)fF94CMe-qp?USQf(&)S| z4q|1d=z6G`s9FiK6a!WA)KauPYA;^&9~ikbp@CSDJ_IMj(>NIFOG)P%lm1+`dcXO1a@)bg#q^2yTJ$z<&1N;Z! zKSw0afO6N{&9aOH#%EmHo&h(yEr>?0ZII#MMN(Ww=#*&^#jsp( zP^mJRd;%E4;CG>UpM^gJ%2erXTH~})Thi5(`|vD=JV)bKzNBwCUYx*D)UwXd4dQy| za_}pW{t5n0i#XtvvhuI&A9jWuDLoPl3`{~SG`qtq?1vB4QMAsVh)9RNYT|gD>hOzW zrS%LhU%I4-Cemv36sSC{5N$u1{#d;?+5MuKpT63OYvzpFdc9&P4`P$kF@mG|h1dZI zVs#OED#ga8ek+^#nQH)Ig}|@Y!}x0xq|iX&=UnPAsUi9pZ`H(e4kAlw^r&YTPS>b8 zX*&P(i)@&n-1E^jLm8v8i3PgHiUuHrq%5h;qxZs@_TYS}-*+%1ABH?{0A+Ql2n&nC z)IjeY45yZWYvjNiXa@9-?I&>3VkUh&;BAzD?Xza3$y4#;YbmUD{mSeM? z{;H8404&eR1CVUjqp>wE=ebw%ZO0}JrOlh7j_FsWLR_3hU{cs%bM2VzT_zy<^y!$7$p z3_5csw_xj)LIUk~2xSf2ERefJKxlrRjR8lzMu&<`I4Q%cVW!Q{!)EDy99fHAY>pt&uaE2?YoC&f_)MHtOlu1PonaVeC9tm=SV%^;O(3hH{~-i z7I3ZjKi&t&&&mYc{O1b)Un=hZ#ceVPCGUlQ83(0-@++tS@b@+h6$K6X5|DY|zX8KJ BtH1yN literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/readme.md b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/readme.md new file mode 100644 index 00000000000..f9b4019281a --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/readme.md @@ -0,0 +1,53 @@ +# SpyCloud Enterprise Email Address Breach Data Playbook + +![SpyCloud Enterprise](images/logo.png) + +## Table of Contents + +1. [Overview](#overview) +2. [Prerequisites](#prerequisites) +3. [Deployment](#deployment) +4. [Post Deployment Steps](#postdeployment) + + +
+ +## Overview +The SpyCloud Enterprise API is able to provide breach data for an email or set of email addresses associated with an incident. When a new Azure Sentinel Incident is created, this playbook gets triggered and performs the following actions: + +- It fetches all the account entities in the incident. +- Iterates through the email objects and fetches the breach data from SpyCloud Enterprise for each email. +- All the breach data from SpyCloud Enterprise will be added as incident comments in a tabular format. + +![Incident Comments](images/comments.png) + + + +## Prerequisites +- A SpyCloud Enterprise API Key. +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the connector doc page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to deploy an ARM Template wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Email-Breach-Data-Playbook%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Email-Breach-Data-Playbook%2Fazuredeploy.json) + + + +## Post Deployment Instructions + +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- As a best practice, we have used the Sentinel connection in Logic Apps that use "ManagedSecurityIdentity" permissions. Please refer to [this document](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204) and provide permissions to the Logic App accordingly. +- Provide connection details for the SpyCloud Enterprise Custom Connector. +![for_each](images/for_each.png) +- Save the Logic App. If the Logic App prompts any missing connections, please update the connections similarly. + +### Configurations in Sentinel: +- In Azure Sentinel, analytical rules should be configured to trigger an incident with the Account entity. +- Configure the automation rules to trigger this playbook. diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/azuredeploy.json new file mode 100644 index 00000000000..d878bc92520 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/azuredeploy.json @@ -0,0 +1,491 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "IP Address Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a IP address or set of IP addresses associated with an incident.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "entities": ["IP"], + "tags": ["Enrichment"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-IP-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName":{ + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureSentinelConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('AzureSentinelConnectionName')]", + "customParameterValues": {}, + "parameterValueType": "Alternative", + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('SpyCloudEnterpriseConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Entities_-_Get_IPs": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/ip" + } + }, + "For_Each_Incident_IPS": { + "foreach": "@body('Entities_-_Get_IPs')?['IPs']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for IP @{items('For_Each_Incident_IPS')?['Address']}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('ip_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_IP_Address')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "IP_Breach_Data_Array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "runAfter": {}, + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "runAfter": {}, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_breach_data_array", + "value": [] + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for IP @{items('For_Each_Incident_IPS')?['Address']}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_IP_Address": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/ips/@{encodeURIComponent(items('For_Each_Incident_IPS')?['Address'])}" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_IP_Address": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_IP_Address')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_IPs": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "Outputs_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_breach_data_array", + "type": "array" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[variables('AzureSentinelConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/comments.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/comments.png new file mode 100644 index 0000000000000000000000000000000000000000..2c1a031766379fb5b45637f6fe755b4e155ac2c8 GIT binary patch literal 85529 zcmce-c~nyEA1`Y4nx&cbmYJGbZ=;%8jydOBW`konE0P(SBThIWVp=wsTA7-f;!w_l zGYTr%prxWYqM~4#BLXP`%6O>X@0@klUF)88&;8@>wG`MaVDD#tpYQXT_7i(sD``mu zNii`o>1$Un-xL!Qe=jDsoxN+PXish6LagXvTf|MPf5ngkN0vn|{_?Z1u@Doh&yeDI zi;G_G4!!CYAtrX{)*0HXX|7( zdjZ=&fOn#$&rA{+Yp;6-`Uh;c23A+u+{wWN^c3rG@^v(*?~w5Y+^6gO!dykXojKTm z9aT-oYjhZQPTh;*rkyuX@f=)r#^*0rx;2(5C51;YI?juZ{`Xd)&}YC85*UUg$FBc8 z8^KGRT;SP4C%3c)cwNsri*nn-@1}2Y9hf%N80f^7x3-Q>dws)J8vF6}76`=|Tyt?C z8`z&W5emU3Wl{~oVhjDl2mc+JrHPmEKc?cd5pZVVi%f$8JVJCztzPVmB~9Rc}F;f41>d@}0PX>{mw3oL_7po^ZaAzXSzT;kMA075s~diAxdzEmXNKiIz8f1%W2oI5dXt0r=5Hq&}nxSqROD6vrx}t#n zVyNxrLSCbRvk_EuY2!09!J4q>=1C5Y>YG76xc6nw+Zy88)OV>kbl1CauC6W$2hWP# zDp1FFat-uxyqgzpndY9k-5fA~Me%Koq?(NQO?YilxWhgs!|u@Qd@5 z`HHV*at<8IXOp(NO*S{%e5YLu@^eU?ADZqtu|l5Q?S2JXXu+kQ>&OW7yAmH+Yih?_ z8Cx%`HS$<*$>q`o-{N(AvgA4au?q}&gIv3E9^Nx_8QgL5Ll)C?xW>|yL0Tl_+ufni z;$jpTpN{*83OGf${WGqnBbpbTH<>Lor%wXtL&7(HgTgukO`T?KomEq0t5%;Hhp)6T zU<}SJzNDgSXR=n|R)43hpd83<=dFht12Y6b?lVP$@%~&LVmg@A{JHPIb`G;j*GteI? z`GvJo65m>Q4KvRG9b+3`s=QYmwRominghnHuUxrx||MI(OkjGupT zsxd01vcoTB(ofj!%btmDl+Up{EVB znJCf^Fd;V|1^?LprgJ#bw7nU>?sSn-U8&yhfwDDlv!T4^%k;0OSIxF|w;K?rV`db6 zm-vVZF`EufZWN%g(+i~I2UYICxnaw0^98}+}r#3mlQ4+}BgOnCAj~ z6EO8TJ$fbQ26b)vZ|s%G1U8s(BFc<){enanUuy-!@n$$kBvgJj!k@ z9;%OU;S@1=hSffV;hhmbDkbvsnya7@Y54K+=DJXlLd2~gL|J^jZi_j7b*s&PRN813$GWt})Cc4&DvIDC z`u@qLu+$Dx9E(KuVrQPxd_tv|vCQiD1nR;J+BfgG4?T0%Y#z)9#=B*abLQlTTJn3B zr+SqewUINB=?*IoW94|nnNt3Jc*4C9+!}QP!f2ksjRz~HbVd_bN4{7;1|;|XP(J99 z(EVzjWoF+OoxqPYML*7hkGQ%myG9mfP4Y+Vwpej$c&-PXP{&Rh@NrWO#d?2?iy+1B zxHIqB*I!^vJQ8!;m_dRbx4}k92@RUT66cxnjgiZLM|?TyPuG8V zv?*Y0$|FvqBc%J8|0x}vkySKVz=E6%26rWGMFG)4UmH;`c)VKQ$p#Q>2!9~!VdtK4 z6XE$CzgtojX`vREx7LS#Esz-1*Mc!h4O_2SOy9ireno~iBi>f#SDjZDl2$?-db!lrLry8rF& z8$n0c$r**g3B(8$o%m0(`V-6LFvsUy(xXA$Ib7#w&-I?;)Oc~FjFk>tZ2ZK-dV|Rj z%aF#!A#N_(95eom_tU*G;PaKtj_}Mj|8Hvx69@J-{!NjyB_E zx?M2uiP}+rn--w>I^k!o`D;I~&Iz8v%Y^Eqb#PcR&2X}FS+-Rv)KbRSluHR>&>rV5 zJn@!$?SKIIwag3e3_co2J#(~NyLCaU=QT0pu=n13IiM@g+PZ^W5rLh6x^c||Z?)ui z&OjStsU6k*(-X0X3n4Gq{d>E7fa_Ev#ZB%!9G6FLFd%Aq9ZYPpm@$oN>>_8^Qiudz z!o_F?qNjT@5jkKnA)wrN@e)~0CkXBdjL$}e2&RZT-}U{w7{;D~`(Wn}3zz@pf}WHz zMiw_&QCOo>1;S^~O#2BT$~j zTKGD!hx|EP3W~TpIx$lS1T~QP@N!}iy0@s6jqIF=U7QQVlkk)&t)tg(03Yarod#*; zy`8#r@NTHqtDXkX4V%7f@ojT3)+E79t@Ui?DVwvej&;PWl}zx9Fw*PF5J#uov@59U07pg9Bfj6EVR=*lH^_KuxGKlgK>G+0?~O|;|uvIdQm!B8iKFZ zd^7R@dxYXXMw)r%`C<`&?O+T3Y0;S4lH8tzK0EV;e6VOO-Af-DUv+>P5b^gL{*mh^ z4iQj&y0q!$cgr#NBJ#!EQ5I!N<0$S|kE);Z;p4n}3j@6^ZbL4G=Kas&=K}Lj@)(1{ zM){Ur1($`j1PNc!qJM+NfOa>{FFY<~>2Z~wXYFfuoUH*o>Y%olv{bG-Lmn0tt!K%# z-`;WG8(`dzz;^e)#!U0Jp1SnE?*rP_p0rOIcy6l0~tYyp& z;PGgw@OD4RrMO+jQJ~xEH(10iL*J2Z6AxR-qp9k*KqsSDrnOt(=K0bT#?xuII64)J z)CW)BQEsOnCsMC2ew6gf&Ax2$gR5-VCjyfD7lfvpm3Zwa&_b^Zag3Ft>E*Y6XK>kN zmk~_`J`u1GpBbFoEw5MABl&igAoqC)(xka)1zlB3PA|yI7p*U!kRv5rB|?szjuWbQRk!XGifG5p3cIzOW1?G-I~?e z8Xl9g?c=4i>)JYj`DHe2R-wkOcsaDGc(d$b5hi{oJw-{~ZVvOGT~KYDK}hfYUEo)h zg)78wN3eDp#`oGA_KVs5lM3fenwSbD8ksrNg?3m#zK2YupV4@A$O3rEmsZd=RI{mi z{`F16W3(TY#2p}~L0&+X^yWb;w`s|7r|gb=f{u{AX}D0CvvcD6lxP)zt~zug{(UTU z_|WN~e8q9$-4s*)!#2*KRlcx2yncBN%Wr=tMS=dXSR({nz|ilLbY!(k-KiZ4xg)eYRAMm$)p_iX_Fs<+qZfa1xK2%Wg7V|m(YV#nvy8sXPr~i+CMMTWyLkyS06tJ ztcUd|-M_lq1N>Yn!0vTyYU~B)D2%~l?yYNC*j}<7aD6FN7Uo^1W%l7ghux`oK`np# z!u_5>J+^sN`eX!3$$~iC9$oN*g?G4}kg(dmBGm*jG=H_i2aH0COIF(!z4VV89WPCh zc2yVSiHcwp)CO>}7Cb*Cxz_hzXF z`9e#th`W9NT^ES}t!fs{SHLD(6)ri&F!yjVuwYL*a4gnOoBqo@Cr`PZNjXXsOq!UOlEb+iP3k-nA7(9(U!OB*5E?! zXHmQQz;nNBaL&64=+ScUE}Nq?fvltsmsD8aQw_-9+QLl)L6}N4f~K+ZCIn~T5QJMS zNKYo-8*fKa{fwX@ypW#{#!9KmC?#{coXzLm2f6hA1`xsx%Y%^zawJz<3=B14KO2Hr&-zZC5!$GOujo+$ek0&sdTWC*~S5u(~kG#xGzZ??4b&Ssux^jj#gTY9QA z{r4J|q{Ys?^Dm1Ea^JSru`;S#{wDS@wL1RCB6%vYUK^bpsZ>ek zoz6i3$<`IvyYSZxd^AhX=!$rLxviIP<5Q;uHLIb{3d%ku1UF)|G<}lnTcv)q+So-Knrwj1XZ#GyS`TGi~JLSbV^6IB2NI;*#Rg?B>9Tpl=xOk5}|59wU;Rm9Rlm zwr;fx+;6W@MJb@=L|g%8@BR)iSOoU{mLCEZ6t}VDpFD3NX>Aagy-6a=3of>356fwA z^pEM720^Ey#nD+7w4^NvWxToP`x2zri%`Gh06g@&D8*i0N}H+99n|voz5@JqHga?0 z$HJ-OCoCHN*(Xv+uvF&@QgJd`7x|5HS7G+gDP0;_hP@0*ROq; z+gg+*ug?fDrpsydqM@^c)Hij(&IkExa~hXy?n1LCOg>kPME7cabk!|pc5YH>## z^v^}Fg6RfuEDI9R1;Xi3`@X%i@>iXx2=3TKX!SchA}JCdSp}7ag&mAEY4T8y7<;HS zVg7RC*893>a+Ll^GuvC(0+W=GZN{I1(m^_JvK*?+pN+PjNvudfNz81t@Nb!bCRnD$ z$ulY1_TcsfNWOm+O@&i9(dDU}kD{H?_TjoI8|~!F|4eKY95B|(c+HX4!OJg3sX}~% zUXwq0#WO9nreJ1kuabk|lL?ke*oyX5m5TyiDlBqiv1BEX+o~+|6LHNGq~I$KT%f5B z`fpTqN*Y_2K%OS-eCuaDIb;yyAHV+HBqDxLf@;_?m;GWP=>|NI+i(byv2MLOT@W*R z=@h*@c%l79f}+e%^}_-Ht9yc5{Lqw8Vpa?>ku0hTe6GXcn=^(RGgl+hdoB41)#Tt{ zM!k?b%2G#(vCZnkS6IZBh4xzr?Mo_~pLFj%_Xn0TWmjj|c2%`rNE4pgYOdA?Kqg8Q~c*Isv zzexlW0VOuMfnmY%>m9|TS3{_`HO zjMTL24O@g4Op(7=LkgyJlRIg!_w!|K6kUv0Gz%3TXs7h z63@u`T)RrWHE5(epG5xbK%R)^!QRF$kurjOF`S1IQQ{Dno8zO9t5JYh(P^ez8AnK}_uV z(_M+D4P_Z31>x_8_aN#x(0Wb*#Qk`^*87q`tA+mSC1E^;IH@9_E)Z?D5>25p;Z36_vY?xztpmGbN#Da zP&6B-Bel0EzrBp#+rgt^ol>Jn0QO&<=4Q>>1OM48R<~o@FTmx=DTSyqTu8@wZMoX= zpov!JQv675;A!LOD2j$JWxSTu2>K(BgbNeaApRY5-D%Bp$E`Z48cqpQT2x@D%1k^O zfDTsju#6z8`SW#rt#3@INN4PYO+Z`jxtG-}UIbM$t5+d=d(~W#Qxd`ix#$`iXAJ>F zn+ph-`DtFA&jwC2$WWLd3o&gAw4c}N@);_MrM;eM|Iw@2YI{1U6Atz6+4bk36W5Q6 zPDM2W8#03_^Tp?ZBp(F2bzDKs$ifoLLxr%iSjHh=-h;2cD^0lz(H-fmLRCfaZG&bM z-H6F~coStPbaLJ$ZqPX`fp1&avo=LJ-p^r@iL+cJ>*p(c}y8E*Z&HAhJAt@a-&DJT7%^`1TD83DrX{QA=#xVoH>E{Wa#^*Y1gI&^>hCXI9tDMxS2`gr$_KT4}d!EC3b;PY99iqrE_JhRMZoNSWqy*Hbpo_XH zxt+sY9ud)L`|8#4)SYkq8r`xws>R+eU~9Z`EV*ot5M6M)AW!-tn@Sw)^b)PlZWYFI z@N85c20{tz@)rM_*`5s<^v5i|mO_z+UDVAT z-z3{Hi+oBHL-*b^o}m4%c($?gs0hNGJ(5Q0%iJLobtAKP+w14u?ZmImV>?%&T1EAGHQly{S%^1Q=OQxa#oK z-R~N4`+vr4{-{{t8Wa8RF%{w$MzJ(jMr{|EO{b?3EHTzlp$W+;xOK$QQ!5)wXMf+iMO?H@tKkQl& zh&lb_Gz*Q|pOwbCG4GHU6d~>*``RUu1UePiA-U11%M)i16hj)exl3o5uRYTkG^S&E zG#4AD__-6DvG>U`rU8AIxx8t{M`}Xr*}I?{>M^w!Aqfc*u;y=kHm)=UPLbscFUj{4O!KEgo>wk zTfwB%b@>C2+TV8rQPgfPH6-Ti1%@P70IlEL^Tl(zHAk8$-ceiGweFKWB};m}Jji`J z@qMx;&hK^l2hD{+WwyCNXhI9MbB%xI>GmE;j@o-;7-#gsS&>sVB_UocTjZGNOpKny zPsxCM)DzDVTjq(gsLm7i-$n+rZ2TK?Q%kgtOq(6F>M7<+M}6G?)@N6C4rbp_&OxIq z4qN^S*P866&?QL|mJaeOeLJiy{0P#IS$2e+-soS?u}@c#mV~TU%H6RlC)R|W`P^A( z0;Dhtue8Ti&T4TcEA<|6g>@OIxx``9{bE(m(2+_*G3V@M{#V~h4-cCh?DcZ0i^S)Z z?5KsTj5crc1}$|m7bsEfpgw2)qcyXEZb>iSIZYMS&dE%Gi7ohiZ1VQ;-iq<_f%c~u zI(Fv%+{lE@7d=5K7~ZdsGWs`KOU^v64z89u0YE#On)fPz-@6DDhK zlR_>o^ydaQw#qs>M$2}cb+6@$*yVbeq;@Aj?&y#0DVhf+#Pwv)WSfdWL19-7ER^f; zG6`}plDL1>x0{+QHLCW-gh7$lzeq_!s%LAV2lav`z6{*@FNh(rQ&X6&NiRw zof?OfP(I)WMEZS7)T6)O(&AnXA;b5S23l}e={lWnA%{K#Su};S)SUk=-)EG!g}$0x zk|8y2GnZaz_&!BJqTNU(MMW6Wx1ys}+~gbLPxNZ{xUe53tx#M6*Uo&QjF&^WsuY*W zF(erTdOh+NZs#889}e%SvI=$q479F~n0dx@wfS;c)F?Oc>rQ*8Wca&% zlXs>C&AOnJv^Vv!*4HAH58fq&ExR6kFn0d#T}PXJqUpfD%|+v)sP5c$bs1@I*Z{T& zCmd8|il-uPWaYpM-cc`+K_vANV%YrPk5Br`|r*Rf2N1%pV?pU{~$Wi(-)V;j{JA`zH9$K?RE@?J~K#v+=s`r zyQ6GvZCecfd+JBCKp;Iv_e&37-xLF9{lDIiT(#W!{?>fj3*-eW(52X8dkB_W4pC2r zYfUbYmgY>oTpjyP1oV7v_Bh{4FTUWQrak~Iaa5BT08GBU8JlGwW-E8*zbBV?^&hc6 zkYDur@rmuT|7W|eUiUzU=%HugQkTb@Z^a)rTo0yC{?zyB){PKBHQ(jolcYD>r{GGN z=^9SKQ%zqz^J~e#|P9EnTRii(g?Wm}t95GgRHQ!aJ z{`S!J*{cCNc6#0^v(5J}j9)Qd7%<*>ax6`IEQBPx+(LXb!6@nJN)FM8zNlxNuOE#6 z;!tX{H~{D{tk|Vw6sfBMAv}B_Dx>aWlm9Kr z4i{&XV4z=wuU5mFbM+{SV9o2ICV7Cm_yF0bpcfDmk$UJIwFS=uVlIwKxbE#2_Is%4U=K z@=-tr)UN_bpE|(j6x{B%d+k{~pB;eM;+%DfU5XfJzJG(e<)whRqNNb(bu(e%Eu(%% zh0$N{U;I6Vrr%b-62QZN_s^g|B5#&j2@SdhDV>UgU)_Av|0MvTn*p|SgQnbPO3{6o z-k14uECoDtR>19FoowvSa`AM(`}w*`L+`y2ikTqhnSp^(x=~e*|F@!I>FKRLJZP&DVT$9nG#R_f28QnJBsfSK*`%Y7}U7~35sPDKwi3rVQrw+t$R{Tt~D zF?57#SSOsf_GmL9@LK}MT!p!m5L@aG=*uhj3GJx~>#&{6EB8m6DV4VRj1_@0m)(V; zU!LPGq#uhxts`(E>Nz#9tK|x|pIl-hdAdu6LS}K#d|ysadGu!{(x?_8+?-xpX^o6m z@ch*c51Bd71(q|adF2}h^fX7dn1Lmd>v#mmRLX*&Q z!>H>Z!XRe~mvk;`Jy* zb?VW|oLb_5_uPAs+My`*U=NMSt&EuhpJ@7c(OmclvhZ!JfLq{IzTWEdh3Y%-X43ce zYTRgZ?&|Q?gpv?K?R^i_H1di@tZ8Mc@wmu2$wF*hM4|O`XB#w&HAt;aKOGaY(N^OR z=a0kFlTqqwDgSf@7f0?&Jbv;_>PhwLCrT_qLIDQ4@>gFh_|fllRYq^$|K zO1E`%M`r`S)fMAEsDAmt8`uL6d%ZmTE+2r4XHAx~98eA|FYo%H8n&r}&Mh}vg4A(r z+L;kFeJu*H!KoOE^(VDIREnN26HO>{E~0$y{;(O0GZlVwc7CF>XOi)@-*V$)YR6;qfG<$(1)RqtQ0W(|+2G_hrdV1^3IVtUkHUw*KA?%zH$`GahE$I*Hd#>RoD!gS$u z#9$++n9Vg0QM!vdy#`eO4Di7w2}xu$7u$^>{4Vxz-)jcXzH^nzb3} zsqi}sLAn>2OArOS$nOXkuJz5^E5C6Nu!1tdLl_F6Spzs>=i7NmjhZ^lx6&HIQmpJfrIdP z(E`*0fOVcR0%KSZ%^9f0A|4LIYKJoO0II94N&p~jYJ9N?=`fZI(TudUHRkVOZ~{@? zC@UqlGIZ5DhXC=IY9O}9_MoITVk-ynj<+27BY?R$`Xi-M9IPS`Fz=Sv;@&U9IoxXmJy*}&r7KtTF%y^4b?c`VyAn)Y|eye&l&_nx+vRy5CmQU|dfj9MGpuU!Z zl8T0`(Nkgc!03U@WmtRsWWy%2eDG8lI{-ftdlLqjZVO{W;C$zeH@)xi>Z&O}?f?bB zmHfvq_lsFww=cR%Cba~O_3DQl+@rOtQy*=ynx&qTPbH%B)0JdcUJfR;Rw{V`uJ@D_ zP(a-MuY-eVqC@Fh5jm&gPZ_g{=e*`BUO4@Y)?^zADW(4|TB`J>DH>=-*5n~@8f06n zw)5vp8F|?}o)S5xs%sXWRvPh^@VHQ$H@v6*2!wcIM8sz`|B=mTZxI zQHd_WL^48J-=&^$>!kCx!vL=2_O=lF(N>paTSCXq4v7;nbVdZ-RHKxeO#@;wmSL04 z9_R-b`}Uj0eJam-vafxyRzNc*UXTg=M8A&F2fXv*uHxic2X_g>&U$SG*CV9V{9p+c ztFn(BeV^0LdxH>rc!*6g?O!8TkM7z_%83-!GoVi`+0J}xB0IVFR1LB* zvFgrewIX2xI$YRzKQT69aU!C6ZV=D?YE}+vs`1Lq$N%EgGC2sCy#Gt7U z;X6rWY1#pAswNg|O>ca*9LUpSCDg#qo}nLV;ib+EJjuRg*osL-&fJ#2=cT<%87*~Z z$#ps`HL0~EqIfooM7Ny59URpRo(!IHjhXy!xf&6?dn&YdCzMqdyjY3Exx}_|ld$8E zX(K@$bgLzpxVpwQKYk+)cd|6nEUIVhyC>jc&!Ki9|JS9i9IO-H(0Tv$fXr4ArH|GA z8Zi7R;e2gGv61J*Vk`H@3_OH~AXN1%D+3)(E~7>ox(+|}Ixw9Lg%`#AMjsp0^6i$A zcUyO6D7>#axO{53#8RERtzz~CB2YJnm8>Pwo%K^jk2-w3{PA55VA<5eEQDCe`|fct z#~U(xpBmh@mEok~C_kpN8tD)o9v5s2TIXy;wv|MZQ%T|Jy;n5v{2!fVAlGV zALr}UtRJ%-Tsy*^J$%nlPoHa(2WWa+I{e}b5TgG>`a39_JS9r)5fr@%Pql4tV7gyg zOl)-u2I0+&$h1IV^2@DwY{XmW{q$=qqm_ZUy3xf_v(wc2&#cLg3_xQ1r^g1XT31I8 zhcizoRd2s6n3D`VeEMU(u{Xj{^T4Q5W5atrD(!}mv*=l|<4!fJtmN%Gy&<1Pp_EA` zhq^)mq``-__Ie?V5=@2Nil~!sJoFyS$erN;Gg8tNCLymbZv*R%<2LX7`vQ2-=|nA% z_yWURnc~(Xo0HbP-E^pR9U3yxjQ*>8UI-}DDNt{wkcIHXF#LMJ8 zD<0bX$QGxX;Zmy{`M2O_WA@+h*U7Inc~SRaHvVtmU1HqgQf3AHoveCx?BI!Eyr+d1 zjBzOYSmkZb$sDhcjS-*P>a*PEtDc7Hfy-Twl$%w=1mPnh%w3)H%kK&DCJLnX?wsH2nFVzEn;CJjLn~!ZC*JIITt;PaITYw1RGr0{ zV+X}`eQb%X}19<)=+7hJlSb~UZ~{98yR@-5P7!(G~_ z`}W7HBVQwHAHfzj=>Uw(GG?p^tF`P3>BnSL?a@Vsf8(0eAYIFCm5c``od{U-IUu1F zb197JDr8m;?pDf4N;Ddbv*QldW=Fv8ANrhCogHz15>(HAy7DFKGkLKR>&0waNVi*b zUA(qfp$ma%l+QOm>$O?zI193O`jAc>OXl~~a?{VWGUw$E%mI`Bq63jKp#bzd4Xksm zM-QDV=M{?N|8sWim7{PJdUW;h#})IF&0{YMSU|cGzz#!V-smbSq0M_EUc}KWX0jyt zx66t3+zd-Xrx`)lj!>I^iQy!7Vf{<#%XNXv-$K3(-D+mUF`5YH>N4pDoR|!` zLu1-crou$A^gT4_8QWLAPZ@=0vU-yvT=Xj)z5bV}B{qBMf1|LRkQE|4(~fLK6~}VW z!eLiTfN zC#zqK{bQY7TSi-LoV!(S-IAsvEsENTa#c7HYROwHR0**)+j0ckt|` zN3>OJ#DU7S(4j=e&6fQRrB|f?r~nyeg6YVmZ$lJaH^# zR5Gd}j6{6CKf_$GWO{&>7br0mXhFFAdfk&^DSk7tL^pV9w4KG-Wh@dM-c7T|^@FEq zqo(~cLZ+aNk#1q>_3>+5T27R(ulg<5(rI|H(X1TOZnS8`{(6~tY%JB${NM1$>wcNE z++>NF05UhuPGn}}E({WYJ{g9SWc91C-*VW+o1%ERZ)5npq{t_V_WkS~W7?;dh<3SYGCsj)T}Hv^1+Q%CU#>Dbj{Ii?G}mW16e zJtnwBP^9K-bKEzsGd)n)jAS6$NRLNY+a{!5ptC5@%FkBB<7nLSTvKRv+xpWRRP6~! zWI`kosj_*x@po2p`X^gt9#2rN6Ee7a!U-=$Wl=geytcJP_g3H$s+Jn*B3f(nTCNPn z-CG949q5-kaQamI&Vbjt%TkQ@eD+DtIYIErkBj*tUd9fPo^pw{rty($i-oZ6bdf9A zE%b_JJjDW6pAL2`kCdN^XWbJ{>wQ;|W6Rh2j0H|Nm&B^TO}ag*j#f`7q2YkfFlEjl z&I31I8a5`M1fr4`@BY+E7Rdc^nx@gmbwpHUrm1;X`2n8AWu3b#v2z7pR;09!*lFZcBNKf@H zkKVg_p>ISrnd@|OQyoj0ut`ID9G-p;JNdUVvt`C(b?CVX15XR)T{RMa&8!!^nfrOc)vKoIxQW-YK?6wb}0G4ME{0NUJpiHnJ4 z_!@(S{JnMDnu~79Dbm#QBAqUazvtG@#`MVk=ZwSNnep@?rfGuAhmzOYq6jL|@wFlJ< z{sUkOBI2*CcK(2qmE(UMV>Nd%ZjQEDvpCf`6)B7+!v!bS1I1U(V^}*cVYlt&|Q4+?us3%s0^5#XI!b6zBbs<2o1f zt~Or%Ou5)2?dt|1)3*_J`n1zOY2|%g+HTENN9T+y-mYJ@^vJl3!&HokIN*fxnn?&zy;v4V5pS}y*6t8H)-?}WO-woH zlyUVG4VE3mLxgeuwbBQZ?zVu*A#6f{4}fj8v9#YV;2ZPEsTi-PMme7ggm)`tw$K#X zjho|aNqgr%4RUzc?)cbkr&F6Gr~zX^A%B0lSe=4gz}?mQ9_5x2I%kiT7O1%D{JUPX zf`)fj+g;hS2M*eoI^^2-#td&+XD4_&G!=AY%X-@Dw@NuyS=7e%wjW>`4%pRXrfxqf z`Cv2oSmoue@)8z+AzM>(tGv+Q^ozdR<9a~PmgvLck6-Ps9lV~it%{vCF8g!)yRRF+ z$7iM*aNBym5~fkrFG|nHbK6j2r6f8h=^r=M9b~xqNd1c0+n%B%ZCC$1J@pFqnb2i; zjSIR{`Yng7qxl8+#Wqz6-Xf5sA_t}o$078FHma7zot|akkE%2C zhB;sDRc>aZNesBHq_4c6^x}Gf+0&CkD!I_Ag^ljq*HrtqL z$;*qom5J=#y_xe2jiBGHKC7IiSJTha*47RRb?l>X9OU%AUg2v~Tp?bOng^F|b)&RB zwc2Mri5jVhfea7U^GingH#9q@y%gPhK7i#WK<>>UO1K{XZ`^WSpzo_iQr;dO(>N;w zndZoo%|QCGl_M8j2_2&Qx|9&2FoC{3jf5u0Gn&~em;W=q!%&#W5&pqG20K=(2|V~% z28t4st(=O2K^`|f&(Ei)QQy3Iv+8Q;V|7URrOaYQ&>5`&bc|%~^`|>(vlUs4hzrW|X*Y76vpY5L~Vj>sr@sS*9k|_7X z5Y5WCi2vO3nDXb1H=@-}6e{+3y>{SKzDQ~Pzr8Elmy<7Q*=1MK6hts&f#mu7TQ6dc z{kFFLQ9bRKHi>~$yEO-78T@ewpNITuk6#Q$i`Q={vP{&z@I5LSYYTtU7{k)PPjugI zQQ%W_JEQsZoA~w0wYAC--#jbj*#7juKSzJG<4-~VIsE@GBlG8j7f(15mFLoq|M-1R zbbUc)W+pZ5zYgS8keeI6z5b^tP4zu3OM2Tc-J37A{p#;GA{~6`5JK}EaFG8$!rp4A z3W@j2+kf9S{(Jj>G&MK26hBTNn6}I%2sPxJ%N4aVmb1dH-nBk}8Btrj*! z0yj!3jv`_R=X;I>u8gX-3#%eYk#j)21{^om6f)ED4U=L1{RH@H5~x{bu>f9dP@cGb z){14K)=9?pB3J3x7mZ!Lz9P@gznh~F(HRC0tFoWL5)T~N>yovoHc9P;t|Q;CT>%;? zM_lW@d8#WeL|dKS=A0Z)_Z5dd!Nhsj71rENt_H*TOqYfCQB<3>XU}2^gsD&Fs7AkC zI8EUG-f)x5(=fN6W=b&^jTxJB8F>fnj3z~fi?&GivAw5KQOg)}(dmCt-*T<4nBFIua&l465pp22+9-PT0r!Nw_I{?``d%Tu=$vhwklnD&H2DBQEu{< zhCa?aIYnIRRZ`0>Tmt`FeqKnNO2X#-WwP*~aqUsAfU9ylnIV}1eqxFOc^>M0j3(9f zJxRA>ypnDRnQ;e)to%~RX|Nx?Fl167WdM{7Ps8>f5(awu285AK0s!vLsG-2-nlin6 z?Qcc(A$AlpTI19=TI(^mS3&FP3cCs%ZO%jQhHUU$XW;WyS^7`9$KL{S z4N4pdE&AHm*W5)fQb)G-PRBFM+bcgD{FT64E5~<9M6WMA0LzHk>yeb0w*U5j5T>fg zF+%Ir<;s8cByF^(LR(v%Lop^{``CFUEQ>>0?sv;)w0BvF9m!g$MwR8yr5lrWwp)Tj zI}9^SSr?2os>C|iSMq%~mh4uWNOe+jn&;%CFKB(YF^#4j;ZEnh(ev#c{d&b5ur%D9 zFTc+tWVGT%Sv1{DKa@XJt#x|(?h(-4GsIKR8rreZ=F>aB6rgZ<-t6efhLcgmMqj)x zz$p4WBCX(_dV5>FB&yIQQAmv@8L+3JxEZu#sgI0u&Y4R%xG)pX_~`XidN5B)^YHD) zxy6CpV0Av4Wb~!;3Q(cq+0zo4hllVU6CkDnEVp=P+5mcI8d&iC(H*p?*YA_{W=>ax zN;5TLV_VWuBD`82*HY$$a5>J;&Ii}w`Zu^6BN@R3CL)P=TpAI-;^r|}Xy(Jw3>?M6 zZu+v=WE5lJ)Xn^hUv)VTR|dj~#}DrnbGn2u;5@t8|8M>N&sR565$eL2=7Mr78!Z6l z6Dz1_Gs|r7kd{}Fd8sm#=Z{r}RaVb4Pga;UCXIm7l9%*2Kb$D7%M0*{P4`fhyR`N; zU)NRUqa#yo6BE{$<6`O8=hQZ6HmX2d&WD|~{F%bm>!G-Wo{6HyrJcnFZE77=)>R)W z^FLIUzqyT7^%pU@M*Y)0zIP~T$ox-=;C5g1JH`86)kXhr$w$v+9V`h zU5N-~%}#|DYqsp9A{}(5vBwyUL6)(MA;u8H_#LOZKEL~O zf4}$r`QG2(Z~nOcxE?a&JkL3f_xt^NzFr5a{pNu5yTFOH7Q-$YWw@q7cJ0gbPTPw( z{mb|0tDld@BuEz$-XlFcwdi4TgEO?;v<77fi|eh2nF#=XG=6q90Rb@b9`~2xtFhlQ zI#RCN%G`yIIt6@s&bH>ejvzHMykb&BBZ9Xly3zQwWndVKtx^Ow9l_rQJm1!%@12~V zztMUjpWW$*jEFh&(HC0m_#sbDfT?9-7RCKD|mWI@&xATSh>&y;2 z%xn#~3)?3+%DpMPxRl7vmJdHFbI2dzOf??+VFn6;qq*`H?nIwztF0Ggj`7NHJ{!vb z_j_BGg<|eBIC`i))RhSCrKK2C~&Iz@nvJ>ihee%2%uo} zHN&HM5o;0c>H|U5nhx;^Xhf~3?iLx(;4jOFMqOnTEP|WXlEl*mZZaJ2)T33Wol-L@ z0d~f@W~=U3+?*=9&y#rYnVb83PK+3RvO1xlJ5V;?lQFa6;YleHHtaScRges`#+6$N+BM(Fz=6rs@oZ^f<&hXEXw=Gzyv7(sss4H-!PI z!tf7%m^jqD7)vPqgG$(Zr`#Dz?Hkp8!^mN=VGWToiS4522xxI#ZT(!c9xe9T@}gN9H=t)&*fgH z^6vuGBOVO-GMDT(E+!Y?B1HuS2S)FCVB1WVUUBp=mj${1ZepV4jI?RK#4lxv%jz*S zwm9CVS-v7j@%nQC{|SAp?r@)p?^0V{#N?}nM+&4jH!3tUyv@yPIl|~?B93R3PSgq9 z&RQ8CiG76?7DkP8nze~alm#^Y_6ICg{kM>un9`92nn*^e*3^5Yz|Jw3s*9ApY4B~g zf)^q7;`^Cn(?2M+lRA^k9#|`+#IDtxg`J6p{Wv^lv}fjVrWkKb^?5y!x4FEWc$b#( zhVY3Sc?DOOUf#`9xatGXTsa4e{tJN3N>xMgS|;sI_WM%zAJD(;dj2-)|JJL!NKa@n%<4e|g2!D9y)6lg0g zMR4_cnyMEC({MY(Yr64W77L{lI;#f>+Jg#uX9HKJZjpBP;cfCBXhhZlc8+Hle7>O* z6^n8mrZ_Y*9^;S;3gE3c_P7}cF~u3)A_r>n0o%bdu`;7>k-*2xgH$nBSKZHE0)KDuq z4__TuAz01^{cydbIne9jXf^BQS6^UOJ5a8i8^*gdy6r}_@Wylw4;;ayjMptJ#7c(+ zP-?ugf$z_oFY$rY6_C_JsT*HAA?Op+m!l=ssJQi;JRA7k;Gw)t!x{H=y0`MW?iKo0`6Ur~@c5VGyB)K2-mA2=YkErCtF{EjZ>-M=FmKCL z8N;*k@&q2jw;#u~#q0goFP5i(_$iLWcrd3M@gtw5l8YKon68twl2|%D8cDgAag=`qe*@}mw=NNCB7~49Sb{r@mK_Mypd#zc*G)o+6A`jo0 zD%BoPJ4<-1{`7e??_mu2pl6qC@MRsP<@ao}5`wSRubA8en_x*PwveI`Lh z4sFHh{qjnnVF3kN~A5 z&uQa<=j6ToQG2IMV@g|a9CzAJiXe=h4HP*af*$EPl-(=tWvi$fMnkM%=Kkb~VOB@v zCG)DL2JIr_P@T+s{9TU^|+geXoKm+H>ze{(MxCf@~M8QnGIHJs9lAHHGn==7=8@HQnNZa@t^D z2>>$r5_}~;t@PN#eo|G?xYRNxl0Kb}jO$zROR+4Xod$i6MBtZ4bZ-2pdtgX7Lg1>- zsuQkoV?!ENv=%+A3bkX8{O2>^vpwMp3W&1Y9fQ5Fvla&bG%r8^L2rl3xnNpdog}LP zSNTs^;M}^>(vP*|+tLXMT%-4fUhnz82Z3|%O4tX%qZe_Xl0l1Zx3K~r9oY+Y^f{@1 zBhI6BLrMDMS>MD?m=5R^_4=u`I}nGzKuhXOtf4!hPp)Dy#Y7ppa9}mfSB0H6RNu4M z_EsRFa?E!OYLYvk@1Q+as$%hJW= zBl*O*Wu;4DN)CLf#_2^$QGsjWOi3$Jy55f$fs9`a-x&bTg(n`t0~lp}bAnLk+Rx7o zgLvRvNfrg+NwcBBqPop&hu(~=1bLt6l*SA8uM)()N=<5AQabww#EmVyUZo(BNWSh9 zjWeTkioyoyL9})l0)z!J)Yf$gN5oOU`o?o;XC5_2%1+v`v8sfVjmiK(PyH6oH>l~} zDgQmhJDrf!Xl)tb4=9olwnQ=Tg)o;Kuj>)roqmB&b)FOYL|}?g{$w(WTWX;^w3kH? z>4!Z?%I4W|9L5k^or$IV4N;{ZrF8bV#a~3H+lGfx$Q*TmlPlyEi*6rS?4Q%6&xQ_Q zr-CTB_|D-9*=1V$z&Xr1Sb3|#L%rs8{lJ)AjK&imrq3J-#z!nnCVpLwH^;%=kPjNZ zKaZR@(ly;PWyT0XIrP>&%S+W$Y>3+1i|slI-f;tc=gm^1l|4v`xZfI?A*%gugR+E_ zFEg^M8(Xx#P;(rk=sWvOgF=?93aJr1g{IYvEB$NUYm=bZf`WY0_j5QqpHGs#qD>eTTV z4uU{sjlR1HfxEwQ{nob5m35+jWr`7UR7zZYB4IW$C(Ungtvq;GM#}uq3K_L>-iiMg|OsxZw=y*&-AXrPS=h|;SWpd=X6R=3TR3P*MGav z2W*7?`%Xc+#zEWpfkLNL|DY-hU?0?YPwi^#>9Q&bs177n;4NGse`vWw-$2x9so}0Z z&wTT^2cSe-qc!7aN#b@L%-$o*-JXQ6N{SF~;E;o~aqQ2vK}O1@ly#-l`sq(oDV1Z1 z5R_1ks4eoP;o|G7+g@7Bz|zj;9`$rajwJvOsFXd@D<6QydI$R?oxff$G_7zBH1hiE zt&S2diHFUxSb61pSc#v0c8XE`CNM7`6wPRMIHXrf5s*^-xAMnOseI1txk0)3JoJz6 zf5ar^zU6->T&L2;G%FSm9LpbPmeXiQ9koE%!p$fw4I)t}@^SE&EPj zg4B#jua=fb&IDj;xRjncQ?(W%={PcYpq193o7B{3ZrJ00m#|K)u11V3*0tW*!7Y%mYLQ!fXM4&qE%bdfK=9gqzGsxSrQiP*tJ9{DJ;bL)5vlivxugPQo*Olo?y)GBPfRw>LAK zXe{8I`mjM?p^5t(RqrPW-MdcTUw)x%ipUeBDApln{N`b~Li zt)&KGWq^}Qh%d!StG44*XX7_lnIz8eMn@iI?sa6+xNKkb!9@b-Z5J4GJa^%Girf9i zNpJ3m$v|iove84?!`! zF_K+`GkNA=gM9XQjsDA>0EeC`m!?G?4Ym|H-U*TVFriJqt`wc^aziW4D)H~}jSUqA zT=MptuP!c)?%L1wWjelXH;@nNbSe`yD z)FAYDrK@_Gcoj`_pWPh}9^mAlx)Dc&WOcyhyAhLk_;}RI+4gbaqN@JUZkk%o1kc1y z)X^51az%(FWV0_ah6kBUYNWJVn| zwi(FGma-cAGMD`!>Dg?F`{X5gG*683AA^RX7RWGeN$@WoebQ4gv+$TDJ(}SSThP%R z^`p|RQBRoTJ2kmZyVN#&<#78nn4949^t(HvV^gB_sRQWF<+w|!4b%OVIY4Dly|#g} zDdU%>U{Qk2o)?+}L0_M`4q70UdA*c-&Es$8)$%l(U5#gaXo1^_UvX5splz=@m!(wB z*q8Hz`C<8tT#x+unu^damL8NPxxc_fg3+$GeXhi$jIuKdM1Y4oB}zIt9`|46-T{@BkdcG!8T2}=H*;}116H}Cw{_)c@6MOGphYF-P~?@( z5&b$%q_1d~L5_Bc1>@(M>R@ot0O^e_SX5!~kZ@d4Xtt0h z9A;)RSo88Bk=vkpKxq}Y`WXQ?sG-}3BHD)=zK41uNME?@lQ|l%5WVR~%+d|<+|9nG zmC6#bxQ*`k1H>q^7OXKbewMwazfg0{XK3`RS|8^=xiP=aAUY*pm*I1$y1qx}x}o=G zQ*X5|wG&T~J(MZ|_hw$#8hgI?vfcJ(X9@Oh1AxF%eP>eiyv?tBduuNQ`o}qpEvnFS z=i;q`aED#EUd8Y!_kw0y2sxiFit-uvGHwkXI%SAP7fl)xwRaLGi)JqNkoUGS)DkdEv6?eEr%)0%0yz({q4;R_4FX89w2 zURxpx#5rVdEA-98(UG;llWQB#8u{{}@6ODP?-J^bhvk47p3tpOuZ?^%T)De(;V`X_ zCtp-Wu((Z4Jpe+t9i#!nlm8%o;H%nEqIYlUp2TM=`Tun>@Ha8!DdFy9bzf>`6># z#;%X`Cj7I)R}cZ}@F8RG$pF^GE#O_%zw2vw@>we?)iyz1bE@_yc>OGa(s$X-xwkKe;ma=J3166s--{y6g zR*Nd${u+5PXF=qca4a1zfB>?HDj^>NhhS5;NAGg3Iuj^g+y%kC@}q-R?Wn8QVRKn{NJ$?L(rhFcmpyx+LSX z=q%wr@mRiLv)0*@o+iJ*w+6SfyRg57GpM#n^baVDDhN-0xQl!K^l%!1tQ9JV0$K2* zwTAe;vP8|fgnL!ecWdUXD=s7VJSkrIB#3?h9*@ua{=&0uMIvl-3*CQw(->U#U)-)l zL@KOrxz%<+G#Ghx^PAY=GQ`n}Tjd2+ANas*Pmf@9b{mvlof>?>E)b$e1sYvaaWxxrdHLIsd zjU3q5ZfAmK_at@d_EUpcqVXtW<=?3v;Tq5fSLp$5ohAW8AO6f;VI%D_GOnnvAmU?P z>%9g>c~etU?}2>?GYM!a8_4lhhLL&-#vrcKSPl$tCJm}sFvvt{BH@AE0EQY$@N5ji zO-{AF?SOdLoISrjCCIh8udR^R*txc*KX4tC9M>g|8l>yTRf%6jS9_<)_=E%QGSQZP z#$JNk{N%=#FSTRHKIP=5ep6kYLM^W$i-pk-Q1m*)T{3wPzxz08Jel-z!u#pV3tlZe z&s%XN)Z*<`Q*{b^qoJ^|pRN3?F)EP0Cj4u1XI$%zAVhD_@K&0ZU~pU6l&!_Xis(+b zY?C|(T6n@?Ftka5Bq#SLv(~T8V%6Z!P+yIYf$0J2fj8Lb%U#EsqbnZ{eFb4C=%zJR zv4;ClH5r&PuoPrBYl(_-FC+t7@sI=OdAziFHk7auvYG`l*b2iy8n7dQlY1a|C$O%5 zGRG=)o-;S7)2#gamt)U%hj;0OleLQ~_w|T1G!}$Tgk$8M-N^gQuYyM?;^)u!JLggc zZfpZh*<2CqhN;CUuo;Ad-nkZT}e?yIV*pDTB%8Br*Nw zpm)SDW>^?|*w{FFv-^C7zbVGq@S*=TyZ|UVRX{`k1rB$r+MIVnR9?t0xJWlubq_Z3 zF|h!d15jCuKt7(|>4Lw6@@e|Wv!l|J&D+!sAi|d`iy5@Ie>QU+^cCH=Yupco48%|| zgXv69E3I*O)Od#0&H7bAF$cctSE$iwnIZ=-4J_O{gT)TiNJ0;u&WM;1F8l|`AK`Re ze~NJJc;8EULSHJQmTLve{0U~Cng2_hZ)7Cl%F_12(?I$i=SMe-cYN@8K_WJ6@|Du) z6ohZgheEGm?3o4^t#U0r4Yr+DKXVWBs4M4|aDC zG_E=7T5sdR_b5C;4v`Hd1l3o+JYmk5jEzrRSSqcTeTK```!wQYDcV~_i&rv71O5}+sDMq3FQt>seEg1WLIBzd7G9O#Pyao7koFZa7+NBXn*~ef0wJ#e4r(O za4z7&txj2EwR=XFX#G^$W(B7AOR+6WJU`zoWD1NDW9@*CG~1gpOsc?-MYH|Up<$~e zsg<;dP><$Dl$G#b;xT(N^Nf{q7;gD^nL`48ySbFbK=^xde7t=a$#mz=r|=Wc`Sf;!1qnEWCCcmr zZD;aWIq(%PL%*>o3IA5;D`HkrnlL0{iYf1=U%ZNLs*FnlOOLdZKcmi<1VHt&W>2PG z4o$pAVgn%k*Sr|c9*TB$cEi($o$*~~j{kjG)S-JodB@dC5t5A z!b9_-7B#+iPG--PM}fIt#~O3;ry5BUKs87MkiL%R3^Jx6fiyB}|uU2PVhYJ8vyT2Ky5{o0t%%j_x$j#EH#EjAgM zXRgEd)@$WlKU|W4Z-Ix9y|9A=;@H28FqMr<-@yavu(?LzT#7Uc3+==H<~r68mLLcB z2pE0BjFGTMQt6MCr#6pkdcDkW(T4Vl7Sietn-xi2tYMD_4vj^#iXhg33 z2?`H{rR~1j3c=weuBVTJ3iu}~=?r?ij-+ei6Q^U@{*!^-+uPHzKN&qx8~uF!e+bq1 z@Xu?^e;t*QcS#tPAQLz8E7}Bzw?g8u)C7}O@R_ll#12`ZeOOkTDp3}Y0rmZh&@Qrf z$?q%0bOKBq>9+rF;`k3TE%c`w`dSzmzLrfm3X3@mEImI)E?xSU#h8Jm9(zb1Gk`Z^ zHTNt|{0uD7m4#-1y0?CF+r8MuP7p0>E$~C4I_&4wAFKd~;j13z$D3)5sM1^bmHY)5 z!eR4~C`D-@f{}j5-{QzD`qb*4GrYhBl|`PhbN@H;a0}AR_Wy{kP5R>GPsu#R45A9V%J6uVYP2Y@I_)g7d5t)^gqsz3-_^~?Qvg*zJcFGp}XfVEuDm=HbD;CG4 z;yp|)i;`ri!t#ZxlX}^ctinj_2Z|w0+9!_H@A!`cuoG%tzu}&2d2#GWW_05&M&<`+ z3jvOPvufvFSSxB1UaUBdoUyWUtIi*Hjj7r`>?B`h+h2+%p0#P6Ie|ZLanTC~OACNx z!cKq$Y9_A21M2R~h?2@mj%(Q!c09d30sN`fLD)`OcGSkCVQ^_X5h#vt^)jDZtZgb= zIT;mMQbcSzzGmI&2;A{&N)Es}c*}|u(VXO07IS?%v}ATZbtyBRzFkmg6uS^DW6W4~ zl<->>umgt#9HdX?Z16}s7n6M#mUFZ~SFM?&9X>n<$u}U8;N^2CroIgpdHdQ#<-d5r z?kpI+*DNR1Bh+`J@lz+5#}C!S1lQ#H{g#nsS7=Jwuo2@hQPwidFJdN7$|-3%Rjt)1 zC;j2KTHc;Ns^HjvQ+{#(OyK5RYc^oRC{9H{&U1CanH+cWgw$?KO0fs-Hc$Cs3~$4> zce)~SSfk?Bg(yCID->+)xQ>DyLEa|9G3;q97(@*ELUpczo`GA{`jxhKNJCyRV|Jb3BTTt%~yLWVI`u zWrfAQ3{Gu-+&f-sY`)>}n_baEe}?9n;I+sz#Gn@gnO=^mafYPEI9B->n71PB8|69w zow)Ow@piDUPv%b(*>?)LB!6goK3*uHrl%awPI@4<3}%B#s2KTtc}Q!$@aKzA0)nOkP)R8WjRi2X;bDz8b17X;n6A7gJux$2)PR!vUEUS%q&oSGhrC=hB+G-C2u&QK!_+QyW%zYu!D;=*bC&F}z*I|`fDTgCdt zaoe^ss2kcP96h;8xUm}yfulF zuD!162QRN0r-;amSx3u~?$w&->t)sYuYc+Uq5KQWQ(uIZ9RpBb(YE!|OO=V$o^}Md zfc9zE_6JQNkrV}yqUSHgjm_;khAW&Vr*rV+x?1b%{Sv0Wmm{&sc&2%hYqnkjwtnQ1Ui4=>;_LD+W#mURzXy2vT6JC-4Sol7&_xo zX)f(?g&km&gUB*};$&D5TTNM~b`us9q;#boEw~k@6se%w@9Qz$Tdk|PuBZDL$i>e5 zM7RtmN4btVR>`F9amn__ai2!{;kbCGI&q~&7>J!;JO0JQ?Ke9`-wT@J7Ro*Zatu&i%Xx+Cz8-<^zi>Su}&O2$r&mck?Fh6`&8-_-`yIeif-#Rd&{ zziS@JP;-JH13Gu7r$w5e84-T1J5@^9CfMMLF_YpSYqOh*npup~7HSr)_z$=A>F_Y} z(pGvnUqv^ETEdW!02|gWUq8pCZtMI#BdoWcuROy+aXtX-6(9ET9~5l6_5_#fPIF(z zFB^0l5UprIxE-AODaJ(cHL4OHJ+H03v%>2!PT0`iAf;C5;%vcZ&ft2bLGOnE(F0P- zPNJDhwaD*t0yk-h3T1;vqsxj_sYIW#OkFNPssaZAWK5s`1FDz)rtNm3Rz9+dN$+AD z5oC5tZH1EHI`Lej41>WwleDJszikg^^`JrT{fG@Kp^#SMBb0 z2;UG@&~=V?RYPHzuQKJNi0Pm*rPpcI-e8ekrUKw9cge;omK^4I9gHOk>wb&=zGH33 zp3iJ!;EJG`rPb-#!7Z+FRiS+}lUxwVl(ymtN8@W;mYe8thOMr##d{tct|X)E`|{W%|-Z*N57WXk73i55)urqwtXQ_}XI;(uCI6X14nOPn?! zo$a?h-&gg9lj=)fGXi%4y|-LtMozRL$K%vZluio^zc=C9V+lVyr(=o>uL=6|Noij0 zZJ?HaF!Ob*>uvR~E6$C()gK+{RC)iu0q)7QrFy<*Uu)9Y# zPOoUUP$ENp!P%RX-zo(9pX<`E^#|$7f9&)`9FnP$e(n@gH8(M=(hM>^yWI(^m0qC) z>XN^k2_S5aLS@9t@VcOr`hXzi zNCrtuY-KJ8?Q{yrcN(q(0KK>WaFMblO+cO7i^?hS736`T2WKe8Z-IjfAQLH^BdJa^v+kSac_fIh{;yHn-@88o1I~nMm++kF zz)Z44p;l(PU+6N4$%x^Vc4)w~(OVx=LXE_p6m#S?$&=SXGoDIRIcli1GR=7j5$$Uv!ZI z^oY2P6zR$X--=SIXBS_`TTnx8(&WErgVgM9kh`2(^I+BKq!ab2p0z0#F$ka~Vv^kl z&3sa7yjVNm7Gq8UfGq-yYhH;Lhl5a$0|`i9(k;)idY>c+_VQN^?5BWZRMzbM7zJ){ z&8kD+fl+&SI@Ts#)79_*%@po0YVE_L=>qUF}e@e;V>zTWHdqFn;#dysV9t~ ziN8BaJaMyRZGeePqG}W;ic{jo`g{3EaZpeyzY{d5SO3BvV}hH9`|U zBdz23;KAU68~;)PFy|i+Pi!6F8%gb<9fZN;K~!#5^+W{9ImBca@^-1&;FE4D4F27C z;3@s$HvqRK>Sd0WJXsM)eS9f(k0^)}eraK3k$HlnXHBdRj5pYxLY&b9AE@0EJ}g<;kJG z##UawTVwrFXkS&oSByFH_J_O~!J>HO_fDydD;6Uj+-HKFAEtZN1Uvfd1T0#GAE@tY z4AvgRl=CfmahJP54umot!91c|} zW6#VK-`L(I-HLR3;|m;dB!Da>fH^y1=0x$CwU3^pWKV`Q$c6y1U5gcfMZI;;1wgwH3hj^}T=dF=supH{a2t~k*WoO1P+Worx z9_A`szF40mCGpF*BMh>#8fA+r0%}Xi-F?K0C<07Q{lt{Ur)N=Jmv;5 z@kME=GDyLk!!MokoWCgWzS?u<{Tc9`o0G^UgkVA^v9m@;HV4d@0eNFtN=&G-uE|WR z3>_ra^0`QS1abNHjsyAAib)TbCt64^2BmL2S%K7V`&X9j>pG|b zvhZ!;m#(FQM!7ur!Q4`k*=lY9LL~E&Gp)5S%8AB|_61vQRZxvof030kBjjNWaaJ<42Rj`uevgM>OY0fojZ55a(}aCu)>`UEsUd|E>fp z$Jx*N7-?%u?_?)Ut+F>HXMWB6PuGRcx;)^=tvaI*I^2;3?9G~3`bARML@cPF-~xaIo3*z*m^tc zpR82b9=Hl{__JAqadU6yIc2O zn_aItC>-_=h}|9-|G6|X+7>+3`R6~*3k5V@+L67f90K>^vUqoYK~vWsz=rK0cxin8 z*D(z~oe_t*`5Kll-K z@x`dV+L{`9Bbgs$WjQDeP9Lo z$BB=s^V{{Fj45__ZCW!!4P!)MehCJzke3NIh#3P=j< z(jg~bb+40wcL1g9h3oom#_wVp0uA6f`j%%myA0%1kK_~+XIEaiH@niJD6mv7kKJ1B z)A8P_T`KJas^T%_lYs|yfyi7dQfRwij~t%9ON5ZZ6nP(7_SYnI4wMb9#gR?U&UF&d zyayvFLnjlyPgV3Ebcd;|+_fe{lEkOyicVchWCL)9Y38x)?dCE;H`RvLGd$e#4SgNp z2tk*9i9VxO{xbJ%$#USD($|%_$KGEjc0qeL>o{c{D9!}mJaym(?DcZaC!mzjo6*@) zBi}2NI`uSYrS0=S)Bzd6>k~@-62*leu=^FxCm4#{3&+zITr)e87x^9Y#^?XL6FqriWRQ2hrxqSQhY&WgPf*$5`i0AhjQJ zE)eL?kR~)L@zNkKX!hFRx6>Kp#Z&L%P%V{+0l;K0SSZIECz zG=saG1R{St+dG5HUP*}*HN(AgOXh<`Z&D40IlhfQddknT5q7Hv|Lh$K1m|C?|)SrNNxNA?;y9oC|)_@;|#=pvN&84as>0URwCsr z^-S`0-BbHO%2G?sOQgA zr6GZClh8Qo_EwhKQ3l0KJ6k_$3c0i3b|dD@=$pCgUIc4JU0S3%a6hknl}hs~BxQ-? zD2A;*21uu#G}Suog7Gy~Ub!#PUK$~T$~vt@X;i@WeIZ90YAxLg=C#~HoTzYGS@F0| zrm+mNgO*6f@Sd9@y72fvT>G_fq2~N?S(bOwkS6p=3ZR8U*utbr7m6taCz@?+2Q1iQ z?&hjKnRz4B48*f50;wOyZB<+Jiclc*!M`;GfAXYSTfOpnf-=q*Wvu0{PY>2uck%`6A%QLVx(q5 z;8U0qm2eu60T$Em_T#9%sepHy5!Sabk&)}lLHd0(_n4br4(zLb#HBPGoPx@jHLnCg zr=lo))qz*oK6pQ{F60e@`@&nK1DVCcG1HkbmWF!2B4H>4>HUh|edVW;g^} zTof{BlwBWD9-P$Y)oEi*%=tYfSe8`8oR3bN!8P7Zx#OWr97V2Xbj(7hiAJLiXTjXo z7sCk-2fOq)a$Rx{Im5r`q=?I=hUntVc`cW8D)c_?C(~LWUhp5LhkH9-KD(~=;k!!{>Xuuu~uxU&8Gu>;D`=y^O(iReNtGCE#qo%{L*_7`B$ig7PuGL zzN2Ni$ZBgkFa7MNVB433J12)VEc)c4ZKLOGW13@`yt{x^*Y!&b@}VU-W)eCHk58&_ zStFdG49>ApkUtDl5n>(KXE>I}@n@73e)?sVTtl>R>&*NNWXT6}=uj(1IUA~hjDg}E zcz?5Te8FvoT-};l!ltSXZS$^gc@=gkP5k3Rk3w$CKL0nE78AKCXH>` z$q<+#*5Kd_nU1(R1y6{-!B&%(%o1iq`yP|<)jM9O zhPGZS4<%qv8HEhPC90fVwa7YFkXqXvw9E8KKeH@?OX-+=W4ZcV>X5n2Ic{{rrYXHO zzVLo~z7w0FAddZUQKrBDouxFyd`_%sr3`=oSe=@aw$c`9BHaIs-XGQ(nN;$^oioQM<}=WiaG;rth0y3@YO9FczNi@tZLCW z-;xDv6R5I({vT2%zJzgrm^gI72~N7%-uduvM*Q%H7b7jE`+%?uzI#7CCvgFuXX3C zUKrzD@Aj2Rs2a?=6aV;5Tr?wBmwbp|Ip{~rb)Yz%DqI3`K(ts9ZT@ljnf1hC+Vf7< zxNy3@T4$dURCx~4%z2uvX4o4fq=bTgZ6Q!RAkA<~^89_AEcjT^A z+~4q!2>SS7m!|`%LVn%nYe>US*4R%~j99r=wLvC_jr$WfptH4-!ufnVqP7?GUE5MJ zBkTwLz!>pCjt}`8`my&|pPFByPv*@pA0r6f3U{Yk3vQN!;X8_4*i~Q#9T~Ns(6MA}V{Z z`@IscpdGoH&JbF_f5q*q z&$Ko4Tk`_5;h}X9h$cUp>u#%G>0;4WJ~x^T)KyF==ahJBtXBGr1?f|#4AI)d6DYwT zVu9vVACw<33Yc_=kF&d=wRtWz;ajPIfnETZeS#x><@}2-+qK7uU`kPw^2HYNW^=1c zu3!#VYwl)dGhOocUaz&~OXu-d=?i{8C`#|G-@ z-yqUO>W@*sJ^&JnrM^l##H9Dy#9TTIRoC?jdqH{c8@ z>8|Yve}doPU#r1gP!2{xXLd<@UT^nW9KoIT8Cl*}hA_6CAMa z_I7GEOF={hXXq+fzk<13yK&d=yGspf@6InP9F z-GL46-FJKKNaen3Lr45N2MRZq4;}2qK(sJ*{Cdo=sxteb0|ORD8!0}AR!Aqj8BF^+ zdNj_Iww@I+Ex!yIr>j7`66qSj^m1@e`pU!J(yaAeV^`bf?fZteB#t>V_oIx*!1U7+ zSbgg9_IBD*o?UjV-5)Gv3gtFaPXq9<777V`h7mv$PShyvfk92*pP^qjO;Uxt^9!a) zq(r=xf6E9so+v4gm~}@6{6&!GqQ9syb8p`5Z1ECi_Ud*!Kj9aY(y~~Q^h?b3UtGaR zS~{&zmH6gG`*}`EOsPP*vMB3EKG?c_>=+=&U0rO3IcZBd4eMau^d7*cgiCDkC8=Df zcS7=iR23#yII+Zr$GNv&0W{+A&`of|VBT!}L_sQHM_IMmJLH&as6jVU*)C(_H|qs`tLK#&DIl zt^p`q{Uz5p%R73^Epktd`4>O1ITAD@$1xDe7+Akk5q|osY|v?z7jM&{RdvCSMZpR* zT9{O{Dk8*MzKOr)M;;>WZ22$@d(xOE4Fr}xo8JN%$cjs)Sc?fAx74Z~MHYk~_AwfWCNcUWWbhC`NA<-z;_@qer*SfW>vAVqbR&go-wNo6yEalAs+X+T-yfW8 z1s1X*kl;vy9NJJ`#x6bz87O?GzX@eUa*BZEZRr!c@?~YPTB1R2Rh`?WMBDnry_cpY=(wTZNWSpOi0TowcSR+;d9Pl z96HosMC-`M*wGxRQ~KQ(%FP_ku8kHCyK~lh$6WO4$6pGZkw~cc z-%K|=xQ^Nk4YKh_N&;^(3tT04Wdw+su6cVIhmKT=1{q~QM+p=Xf65K>voqD?Cv->t|}S% zPeZ_zuWxn9+BMguAzlNqstr=`WBq4L_%eq+b$R6ia~Sa0LeW^6X}Ll^*cVk7jrME- zZ~SsoUTJd8BZ{4HU}DisMRFXT43R=$N+a{0zF1EHNqO&{M!jK_%)#5^&OdltOL-|Y z2u=B)84^5)rl6=X6L7|==p-iwsg@w`isq7D$a?%de4r@p2Z(8%5&6^aT}tL9UfxEb z@#>O@x&n*Z0Xw4L^|=k3pK)X^8}vdu5I&JUlPSm&QTcH6BbXgHcXn5@ai>&1R_|n2 zK2Zxou`*P=-um0pjxu$icc^UHdXoiD9ReH9ZJrc0w-$}SJ+MVr)|jrNr|7Zhb;cF>65DmIYws^Jk|2#&wq=(PW#tVkn>?Ur~ndtKVP@Egu} z$4NLsH1dblPE9M?D)t7P4+=Ti*hF!8r(ObyW~Tu!B9F$FmA2u=`+G`0HG4Opl7&w- zN(pOS{$g3&@XGR?>XdY7w5qkZKo8u8zMhJ?`tj9$J zr#t54rGQCo9rq23#HvdZP(D|ezfZrsw5^%RXQ0*$b?K|=?Qv$(P65iy;O(4LKo(VD zt3#J@68W6fNYyd8JwXGmU=PlZdg95{X|a>?$?|cR(d&vcUg>uY_^&1iUT=k)2w$a$ zH$_f%&wKA)3i-{C*JeJY6oDf-{JLR-93CD6t>HWVa?VnKq8k*+IxjyLm-l|ir((Zp-kKGpXtIL+!_x-T+jyB}1k!&a{OXNsa6 z@S?dwEONqB!kA7i6mu?D5Y#eQ?jVs=;Mp!x$^W2^IZtbxfx3x!Htq-PpE1|qX&s*H zk?n#s4t7`*8ggf-$Ewh1IR#8?EQvK8PHaGPZB4+&?g=KilQ54L8gQ*r7 z?DC#Vf@JHeeU9k?l+)tM0@FQu;`<|$dKuym{EwoOnJUc)FLH)$AD?XgVL_;aA1!>! zi9^Q1JfRdAs@N&rhofyd$#%+N2I~2(sD^tus}q8k1Gk%;7M36C@~G16D)t$K8;aiq zCtf4MAM#abIt1_G{vVm64T+>a6PHDjN6H`TR4i!fISnmMOxWtKeAvhIbQ`;=G#rb+ z<2ELISM9Vhe9=lsa7j_t(7moVKDyQX&A-8b;Bd+hnvr;W$E7i`kH8G~HJMyy9wuI4 zfjJy9m7P|~^G2_9X;*DItN0oOx`G26_yPzf(rU5BLiQoX4|=Xxh<^)%8x5@Msm1Aw zGrel}G`|yf>D!s9w=U}s0Q3EI`Td<^|MDCMkR|*7F!$bJO|@IQFBY&ODj*6{EJzbj zs?s7VAWE;&RR}#4fzYJc5D`%6y-F|A0wEMpiqd-^0fHbk2}Ps^!hR0k_FiXw z`@61l&iu0)!j}uumBo8{h{*{bos`Q9``k^m z{-bG>*`OGB;V*Xk_Z-VTd&i`O|DStkLRy05J_RIZ_+k7&azciEkp{VoEKAeMy#l}Y zYjqtGQBHnLb)L(XE-Sjx&C?q@_mrLi zRK}|VW@3!zuIxygy8e(HKeoC>;V?c0(qk|SG}3|k)YGyjL%1eqFQh(h@JV9h?`9kx zhZ@rG3)PPE6zo3B&+E>>OWHc|FK0^;JNQeznWw}vz->T*ZWv12KNNeKnrf~D*4w6=v5+w;*$eDa%>VMyl0iIE`AzD~0z)o@ z^k>J`fdYw{g4GsKMSg(il8?&*4I@#JpmDAVF9a2$Yg;=|WM+D*8;8@U0AM!ZIW#1I zpxeN?5f7I;iV0WBM*m80p6$(yBXIaWPox9ZMo{@?6EeK1oCvMhY<@s^*TFDcM{dWLvQx^Kii^T(R2nD`5i zLKvlb#>SSn7gQV*siSV*OLcP`E#oU|zwn1PYNu-keTY_2`@J!;d}kW@F!D+?dZdVO zb&6PI83S&V`lIZdZ_$v;PfGIA_Hm=8mG~@`L%OH3I%6ENm^BC(1JP2a?|WUq3=mQ^ zRHdKUF#+t_Bm#Z_t2DZ@uc)}UkW&_G#Q~jsCAI3ma!7bVtqKQO%1oALy~LeTaQ1I- zx9iPn0m@(V)$Gg50*u;7RVpIsA0VX74Gv%#!e;C{70c5OTd4g~y+!ygamNQ>27^lv zg=MUOb!=!mK%&+mL<+X`aj37O4azo2TzK8AFVZIX^q+fINlabr`n=Z#2R|Eg1;o<_X9 zk5itslH0A58C>NjT_U&(|As7$2&-Fl#xXA(Q?PBqi3|NF*J<&NRZB$>ATxA#t_OaP@wYwTC-nfUa+W@at`xJ7Dzi{iz$~ERn?DvR^a*Jm zHzYH`gFzo!)^*^-v}9H^H8qLLx5pl+Oma7v1QuVM2|TuhnVmOJ$?+e_IrvlCX?mcM zkV-j7^L9QLp$|K8=g5DdmG1seX{D!0=UZO?54PP(AE54(-5wWh+Fqr#xrZIH(??6e z*3r>nk7^w#V}#ea<)Mj%=aAQBZKd7--;?1KH;T>Xvo*p>W{Xf|QM{z11fZSJi4~&6 zKUj&z1|jC2XD;568VCyI;K6PK z4umR@ajuFj?c434Q6Lz8F?t*b_HnUbhr)e%x)XqDU)P4*&DgH3S=k8q3qCBO?>M3s zNG6W9#|>e3t>8f~v@dwNKY(bqYXDY?q5!hRQU^@3zwFp9J?6hp)xoq7pl@$@PuFk@ zcUqd+p?59$$aOn=mgcpYD)mw@ZbTFk2e+}i&O<5(;m7$&(%zN&*^fSC;I4%cq-})U zks&)W{GX5Xw*b~wx*c%M3gC3uK0gWqG`stA7^AnvJopt=U^G$hM4Q7+DyL3fye3%hqib0?kh2{pYp0hg*R~r2fe^s}xFao4 zJ#Ho!bvHMe;hq4JGaP z$0ZusRXK&0LvzQVeTJQzB!YR?Tkj)VY0l$#|M`&r0pjy7%G&>rW_tTS z?oL+MY54smH4Grl>hPf>ItKz>S@bSx?yfjAcN74|#5Ml;X)O1ja*rn12el_LsUD7uJ$t17l0M9ocq-PT>7tJN8)jA(%71B=H>Y=tud|?$VqMoWOZV>j@uM zt~J&G`7HvvD{~+#Du~KCCb>nnbm`NqAwAJ`f{ZxWg`wG^yHmQbE5L!F&2t*eEH1az zwH^i4I{v71MZBlF+zKaj|HVLN4R(B8pbwa`1sN#-5vTa8qIG&x2pN#pU}!G(1wm*r z>W&%K7!(r^`CA(T8?Kt^J-jel)UHNvKUlh3z5p|M`5)pqWp26l=jyf&XzM2Hj9dfw zK<#p&H_6#eIv)e91CgI_LpAYGCp3bo?JVc(3k$$c}N^e%{=FatVlAE#qlu61!KPD^A4-KgIki0 za$UblvRwaJ{Mt2Xv&fq) zr~A!;C*)09ar>ka4V^O#mVUvj@&UszGrtf>VnBQ_s(%cJ^Df`2cWsZCC9=imFdv=C z5{V2han&iz^`CBPQ3d<>!F)D2?|*fdYHazG{Czj1LF1mW&owowL8S@_CWeVy>!5_v zEtjWM8yy%v6#^S0ju(6P(6lHnqy}>M_R+OLF!m*ZJmt@>_t|N?Mg2x)TviRT6n+N# zM*jdUd{*EoB(@8p=Q$IyHq+)_<_6-;%$nxLF}d>vDP?l|R;b1m$O1{pcdKh)0^N|8 zvvQgJpx5UXuwv^Rg?f!zEIe%1ul$jYG$#x7EG?_Gwjkfhl+t9@eYQ-zgZV8*z@ccnu<3c(1`<|o%SeR`L_ z&LcUQ)=#ng(!JrgYuO-Q@5X}xs?cvg5HHs=Jhl-6q6$OOEgAZHaZOmiof@A}xEsN< znM>M)X=hUb+ZaH`4Jkecsu5u5fNC^Y4tXK{*eg!+QGi$a{)#fxpr(66jNdq#XS@V; zPkW6aKC3Eq?saaK`(i(L-g`=a&U=?K;mr@$Z$lUU<}D@sy8I1}E>~J$1Fd{)` z+!V-Pmv*C)|0!#xdc5tljd6h6j{4;qE8V)pMi6PSh1?DZhE+Qwe!qz#jg6XMP{ zfuTxn_qSg|wosN}@EfV<)b^PLd7&XiH>+~yr^F$jHQB?F0V16yKUE_(UxUtVeJ)6P zy_>T4Qj1~N*k<6W)qcA(YX>6dHpju>2yv?f0Q?u`?#-@;`?tPeNw6y|>DLW3&AXc} z!n+kP_0f}>KXFAU-him5pzoKNqoj(-KjJsl1PYF?t-`aU*aJ(3+>9Hy4Z@N|%76R1 z$J)%`E0VW|a-(!l1&d(Zs5+>^YGR)<+)t#YW@*S{vd0Ml$qOYkT`z6B3lGQGaS;k!xqs$@-Z_FEEwA zi(ML~%x()gw%j#gJ!BkjtLG1w^Z((5rJtxT-~NkuqrrOkb(Gj`-N9l-&)sF2iy5@e z@2WeuJ{GxTM1M@NQvQwF-VlMX+Qx%NHWfkRH*~yW-8;7X50DPuIS-9K+C5%@`G482 zfI8oe%m$!6K$55XFYAz<=gwdyuR()hg;2B5hYv8fC$2MJki!KNz>?!I!VHv%pm$l+ z#>*oP`mu2jIxOwPR?}e}4x!BZII744MkE=mn)7Ge&44CH_i2PtWm9B)H(XIPNyuXc+R5Nysk>>S#GrgN}GUbrNxiMZj z462KP=~NMaQ&Qq25U-(W^%7iyExy+P(qJ#~l;3uFx>J-mP*~o%(Vi^XX)L+eiA00J zS*vcoLV5DB$I@MBm^7ZHGug^?T$V1 z&7IysCzh~-84+6XXdi&u2I~$yMx46!cJCDAT{w~JlzV;#&?|hY4=Oe*iGNTC%rInZ z5Gq~B)jQn%Sd!rSjQ(?8PwuQ^-S&VhfIE!N7l+Ai?uQDsT=UVHg=D9{a0kS3XEHOa zU0d?aAKxUtE9~}1z}P|AGM|gc5z|NS06J516aSB0TqT9fKlC1KK;d5c<*-93W73m3 zm_(`3Gyd>hP(Z7)_E$urEX173iq=tamH`4p`65kJ17NqWR4`P1vGjKbzEAo0i-)Vl zp2S>7buR1zHx5>5#asWHy6Cxq2VH^4q6`+k0uz1~fHlUv~VhltdVo@xH*k}r{; zph>L~Hreo2JwRprgC9B?`9P)%w5VWl{wq0INe(+1T6?V5geQTMq(G8#>fw0)sLktR zeSG2M$7nSAg$Roj`{P&iu3)dIyS3%_D~-$!WVzMrw2dRHWr7vz6(e#N&w*bR9BH3Q zf$2HjwwBJbCTJKQTMI_uCNf#Q$p}?m&+h*ywnIIJrt_VQLmrFnOEjd&hJ$u1mxVmhgrSLW)Azt!3IJC5YaD3ngH=%ChxGb35=2^J#P4cNtl-7 z4NJ(~cm$NWpXb0jzqWXb;i83(w05S7gb9XYO7#ph1%mXr<&)l9&!usNspU@Cy_o4r ztgR{7_8=bA00LdL-LRY_<2SGhbQiMSQzEG4p%WK=OgokbEY?4BC~xHxkg24$wc(IS zPbUw*StEN_uh~L32splh34i?kzh<@Di+#dM&-BN}#xBj@{1pTAg?+7Q4jQat_SVrv zQIGPDG7R9Vcskw#Y$bp&xO;G2 zhn7t(#qz47-B)~YI@0PBE%V5F#JBeCZxBKkDj;AKQM?;pjQ7|Ia;_S}9}B#a_4sO% z2{sU!V0bS^P>{GE3qUgo=}zF0+S1xux*VZg_~s`N=b?LPP$~LhVairzXESggpvIFg zP5u?kl7GW2G;fU|tO+t*L&d*Ck{L=2dVw_LTfPlVrKgKjkSEvrP=*}thzUzdR(!?s zha0tmu4h#Wt6&zwCLT=c+$O@d7B937O>d1_hS()-Qdc{*6+sLtXP2!y>H<$9c3x$6 z!a9MF6Nf)AqB(Q__jd`d$|RUT8JgzpK^9142qBERR^i7T&OS?_0NQ89K3 zI*mRb*EmT>%Oq_5OW-vN6C-mp?``>d-uc^~UOl~gZGV7 zW>#S=XCHda6#B|?hIzU6&uZgy=966HmS=5g4j%b?#;Ni5jPoEj^s)sy1s}6twVb)k zp$oDtq`8p^R(ZN|Ky$H!tW?kC_};=3iUaG| zPtqckPU6A#w-2bI)*AQRS$xJ#t`glMM}z8d2cl&DAm{WWOyx=(Hd zvy!jI6ryHv3A;2hrfFjXS>rulL%3}EE2*NfMU5owST`xy-=S~j12^^B&=s}rik;dp z5N;wH;qm2m(IeQh*|6A4s&O86dv1{V{6R~HdHbAra&xBqGdkQ)fx@#7qs2+7Q zD~48g3}~8xo+LI^pr<1qc>Mf|J)%CjxTr;-0SdQY+I>;Y37ZnyowQq2;3$k1KAQ4Rz}>z}OR0HSh}@Lr9G zrEVYa=$ubC_uO8=w!J+!?ZLhDG*muuK8Hc}K_RD4l&55IVoR;DfI zy16DDI4=q=IL%k4!xjWDB4;(X`QgKHIGSQJ43gab3tXCsP~v~^|-2EY;|TB9n2>XOcyG95`Ru}9C`OHQXek_n!t7dI)=->C5a?mi$9V2 zX}KwcSY!1Dxc*kCER6CDseNem*QmMOk~Y(onqHyvt!`eDKq|xQEA? zsApwJXX#Tl6ffEV=-&Mw&IPUs)4_>%4KA0|*Yt)Yf*W3%7 zt09`QG2*>&u_&WNrOF*vFIRQ+pyqUsrXET}af^Mj!7Y$s=Y!|3cQ%%bW4)x35|y&i z$|du5;FfIj?1$k%fy%Jdc<1`S_C~H0T{G>n6}U;-5|^K{=g$a);F2rdhGl8K9RxA$ z#&LHH1GfRMHS3gII;O7to{00>>amg<56rfr)uVxxfFGRR)-qkyo<}gG=xeJ7$2q-u zZ7x|$2mPvYB4n-*ctGsQ0FYykBKxpJ0enJdrzC$1wzG9U}+RBX-KwL3y&P4FvFRX%M$MF@VNR1QV+~*U0EPzmE8rHv3 z+F#^=D-%IqWZWMjD<398<$0@f(hqEpopGylCeHME}#4ZEH|245e8+K z4G~$u?TKd5Y6T$mj;aLTERW9T;S^M6hdXu46SZT^ydxoGSf2L%s^YyY z(-z-q(%4Awa#`|FZ)`1J9eeTx3>Yc-h*BQx2*x^WkGU}PAJR5*9+`k^dpnV}(pUK} z=WjLXWd`5=S&i=d`_!M`Vf)8HxIK3IZvh)@&e-<@Rz>^L*9P<5`c%p}XNJYIpJhL} z99YBLr6<4Osur3HMFmIOk?S{Jf>CZ34-w%X6IqHzHtVN3av3vG<5kVAnX6;C4~pbQ z*uvFt==raY!~R9%lqL#YKY~ zI@Yp?>GAK=cto%t#Ub9SucT$=iOJgTp3Z%}`Km9gy7lFWrV9>_Cqf#Q0#U$ydB4$A z(+#z*b?)r8L#+F_=hY{@OyNOpV1)oBjd#f8A`^4D^)XJQFJ%=m6=k&ZVAQ0t;r7o9 zZu75l7||f|O?`+q6W>Jyt7l}5s4ZL3=6Kk0ektOB({fb1W&P8N_VPLo_$XKjc6+D& zbFC8|PpGE11B;UC_jg$XLAPpWhx>x>Q+D?^Y<|(6kEcp4ale}F(SBQ3?FP(99@$o) zIiisF71{bpnpbWel01#9lZU^*Mi(bNO!U*MJX?gZnON1Rx`|7-=Y(MtCGLa{WnHhmH zPiL2QZwd+cdEtanR3$9r!|=pUIA?5fl52?xfIW7OA3PG*#iXVkL2<7R0QL#q zR*1|mn1yNtaRtQYGgrZU$(*YXZos+Zoc#*Jce84Fu~iKx!-?SBK^mk%Y=urvcJ|kJ zyb?jLfAB}VBhrgIvUZ0`$tbz=4}J_hdH3=tk{yz1e@?^`l*i%-+gpusr7 zo+%)+h%z=29GI^ySndsx{N|4f&Si_n*iU{ZzUO^aE6rULb zvUR+V+8!4{0g8O0f_rBTo@$q0fG_#jHM+ME{$gRMv^jztge#)Ut(AJyU6Q>)Sg2FS z5mEysiq}ZJt7Ra60QV1*Mv^S?dc40&empQeKxz2ZkqXgUM zI`xL8^$U#8VAx-a6`sz@PMWiOlLpen$e{P`5$y9#(wk8T;%hR`ym}>ML_>jAbKb87 z{w0}a+jEALiHHv$xFym7(V<${yWSsdhJ(Xhk|jxdmnYN!HLxL!7m41J^cDUJV-(Mu zj!$MDtsw9fKS0fyNdM&bmX6xF2CmxnQuz(&jCD0HmG1;{i`OpsrT2Ho+?JoIf2J-P zCMVLKFr1Y<+k?(Cpe{X@rfS>_MSXC7dr7v)E4OH+%=c03jM2wU_KPF8hGCJ)R7n3|oX*r`dhjzb zZQdH=fga#Ua9m&FP(L*waR~3Zge%~DGM_5-&{m+(yV~BCq0q#(&-BHM`U+x;*tM$=K=t z?f2DP7_v$d@u4I>f}&V7v+<~*jzxzIku>PS&5a3fG4`R2-C3>Jn3{%hJ_0#q30$7( zqg;uuKyMA@ki^IBZ(z}__1TQQCsZ?>r)krXzyih-B|1zKd?~7;_Jg#@(N4cN^2S$8 zDJ?qP);0x2C#;3{Pq=Bimzh)>+c9)VZh3_99I=akPOkPK4=~8BX(V1LXU58!N|YbK z3W?hmeg3RBs%81tIv84}X}R(eNV+Ep9z#q}!Z4Lk-5lmm@E}pz9Y9(ivlpizdGmT)gH{BlM zr)>3n07Ku1vT(REJncbg6dr`(XxN4Y8a+7xi*aWWy6VlJqU=)aI_@ziQ zBLncXqaQVJqee*vokKJj2ko>^+OLeQ zw++6l#_Np^+&;hYu0`eNi+gR$rKWF=SYlEn;BtDhqh`;6B})JG#yn53xb&SWdmZ+YW&ogQi5zxdg3_*le^gklaD|QhG3Ys`xe@YoZ;r!F%Q4*U|NIu}J$`;eW3g0@$3mzO;tN4whbm(R zZ^o>?xFC}Feqa1-);&&QuYk=}Tws=*_1(L7+nPCrMR``|99|wfV=rNUf1&?Q)P42v zDP7PGb%kUZ$5w5Q6MorZMqDc zenl$6Y6KU>^}|yhSdH(e`6{&Ool?iJDSe{s&7wB!^UBpPgH}J+!nddAIWcHA%C-IIl2tq$X^{Q(t`kZNqYbEgsBy=(ci1G!umezGu4L-NK~R zy$JHtKiR6IKbpw$2)j`~xl$`xmb_>?0HHRa3rVcoQ}%(KDZ2+6hz%n8Wp}i-Arpot+gvS}UU3v)UH>=qowB76V@Usx$}@w_KCr zeAg&O?R;6kBo}Hby57`&SHv%vmTrnts<6L^c102jM!_Vn&=!Kngt%kQLqx%~sH`Mk zIS0}SSJL69DyRK06?&6|yZ!p?{ryrwPdg;7q3hOjO*V3=Dub2rj&2trlF{qeN56X` zgvgWVD^Y}4>tAM)FHjr{#PC2vvM4r(eIdO7P zE<#|iVEWfX&xR99dJ*jJ-S#-K7g2;$sbAI`Cj3g^te+}>LfD6=yU!M}axa=YiW$ylV=?A@`4dX~$gi&zm4* zqSE1wkDxtvLHxSAf?x12$#25h_Six&-2ga6FN2_Oj%hZQ?%n+@38B{%2dZ8_n76ECJ$g@V6=r5k+1cpylsusmMd|c?dE=7ZD24)BJ;jjB-l$jqB_@z*k-u{7I`V1>NMq9 zYh4isI8i>KMh@H0_%6%HI2ibuo$yUAGSKc$mKDx&NX~Nfq0T5N4f&3BuuE6>%;kjT z?%8_S9`DV4;N^QW*Rx)rwlWwkO!=CWxA`@Xf3qa6NR6Mom*x&b!RKp)HQz>NAnJP^r1*)evA_yB2dGQ^r2aDk;h4S#puEN57>R(eBgS zMe4#1wa8|qs(d7r`YaO6vZXl1ZeycK1&U%1x&i~`ZkGun^c|^Srz3dk<0@q?Pgr$F z`@o=QzsruZw!hxVH4t7T5xBM=JQlIUvy2sq-?nzR`_fzEuqnm{yi!W=b|R}S74KLJ z+V=D3G4p4wqVvWHwd-aqabk7eYxAsY(LukIj(z1upUmFl@2VA5MptupOXH=BYJInT zmR#9pYm1j2L3jqA5>yttm+rvks@L4Y>(F#mbK$a%R#1~f6}w7vD69lqS+ykJg{lMl zzx$S{t+)5nWQ09BS*05-7cMS5kH4Pg_wrJ%s&NB%Kvn1CwJ@iGHInG-ATnyHWUls5 zw)5aRsJ4BG4*A&3qBD?*Ffs~#0MZvdA&PuBH9qsf+PT29j|d6#su*`i^z6{`?Ra`p z$#ZGfnd20%AQ68^R-INLmfIW52y4er^w;#*GC-e z{N}p&*G)#Kxj3*htg|Tga%^T2pA`}rnofHp;U7(>^xs{wVCtW4ye4p<^ zA?OhqeP6uHuMN{6>~{^Ig~5kM)|$T+r#z)wr{7k;A99X~v`CmPmuMC;RNDUW5YUoU zoPJMwAZ-(cah*NYdRb+<#&Qphu6A`Z9LY1Pb&*#nZ9R}p6#d42O_B=+BTxl<3BGGa zT$}V&AhX1K>1tLh?_5cK(&>XV(v9Q`oqQxLAh#_hbm9cKn2IgFU9!Ou+fEyB7JLc# z`$m!TVmaD5{>2>SB$2bm%^IznbIKJC&4Z5x?Rv0UWj<>JiHd@W(7gL~RC3H>T#WQtrK}7+VR4WT^3e60Z2ZI&vh^nS$F@2_xVcErb&G4s%b?8}1 zR3V2hRuJQ+JDv1x4d%t_f_|ZDnH&$O@ zD>Pi;IqGvIUZv#=F}V$n`*IhqucY#!II};=YwQfuzBSR1uV~aJ)Sa7M7%jh0gu>np z-^*Tp9l0Z}HtA@EK+)4!--p4xUv2Z`%k{dcJJzLCzM_tzH;Gt3c&oAf?7|U3`OHbx|#|`~Bhou_v6+Dr%9>yevpb+|PchO$<-zjR=Cq*A#At8|$ zFAA!;Ez+t?FVN<5V@p(4r^VYD^qcaEI%8Ed`ibZ9MV_~eFHqGQ{sZMPT$QYgUAlH= z>_(`zL@@PMw(^ePubq^=pPS(u18!O|NB41p@i{F z%kQ-ndPzeRL_!RdEqY%fAfW6pvafCX%0$<>XLjYL%F01#fRdTRrm{E2$H`Nx#T7$v z*|}?C=n{}z&J@u1nP@mw)m{Q`boMlr^EI}5f)l?^wC*{5d*Z$4vgvE1LWiT{oXyrX zxh)AP&RXMCox*9|sQWB5{>ETaZv%8Le#kG)F~@R_tG3P}$aA@%F8%;#oTX)_S4Wg? zR!YhznWZ11Q|WMlHd0-Oc(kz>8Z0Zr!{W~G1*MmGYRJykJ=HDe-yLL^hrW)o*RL6P z^HJ7tYx}gNS53$2YFBNw%gT8RJ2Jlcm6;z8QTjmyv!v1*@3qgcIf!-2$cj1~Jx}%D z^j;7wThZ|Yx(!M0Y0E|Hgp7>jhHbZ*uI{$@x=-`!&2C>}2!kRtG>@5qfqA6J@jhiX zu^AQ2*@*42&IFCsr*masv>9D_*tPLHj6rALGtsCUH-mQk=s43F-*G`*kQqt>gGW)Y zGZty)@JjX$o?eK7VR$-;=F*f$g?0kWQzbPk4KDUhG{@yN4}A`8J0t4V8?K zj}M;y@k7q14S-ps(~7;ouh3q$e*s6f#`r!Onrb)0UyVS8UsKaE7^e;oDu>;R_66|ZELU5b9%ErxZ zKg(nb^3+l*i}poDMh+dz~<@W*8l$7CtXCJ@Xwj|c=Z2KusWW0YrqD*l)CG6Yz zYu@KQJ(xoIwiS{DhV@sr%qp}$ZQ$PN<5PYiDyXB#DGQjafr+?Mirq+Nh$M@8fDPQ0!v18jUKt)bg8Y0fCnd$EhkDWa zGVmcR1a`4y8z6f`yfvzy1VnY5G|%wEQbvx%B`dawfxZI#Rn(}qI?S;Y?M9fdu2z&F z$|tsg+zv-t0#bG3{1SUvDDRQ2WpO+E<}2^^j-;t&mhiZSRja|~?dvYhlzc1qiN3ze z#<0RFmlP4!m(#8WHC+Nh%?79U#{BS+Bj$vgCQGwf#rV`aV1xhysLzr{;&O-h8QJfR zU&}$@k;)WC2cNw(pX4A#0UO4_c*He~RU9{bbzaS79{r_l__}bDNMXOGHjirTuu!}a zyYvW~daJp^Y3Ar|K`%LH_HNX$>{0_f$j%IxRZ?eSP*+<+mOJRNtI%c;1bVKW?{|JS zXOo|{k|`(FnDF?nU;L+u+83-LiU>UvPy&+l!AW@;!irT~8Jt4gPc|#dQ@kfaXeI1S z;JBKw>(v2p+@Q-flNFzGcpji~ZupX195pQmbCWfVRIh$PS`p*So|@7f0Ny%faZm1@Q%8gGZxJhzq}EB{v1U z&qN58^aK(1ry=FWDs(Rn)p$qG_LS$@fc7GQPx6*pb#kyh*RurcNo0s1KXy463${Q= z**dU~z)#a1JNqM&G*MFNSTpH5e#1}**jL_oopdgwP+0bT!SsUQtDA1L9kgwX&dvaFg<%E3SfH^N1CCB z4cdklxIVIX~~{mnP*@R)9CZ1g}xYvmwaOrZz(-9c{s`ukLoYPJZj{bs)ebc z_7I`{LsJ+Vm~lmI8|6@_cOl;z8a*6QWW1q{F`+Hjy(Fc^UeqxGB#kz|t!BR%C9AC= zA-kUk2LAlI7RR8S5$%VOniA$gy_Ea%i@`!N!clvKvJ!d-Dn8b)1?}*KiGpD2=m5s$ zGy5u%2NyLbaKvcRt5)Qi?<z4PqgGIqr>E!WALvN?r@6Fya2KVt7?WY^%hAoJ&%b|J>YvX_^3N^E70-MM^>a$Z=;Hh7 z_75*Tv1blqiHn zJ_T$qLZupQ%Gy=HMKyti9;dvV6Jf)q8++BfsvzA4&{HZKqcwo!JcKmp4DvH7y!;Ly zimyvXD+f_06cO8qM2#Ct*9piG@8S!BlEhUAy?UV29$I`HVQ(+F;rXkX#5e zh488E>4k;TN|73#lav+u98@!3kk1v_EUEqwdL4ZrYw=`*MqLt28oCW3c#1z+p>~A62)!aS9e}_ zF}(tsaJ)#@-9A>FVvdE#EE!6hcBW&UcH8LdPz&I?qyn-@b9fxXxEVoHNo?u#)481V zD!?A~*6q*~{rIFjS(hk3-E(}nJiLKO=+d$g-i!Kvo6ckV{5~1eLU@W(t!^)2n625^ zary`-oa>ve2#9+2Gz|WfT^lunb8?6Oz=;=z=-@2Ae|A?1JjQ;@vw%693Vc*m33A(Q zKt1J<Y}lp%VrXZ(ryx16Ze`SBk(SChv%&9hOc=39GU9cS@ zd#}L=M!9`xm*@zow+;j$7xUruVzBO%!+nFAD2%hSMErE*R#FeNeYGphpP5lFTc(mMx@qnbD}OeaYsb!2BJAF# zc~&sc(1?U=-l|dGv{4|83%O`DnujrZH3)K=dQ|E&epS1mWNPJ5v%)a?{wkYfp`@A5 z#)mU9>t*-NG>bMG8lq&Gx20-eVh&yF51T_Dm3p>Xiq6*YG;R9Q7i3QKoxU}}PFumF zUfcOY={zcQ?^HX3ox^lqTJg8P0c885f$!iZFl)0(KlVMTM8q*iOIbN57SyTn@7&Db zIyDU*rQ@<~x^tYh~zYd^NnKvKvF0@@%W@h)s z9`gkTDXzf1i2@o;!TAi_pjvPXHbbF(o{GykPJrgFYdG!vf-E?y( zJ4@?PE$IrIk*31*$MBwu97eP5grNyG5sPeyCSmTKm?~*ijDhO)?G1ZqxO%gbQ*Ol8 z3L+;|>qG?&Pc;c*>Yg3k#nl89jo&lwl`=3Ca*0F%DFAusa;`qEKHw5P6Vswz;I*PO#@w;&x#7n| z&NhK%vru?own~|xCVDS=o){<;KL}^Rj8(1X_)to*ks(0k4kLL5t(+a%yj`Jp!mWe( zEp~N;S{ksEAdV(Me9K@!P^Nj<^^UxnFgj6idp2PFZdUr;C5_hLU8OfqQxb3`K+kfH z9hKiA-sviijEaJ6A#s<_)(og!OAQ>UopLARCJO*+@YW!LyMUVU6jM}3H4NEKv!C94 zHHSwR2f$_(T)p2ZamHGPoBimzb;KT~E^oCWig5!I^(4i1oO2m+eVtVSJp-5>QJ1Mw ziR%+DSS+zNPg1ZiD47!hU;PizaH&97iRqQj%U~(TmKhBvBX%Vv`Mdo~+6KP94Wo}6 zWV7-Sw2#DZI2mxw9jEZ!$n|PDicGYZC3Lod1{*gC>rc+lF^g#Lycfhzn|2{w~;j%B}rBsMqkLY%Ooa`%cy5KUM>fBL&qie;aX4t%ip9U~>@w02~ zL(42Rj3SL%sK_&8fQJzd|BN8O!?N3aCN<<2y%!Rh@Jf&9UcfF)KvYXq*Y^@WaPy{8J#d0(o9ULc^!W(Wi&v5tEBr6^_qO z&~%>L|H(zk$7fLB-fY;~i20~5ksc#6Ssz$Bj}j_>ch?*I$>rI$(ZV^mcl1R8`x5)r z0!9C$x-`okr{{Eg7KiHteQcqHb?kuJtpjeJoc-(w7GW&z8OV1=C%%2gU3w@jY>HWV z)+wvQ^Iumnnrk{eUTH-DP!5QXmLOaf6c_>|Lz_Bn??1(ePcVYg%fw!MwGl- z_N~Q&oXCs2sV(N}2=#r{Of$0*Kxei;xJL45)j;675l#v2z~(!z|3jF=*LPS>cOJDs zu!4$YpuQ~>azQLRM&4FN2|?o90LpaB{iQ{{SSehkI<{jWMe((x(pdGltlR4M0m`JIH?=r#d|ANyC~6 zWw4L{u~R)%SL3?cd6@acc_0Bod;Q2GcNnfAQcN6rGJ?pbR~P(pO`-swc+u^vaf*3;{m1Q)Fp5uw(<$X6tJ*NeG3+yD>9z@GBCxYJOQY00lK|xaNOOJSji`CR^c*i^nn9_h#Oe7G z4&$iXx_U(h2upxeTi$@cezFRGW#P)pqt}}ql;oY<&U>#)bsM$DIMxo?Je!9a8O+ptT`Ly?X0C zyj=y_JnQ8yg`N|mQ~tpjeXXE+N%?$;c|_?0#Xz#IIxR5E@lPEi(G+W{E_WmK)kfYbCod)NtMR6IikbL~-L2z*(&0W+@l$YVfE7(rG$5OefeVj7t%`-NH-FEg~rO&C%$@)Dn;gNy4Nj`zks8yPdNci6!5PKx4xQi`fwflOE$; zd@>P3B*(~yH!+l-xn*6Q&Q(^@Ag%}+MPR)jT=bcSHB^4A-{jxD6?a`g@chp%^%3nK9-~WGA;~nc7A8c+G}T9p?IP@!b4@*G>NSe z>=Sm6*oA+_kaodIUB|!Jzc{g+{Gzd+Pzm%UJ?4`Tg|AX(Iftih@q68yeulJ9s{?80 zUBF}J&D})T5e7!NxGwnK?2&tBZRSV8KUrQ*X1MAZ!a5{ETO(hC(W*) zpaF$ZIUcHyMU{0~*#Pz+SUZ;fTR@h8BVVb)dCyT}+pjcAiZ;IYU3z(ig@v?bcm<3D ztp7p<3#6f46G&J@%$^hrMb#9vIo5Sz3$MbY=CbcE8bR~sL1LOk|4|)0W)Mv0Z1BTj z*U1rFpb|(Y3n|Ih2Qn7K7Z)1^M?{b$AVh~HLQj@9_pc5W`n!G*TisgVcV$7y_|dA4 zOp)72fhyQ&b49%<@ULiDjffnwN5Ef%)qcOUJoBbm)xe=d(zUZXB)%Ax!4T;_ zlu)F>uLM+TzB9smcpcbuiYAvY2T}g~R&RmHHH0j307{$whCs|V0OS!g8=%PvR|0j2 zq@eO7K{^cFaaruIcmYyCVxJLU_u81R>0dDQr5+pyl z2zw+72G!|(8cy~saQjtlHZG`{z{enGUy=F^9#TZLkF>$L5_}_16#9FsR!HX9{&iVJ zpy|6IJ949c*k3b}#HF}2xF*{mvf^|%=nrY>_{0C9R4SB)(CODuf{{c|_-iwnttUqR zi@G-thkF12|FzIbixNqaPK(M`S&NV(m9ivTvQ-+g42dB$MmndG&|(QOqU?-y#x5;n zC%dslQ5X^iGlt*eIqJO6`~CiWKG*wvKiBX2{(k;CS67#qGxK^qUysM_e!I)VjaTO4 zt7A^}AvvknmB$^+b{4$6zewNfRb8z;IVicDAe$YJ|M8-|H(SLzTNZipy++*Up00)c zQd0eGt}@TO%fjppy#D5K<CNg&FOad5=Q!(V;1>=Vy*n={vr2n7kU z|MZjS@;;7+W4tRWF0J0aD#}=0m;J{aYUukauibypj1#{kgA3C z_Gm^7C0MJT*q%}tB|BadIrCT&DMM;OmN6Qak}&u9@#8$j3q2W^iUk#~TubetSvko7 ziZV?;FPAn#CSmU@Nnv%VEp9o=A%^ZM`KPh5@=c#Q57uLBoCDD zQ~T>A4Sr~GoDraO%QpEPFM51M*>g%-MAGyUT9gd3_MCC3(2Xi_DxE72RfSD)JWS>3 zdezyBifyRz%B`EEfR%=Jb-6gFyvC!GQ(A}-M696cc%vXeerTOiudH43`_{BN*pWR| zD(|*!6H=TqqXMURmD(9iE<_88eqB$hqN0dm`~-pnEvhqIRuFNPskznMVq`nR^AiR0 zDG>FD5#wGNt@6#rda$OVRzo1#egTMY=jtiR>+0U#CA9hiZ=0vP>8#s~W>d=MaDe-I zLX!@V6cG(bA7WvgiZWl(Key-%+sNlc1iGM2w3kuY*y;hNnbzc^Hj7&{Ms|PjWG}Q0 zGI`izMik>jFHQv>48K3%pWW0%WmU67?{!7jku5A z2*%g7G!1|YObfvzbuX%We(6k5OhOn%dDp?J*2X?p7UKZcCmUG6%$fjrS9C1%Csy6g zI+o?P7_o2QlV8Q+mFi}r^qZBBHQZG83H9U#)%9YI@BKhFXfr<(#vi9SDMve?KYP0y zCjLb2Qg3{b4P*zy8RB@xl*|*+#YPqSFz#~K_l+mFeQjBprGL3sHBmRM%~MV7mT}w% z*lmw8)mfg?;}oY}>)Y=KDgpwg1%xhWS9GAw*3nqPWi5|y1Tlu+-F8LKbhNH25o4Tu z1($8Pz1w=w%)V@)3S! z$3@txU6~>DWUO%*yhDy-C2jIPKRM{;(UHYt6+SS$VXvc-(5wu#II*yWZshbCcF@)(-Wi(v^HJB#e?xbK3q6~WlVDFy6(wyG3 zSn|z0+v;Q{O-O8oX)iAept)74L|UN!xUR5`wgJg~{K+Uq5gu|H*KU<<_kz&iwtXvK zHO4f9YT#3g{Jophv{Fi$4bBti^#pNoW2NKUsrfB!q9M+b!`Bq6){YZ~Ig~_#AJJ}3 zyb~A<)@M*X1TGp6R(}61(jgsoD^+4(yt-6D(sXlYU9vQ(Gk5&rNRDH7r^XZFr<7o~9(aO3x7)Ej|o%G<->o+{4^NZqzJs^##g;6bB zkyd$?{?_O$Yu{R9EmpX`Xghz6aYlRh8$FXj^8(iZ%n6%nW#N#PvCa!+wqeUGgb7A7 zG9+dgf}_<>>d|vp)0uL=#T@%;St6Fy>+Jek8$<|SN4sq_#*8W zGV!s5E6J0Q99Pw1+e|yr+-T7HN3?*l*e@y5!H4>#OIU*CA7G!34JE6t=+dP&rYZ1k zYsS9{xiqF2-&q={KEvxCzF*A6(x%z?$oR8scO~`j+zC8HP3)f1T^^;bt$KbqF?+l< zNoVBzZNwXev`D$Q@ouvh9RkiTU6LN z;X}^L`g}Ncdc{G2q+%{5k-lVknwQGd_%fP@x+F57Amn?~ZqaXfe#1^uM$C zn*50IW%z)+E633{KSqx^Db9@9aNjBy!*1U+dB(ai`Vc ziRo?c@x{`>li5)%7#nL=UA?_9MQ3Ca=oS3z5O=ns{FHIO1I&uuegi>ou||f2dHCV>u30f>!h)4< z>Kcw?Qizr?E%ppC$-450V(`_8RHLxSXe%8p@^;l#EkUV)$?14)a+4eD%OU#7IRiSi zxBGGdPN}?AJH)#|PjxgA8#Vi+hkl-nm6UdWP}mfzv2&y1ZS<4$JEU!qIXXQx>1-7| z(_?xScn_=8RI7@((WjSzRFCK&MA;M0o1qcTn2c^cLeDe|jOR6#7O?3itZ?B-2m&tu z`V;sVEV~;Y-jN+G1Hkzc`cS!XCxl?{94h^I7pRLPP*wNgw6F&51J^pmCh?@vZ~MQQ zorkqjmhR+cNr#3`J)2DZ1RZBge|_w=@by`a-HMSPHw1rvNF+Le8_T-DO(|mi4)p4Y zO@D2w2kzs>nGpJDht=(#t&y%@J6m9fQ0-+c67uy(i=H_g)a4PN7Nwf6E0PUevXQxI zm8IGN`Va?XV`iB_f1j_A=^Ps_@?NJnQQ&l#0Uw;r>6-=XwfLkWsf+03F#0#Bz$N^?FF(=ONo zdcG%eVT>^Y;{A){L%yftAS|FO`J z>y_NtH)@tgwgROdAd3iKzNtS)P>4bkX3jHv7j3Fy^+-AAG%Lqmu#Wf(lnN-6EME%h zcIK^hAozG#?oG`!&N}ck?Nx3``A{n?d{SzyuZ0UpJ*16&rj2d#Zi^ZioxBe835_27 zHENu*yCvV%QlVMCE6#VsvrdvpLBP%qN_RuC&f{@Q z{MQBBo43F}?s@ZK)tkXu%7Wv}E-8ESX}-hmJvXdw!TeK1Xl-x4)m^*}lf``PzWQf4 zQ4j^y?Y=a)U=Nz`t?dOL&JlY1z-ZR?U61ZX88?_t^IdE$F4dUn*{?fykSYKcLJ7A^>x0&^};&Tzt!-f8Q-T?#ZGT@?GG=UnKgG0%&zVa ztmGWRY3YkZT$ZWQ=%6jV036b5APe}5z)d63Srq!2tcsx9IQuWJa!e6Y9ikTN`c%exe1e7oiXSup7JS^9datttq(-(}FefwOkDxJVHA1>)W zLu+LeC{Wh;6xLu{=HP*bUeXuK^i6T7Sr=EM@rD2h%Gb@*yVV@V59bj>EUjH&?q7(h z{v2lRAXDG%{o^OP5_sD?v9EU5r`X2pPL7Lw0s`SE9nCAfv2CB+-x*9rIM|U+?XHhJ zvre$@$M^ob6xqL;q}boa=j^}D!vAl;WsbKVtLJf^9_t%XNqSy9eDc!AOFd?T;!+E( zkttjMW9m-N%bDjNo6@VK&dPWWcWvqY9MP4u3z2Tzuf4?n_P+H)qs1le&3E-I3-bMED_4=Sl^h0V)EeFb1%bX+ZHIBF_79?Luz3ML8W)Nr?~(lCDw!zlDvJ`* ztzNViW0>i8PX<;QRA{HC$I%do<<`?8jO&(*&&g>HJ+k2GtwwbpdU#|0)L?p2{9F4c zX}-&;YH&!-ed+DDU|ry?(J%eFzISNt8Dga_UadG@SaQUyrPo;XXyQ0&<`#ptAl=4e z98U0B_Y#n@WTnryn3u<`U|*?bwech_H?S4wTLt9(0y<7t+Bd&{Agok}L|tDy;u0XL zA8|fmBIQ8ol$~Hxy1Ccne5ydLFQ-#vt*N|mhvrdGxzNb60Wbjv*47)4CUkz@eh>Vv4d&vBS)!32IVzx1fp3GhM{Eimkz zt5+6ZS09+aIr#~sBt(5y{XxAL#-o$*;itUcN~KtqfK-NTnZ8iMVEvGc9Zer6Efm17 zndRQ&QH=)hK?K!wZSKa_tm0H+m}c$aXrUwBOxi09W$iRp=Uqn_9yi z5rG^pwoM{3EGBVSc@t?#w^hZQ+jlBGbxoLL|J4%MX}Xy%)I7|0vB;W9oV z1Fe*)HPT{l6d4W^us=mUq7mcZ{)#d-%Fn6}5scNjnj>LXt;+gjRcMYYK%13Rv;3VI z78@vd+zqFsFR$#+CfD7(y!n1sl-%NnYEtL=0(w|LvfUf-zO_#p-uduEMnoaZT>f5#JlWS#r%lsJX~5AIXm07hE(nN)-ea8cRX5BU+ND5~nJ30Y8FZ zwQ+y6cV<2r);(ZR^nSF<#DRGS6rGk{NI>;%{@AsOq*vs?Y*9}Ud#$+4+WEQ38lPn= ziecdR>J|*sZ9hAT?=-|X=3Pwo?XIeGTd|B&efk-=b=9PXXYG18o7~5Hux!guTU?1_ z(h%Q!!+5_E-;U?_Rg)wL)<&->VrHM_rHl_rt85ca;F4ktXDNR9{Q0vcwVF!}yAL+H zIYTLQ)sMe#mlxNb1SB&H1v!D?xv~`Gl$nxahic2=eZ%qlE#Cdjsz%q0DP@(dyYF`@ z0yV}=T!)E+1D1vM3OaB(FR>iPe|gW-PV3N{H238*!)PE;^g+ zAC4I^bZyu~30ntmgW=ii0;iHWd6Mi?0yD6>q3wl4qNp}En(T61zs)c|ee^6*HdU6Z zLHU&is|<$5ofp%klUXbbXFe|ScpJ%)8lSe`{{(G(V&9Ea@4Q0o%j&BYbpke-#TS&k z`=T4@>}rlv;xjkie^-njzQWbA=5ZcgH7q<9TXS=GwGf99ol?zF zZXF?|Rz*D&RWO`A%nuN66YJ-OOsN zz&;kdAH^Qu{lW(W6ne6%Jq^ME(5NcuF}QLfsN`32dUV^TXy&&!p9dGa7k&1_oid$7 zvsD31y6@Px8GWbxISQh8i)>z3a(dxPhI!n;i$bq=T9UK9<<^cUb^ByE_&}yk7I{F> zAr!l7I=98r;R}IprEmhHR!ZO8Y8mI)rn&l#DBY)vl`xf*Km4yGIxNnWywKv@HY)wm z^47=pCZdMm(SY0cwsRXpIb5(kC)dqwO{#a(ZgVcQN*%E|d;UMb=k>h!H@Ds#x}&wh zubC!v3An0X0DpQ^b+xHw zzd3H9F_Cz0VVjmmpUP4VD>&6$>=sq5LCKjpw5j@st}PS8cwW2%1#A)+YScy*1Vi$fY{0`b(2!S&5!9?jpQJu5D~@+hC)7FUCA;kovzy2BYsRuo`@naJhY zKnATQ+mx1;z__5>ygCXX)hPB8ap|7`RN%KDJ%iQ~{7EG`(j=hUbS=Urajb!0lk5fF z!#d8s<;sQuf5_f3DVSO@377i_Wc5T@6twoWB{;5q!TOr#jqfIO{+W7Iyg&S69fF>E zioGab-KGw?mB1dMrZqM;FUu-WxfQMGy~GsVhtCdzLQT~i%yFyY~YcjZ9p#fhcr zPUl7!P1c#lo3=U1_pvi?-hfOe*#blbj!M-NUz?L$K5Wr2h#xXIiNg#93TqDVVX*ex zTW5B&Wov?;l-$N-(KWCF2X|XhRo+aDA5%Z3OIZr$;B#L!_fj!GGMX)Wi4u@dbhegg zFw4RCje4jYRQSnjee7=z7zaOmy2~aSM;3mwJJ9P-x0(z{ zIVZ;niBOEz zvUxe$Df@JN9&3Zr+|_jF*>9E+h~(wsQK^*@;FHY_@)omy#vVGgB!@uc(JJJvbA8z= zk!^=JKaRmF?B91v>`4sUt#%(CS^spat*HLftp;+pzVqZ65LVKRmzh7jFq6h?)H~Th z8k0-k=hDGHw%}RyxB)+EKylD*_WrCplDun+q<@6ESm-7SEzttNh1%9M4QqJpugM>J zhDqPz?58ZnS<0dsnWNV@|BTg2jJN%>zI|)VX69Oz^GwMOwodAgPgy;INmZxwgK`;g zxE+!d8#a>DS-o`z=BF^68oh>(!vRLYl%%%uQ+2zD*GAyXO-Ex6K`>Pb8MIENSen~A z=1=p)+tgcRIyiBrg*=KGUCENpm)_siwnlfX=|HIYa~-pO){NQaJ7gEy`;<|vQJ^x} z>jT-`ni3D)C*j0}9NjLS*I)AHqb{JI^=#i<`JuLoa$d&A)7la413@uw1p`cFy&Dgo z7!VAwFK`{(dRV8CPj*aGViR5;=j4$ud|-e05F&pWbfrDl2nE<`fL|TL=}DQP)gUe1 zA@C!N{--bL{qda>%WSWNUd;)%4_@B6M(u`q^M8t#reqwPbu$ka{a*tUyV4Nc#J&8KH7eX*u=hH;qYwwbobCkI>Pm{MYeG;uNpYPilrR1JjhAZtZbdPjADPlF` z1=DQ@NwL$Nj?nduUkI5yFfN{QxGrXN0>yZij`+t%;kwHHNoo-NIE_&Ei{HWGTZ^(7 z@}%#J903 zcDv%IZP2Aq;rX)M+M5DGT+`F>4;;ceitRpEoo~1>KQj^iz3&aVhIJ!e`b`uZCd;wv z6!q1ejwZ5O*IX0#83Q`wZv0rc?zhwIyc?kXpy)m&w204{z8%KB6J|u(V@7+_xYlmD z8cHbYYV{A*7#J3YG)_l`^KE<`#z))=5s~l6X)Msw$=M3|QL%79HMdlCOps2XLs9B97 z-07nOL1FLGQWQI*hm*RTVEJhMYhJ-Y-t^3_-Q(UsMUb3J>t2)0`~44I0;|8mo5q8oNUPP`5BEg3r-=nbP;t=+tt)x%aP<7o@bqPaCF0f_G4 zgGmWQ%93JjmN~cN21Al5swS)Ej!~1d-O<>YRNrn8vyP=1dekM8*itRqVoOV}-2KV_ zGSqO;vVN6?gu6*K+_o`q#@J!n)`T$-D^8zMu}IW3H>o zA*nc+bRsd>V^T>n19+IkKwn$^?Kj&O-mnmx1RzzAsm}Z=<=0;kTm{?7ut$quNKU7B zG>%ZG1z8;pRo{#r`}GJ652dIkdH44Ul-RqC?jz&XF&9UKo{8Y|n(0G4E8U-Y61W0R z@+Mgz)0qz?Af z;ZtHRN{_e#3o!TD#8Ck?>MDaC=`{N4H|p6tGb{AB%g^+>2hq+JIt(OBpYF`Tj?~fy zvQ&->Us|oWSG$v3?OJ(dLCYO6NXb}SdR5mr`0mhb$4=kbq}#pwNS&1NyHb3k>ROms zXv^7p&y01;jUCXRqIuni1kLAA+J^!YY-1)tro6leGWe_9muFN z#9K)}vJj99FouaB4cQT|30tai%6DV+f+rfG7e{G)-z3E(8&A=0oRpF|Zt{lv=*hUn ztYwCpMSJ{)_eXZn)SI0RZ4?hUS#r4;&R8^;nA0cj>#F8PxrIgTth%cCsjiaqWA?}B zzN$L+p(L`aU|-9G4X)R_VkLY0QwNIcj*&P`le56VPe)hY^j!CA_P&EDF{5CAu5qca z&6-rxmr6;-!js%QMyi2Dqr4mpq>kU?ES|;+&3LTgXeThV4ExodGBEeev7pwzYlWdFNG2iYk+#XJJ@Qj5ub+;{=S?7r2xXjDlFNbE#W~XU{_rPmW)+VYg zwxXKRD2UZk6o}{5v4CRvFd~zKR`oaiFGTb|(3e+as~ z*~eUHIaW%(?FQF*P91Y2l8PmhsQAiD^jTN$I!N-}9=04AuS8xgOhj{-8|y1tnbRpP z#_ojMQ|g(+2ZqPbsdFpVy`4DK@bopIZtUh(MmyXzihk_N_%P8P38zJ48j!%Y7Rv%|Kz)3Pky$##+%b^cIA!UMP`|ks$m^55_g1^ z?iYW!aiN#k*jJx=)~3N(a3iJXyV9nBg=+D%sgHNhXp<~dCqmKxhF56Izh_V7C}`HX ziiKcAgn(oKlRqnG2Q8)DU>h5WoGNw1u7sct*t`qJUH$HqZBL1#0kRRPK)_ZU>C^$i zI?Y+w`RyZ7-Xm{Aq3~c}=S&`~oZyjAA3as&qY;K3z__)rLO<7d#J?RA77(+RQ_rX9 zWRQjYsUDJ(6ZKbvp<0am(Sx5aWkX!nRH1P?uA)8l&cr6sh!F8b!7!8OftO{s=2G1S zH(EK)Yj=_PWDleys?!zVH}TnlXzf5fS?hLK`XfR?===ig{ZrQZgoT87oCzU2^o-Wh zWL&@GBa4k&q<1f25r3`&NfO5*4p*`%q>2OHNDfXPlCYSMMha#ngdv5YaAY27c&^kj z!6zrHfPd7YWPX=vyp|(Qj6cr;G*H&v1@%_p>mr~;rKi;;ysOIlY(kTyrP6mh<~-y? zE{F4b8Z>khZ#|driwk6A;w?%T!)KZno0qxu5S7zGrHMeFF`<;x?T^kJ5W0kfPJx&g zwoTUbMqLcR9zEw?wqiSPxJ<~NXw0h^@4L;TBjz$nE`GZcbZq~w#j0hqNg;?$8Us#~ zt;Rtdy-b!D{b*xw*my2wk8@N7I;p6AHxysA72$vCMmeSz`n&I^D(`k+tLD(n`Fotq zf&h4HZQzi@JFWeeO_;~4}r1>V>KKb6W?wix;1;BlG(uS zfV;upn#kC~7p&D3u$o;IK~InF{=DeKPQC?)k0>M}Dmu?~1B^i~jo&Pv9#VLab?Z9r zo6eD!rNtqYAo?-Vn=u2s+lUAtUriTPi!CX(x+oXk4(!E8%3VdnBo<_wt8;W`A~j*Yoc#YKz9Eon zdZMDbrpV)f#~Ehg=v#~K+7M$iJEWzCA#yDQOR_QWtk%$~mmfXT*5uh~Z3q%Vr|28= zx?mVapeV9dQ@#eCp*BGiO3{}s^URhP(!zVu1qD8cHJ}k(^~|^OpS)XxU&F1ZhYi_q z6N-xLd~`};gYs+*k(#wP`er%sM(tUwOq~5AkKwOFv=ZD}z%FZ_apoL}9>bDcY$3bc>sd1!vf#$=sH9@yD?--+}_;WlYH^`&+ zb_L1?Oin(@f`y+WtyXZdFPKS_HxE_(`OC8X9zHY3{WmxzJTN9(9g4qN9iqm16?_*P znwymtf-^TVvL?FZ6kY$UN-G)$An+Ym89Yl^pL;czZ75zlT3W(a-A=a&a;LfF_??K8 zzekfU%pC__&%@r>6O3(x;230&*plzFhTGvzZl^L^!E`ehINBzUo;BM{;Bw@`h>>}m z)%xiQtQ4TlmU4*wVJ7|6j ztDHcKLOC16{pg)!wL6;D+m>=aE@UWsMPEhuZXLyz+N!d&_2GEG4Y}TiqTFw-+h+d( zpQAC;xfyfbsWY#PPgXLc%$YN(jkNfIi^6}e1fV!Cr!nyIZ7Y3rU_lV zevJ1x!Xbz9;e;UduAGx&cAi}R11!eX-bAn!9ovx0k}HBaO~d~5>Uk+`>~1o}aGw?5 zG3KZqtEq;?T7qtRooPJo07Mwf2`FXQq0XanaYgF|ONxe`^$g-^?~^xo;P@ZF0Q7$;cgD(4Phs>WttskcT_k7^53VrAY z4$|j;$5eGif9V_up-}cR3cme+7P9>>|MtJl!y|wEzz=J=*O+>^gi9_>w>gg9ZMNY! z`oAb0xy0k+vW9Qz)!_IavcRi2VnX2|H>G7My(hf_+*<0h8*94CcvN11zVKm8n+Ena z6%Ieb#pHZOh5L3R%df#1z`Jo91K8Z4a%g2%hlOsMvKlp>7h?Ir8%5OKX_Tw|hp&lCr?nu*b2Zv=|U3Dt2XvZ6U&!Lg!{uDp2th zktYj0ac;se5Nn~;mzo=#6G~bq_qFqnmRmP+!VIaJ3UCKwcdyo&}QG+m{r#@oyo%E z+!xdcPG+U1m<5_#aOd`f#Po8(F?{NfK}CR-Z=z#=`|c%0));8R)_+od)w231KoF=2 z#X=Kv(s?3w2DzoiLJUH&?HN7KuKlJf^H+x!c{6{<^z;pgK2u+LK-<_;BoxKOVyDJc zU)A}OmHujxiUa|tSG~cxie}mYSQD7W*A-C7irvUE2rYb~Sfx$E@0sRvR7ukpA1rc@ zs1`@}{AgUU&^*eyIr|-!(qo-oIL2sa#+EeGaapR^+|rrX>pjh{H04&W48NxOUF+Ho z)h9eF>nL`N(LxmMEkOw6XTwtICwsLYNcOsnvo!I+TEX^hdGhCMpZu|=_mHrn>)Ow` zM#MSjt(V6$r?T<$F)DP#9Q}}Jg@@}ZU%G?p@CcPVscqvQ^6k%s6Xr8Y&mAE`G>|cM zx7LFnU)(}Wlb#$bb%2Gd15*n^xKGLt`LUv6GBvdaLbM+H6PMi_Yq9vJIt_stj#a~I z0B#8#rQ2Lb+g>ODs17@jUFL+7W%rb%y_n7w{>LUG=m`CMoX?F7xE%?)gqm&cX6~fj zJ!naRww174lnhP!*h}{9^<0R)uk-cy2@18Ym@88;=;GsV6tA^B9)*IQ5))S{&S~ehl8EuQnWWc^9(FVMk7Kl72!U|B4v<6~v}sZBgy$ zE1hI}{u|rx2_o0u<%5zYhS(t8b$(homB+4UXDTfF3MjmlpCgd1!% zUF?(OoXMPyaQd)YWnX4OY<K%v1n4FOj4=f32v`h@f{5?b?V0ei;&i_K^Wp?T`V@9=QdmB_pwvPtJN}3kg zh|4*4wRfFseBQRhFv<%Pm$-1|K&hS57j8NxE;+q2P*_Q<^YXumu&_?%#7wJ-cb#W$ zM<(xU?}*07^X{5 znx-w?$n1wsvCf4TjHaJPt&)$(sD-B?qgL7EpGK{f0al2{(tthJ%Ll*UZfKNUB^c#y z-!&H!&Kqm$pJ)2?>cN<`6F{%!-f9rAcq$C_Hnja2$?IP#zU6ikFMNyFK8KTq<)HYr ziy!N?aMYH9*nxBL9x1J9u)@zVUuRaQJS0I?TO2FI&#X)pdn32W5T|_sHpnt&!5#$A zyg3*}47SAgXBDv9%hK-?n6ZSj`?62oUZEXvKvFWvnE-cyOEJf}r}g=}@X+v?CGQtY z=4H0WdcVk{Mt-61M3H&x`_<3yZf-Am?pw$G(0#-$N7Cu)!hk_(uE*qNw|qslfi0Zl z`oeoxvgdN$Kjw0Ta`N)$Qq=RpM=@{q_3ii6vD{^FQXi8{aUQtS?lzV9fLEE6dKtsJ z_$4vUfup5SJ~x^gPc+rN&BOUMR~hrrKad30VYllQ1+W{-+mTLATjpPVT5lDrK|K=D zklEDKdN2NXQ^U3wiVLY@kxnJG;_C)`OD54qQQoz!7;L8FkQn#rit!HP(e9KOb4s(&FX^u!}Iq?wj?8syEH%; z@pGT|gi&iYEYiDFf+hP)eoLxL9!}I!yFjTOo}Ec}aGjMAAR1<#9+={o-=C-swIWO^ z#>XZlIb9Ri+~GcA5V9UZ9dW;s)xf3&*URf)tJ9@UtJUPcDuT zUe&GO*l_%oeprhaxJCl-%tNWZjCSsABNZ17<2C*GBV@-Jth+{2z0)h6*!?S9Rh;a6 zqT#S;&EhB6iVFSf!H8X9)Tp@7pSc88fwgHSxo$gC=wA8=^OPM^QSQ5%?V_R^=1*f`)S+z^2IdqI zg`QK}ZqE|VoO~kW^5w{4R=N77y*e3~t^Tu|0ro$*DIv=}WA%j5r83JaK0^;zz#BoQ z6S&!{WBD`Q2zDmr*d-%q^qEI%hlQpz?t37Tp#WKjfIpd=vj?EEYog*sUGEU^v8eIa zG16tQ=pvvqQ!f~oUK5n`pN!Fyv1GYhT{W+niT_1e-OKALXH;kJf^#_%$N&K$r=rp; zdVO1dYB6c&Pg*?$sOs_wGw+wEHZ2>Cq5zD#Y_*Z|Rc>nU$Bm15*6f@18>xdSs-__Z z@mTSPV{}u14{Fl3fT*AnV?B1prJt?qfK}7giKKW`)6RJpV==j{l$9 zMK!n%XNWW}GuZ3!%63KZW4vH{mG9ZTQirV6*zK5}XTK>nM&F-CEtZ4~NC(!P5Iz>R z?ztw_z{a4=2_1G%{ZYQrZ?%k?)x+cPl${(`kOf;M)CW6SwC0X|QEX*tE$FP;r#DsK zzb{YCYzmB0LXMA7XS74F3_1>OuLari>p|6F_$%I?A1d7hLF0rj@Y9uhtJ$r+JLfhQ zrtZK+wqk3L(F^WW;l-anlW!+{W^)<`z!E9_M6}liwMGjabB{Va1b34N1Xz84=P%F^ z7@M^(M>q{!n1k(#nLFlvZjl|PhwBkM#4m6SJv8_nNB5z17sS781GCeW73~-d%&uZ% zcRD$WU~b#rjQtt?1N)TQ=+wXPSS4S9`x4p)XYHkt8?$E4$qPzx$IjDlC*D2`TNinI z=KYOfPZ56f{a5w6%qT7V=L}%ZYu$Tkg*?%|Ul^UeaY0%#w^tFZM}V;k=pNB2qaj-Q zI+V`2hNY1LiK4je=C4=)fK*6VEPY_Ffsm@3cG|amho3>~lA$!&@LOAzoV?x%N-q#u z&kP1vVhc6Z)Xs(fB?Jhv#)$BP3vNPY3r)oBa-hqg-el4!^k_G4xI^wptL!G}2zH^G z<2lBN_TbNZ1Fm_Q;We}BD!OAw)=S$9je^Y!Ag;fWs--qrW%cyw)U<})w_(~<0PCh{v%WpU|0o*8UO_w;Pu_A zV8;iesV%1{hd@ccXVrcsGfkzfd%v2J)5OWdJk^h_FsvC>hqp%DMe-Vl#bM*N&Icpe z1eLcE0KToeKceC`EGza)8YZk;5_wV0OFj?wc8cIN=R2dTJ3&WaNZ%}e*U0rmONTz9 zcMt5}FE?Jq3axFp#-swP7^(?N=qJpnNiw?vHH7a*2|9;&#b`n<_|U0_G!4GpZF$G7 zHYoHo1ep{ZItv(lc2@UaCu*{xjkH}bQ@e3;;6({bXLT3Rkt&TF4sJhus`oKY@FPss zV*hojHep{NC{=Y}d&2L3m-|>-Vs0Go_rG>gpGrY)J|w3ST*{%yl1D`)Q_Sj_BOyPY z784G%rpcg(KqP%c5@o!KUcWb3Z6(;7Mf;8w|F98f zU;C&OuYNah@Z0M*NOF7-aqhCVSx$?|g`k5Se0=7>%xStFhZhL$K)8C*p&LEbP4hSZ zEXm9q_&)w7X)IrhHz2fic8ZPel+_@!_kFX*8Q(dzhbPlET~ zR7aCyhK!I|FG%2S&NiMC;&Z1cG&+;P@Wu7ca2&cG?-%0l&;IZQaU2^&(@VV*xzZ_{ z_9v!Z=X|CSglIdi3~G*})$KMzJs;*L71n5xbm5-IB7PXB8EELh8#I{0>~&2t4}^BO z$ZU!ob^V_3@EEMgt|Lz$FS~|G34%OQ=>A_w4lbHUt(Sgpj&J~cKAcdq#n_0az^gMY zpO?mwJt$;+lnV{_aw$6@4S+4r+gE5Bys-qdd2ZgIxpN+|w^(-FS#1JTzYe44w+U#? zGlg6I@oHl~>=#&t~T)g4vjc>MtjVI&ZNmKsJa0s{;@@h9`T@5g4eX_R~8g_j< z8Mmt8aU>{>6hm>ejKy@HffAIV_JXRF#vQu5cJUhM0IgKOW(}wE$ORu-oDZs&v^efjyYHNOZdM3HIDh?v&r$>|8a%oSK~I- zb2@mu_ei>j+i>$72PY7+5dNriT(;6 z`o!E7f}=WJl*py`K{7I0T{k;>Ha~g)CQP+6doH`AinxCKY|Qzkv+A+)Am{Uu;ODDJ zcU+p>zLx{x#E#o5Inz@ju3h9be{v_9{SA*zgN}_xAM3UUwFjjGBvr<|i1Z3aeV0RL zV6%WW45-+HEw*Z6sNY>nu8v^aG>P;C+V0R*ddk=eZAGp$0<)bunx(XTLWHOv=`u+g zQeAcBZcL1o;@%znYNY3`x*R^N0Y+xT>-N1`qcZj;L&+)`jMwR^qpFKBB?LqK_dDkh z0oL;LScL?56n)FZbQ%uF%3H00_Yd2)g=!d~|Ip)1S#t+0hBTZipZ>5##F^yWNHT%` zN9yYN;gkdHMoZMOaI@I<30?Jn=yRDJlC1Yn{e;&*gMhX zJ6nIIL4T6W2R~ z*_O%}D?+=ZLE_@PtfNpw*xS?{rEiD2vIzLxxIy!9dt-N$m2No5%d7$Ym2E35CZbd4E$gt#=XGgo(vxL6z~>4s_Y`Don$&@6 z;aXHt)gj$2rWlD1)gwvz0K=+kJ5SKh$G>|jM6d!R#=6Z#uxDVemaMq=FlVD1-+Ln) zqsh+DEM>M04R$N#zIlGU^^$u19@AeM#og9RT_af)Lb-^WDfbu|+g2Ca4b54!qY5j- zLdLSLy9VgYYdU#t6SJHhQzG|(yD7YBRn(;*Fr`~iFp4@YN>J`QNOf}WbZI=&bEC}#7`uNGWhfZ&3(O+DIH&kx#O5wlKVOX=f7HWnkqx$Sm zT3}_41n*Bx^+PJxXU^p%5_Y()ra2B@CHFMZgPosi@#5cQp&MCNR@Ql=yyY)X3Qt>^ zwqaJ-6Z@s_u}s=P`;j|Ru$G6@E>~Dm#AVc(ETPwszsFH&qG;Z=r(Q*-skM#c)Qacq z9vD2cNj^uirIFn95+H<{0fM(gs2)vqeJ%!ut@;)vZBwHjvBer%P4Tst1*N1W8R<$D z9T-*4xzgGGHD2inQSuF+KFi(5ssoN@U$R)zRaDYv=q0HOv?jBDtw2tz=UBx3s_BAj zZAr|D3aVm1*B(#FFYT<69Wuw`J`VyG6iJx3vVCX2@EZt*!`kK0b4}jLb)4>t^s4!W z8RH8SN32N8$tIfR+i9hc9Xo$=XS7ZC8D6z(u1n6xG*o4a0fCfD?n4Cg7 zgrGCU=@Iy+d&!?71K=pnUX|m%@P9H&z;@;&(dk>b4OBq~L2e>xmKkvR^8cd0jISwoE)d%11Uio;=A~ZKmftlG4=Jehaymy>Z^*D3T6wi39wyg( zgS-V?0UU5lKF)V7dWNBQ*Tge8qap(vu~g2yP4(6A$S0LCEoZyq1$n|IX=FA>QhA(f z)z_FweNl?<`{9SoAazf;fhO>kfi(L@OoTbj(+hy9}VJ_ev;97iK%^Bll zujCg#J{F9%3eVf{bjELu1I*Y7&^HO7|+PMiU(-I^6cUK^(BFguj^DyTD6t^U~ zWOdS<0dx971)eJHFmoTaNzd7&$LMA@aX_g!JkxcFp5nv3O?=I7QNMNf{DyP2U)Q3) zN>|nOYt}KoE4VTPy}L~q^~8ZBofp!XEsX{&1aP&AOGu=CiSfpaWdd00==2a?W{Yl7gNkc#ZS7S9hzNY}3HCcrUEI`Jxx#w#yyV2&h)Se7lAFx;@nN!Ts8)*vy6VZLTt< z6jgGr81OX69~6mZsFI`UX)LjJop0MX9wyDR&QB}+VAsqtjE7PdUP1+F$#dq3MA7Nn za<&$DuI|fcS@$}pDx3CyIh-OCcX+|YZK$cC0{DvlAFD%SOSR|y{X6x~pAT>JuL<7Y zcB)Jpvv74s%xDynU3lYaa|IQCNlY)^`RJ&Vl>2DCjRx6lvNQ23KG>hME~$3pcIl@7 zq@f3$k8s;`xDNYx4rN7}#q+F};FN%35MTSHe1-HzL1+?Bzm;};ey`*tv=-@`dtvNC zo$$p(z1$UZDpj9GzjqeVXV?BG+d|PuRDS|joiP3=+fA<}zeLznvGFbw0 z|HQoo=0pI;=5m=dHdrMtCAVkKo=lM{{f;;KBA^SH1Ukc^1KJ*IVdR8`rHnK-PV54y zfVL8V3}aSVaf;dGY+Iz)-Tn)QPX_zZ=^zDUlQ3k0KuS2At-#C+ zD0l?8K;@urED$4!fMYMR9U@1NdES(}M+euj+1oFiZ($mqw)vx~(9r}PhuoCZ!Ug;= z$;K`6DN38sE4#{wsKU|$1181577kJJU(%d)!qUxa$GQuPZ0LI7(fYzIA^rWAT}Cr2 zI_6;DaR?%EnI_bTdFtq2Y9O6||A(LJh2Qb@C?MIC_eNRDoN?B0s~!OHXs4C&2{N^n(mN)L>}l5S^TQGLPli`v zh~mdc(-lh|Oq;Z&|AT`!fIi8bcwZ;1lm^O$^_^C0n@qNeDQOp$JTj8 z{#QCLn+mI~@PM+^D#_Q^()JzM#9Ufh+MW(AeAkkApRyw(kF=QozzK6=pSqdghvBQq zJ&1j#ekkDP6K8_6fA{IGK;M2;;Fg|nEL-sfce;IHLYUvo1EbHRS{C8GBqm=wSER7cU;{OV&?K$zl}m4@0nz-Yf>LSy27IBM zUW0;#DaCf6_FYrEnqas0Dv_Jl&V^f1Xx$5q`}bXq$We73;6|;E9FQY0nexXXt5FOJ%6t3~kj;$h5Xj+n`94NLnR=+m3E@v((mD zDk32nRBXYRwy3qX1gWJ|f>;Ja5J~3wy4qRJnS1V>n?E2YCqI0@&*$^J-mf=qy2vKa zrA$nvpR)=yJFvg#1k&lYetzU)WjsCHFOJ%Ul$sC51MbzGF@skzXK zZ|;K@yQb2XA^ZzKo1Wi`jOTL-*72I6Ph9_O2J?zRsC1_K;!4&4a^0qk@IjSn!MW($ zV{`#9ceO7x368u2oIOd7M2l~|lAq5)VyL0Il|22+zL!$direI{J2~$5)2{{4g?x&HXkIL*2xPr}Fh~2v6F2c~S!%O*%0Ohu%+&oxRz`Y;)4=#9GTloD4^ z_q}b-sRC6csfz@e&MC=|CdeRnSy{k;=I#pX3aB!yApB;8yb+Y7`gaxx5EK1>i|pSs zHr;>zRm@}1vj=dTM)f&EVzw(7DI%A38yg7xsd9u7NQMX|Ln2Qv{;XNk`{ ztX=-Q5e}G4=Fay?5Edy(OJAf%UnOy3hMojBKz4rk8wYAUZ}n zK<5pa###{6|Ht$*4*L6=V^??C%iIDT=Pw{@|G}FD@^6Yx6ZH1!)^|sN0u?B`4_$G! zzpDwLy2G#v{^rZqy#2w#4XO({2IN2Ih2Elp1DFd`50V{^R&v!LeVay&F@?gZ!#4#A z=<-uzHuGtqWJu9ug?T)I>3{TD>_&sET-a-D^CyK2cC5JMS+<6{ee#D7Km_}yw{~qR z$%)XPiCCznPm9hV#DWM?ErRl}g|CSqNVx$fDt%KZ0ovu7|Ds)Pp4c$;BWPMKIvSXu3E?EIHM!WID=2C8J;w&mNf$B#_c(3nZdWwOdLF>f~LbFz-x#F)Pn zF|vI3A1>2g000a7M1KDJ1huw9h7!<$67WiU`cuH@0l59PL&2?%T!0~%whAU1RGh`j zUbyQ9AS68d2sp|%ySF@XAjp~y7S?`FHfAUUhaC;~NN!wPBV}h7Rwy|MF)I5pJmzS! zhbs>;A**>b-+Z;xK}CC=7uynUPV%XTI?2s8Q7cK(*ahJI-cKdU1%H>2_VT!jJp#+_Ux5)I;Gs2#>SMB$X=!5yKEh2Gd zSp|TVZM6>LI9Kf%!iEdOI;;33R3%RVdVb|!MHA2**B-IdUJlu*`@f+y%J};hSL_DTeFVTcngHZ4SZxhJq^d!OfT0A^_n?DG_nV#0G6?Sm^22R+aSX1xr3QNsg$_hZE zOx{+JT~(#!qqy_pW$Rcb#MzidW(An!3?}Lyu}*v2!dT^IWHH8zrT9S2@DJ%xT{3C8 zZvme5Ty!up5A4rzlIfY_t+|Yi9)MgG$Q!k%oLJnavb(4_fzp8jn|8nEdpRqEX2+I7 zF$2hbZ72zh#V8r{WLxn+1~qo5amp7yCdd~7mSw*OYkG?Ss^r)G))r(m9v{g&?(I*j z47(}RUb+qLFyh#$=)ryh#>iZ z+n5pUf99#q9Z%K>;@Zd-rqjQP>9`S?1c}>u{Bfl7Cawbo41{$jXUgV*KuNMfrDxZR zS}lCg|K`cYnK&*#49|ph3BMgzOmO3N68%AJdeRK+o8^_jvYiTMxIxEk{dAy*_6Owl zxzmHWcY=^U!g3UcWop5<;kbB=!asl$a21tOMREL=X4a@xmK`=xxzYoulpd4m2h7)- z4KlErgT(DuYJx8yQ31ZWJf&@PwB#y0#xc<%CthyY7Qj61f)Rp7>$#2;ojyuOF%sD9 zpV^>rU%!Z$Rt<~>F;5VeO9MFe!D+a;p2l`Z~8tmq>3&;*kCgZ zLw2=N77z1Rqn9`tf#sl+q4d5mz9g<@J^oU^q>yS}MYfn+7wNuyJ~aGANoVwAjtnD& zoL#mqJ5;TXYE?^@06DZfAzuq1{!zIgePHZ!ufn3m@ zvR}>KJw5`M5Q4ckjJrOfRL4|IuL~xOdC^uvgcO_jWwB*uqVK>cI8gpDL}L)I(Ch8p z`>NcVh<*5__KJx7hB#W*;3*WzmR-Mz23&@lfKECq z$NUF`G5oJS7VDsp2IQk;OG>F((sE9u!of-k4_5e$d}rqQGPl;$(Bni!u(LYSbCUXG zFhyvb&tYxRMtFn`Bk+3PT!MD>vDrV4av=_NtEe?HDb(Y?N5Lw|duCeFwp7tQ2Cvco8(>T+0 zm%YQDl3W%A2H$3Vbj*e(VF)4 H*|=W;#R4Xz literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/for_each.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/for_each.png new file mode 100644 index 0000000000000000000000000000000000000000..db8da7ef89ece1840ded4a5997160ff181104a12 GIT binary patch literal 10025 zcmd6NWmwc*w>K(CN=pcWbax2|$k0;KGBil1;(*f9(j(F!5`x5#L&G2?-7s`XGqemy zpFiHueLdGX&#CKN?}zup#GbwP`tQBhTEDf{Z_kJ48cO%@9^heMVBAwtmexOE7; z$Z&20zkpC=Ux1HW?%GNqjFJJ`O`w5kE2}Pxfl(fde_??Iv~k^(4c##?C|GV@w^X#5 z_c1V75i0Vsx^GQ)G92AZ##8bx{Uhi{rN)2R<|WgcD1?@%rItKXSJx(=i+^Jip3lEa zp2SQH3i^<>8E`A!+{(SG{2@O>K#-grjg=2uqDoqT0M$O0Pe%o}Y9hC4g^Q9Wb?--( znYVNquJ+d6t}2O-PkiU|5z|$?3t;bze(^z5+g{~(1Qq>Yf2O|$GlF*Qf`2_!oGX~v za`rLgv*h|qudBvURFav*k|_b$BM^~XS_1K`X0E=iZxu&_W_xq2zMpV@vs%tp#Ks*tJvur%H#avv zKAw^*hr=L`Da2eTpKM3=E_GqJU}v^zD#PQBjb<}aPGgjP5x)I67K=C~nBgT5A75 zhDM_y5J;6u3_e4!vZcO!tTL${qZ<6f6D@W|h5Y&LW8ojgj(0_A^371QQrqt&%qSX1 z>z2v{6T4nJIye*-6%`d0a>naoK4uIiR`?KaPU_C|Q9c2O%$ZS>JVLo?iiA5=p?dh9 z_gR&T5&G)tYJT1nA(%XR9Sa=pCxOZweauLk%g{LjCsB=9q_g5op*vx--rnx+TI3xu zYJE8?upK!lJR1|5t&QDEe)TQR}y_2|{^Cy-Z9@tgXKS{o&a6?%msK zI+>3;-@6_ra%H_bJ)SXuc~w?dBO$h=H%oNTMQuzxNhg7w``;ZM9v+^Z?JG(ER(G)Y z`(U{l47WS2uqH3Y>UEvgJ=|{->g^>mQeESRG3kv(m|x0-cE3k*adK9CK~tLfywd*Y zSW=f)T-;Y>8WBe4)um|iZZ(14|KcE9A@YX|vhvlk;=nFv+wYY3m=h1o+qKAkPL^BM z%)agokH=>iA-wC4_H35>Np3vK-{7(1_4A+;(73Ub5O4;m-Y|E~NQWl>-xJu_SyJw-+caDWxv@9&&vnl;uU5c7rf ze)}!cB96rbrOk+o9rZM07NKM$)Pc8Zer$|<+)G8JJJ#II`8`(g_|qdx+h8j0CSm9VQ~^vt|>M2;7o5~m(BIg+YP z>6?~YV(lbuAAoH^Gj=oc^s+)}tBaO1k95jt*XnYS)FAvyLqz66Vn0W5Z=v+*)%hM< zijGl5Mo38rKBYEGKLzary29z(fP%FvUNJ3kMn^Yz`d3@`QW#Jd?)n{cEYv=;*#|4Z zPQRjS7W}+ts-3wEN{lOBc4v6bzgvzL+nsATNiZ;N**uay+sJWW>ocsh=|{qh$^mWm zDtn{H4V<}aCn#@SP6d&hi4@$zBG`a9S-Tgpc=vr&6SVFj$AiDH(M7e;lB(6p+R+Lg z>@PnI{Q^ETBr@YJ?ob>CRj6A>x4fj#X=3^tT5A%vId;RWoDL>PzM<$iXBczK7_RAp%+_@=aJJ5JM z?Kt&%{>`YmrWAUN$ZtRB4mM$5hGbH&{DjoWY+H=q>ESBTlYNZoYz&wEWEsH@>&c-{ zl(XD9qFpyn6Y31F8nMsR;I&cMn8+#xL9lGA zu|_vs?T4qhb#S1JjuRzwjqfUp9dk z06v|5LnkIusI?RNju+~AA8)@y!D(9RmNLJB-(fc!Er(GK%UkW?`ki8d0%tf|E_#UQuFu5dDvg!_LT*U5j14g;Doj)6 z@~B2N@$FJ5{OUMQ9fgEJ68hqr!6%bMp!1LZ%VXdlLEgSOR=dk~Htk-=+kt{SEgl!D zYeUHv3TV)CqU41XOiVSH_~8 z!fDoc4BFVfGDkx}^gd-GzvEVhvgC+lp14nxn3Q}Lh)_jofzqt+bXq($;J{QvT}d+s zcZvIO`d^~f_fkF918qMW!rhkSh@|(sn3|usEe45it^>()C#wK-6p#Z`g2G=g+#qRj+zsUFE2Dt0$dwBqbol*u`H+!dVvvvZU(Jzv zVo*EY4Y*r|++b@t=)ax)?}nRhbA#a<{&)b)?ZN=#Nq=&Pc^mdnojCie7Pnv zeB5@w$IKxQ(9)=Hy9;bOUz0dzuF zd2vgxNcqv!-m2WMb5~M7fj3ie4`*u53pNe?KVB7eZQB6MIOCKdl zz0l@n>qrQ7@~}_;a8I6YPcZH$#k-c1@~ZeouRl7|(R@s|!I^>GIYcW>*J;LS=HX^| zNHWC{r!S!9^>6#(SYU;^IUK4~cDw`vYWPJyJDe_XDQm9Y|8*-=kX1y-=)K~vg8Q7D zoRgB3>ebPe6GbFr_06}QjtuU8mK~@3{_*mH)g?_vyo=`tQMqLBpoKuUeZ~7f>x=?- zrfvJHL+?hw3&qFM#_$++veAns?=e+HLEv@yPxdDb5J@Os0L%HQ=gzb>8JG~Wh}?-& zk}!IZ@s9=s93B#XlS*bC`dT`@Oz5i36%1E>uSlbMTTk({{7v+4r#aRYJBMQ|oc_W7 z@1@bSIME_m*c0jLtTcbAr4Vv3PIa*Jdhz?MX^Y+2y4iGN$K5it+Z(j;clD&Amf`V` zF2=@d6MI@^RL4NLDdqYo1*$f=y{91EjuItie{l$e0>xrM{@>uh@%}V1oq$2<^C$*x(ic2D z)i#1DY^Qjkh245MP@A{Sbt8}CkdYZA3%sT+tb)M`_=vU+oZ;gE@-k7S9(bI&AVh~5 z;>4o{Di!&t24skfZyKnR@2TWD#ZgQ@nxWnl#2O7zNl7{7S=h%lXJhQ7_)fiZ_o-xv zoyc$S#f!8a3aej3)~a9UG&+ZyG0PZ0xk)54`8f65e3G+*Js6QtGRlQb z#UN5?8RS!;$PP>@brk%L_lwdeLJzQ3tOvjNf`?q_9FMSK5}*8V$)ND+F7JHMZ6C@H z3-c;SwKdUxP3ekD%W*CwSf^PHQbv(?mA_OJNQl0N=-a4-NJhfa84!=;r+;Wq2;2hT?U4Rv$mItI;M>i6FuUo0 z0(z#~8%lWqteim$k}(>sj8$-;rD_}QoPZu~+#(jv%NlUwU`((`+($5c=(RG+^7bE# zAE{5q_F9E$~AWMYW;BnZpAbm}6w9M3IZYHUgA z^v`~jB@@6Vud(R9^4Fdey&Jv=oeT9}4YnGdQ}M4L&UY(iEU~Zn#;5j4s^|pws3r+Y z1X=x7motsSpWJNOJRPire5w5f%Rsxj`BzFGu~EHhpE?;$XgB^X=&>$COb)XYg8nhlcQ*pWj#fK&Hj& zpcINc#?Fr+UAT=jfQ^usA+d>QCA^Q4iM!JsR@xDNWBW_x3K6yptm;D8)+nIHop=LiJ8(uhv2+5v^>AXxG`=gM&_bvoiA* zrr0MHHvJDwV^CbeKXM?yD(-KgP|j@lvY8(TDJG{?azb+SNLa?>kOdk(yEF&cZ5l{<~%H|JD{Y~Dtp zQbg}mHh3M%#pHN8EyT1Jc*Tw)ywF?UkYdi93=5boVTsPtM&6DB6L+wBiCTX`wGL)z#gKq&?F-354V0b`A3r!Mcu~B5>LVVdYI^j4nTIp$x{5A zLZqx5rBVciMPF1?bKiQ5rMG5S>y`!QJ$#=%B$4(e-Opg;@OW@%WQCdz;7xnn>OMH9bIBaKW=U78q>#fGEf ztGg`h=H})Bw@a-r&(I#_c#*hGCKY$3tJa04!mjhO&Vz}?^Qo!^5_?29KOG#}5sjKy z*Y>dI4nloqU^IP|UgMk(lxB0XAg0g+)o0Iu42j*%xZE;?15wr`2eTSqY}V}-9I5Y; zi_k*lz2-{$3Dk1D1rV-TFBA{+OeN&pRtPSXmdW29M(@|f&gBgg6BD~$BJwZ$(aI>} zi2{W`>iC9+FJ}(Q+XFSe)qv`kK9A1^^6xfBzSd2fanQ)=kz`OMwQ;@awYPItWA>9+@sVY1M`I0}i^1n;m z0HpapXKMddVi(e%a)r<_OV`b1sZHLkP@FuRZ-}JmGx)0+(f0^ODas(gp-tdv$n=QG zfRrOAGQ~a@-OBosMImB|*AX*?J$l2^=7D`v8LpuU)Uvksfh_AYruyU*MKGTeNMAdb z3XmH2VI-W_CJ&0lPm4<+=Ll^mCV81Hoc-U3;^-Zo8a6dFGz5da_7__!D&+e6)w6;H zvKxvjE3&goN<_y#&$uOtfC$ywm29rBF2!cu+N_gIJb<#5&!m0~l8bRY?t(bAk@hP2 zY?6ysW4hT0m$i_@^h_@iJuerRqm!MTI(%$wOjtxT^z{!M7u+x+`VxQy;A>H$_dSYs z^#KaXc{@kPqLPyNGK(OT@-2I*d1X|Hde^h5sO3&a!iN%{?Cg(uY#gp6EBrerI%6K@ zU?|1X?QHJ;lo7B#Mz08qh`i1vxPM=1gQfE$HM*mlPR2H|%>;>4C#dD>x~J)XrjzcH zDHk-@8|!~zCAw!|=8K+h@;*O1^Eyi@`z{ch0KR5K`Ra7ge?Tf(lioADBa%`Tb?}$cdu$$AGER~TLm+zh zja+pt7Y}~?xErjI@=&6w<>eYKt2@!YyN&p)b#xpT+0w$E@18fUi4-pVxAjc_&qTcw z%~z1%fgkD1F%Km-1kEbN@+YcykiU0a{m&Z~E_roYa$==>#uJfNQE=1A;NnmH=1hkA z`bcEzJ`V$|vh&EqX&g{+QE8EtXKZ^8*j6+%z3s+QO4Qmtybo8pU7OH}MQj!gO)tAi zrRBf*5WtKgMdn}k@>IKvajS!4xkkJ!$SSl&b3}#%ky8O;Vj_$upLa{X6ri@YCOs?V zJiB2Zvgk`hMVY~=y*-5QU=w3wL*CmjL`F23!QA3ufL8?5rrM#m#tlp$ zw=w-ZNJin0rHKoZ&{KGzZY(QTC7!qW;*iqxt;ODa(}J3y>wF_g)qrgw4CV}&5#T#h zfT@+cE+8(?PyE*<7cA};J^Ndw|5rc$e+UWxB5L61B&0p}cTY>lnEs zt!XYwGfn{b*HRpSLQxhegd922vGVAE0WZ=uFfd?*K7RF69w3GPBcrK_y1cwhF9izT zs;a82tgO5|#lP1;UXXpmp48Up6&jWOxu8|Sf-~4HWt`=9I zLS+}lD&u^VB2%_AK+!2pjC_6biN}j6g-bZIuS6Aod z<<-~M0{|tcq7c9YS_uSzOfy3wA*To*3Q5O|Po{zXgL2P)?k=H?HbQTZQ2~-#M7NKF z=h8Cx2tUXNCWr_Nm$d_tyS`o`5x+B}i({|(S{l5*u?1QotYq|(|M-p6B3pgs1E^{A zQU@|q7(_kklr9Pj0x0+kG7nb|gy0)b&&s^xV-J_d+~q7Pzxa!d!qaauEaw?fI6xEB z5;9c8kXgD{QvZ{QM{Cd@6x2igU~*mCK871RJ0f-NMHa6BV!4=9BDjmhNB2v~@o#8_ z+`05jmG}CwRD*{P!jnkv0c_$c9u(3S_h(UL5`ey$Bp#-Rj}}47ro`jL8l-IZ_V#Q= zW?%O0nYS4h5l@8;;+oy>CG_*FJ^F=|$KTWNMjc9jea2+MJlUxdzHJpMZ1iV$Bpeb| zwtQ=E%4$k<+&&6BKHR4DkaqQmmlUH;w2lyaQABJQN~GehvplcqY3X)S68)4CH+PEd zSvdDHd5W(1B;lN~MD-|x4p?lvo%Q6)f>g0yxKk@zZcfuZ>ytO04K>^BaZev~A7_y= zrae|*6>v{gkOPU$8hIoiInKG+(uhiyJ!qp~lRsXnY{6c0+iV$q}tq1} z_&(y%dPh>mW++mjJRoT>U3|GJrn8ff#u{u3Ov1ymHzCK*Ll2(pZtkUZ$t7P&hbp78 z1LFRS1|G#pn52HBlt(ZuN2T=?=y~xQph&T?vC|&V5GMKUriKD5U=|8~Kg@OrT45Wh zXQ$XdoT{|d%#`-s_;n}i-nku^E&63B|8p>9NFbay0>``Yv+@-pX_1czU=ELa?C-9yv@uOKAhD{C7tP+F~=!ZRBvUM0V{dcg79{8<3ClUO?yVP%_W(9(b0I> z)|_19xW*uv=~;;&YcU3-)sHIA9QmO#zkKJ?l5czbF(Kk{uH3oJhGIXig-c^d~r zP1zl|h&*xxs`MpgaCVc|)2!$05&XH35KvaQo-ztA1VmC4hrEv$!l=&x<08jXC8qI+6fJXDc%Y=NtewCMp1D`EJpnyDnSoV93KgY_zhvgLkHyT+>5(0MS}++Al)<1Bx`O5W z-FE0wQVT)fa*;H{V`OGH?WmWXXb4Da1=}7ae=IsxH7JQ4V&f4acu16I} z{g;*QeRa(+{w+3+U;!RZY&PV(L8_{~s7$R8Q*Oj&yLH_#>}4pCCoW7j>v=m9lINPqVs*>+gDstRB5+qhep-aa zGSK%w1g$q;#(VeuTt?H-Y)S9ni8kSQ3wZ{FEY6nl@${{29GU+~B+SLW|+J|eeqYu}wk9NXHmFC6K zGkeJX%fSRhQO)vf@%7uyFn)@+#94duV7lq`nDX;H{%WKz-&#kja7-3NhDg>X0$k(a zV$foLA5URe(bO?xUq;Yc#;+bVi;X`seA0W}Pz`f1NAE;SJ7>!XDtw~9d_{lzUZI;4 zEN4J~uJ!q&QP1JWsYsQ|^*u!7#iF230VY~cIJ5I&H_1Xq z@LoxeJ}IqgB&7VVX-C#hXOI<-Qr2^F_mu`@!xr}XC7R{RGxyX$*OQhWM!@y-ZsR^EzE7iI2LFPjfl$ki_AC3QwL(bcq026_tQfDhUZVl5{ zz#a*Zc4~%(Q)2}>;`Q~!AyGhr1?T;9yYc_SM??$~i3BqJx@R9rst~W1e*j=;K$7hS zK;5u_`6uKY-<8(Dc(RpWgw zYMIhaIXP`;T&-jv4ozAN`pr1kEFA${yUF<hgJeNwN zzzUQ~cGQt;hPw9b>9_yzBhTgr-&+4u$P9s(0QxBhu9yHlS>DI`f-bb`G$@(pSJc&; z2o5FAnkWGJ6-ZA@(2k|oOOkue_e4T1+k=Ntx&Y!be(;%)fF94CMe-qp?USQf(&)S| z4q|1d=z6G`s9FiK6a!WA)KauPYA;^&9~ikbp@CSDJ_IMj(>NIFOG)P%lm1+`dcXO1a@)bg#q^2yTJ$z<&1N;Z! zKSw0afO6N{&9aOH#%EmHo&h(yEr>?0ZII#MMN(Ww=#*&^#jsp( zP^mJRd;%E4;CG>UpM^gJ%2erXTH~})Thi5(`|vD=JV)bKzNBwCUYx*D)UwXd4dQy| za_}pW{t5n0i#XtvvhuI&A9jWuDLoPl3`{~SG`qtq?1vB4QMAsVh)9RNYT|gD>hOzW zrS%LhU%I4-Cemv36sSC{5N$u1{#d;?+5MuKpT63OYvzpFdc9&P4`P$kF@mG|h1dZI zVs#OED#ga8ek+^#nQH)Ig}|@Y!}x0xq|iX&=UnPAsUi9pZ`H(e4kAlw^r&YTPS>b8 zX*&P(i)@&n-1E^jLm8v8i3PgHiUuHrq%5h;qxZs@_TYS}-*+%1ABH?{0A+Ql2n&nC z)IjeY45yZWYvjNiXa@9-?I&>3VkUh&;BAzD?Xza3$y4#;YbmUD{mSeM? z{;H8404&eR1CVUjqp>wE=ebw%ZO0}JrOlh7j_FsWLR_3hU{cs%bM2VzT_zy<^y!$7$p z3_5csw_xj)LIUk~2xSf2ERefJKxlrRjR8lzMu&<`I4Q%cVW!Q{!)EDy99fHAY>pt&uaE2?YoC&f_)MHtOlu1PonaVeC9tm=SV%^;O(3hH{~-i z7I3ZjKi&t&&&mYc{O1b)Un=hZ#ceVPCGUlQ83(0-@++tS@b@+h6$K6X5|DY|zX8KJ BtH1yN literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/readme.md b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/readme.md new file mode 100644 index 00000000000..5816f9912a5 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-IP-Breach-Data-Playbook/readme.md @@ -0,0 +1,53 @@ +# SpyCloud Enterprise IP Address Breach Data Playbook + +![SpyCloud Enterprise](images/logo.png) + +## Table of Contents + +1. [Overview](#overview) +2. [Prerequisites](#prerequisites) +3. [Deployment](#deployment) +4. [Post Deployment Steps](#postdeployment) + + +
+ +## Overview +The SpyCloud Enterprise API is able to provide breach data for an IP or set of IP addresses associated with an incident. When a new Azure Sentinel Incident is created, this playbook gets triggered and performs the following actions: + +- It fetches all the IP entities in the incident. +- Iterates through the IP objects and fetches the breach data from SpyCloud Enterprise for each IP. +- All the breach data from SpyCloud Enterprise will be added as incident comments in a tabular format. + +![Incident Comments](images/comments.png) + + + + +## Prerequisites +- A SpyCloud Enterprise API Key. +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the connector doc page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to deploy an ARM Template wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-IP-Breach-Data-Playbook%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-IP-Breach-Data-Playbook%2Fazuredeploy.json) + + + +## Post Deployment Instructions +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- As a best practice, we have used the Sentinel connection in Logic Apps that use "ManagedSecurityIdentity" permissions. Please refer to [this document](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204) and provide permissions to the Logic App accordingly. +- Provide connection details for the SpyCloud Enterprise Custom Connector. +![for_each](images/for_each.png) +- Save the Logic App. If the Logic App prompts any missing connections, please update the connections similarly. + +### Configurations in Sentinel: +- In Azure Sentinel, analytical rules should be configured to trigger an incident with an IP entity. +- Configure the automation rules to trigger this playbook. diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/azuredeploy.json new file mode 100644 index 00000000000..c4ff65e088f --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/azuredeploy.json @@ -0,0 +1,361 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "Password Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a provided password.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "tags": ["Enrichment"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Password-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName":{ + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[concat('spycloudconnector-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('SpyCloudEnterpriseConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "manual": { + "type": "Request", + "kind": "Http", + "inputs": { + "method": "GET" + } + } + }, + "actions": { + "Check_if_records_exists": { + "actions": { + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('password_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@body('Get_Breach_Data_by_Password_Search')?['results']", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "password_breach_data_array", + "value": "@outputs('Compose')" + } + }, + "Check_if_ip_address_exists": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_ip_address_variable": { + "runAfter": {}, + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "runAfter": {}, + "type": "Foreach" + } + }, + "runAfter": { + "Set_ip_address_to_empty": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Compose": { + "runAfter": { + "Check_if_ip_address_exists": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'), 0, sub(length(variables('ip_address')), 1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Set_ip_address_to_empty": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "password_breach_data_array", + "value": [] + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Password_Search": { + "runAfter": { + "Provide_Password_to_search": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/passwords/@{encodeURIComponent(variables('password_to_search'))}" + } + }, + "Outputs_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "password_breach_data_array", + "type": "array" + } + ] + } + }, + "Provide_Password_to_search": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "password_to_search", + "type": "string", + "value": "welcome@123" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Password_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Password_Search')?['hits']" + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "SpyCloud-Enterprise-Connector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/for_each.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/for_each.png new file mode 100644 index 0000000000000000000000000000000000000000..db8da7ef89ece1840ded4a5997160ff181104a12 GIT binary patch literal 10025 zcmd6NWmwc*w>K(CN=pcWbax2|$k0;KGBil1;(*f9(j(F!5`x5#L&G2?-7s`XGqemy zpFiHueLdGX&#CKN?}zup#GbwP`tQBhTEDf{Z_kJ48cO%@9^heMVBAwtmexOE7; z$Z&20zkpC=Ux1HW?%GNqjFJJ`O`w5kE2}Pxfl(fde_??Iv~k^(4c##?C|GV@w^X#5 z_c1V75i0Vsx^GQ)G92AZ##8bx{Uhi{rN)2R<|WgcD1?@%rItKXSJx(=i+^Jip3lEa zp2SQH3i^<>8E`A!+{(SG{2@O>K#-grjg=2uqDoqT0M$O0Pe%o}Y9hC4g^Q9Wb?--( znYVNquJ+d6t}2O-PkiU|5z|$?3t;bze(^z5+g{~(1Qq>Yf2O|$GlF*Qf`2_!oGX~v za`rLgv*h|qudBvURFav*k|_b$BM^~XS_1K`X0E=iZxu&_W_xq2zMpV@vs%tp#Ks*tJvur%H#avv zKAw^*hr=L`Da2eTpKM3=E_GqJU}v^zD#PQBjb<}aPGgjP5x)I67K=C~nBgT5A75 zhDM_y5J;6u3_e4!vZcO!tTL${qZ<6f6D@W|h5Y&LW8ojgj(0_A^371QQrqt&%qSX1 z>z2v{6T4nJIye*-6%`d0a>naoK4uIiR`?KaPU_C|Q9c2O%$ZS>JVLo?iiA5=p?dh9 z_gR&T5&G)tYJT1nA(%XR9Sa=pCxOZweauLk%g{LjCsB=9q_g5op*vx--rnx+TI3xu zYJE8?upK!lJR1|5t&QDEe)TQR}y_2|{^Cy-Z9@tgXKS{o&a6?%msK zI+>3;-@6_ra%H_bJ)SXuc~w?dBO$h=H%oNTMQuzxNhg7w``;ZM9v+^Z?JG(ER(G)Y z`(U{l47WS2uqH3Y>UEvgJ=|{->g^>mQeESRG3kv(m|x0-cE3k*adK9CK~tLfywd*Y zSW=f)T-;Y>8WBe4)um|iZZ(14|KcE9A@YX|vhvlk;=nFv+wYY3m=h1o+qKAkPL^BM z%)agokH=>iA-wC4_H35>Np3vK-{7(1_4A+;(73Ub5O4;m-Y|E~NQWl>-xJu_SyJw-+caDWxv@9&&vnl;uU5c7rf ze)}!cB96rbrOk+o9rZM07NKM$)Pc8Zer$|<+)G8JJJ#II`8`(g_|qdx+h8j0CSm9VQ~^vt|>M2;7o5~m(BIg+YP z>6?~YV(lbuAAoH^Gj=oc^s+)}tBaO1k95jt*XnYS)FAvyLqz66Vn0W5Z=v+*)%hM< zijGl5Mo38rKBYEGKLzary29z(fP%FvUNJ3kMn^Yz`d3@`QW#Jd?)n{cEYv=;*#|4Z zPQRjS7W}+ts-3wEN{lOBc4v6bzgvzL+nsATNiZ;N**uay+sJWW>ocsh=|{qh$^mWm zDtn{H4V<}aCn#@SP6d&hi4@$zBG`a9S-Tgpc=vr&6SVFj$AiDH(M7e;lB(6p+R+Lg z>@PnI{Q^ETBr@YJ?ob>CRj6A>x4fj#X=3^tT5A%vId;RWoDL>PzM<$iXBczK7_RAp%+_@=aJJ5JM z?Kt&%{>`YmrWAUN$ZtRB4mM$5hGbH&{DjoWY+H=q>ESBTlYNZoYz&wEWEsH@>&c-{ zl(XD9qFpyn6Y31F8nMsR;I&cMn8+#xL9lGA zu|_vs?T4qhb#S1JjuRzwjqfUp9dk z06v|5LnkIusI?RNju+~AA8)@y!D(9RmNLJB-(fc!Er(GK%UkW?`ki8d0%tf|E_#UQuFu5dDvg!_LT*U5j14g;Doj)6 z@~B2N@$FJ5{OUMQ9fgEJ68hqr!6%bMp!1LZ%VXdlLEgSOR=dk~Htk-=+kt{SEgl!D zYeUHv3TV)CqU41XOiVSH_~8 z!fDoc4BFVfGDkx}^gd-GzvEVhvgC+lp14nxn3Q}Lh)_jofzqt+bXq($;J{QvT}d+s zcZvIO`d^~f_fkF918qMW!rhkSh@|(sn3|usEe45it^>()C#wK-6p#Z`g2G=g+#qRj+zsUFE2Dt0$dwBqbol*u`H+!dVvvvZU(Jzv zVo*EY4Y*r|++b@t=)ax)?}nRhbA#a<{&)b)?ZN=#Nq=&Pc^mdnojCie7Pnv zeB5@w$IKxQ(9)=Hy9;bOUz0dzuF zd2vgxNcqv!-m2WMb5~M7fj3ie4`*u53pNe?KVB7eZQB6MIOCKdl zz0l@n>qrQ7@~}_;a8I6YPcZH$#k-c1@~ZeouRl7|(R@s|!I^>GIYcW>*J;LS=HX^| zNHWC{r!S!9^>6#(SYU;^IUK4~cDw`vYWPJyJDe_XDQm9Y|8*-=kX1y-=)K~vg8Q7D zoRgB3>ebPe6GbFr_06}QjtuU8mK~@3{_*mH)g?_vyo=`tQMqLBpoKuUeZ~7f>x=?- zrfvJHL+?hw3&qFM#_$++veAns?=e+HLEv@yPxdDb5J@Os0L%HQ=gzb>8JG~Wh}?-& zk}!IZ@s9=s93B#XlS*bC`dT`@Oz5i36%1E>uSlbMTTk({{7v+4r#aRYJBMQ|oc_W7 z@1@bSIME_m*c0jLtTcbAr4Vv3PIa*Jdhz?MX^Y+2y4iGN$K5it+Z(j;clD&Amf`V` zF2=@d6MI@^RL4NLDdqYo1*$f=y{91EjuItie{l$e0>xrM{@>uh@%}V1oq$2<^C$*x(ic2D z)i#1DY^Qjkh245MP@A{Sbt8}CkdYZA3%sT+tb)M`_=vU+oZ;gE@-k7S9(bI&AVh~5 z;>4o{Di!&t24skfZyKnR@2TWD#ZgQ@nxWnl#2O7zNl7{7S=h%lXJhQ7_)fiZ_o-xv zoyc$S#f!8a3aej3)~a9UG&+ZyG0PZ0xk)54`8f65e3G+*Js6QtGRlQb z#UN5?8RS!;$PP>@brk%L_lwdeLJzQ3tOvjNf`?q_9FMSK5}*8V$)ND+F7JHMZ6C@H z3-c;SwKdUxP3ekD%W*CwSf^PHQbv(?mA_OJNQl0N=-a4-NJhfa84!=;r+;Wq2;2hT?U4Rv$mItI;M>i6FuUo0 z0(z#~8%lWqteim$k}(>sj8$-;rD_}QoPZu~+#(jv%NlUwU`((`+($5c=(RG+^7bE# zAE{5q_F9E$~AWMYW;BnZpAbm}6w9M3IZYHUgA z^v`~jB@@6Vud(R9^4Fdey&Jv=oeT9}4YnGdQ}M4L&UY(iEU~Zn#;5j4s^|pws3r+Y z1X=x7motsSpWJNOJRPire5w5f%Rsxj`BzFGu~EHhpE?;$XgB^X=&>$COb)XYg8nhlcQ*pWj#fK&Hj& zpcINc#?Fr+UAT=jfQ^usA+d>QCA^Q4iM!JsR@xDNWBW_x3K6yptm;D8)+nIHop=LiJ8(uhv2+5v^>AXxG`=gM&_bvoiA* zrr0MHHvJDwV^CbeKXM?yD(-KgP|j@lvY8(TDJG{?azb+SNLa?>kOdk(yEF&cZ5l{<~%H|JD{Y~Dtp zQbg}mHh3M%#pHN8EyT1Jc*Tw)ywF?UkYdi93=5boVTsPtM&6DB6L+wBiCTX`wGL)z#gKq&?F-354V0b`A3r!Mcu~B5>LVVdYI^j4nTIp$x{5A zLZqx5rBVciMPF1?bKiQ5rMG5S>y`!QJ$#=%B$4(e-Opg;@OW@%WQCdz;7xnn>OMH9bIBaKW=U78q>#fGEf ztGg`h=H})Bw@a-r&(I#_c#*hGCKY$3tJa04!mjhO&Vz}?^Qo!^5_?29KOG#}5sjKy z*Y>dI4nloqU^IP|UgMk(lxB0XAg0g+)o0Iu42j*%xZE;?15wr`2eTSqY}V}-9I5Y; zi_k*lz2-{$3Dk1D1rV-TFBA{+OeN&pRtPSXmdW29M(@|f&gBgg6BD~$BJwZ$(aI>} zi2{W`>iC9+FJ}(Q+XFSe)qv`kK9A1^^6xfBzSd2fanQ)=kz`OMwQ;@awYPItWA>9+@sVY1M`I0}i^1n;m z0HpapXKMddVi(e%a)r<_OV`b1sZHLkP@FuRZ-}JmGx)0+(f0^ODas(gp-tdv$n=QG zfRrOAGQ~a@-OBosMImB|*AX*?J$l2^=7D`v8LpuU)Uvksfh_AYruyU*MKGTeNMAdb z3XmH2VI-W_CJ&0lPm4<+=Ll^mCV81Hoc-U3;^-Zo8a6dFGz5da_7__!D&+e6)w6;H zvKxvjE3&goN<_y#&$uOtfC$ywm29rBF2!cu+N_gIJb<#5&!m0~l8bRY?t(bAk@hP2 zY?6ysW4hT0m$i_@^h_@iJuerRqm!MTI(%$wOjtxT^z{!M7u+x+`VxQy;A>H$_dSYs z^#KaXc{@kPqLPyNGK(OT@-2I*d1X|Hde^h5sO3&a!iN%{?Cg(uY#gp6EBrerI%6K@ zU?|1X?QHJ;lo7B#Mz08qh`i1vxPM=1gQfE$HM*mlPR2H|%>;>4C#dD>x~J)XrjzcH zDHk-@8|!~zCAw!|=8K+h@;*O1^Eyi@`z{ch0KR5K`Ra7ge?Tf(lioADBa%`Tb?}$cdu$$AGER~TLm+zh zja+pt7Y}~?xErjI@=&6w<>eYKt2@!YyN&p)b#xpT+0w$E@18fUi4-pVxAjc_&qTcw z%~z1%fgkD1F%Km-1kEbN@+YcykiU0a{m&Z~E_roYa$==>#uJfNQE=1A;NnmH=1hkA z`bcEzJ`V$|vh&EqX&g{+QE8EtXKZ^8*j6+%z3s+QO4Qmtybo8pU7OH}MQj!gO)tAi zrRBf*5WtKgMdn}k@>IKvajS!4xkkJ!$SSl&b3}#%ky8O;Vj_$upLa{X6ri@YCOs?V zJiB2Zvgk`hMVY~=y*-5QU=w3wL*CmjL`F23!QA3ufL8?5rrM#m#tlp$ zw=w-ZNJin0rHKoZ&{KGzZY(QTC7!qW;*iqxt;ODa(}J3y>wF_g)qrgw4CV}&5#T#h zfT@+cE+8(?PyE*<7cA};J^Ndw|5rc$e+UWxB5L61B&0p}cTY>lnEs zt!XYwGfn{b*HRpSLQxhegd922vGVAE0WZ=uFfd?*K7RF69w3GPBcrK_y1cwhF9izT zs;a82tgO5|#lP1;UXXpmp48Up6&jWOxu8|Sf-~4HWt`=9I zLS+}lD&u^VB2%_AK+!2pjC_6biN}j6g-bZIuS6Aod z<<-~M0{|tcq7c9YS_uSzOfy3wA*To*3Q5O|Po{zXgL2P)?k=H?HbQTZQ2~-#M7NKF z=h8Cx2tUXNCWr_Nm$d_tyS`o`5x+B}i({|(S{l5*u?1QotYq|(|M-p6B3pgs1E^{A zQU@|q7(_kklr9Pj0x0+kG7nb|gy0)b&&s^xV-J_d+~q7Pzxa!d!qaauEaw?fI6xEB z5;9c8kXgD{QvZ{QM{Cd@6x2igU~*mCK871RJ0f-NMHa6BV!4=9BDjmhNB2v~@o#8_ z+`05jmG}CwRD*{P!jnkv0c_$c9u(3S_h(UL5`ey$Bp#-Rj}}47ro`jL8l-IZ_V#Q= zW?%O0nYS4h5l@8;;+oy>CG_*FJ^F=|$KTWNMjc9jea2+MJlUxdzHJpMZ1iV$Bpeb| zwtQ=E%4$k<+&&6BKHR4DkaqQmmlUH;w2lyaQABJQN~GehvplcqY3X)S68)4CH+PEd zSvdDHd5W(1B;lN~MD-|x4p?lvo%Q6)f>g0yxKk@zZcfuZ>ytO04K>^BaZev~A7_y= zrae|*6>v{gkOPU$8hIoiInKG+(uhiyJ!qp~lRsXnY{6c0+iV$q}tq1} z_&(y%dPh>mW++mjJRoT>U3|GJrn8ff#u{u3Ov1ymHzCK*Ll2(pZtkUZ$t7P&hbp78 z1LFRS1|G#pn52HBlt(ZuN2T=?=y~xQph&T?vC|&V5GMKUriKD5U=|8~Kg@OrT45Wh zXQ$XdoT{|d%#`-s_;n}i-nku^E&63B|8p>9NFbay0>``Yv+@-pX_1czU=ELa?C-9yv@uOKAhD{C7tP+F~=!ZRBvUM0V{dcg79{8<3ClUO?yVP%_W(9(b0I> z)|_19xW*uv=~;;&YcU3-)sHIA9QmO#zkKJ?l5czbF(Kk{uH3oJhGIXig-c^d~r zP1zl|h&*xxs`MpgaCVc|)2!$05&XH35KvaQo-ztA1VmC4hrEv$!l=&x<08jXC8qI+6fJXDc%Y=NtewCMp1D`EJpnyDnSoV93KgY_zhvgLkHyT+>5(0MS}++Al)<1Bx`O5W z-FE0wQVT)fa*;H{V`OGH?WmWXXb4Da1=}7ae=IsxH7JQ4V&f4acu16I} z{g;*QeRa(+{w+3+U;!RZY&PV(L8_{~s7$R8Q*Oj&yLH_#>}4pCCoW7j>v=m9lINPqVs*>+gDstRB5+qhep-aa zGSK%w1g$q;#(VeuTt?H-Y)S9ni8kSQ3wZ{FEY6nl@${{29GU+~B+SLW|+J|eeqYu}wk9NXHmFC6K zGkeJX%fSRhQO)vf@%7uyFn)@+#94duV7lq`nDX;H{%WKz-&#kja7-3NhDg>X0$k(a zV$foLA5URe(bO?xUq;Yc#;+bVi;X`seA0W}Pz`f1NAE;SJ7>!XDtw~9d_{lzUZI;4 zEN4J~uJ!q&QP1JWsYsQ|^*u!7#iF230VY~cIJ5I&H_1Xq z@LoxeJ}IqgB&7VVX-C#hXOI<-Qr2^F_mu`@!xr}XC7R{RGxyX$*OQhWM!@y-ZsR^EzE7iI2LFPjfl$ki_AC3QwL(bcq026_tQfDhUZVl5{ zz#a*Zc4~%(Q)2}>;`Q~!AyGhr1?T;9yYc_SM??$~i3BqJx@R9rst~W1e*j=;K$7hS zK;5u_`6uKY-<8(Dc(RpWgw zYMIhaIXP`;T&-jv4ozAN`pr1kEFA${yUF<hgJeNwN zzzUQ~cGQt;hPw9b>9_yzBhTgr-&+4u$P9s(0QxBhu9yHlS>DI`f-bb`G$@(pSJc&; z2o5FAnkWGJ6-ZA@(2k|oOOkue_e4T1+k=Ntx&Y!be(;%)fF94CMe-qp?USQf(&)S| z4q|1d=z6G`s9FiK6a!WA)KauPYA;^&9~ikbp@CSDJ_IMj(>NIFOG)P%lm1+`dcXO1a@)bg#q^2yTJ$z<&1N;Z! zKSw0afO6N{&9aOH#%EmHo&h(yEr>?0ZII#MMN(Ww=#*&^#jsp( zP^mJRd;%E4;CG>UpM^gJ%2erXTH~})Thi5(`|vD=JV)bKzNBwCUYx*D)UwXd4dQy| za_}pW{t5n0i#XtvvhuI&A9jWuDLoPl3`{~SG`qtq?1vB4QMAsVh)9RNYT|gD>hOzW zrS%LhU%I4-Cemv36sSC{5N$u1{#d;?+5MuKpT63OYvzpFdc9&P4`P$kF@mG|h1dZI zVs#OED#ga8ek+^#nQH)Ig}|@Y!}x0xq|iX&=UnPAsUi9pZ`H(e4kAlw^r&YTPS>b8 zX*&P(i)@&n-1E^jLm8v8i3PgHiUuHrq%5h;qxZs@_TYS}-*+%1ABH?{0A+Ql2n&nC z)IjeY45yZWYvjNiXa@9-?I&>3VkUh&;BAzD?Xza3$y4#;YbmUD{mSeM? z{;H8404&eR1CVUjqp>wE=ebw%ZO0}JrOlh7j_FsWLR_3hU{cs%bM2VzT_zy<^y!$7$p z3_5csw_xj)LIUk~2xSf2ERefJKxlrRjR8lzMu&<`I4Q%cVW!Q{!)EDy99fHAY>pt&uaE2?YoC&f_)MHtOlu1PonaVeC9tm=SV%^;O(3hH{~-i z7I3ZjKi&t&&&mYc{O1b)Un=hZ#ceVPCGUlQ83(0-@++tS@b@+h6$K6X5|DY|zX8KJ BtH1yN literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/readme.md b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/readme.md new file mode 100644 index 00000000000..3053cf3e2d8 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Password-Breach-Data-Playbook/readme.md @@ -0,0 +1,47 @@ +# SpyCloud Enterprise Password Breach Data Playbook + +![SpyCloud Enterprise](images/logo.png) + +## Table of Contents + +1. [Overview](#overview) +2. [Prerequisites](#prerequisites) +3. [Deployment](#deployment) +4. [Post Deployment Steps](#postdeployment) + + + + +## Overview +The SpyCloud Enterprise API provides breach data for the provided password. + +When this playbook gets triggered, it performs the following actions: +- It takes the password input provided in the "Provide Password to Search" variable of the logic app and gets all the breach data from SpyCloud Enterprise for that password, and the response will be added in a tabular format that can be used for further investigation. + + + + +## Prerequisites +- A SpyCloud Enterprise API Key +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook in the same resource group and region. Relevant instructions can be found on the connector documentation page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to deploy an ARM Template wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Password-Breach-Data-Playbook%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Password-Breach-Data-Playbook%2Fazuredeploy.json) + + + +## Post Deployment Instructions +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- Provide connection details for the SpyCloud Enterprise Custom Connector. +![for_each](images/for_each.png) +- Save the Logic App. If the Logic App prompts any missing connections, please update the connections similarly. + diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/azuredeploy.json new file mode 100644 index 00000000000..7c5ec6410e0 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/azuredeploy.json @@ -0,0 +1,519 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "Username Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a username or set of usernames associated with an incident.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "entities": ["ACCOUNT"], + "tags": ["Enrichment"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Username-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName":{ + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureSentinelConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('AzureSentinelConnectionName')]", + "customParameterValues": {}, + "parameterValueType": "Alternative", + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('SpyCloudEnterpriseConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Entities_-_Get_Accounts": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/account" + } + }, + "For_Each_Incident_Emails": { + "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for username @{variables('username')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('username_breach_data_array')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Breach_Data_by_Username_Search')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "username_breach_data_array", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "runAfter": {}, + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "runAfter": {}, + "type": "Foreach" + } + }, + "runAfter": { + "Set_variable": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_variable": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": { + "Set_more_records_to_empty": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Set_array_to_Empty": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "username_breach_data_array", + "value": [] + } + }, + "Set_more_records_to_empty": { + "runAfter": { + "Set_array_to_Empty": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": " " + } + } + }, + "runAfter": { + "set_total_records": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Add_comment_to_incident_(V3)_2": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Breach Data for username @{variables('username')}
\nNo Records Found.

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + } + } + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_by_Username_Search": { + "runAfter": { + "Set_Username": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/usernames/@{encodeURIComponent(variables('username'))}" + } + }, + "Set_Username": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "username", + "value": "@items('For_Each_Incident_Emails')?['Name']" + } + }, + "set_total_records": { + "runAfter": { + "Get_Breach_Data_by_Username_Search": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "total_records", + "value": "@body('Get_Breach_Data_by_Username_Search')?['hits']" + } + } + }, + "runAfter": { + "Entities_-_Get_Accounts": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "Outputs_Variable": { + "runAfter": { + "Usernames_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "username_breach_data_array", + "type": "array" + } + ] + } + }, + "Usernames_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "username", + "type": "string" + } + ] + } + }, + "ip_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "minimum_records": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_desplay_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[variables('AzureSentinelConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/comments.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/comments.png new file mode 100644 index 0000000000000000000000000000000000000000..d456bd3a6694bc6e057f20fe9dc0648b0d2e34ec GIT binary patch literal 20222 zcmb@t2T+q+_cv+-JtAO7YV;rq(v+&SfCW%G2uKNtKd^admCyzJXSHlw|aDP%0W#>?bxyE7`6i&mZS4O zUTd0pA3Jtc==bONQ^T9TjvdpDd-_=I`5UWsJX`YR(MB>8@MrF)ppc-p$E?wh1+S;K zUJ*PK9U_m+^C zHela1wTQHk;Ow`V^(N)Sij9hmRU1~Y|32L>Gn{yIlo%VAnzT~JQcbLRPaIY3_mQo+ zKF2)$w|p#H_=51i@@3f*i~n2>%2m(i`$yIvITL^KANf5`u-8ALs)3+B$3L>L^QoTW z|Hx0GR3H2!W*7aB!t0N!0KX>Q70qw$M5pp^ApZTYdbtHTN6yW>ndyB)f9AyG>@Ly` z$58zDwtD~>f6JjNy~5P|dfL-}-*{%^inP$t(}Vcmz4ZIIIeJAppOkRxR|l81Bb~Yq zo}WByNE$<8(#M>K3!VaOe=))o1 zyek7Er&$MRGXWm7n)bav|J%;uGx74(SRm8V0_EPXsG2#z+D*elt?S*=V2{-Q+t#4x zjVBg&4A7BolQkW!JYK-BaQSr3ziW9c+cVYx&BmAqFkdrb`Vy(?tgV} zUQ(NBnJ115t@3S_E8pqc!%x2kt@!8vF|p=>TkNTL+5FOJydndU^zL6p2PG~fdB96_ zaA>dggh+Xp=NKw?J3n>iktxRnmc8?aK00mk*j~lPtq#_nT8f$Ozg?@UwKW}JvGdDX zZZ$QSPQO=tOY-1x(xKMr47elpl;>DJaBDXhi~hqOOch1n&#;P(a!{R^57 z&6co;hEW)_IYlF$!A`gMM>qP~@cp0u{br4$t>4q;zN==p#CEV$0;ifD@v0DVdN~;d zfVdq%t%_kGj^JH+duDQ>^Hu_7zkptmp`q~KvHRoosUF@zF6+PxIR5wj!ls)ZxA*+BoFJ{E{+Zv2L!aHfop!5kXW-uWX=kh#@+O)8P+Zl5> ztOdKoUDbJD5yR}j;MtLAm8bJ$#4x7UX#E_1$l+5W9VOyyJyI#LM(PRNceji=he-Ks z0L;vR9J(DkQ-)%Ay(f7c;4WZ7(dMIoMlb%+!b$<_HQ)qyeI;?zv)$)i)_4N6MHsg_ zwAH;1>8-7AlZnb6*ju0YOmxU2jcS=%GIJlC^(vmf=1E@?ZoSMfYnHUbS+hl1V6t_+ z7iE`J#GTXAu$x40zI?H?a_`QSoJq3Cl9f{`Ppb@An<)49#Pt)@pLvV)AZ$czIoK`( zt*g|qjCFu}1KM{ca z(8Xx?2H-#AmeXu)H^@G^dbNPv7-*K8IUH-2dUxGB;|sof95Pg7>+o>uZ!ZWeDo-RJki9Lf z3#n%2%Ull#t92Cq{%hXP?;d{Tt$$t5&uw>2uaS9Nr>b`r?a`cDJs;q-AGn$?B@Ooi zC(;V!$#XQKOsB5=aMX~NmRtC0eX0t@r&g)$Add8M$y)BI zN7!VQoHu00&A(+@7pDbG*)JGlETUg3vJ2!T9r%BKJz2rIl3%rk)vfS&KHWsZ(|y9s zkYRI1ti65oIP&mW%sR3%@ZJO(47;tg72Vr_tdT%OGw#@s(o*66lK3sxC_rpsd0HPC zP&5Fxb|0RKskLM!yQMOwuYqik%%ZkD8QTGpyp%3`YDP7KC9f6w9K5^RK&j#z+AAT%W>YX{3=HbY*KD~d^rEPxn*y#FM(MW16n-Ua#rzS4n^4Jhu(KG;c&iSx))tqY#Y` z$MKL15_nT}IqFWcu<{M%RX3`_3n@)4o1tI;*v070wHi+A-`8gf2G|&Cyln zLd%TDrXWa8^u!MM{3+z|Ig}#tpmc3F%h8Vf(%fOPc_{XF^8Af6y1>T!>wDoGjEjV3 zM@=r^ka-DBMzs@S=0a>dzOh|epFV^;+1lY1k=gYl9IHkLRHJzTHF`Siw{UJ53R0{DsmO7#yh zEyc}NcN8ty=*ndpS26i>0IR&o*uTCt72*m|1qX$4p!*szV)!!aXq-ii?jKDJRfouY zjC;{k+35|1hsK;Lg%D!NB}D5(F7`y-vb(*${l|d$G_^2yfU=R$C4%qdRE)MjY*z~i zX&dB@z=K~qF#F|T6+hM`D_&1_agh<_U=ugP<=BM%4mZKiT1&~BaFb&F>e@fSgp-f=&Fjumg0j=YoD-w#JJUGmKYq!B0%kCh^g zJ})u21#^(hqQh;PBfEk7KI9BRA3RVtlr_sB0}6PT`EtCB)Guj_uWUNh+Vu})6|T1< z9C{APJn}Cy;S`|FFKH2XJY?cb#w7W;xcTK%b0%Ve<_h%tl&#}9c~j)*BA9M6fYx=p zWnE0bsTxKvR=Qxk)E2A>+45R|VTfSp7x2t}dMP0Nprjy1$pYg~?5|T@j5PQDvhF|I z-{0i&L1r5W7)_+L;0sjHk)E>3 zx1Q1_cfyOr>Pt7KN}{B;POh1{H04le0IgMSGM9rgEiGlw|LRuOXWqKq(vddO>?%->g%B zG$D`dmc2}c80pUTO6(u*w~}E#m_ab0zH`5G=>@HAVFK3Y-MN3z-!#|Kk*ac_?grRS z6!2pt-DzaXo6ow}*(q++BqNI9uR{Af`ASPd5e0yAy6X2zO(CNl1$~DBb`k!gEOT;* z7OE2d(7}jfsrH)@TfsSMbC-ZE63&~Sf}qZC|0r0txpNPqT3>p%$ywE}N-1Gjcj$d{ z=Ga;GA5XNFR~|?Gc;db81x=t5E2RN4_I6410*0*ZRLcT;n7>&GO)g>OH5YaxcRt#c z9P))UgD;};mrxd9a(N1=YW$~?IU&K@Dm+f1U5wldKkKKGts38umRdz9MBDH_^0{iJ zL$z0XwWJQFw)ggAIzN_EFS12DZKN>ug>O<>e~rp!ysumiJo+Q+ko0nXcPF?rvuUvDCo z{(1d&M%f{i9EaSfxP(y}3+FI!*v505j5d;t`tik9A$gUusKZY(wnY0upRVdy~@HO412o3 z>$+&3bj!+5@JDs9$$(A!%Nc~K3qx#V`%|0qMX&^W!m8JVxhyb z2Rr8C=KHAGd9e~M<&R>auo!)2Q`5}TbT(I$>i$>A%GvId7GtDCxkqvEm(&ixhe0h~ z+Hh0q!X~Pgg9r&X(Q7r}R8DJ|dx^r2?LkTEbc>|v0(*K2O!(YZ1WwV8I{1>FX3Mbd ztKLWw8Q)xthHNwEPWB&i50KLsKD)Er=G(#C1HRLflATX|JZc_tkpn8-#q_A8ncjE= zDx-w$Ku%Io13!cvd19>STy2cKT)kXq zPMxh!eLZs*1RZ7@a!BK;cgcqEGAsJ|^|s9>)+qxI5vNC3!Xj3F&4OC`BW+Kv^~xu% zOwt1e?=hvY!n+pgo{%rlj8alU<;yu7408M`=Y|3q zePc=T7DMdA>j`Z_&PGP%5F2?ekq`-m+~A-0Gh&Xc5f#d5b`Mw@xWQd?C{V-=rTC6L z9;vLGzucPB5$RlCM0Dae_OF{NYBqCl3T}R&4+u!3Y=$a!`?6guv;N`M3qLJTBDbwG z*&KxFzcW+T^FD35?hiqan6*x<({y(Q`Saz~?NKy;pIq@^lU@k6T&I*E3pDr{62`BK zw!oAL8%2zJ4DU+Ef!5JJ3>CtNIy7iJ^rrblEgJd-9tE~eu zq{$=quPvN|JY&zed;z&+Fai0?erM%uXXFFGuVgGdntq%?4V>} z{9bibp?4=o_m|h?_MLSd7rf4WoQ_s!yBAAXsF*j`OJL>WQJWyxq>?do?b09Wr}4;^ zaTgz{OD(;BGk7&axF(&2@_Dhr`=8iMP>T=ad!|2>!KJW>Dz&v1m2({rCiKyBl}-k4 zsgK;L@VGKhK-X5z>@Bc`H4?1hl(4H~?qe*$G$6 zII@^Lp?>>q+`2sPqlmcgtKVAPN0b+(>vDbLknozPIGE~Mwu)&{f25>iZ2zkngS^Qr zSBNj0r_ZRkKaMD&cT3m3rUp!44)=Gvj_5Cw`O7)B9ZHCJOY9d1dcWHgdS7)N z`emkuVTUnZ)QC`F$gE7w20a>eVVadZ#lAMQU{hf=$V zOBxm)=&b_L_VQkBzZSnw(Zq4t<*o60>vj1x1rTUI&T9uHY(YGru);=Vk5GoOb`K{pR8b;XA?N8hM~r*i}J<& zBg~O_2g0C&x1}pX%-gz_ZcsS~s((39+6LcgJJ)}JKbF9O@G0!q4jGd*kwSmGJ#iu(>8*F{(V>;$2iADnCaAVNf zcFe)1k8w;?NquO!)I*?LP|vC?sepAGzuy+=zZT3*eBGDxPIU>btUL4oYFV0RB5p{z z4aUJLwMD^LZIwxV4+x(%q}z9TwB9;-3*j;#wz}{rVKP()MmmA%XObiLC~8*YH7Vx zCIEh1o_Q^^!9eIFREp03dkOvcimYt0Iyy)g+-Ab{*GP+6=yGH^RK?`kkrz?#zMeUX zty&f+-x(c8ro~^^gyXd$R^sYg@l5MAP1X*~zJG*!F|m*xKpW~eW;z!z@9bvoiQ(i1 zsA*BT>ld06;jSD-!}FSix8)s4$h-1(Ov?R%s9qd%xTqhuLl2qV8o<9743 zqZ0pfe}=chN?0xA32@uuWb_bT((c{9kdHBQxVO$xn+qf*D^8+Sl|EN#Y@TU4Q1n9l zMc%iAvOS%IZ=Yf3V-^cYx>ag@7dK2hY#T9I4qhhyx+Bd9dTKtie%ZmSYYH4eBJcszuf~r9@EgcwTXYYSO9#)fu^5<*y z9SAVj6!3R9?$>VuSZXSp#Ve2B<}ZIzOB?pgFP`injPl-*Cp7-ls4TJDvSUY0E^*7&*Yd6&Xs30jfedTA6j%=GzJD2+rJu$4pR5>e4b`W>`xv% zq5z-?LMIPfV~kdZPVb=D^n8P#mFi$fJGD;B&UCWGh~Ao~XP-fn)DT1?JCrpMn0E=- zU}8GOSovBwvL{!&7BPu!B7Mt>Hm2x+fnu$OqEkX_b=z-okU?7JSiJ4pVT#q5lPgrp z$ZEJj#ePJdLdcHy^mRa=%(hsoj)ezLrP}EUH)!*B{;gd12j34(khY>pmh=|_HT=-Y zzhLocuwQMQ1Eclhx0zOIhX0v0E*>Lq6k(v=k2(#mC!5~)S5d$p;+Y>>M z#Jx2iWweTU1Yb_xcgKLFoC z=&hDGqc(Mt)Y?9czhP3(zis1 z?l7AF6A(;oHnAoT=~hJcCW>3^>@BCj9+pkCfQ%B|hFS?g)uRnW55)M2V%#2Lrav!l zrJXYjX6`M5LEEo5PM zI5_!!%urboRvsPIJ5kZTMbH~=3XYX9*+QCB9>R+`fVGF1KYlL(!n*6zfMbyw>VAUG z!?&bAW=OP_#+$?fHz&a{t@RqE*XBU=pmSyf5 z#w7-pG@thIV#HSBY7DL6j4*SQbDqTdVN%weD&Jmar5*}a#-Obh4A7}Rme#FT!%_0i zfdq!nFL}e0%W^Ad<{_O9eQNhFo}yY}$-Q_Kt)2uj_w;D*_kWgFLdF%dN_thwAssms zI-4D{)+g?;abA>5*rQg%S#Dp2zBX^Q`d>gs_0EaK=2-CoJs?9yuylIr*B%GN*#ZMZ zr>rZ=r3GRb)ZUezj{gB*tmFmC*94PbH2gS5%b0MzF=1ViD*yBE_Wo}2{t;ThR_BHr zYxPY4DgPIwxpf4N#2&#UPL-|HEiz9`Mq!5hZxtOK*`DWx31R5XC=VIuB~(UI#_hka zAIsi6y3yfEMZsi013l^Z*DB4pPXYARBEk0YYyFlaU=fOv`an*h5}sP)SY0qNSB-TJ z%__MOVxLhabO;lM@UNBLAjRUs&1|PVw9OVYzM0X>Ds;^RwtEWCUDc^z)-;n(VPd^g z-al;M1aAoLIjzvC*=Y`( zrwx~=@6do!o1) zBAkCdlwJw>)wV3so3^WKjzm1WTEi6MTTbeCON;kJ&ZFj%7ihyv0JI?* zka5`6o%-nobD^oQ!Wxu9xQ8P|BF^4OH4xxPvws$!!E9CP5!w}3tmxz8RezGg4K%0e6~vi3^gc&*8}9nuG#({NctUgEs1vxRr}vgi|Jz>Ko(~o24xvFL%2fK^(3iYX zB0KNwdQK*2Evd$=Or*WH{>xDzt`jUMj(&bSsu@xZOtsXxw$j;I^23ogdk5n={PyI* zn_h>sm;?*fJ#F&q)pAI3s|a*{-hCrj*XQi50a28Y|sh+II4#&;BPUg3Zpz)Is@_nDOt}*!27;C-X5>}sQRD)|Q zX70wp%v12l!Iw1%|1V`4Kf~2ccxAnFMS33>z(2Apd%LFG0r~pqoA^$)U-zv^=lo+v zVl79D;Ujm~(g_9WYr2gl7oz6ZsUzp5@oQd2?%R}}EbYb=#$3F`VpdR<{VSy3&E1S1 zNtXs~Ulnk3)0emy*W7V^@ zROr)9zC3gJ{^FPb7)^y9oSyk~d)@2Y*d`%ngYeXeoy|C#ULh@}pXK6G)Pd_;`WO4str= z16?ZPeB2~&e81YAV!^J|1njd4Q7x4-iTh;>3Sv)1Du1cJ#lC_Pn^G=}4kn>mkI&KA zF#VxxD^+DnrT$SF1Db@>2Xx)jv@sIOn$XJ%4dGjKbJj+~l5=mYv74a8fd%gv9zDkFKES{UInF zouw;Skjj{xaeT4penQCO4$I^Q@<3fVo?G>AFkki7iN&Hvz^K~e;G}ybX{h&^&`M6d zbW)A8-U|8T1luyPUh`w?=E&^^m$2SiLz@FRP!0Llb-~>UAWNI$WS^%ghe;y(GjuF9 zp`az?STl)gyKBi0#5q`WZUxgHJfZ{&m|>ek`W-nFCC}(uGkyX?I0M!Fc1!dKD|_Vu z60s_jbNpRis@o;;}VmZ4`g*CY=>^#Gi+itlX*~YaV1O5 zT{@IM3$N^~iJ5KPL-%S^VIM3ATHSAtJf&gjkG6ZqpqAkQ4d>oz6OMKo7td!)Z?-s{ z!&ANwept(}lP;2!W&>7P=IuxHa>YBS12=Q3Dj`Y181qp%+eQu>Qw5uF=*M9GtP5Ff zgcq93&|HbqNeJRq9dOG2S@Z3)YXP?1WlBvMPrJPFwP(g9J*7M2Nqw%k?+%dLQUkCt zlsMMbh+2C01qfKZcyZgJF?4qhz{zf<_6yJYrP6@#1dKn3Dr860$mbtaH##@^)g`@cbF*8*Ala2OQM7T@TxP(*!WH%!e+K<(6L(!aG%_?Y7nH~t?Vv6;9IL|WO zodbwU!Bc4pVX!P~@OQm*UTt>@<~vQ$ec8;ECOFqLu_!)VH=%8dIrnZ+X4oX+_{1z7 z)&EC9o$FnhJ^GTY++L^B_66U~pZhu}vkCWJdeIwx zn&u}iXx<~gqU{j0-I9InqruFHb>fGASuMgc z|258zePsFnO?LS|!=x!69S;YnvsK&oF2jp#oLx-mH~wzgvA5&(BsF-EpUZefIiTlp zb_NZ+CmW!>2WAr`n3b8l`BRpoal|DNLEk^;YC@AmR91P_z4V@vnNH$QJ9$Z z)9CGDyIg<8$DUiJ*+=x6e~Lc#|3={XUu%<$N8~M1ks$qvRb2fy#7Il|cwaTxj|^HP zL|k=wZx$mGd4RjxSqZgE11Y<-GRro_8przr)@r9_34)+0--*c@^CKfqj)0<*j_kg^ zma~hyF07V#S#|00@b=jCSOdw+HQBnoe(7|EAMXuS8U#4|ivbadqfaFMwkr#L5VX2_bOw<{2d2@XB;IeCI!dK4`4e z41)yNuF=^&$Z}Y3JF6j5thz8ZQD{50^i53bh=SZ3SrBiLQ+@`?5g`(8Apqs^zrD)7P1D4*1k9 zb!y-dB=G(~ua@gJ*w=NERn zZDj8o%%Qb8&adal7M4mN#q+Vhd+ggiak{=IM)WL0a_FyM!$l?DU(fmj-@3<@c81$4 zn@P8O(H6P!9CHni!=qdl)X~=GqZ)5rG%}HHXAH62G(yGTFbwEd+Y?e0zu?)n)1v+1Zck&hFOPKA z+@g8*Ug~|N`-FVBJ0@1Fv$Rk)OIkn}-Y*cKtkPY=q*|>(VQ@$RJGbv(g{^!rP^Ubs9_^NcH4# z*JCcajqCe^RtR+7zq-@HVj*61wJC*L)GN{|ULTaG$;v7rQfGP~@~2LTE}g<8od=mP z>4Wy~&fP}FStKRTD^^51B9}-Bz$b}=9(g0%s`_$sO*fIy3d)Bu5qImiW1RQe-KUn| z(Pf2>+@AsSOZK#cg?oT>Xh_oy#v3hVE8o59YTW0s$iaPSdwe?|9n5(Z>1aT!dZ{ASc(b}NTGN7rl<oEs(M8TH-=r|2N3wsKKONbd`p8b}_%0{sk-!gx>GF=V&+)9_U<2Ljzz5IR!B zH!MujQ%wJCw)?6Nta-tgof&cJ5idBwB{$^5c?&R7yPd6sCBkx}_ShZmQ1ok+ZmQwT%x>x)!bG>%&kwno7IOD zHyepQA8)_N0c5YS#vMaWZD|V4u@>9dq||p+dYJE3w4a4!v+I2IP<-#55CuHnd{h0j z7rSer)3@*Jui zLFJPg6AzxN2ky1iRS^;poYMWyDgV|AH`h+~Ccg>`W`O!RksyjZy|&x~-(;DGR^gRu z#OpK*eS!pF&p0jBEhtR61%^lhXqUrN=1VxoTy!Xb>^$J;9KPirv#U8SBjsl6Cs!ev z*j?$$*Fa72n3F>@2-D6~iZ7)r_ko0Fb+&)KTwqmC8ToE)1tdv>03JFd%KY@I<=oxU zw5%%}4=cs*vo6~*zjc3v$0947@={kl(&|N$of@Ls6b0*}8-9JusnD^fDWZT0AhZ@% z5r#!!)?c{AZ4Q|*EYK_2bg)9 zpt(lGa#EGa4<>y1DPcEn+d6DC%K{ssTsf(=x zfkxt@KdUQ#e>vFea-ytge}^q6Wv#|alpvpA(XHn0gSzPbr*(s&%k;9n!i~!J_<>FY z^rapo@)RVLu*oG`F!xfz)Ob6EaeX)17J=nlihlu?p3X1izH_U4-ALAjmGqhR-LW5@e`&O;;r{mKhWmbB3^Dm3l;HUjC~1z~BE7Wj28{tcfe`1L0>zmn2Q-TG7R;6-WqVh>jZRxB2lY9W= zOvN^zvz_j6{1B<7at0# z6JjsYge$pLZD^KN(;3uYxQ}LcPopH;dz_n?2Rc4FVnmNvs^ZdENYi|IkY{3ms`7MN znN^xJfdvm0A+UUC{emPJHwtSh;#+(FEW17J8##jTgglmZ&u-W_-hS*`-9mqGc6q9j zLt`47TwA+4Irzxo@EQrIIA@3rpnf+fOLnsOknBJDbP_5Rv)3>$PSZ(yn9wSowXJ0E zvhxL83i}|dVbexYwjjFZ)fCrUV}2F?$FZfiikMvmp((KFW01D8!Vix}0p1GkY5OID z+>abt_c^`gk6n^aw@qxmr7U1?Usvr-rtf`6n}3I6wvSfGpi|I?Znq4q5icXIG%2p) zPR_6#%j0G}KK^klDyU^w_0^kL2YR65V%lMC#!u0-eX&Pcvl|~+qYm#Ld&yfMAt=`R zDW-k~G~3wRx^d!CbKlgSe}}7RGq(BM#g|-XcpTJj#g$r+8Bj_+#7~AK(qp~Cn&R2! zV(CFwdvgJ0J{p!O&V`EZ?8xf9_-er55mokxel~I90_w06=jnv!dVJ-}{_Xvj(3BXf z&sb11wikHs3i!aMCU_`pG4+MbKny{i)KK*>fh{!1W@h=vQWIxG*{@k}2*~<&xzgGt z;bL-V%^{>gJa@Ar`+sRs03P|NAi6v*6BFiLX6L&uGD%iSM0KJlvr>Avy3 zo$lS=s7yHZNqrWXl8~RVF|)Ui10{EAdh~XVUTAiK`I?`P@41{_Yx(-S2ibI~?5z9M zW=fwSc@LYr-1@EmBH$dvKK)0?KRc9&&LQdx^#G!|08T^h<*I z|LMap$~U#w-eP@!avbXZ(C2pJ^Cmb= z&L&Vv^F(sm%Cq}{A!3UKO^m?GzQqAifrMprR_-i~{$1n9D!Sexc>nn&&U*=smEY*m zvI$vOB_20GWy(uQDRttl;k&P)-|+aMSpzVX=JV5%*4omr*Tt;xd(vE?dFi?DgMANa zF8D^Qkz(ahci-5?Ef)2fq@0y6a#V~GhQ>f9T{+SgX9aXHX-fITHEptrUhy(uq$C8JD9t{f zPFevF^!V~@WsFjmiyR-!$lXr%ws~uY07~=)dcodZo!GxkwaMCZ41?N~M3m6vTIGmOl+3i1dX+xb|$ouIJBV zOLYddr>wi-K({fg6bXJ$Raek8_KI-s*+HaxZWh@!xASer0Bbqd!1xI+A42^nMq4Ta z_Oel(f*sT4bidj#51YDEtM~1#Q?J9=h5nH#I}ECuasRv+q9*VncP86nZI>;v^)E;6 zQ`-&Q8yXuTf6X@d@4^7r+&q`NJ~#NwK1uvN5VU|+<{{q{Sm@U2yW5Ws?wKshx_e*s z9(W1~8c2Sb_53WcXk`AjGV5$8wjeO1sp)|hsM5$4%7fg9QgS5;35nCPSigv#UoqWTd%dJn*qqb-sApK^&iHoN80Ab5DE!0L)wdtK7DCt4fITIz ztJgmXNA8PIw_Y(KT^PjxVxdrysg|WYm5dMdDmcgUe!p<{@~gcnom$b)H8=A9O)&`) z`!Aw#?EjHsqRL9=`n3+&<<3iSVH90%1AIuW>B3N^0jxaqGPzxvxW*QzozVCLzNGRG zQY?u3PBn?Uw1FuH2t?a#Nz^wJPXFy`A_y%vnL*Eg^|(CXeWBa`Xo0g_$SRIvz9#or zE%Ko4KCKB_&CTt~bfwcj1@!xf*Bm|$!AVMCxmh3^AMmL84)SpK{Pn{F`$ZL#Pj2xG zrHz?n;_Yp|!QJJSrXJ*Ke%%ExJ}$_3N^`FG$U(0p$e;1EM|`QFAFd>qzq2LLvPFOy zk~$o@8{IZKmrH7c&;JfC43+;5UQQj~W@b5l2xn#IE9>z?2RHiWo3K1$AGZIz;TKT- zokAl=s;3mBP~fB-De(q~|3O#^Tl6wQFn8}L?CzW4kmT}_)#a;-YPiSjlovMbv{C7pQ+j=qC6aii*q2>W?_41GY+T#cdB3! z->LDli|V8!Fr$g$e+V94YACD52DkaGWL`MEOY84{Wjv!`ohMMU+^InPc586Dmvi+j zQQhvOSR=IPR*5ARH@~!gmU0)8%a)jiY;V6}lQ!J)ow`jpR`WYmNHvumky^@fvRAg> z^0RodG*FhU11$Ifc9;7mH3jW^;O2dBA7Q{_Cpobe@0b{hHF;;3-xxW*LmTw_i+%co zQ>tnQAL;=4;kikHTHD0#xuUMEThfXqt2WkGZBEMd#d9p(Q#aKB%I9tm)X#LU_E6pf zOz#@jTwYgsg=GHn68{mX!>6Jy4cjbFT^g@u0qvZ^^;g!Kp^h9&oM#O<94AwazSqfe zR`2`a2FVnqBTWnaFmL0g-8#F>U9Ke%;QB$`G#PuR=S-r!eD(6c!z*jGZF?dLuKlBK zaOFJiXp@?aNU#zsIpe`%%KXnAjOHcQI}NcJp01Nrjg&k6b_q#OVq#vVE_lfSGt@0B z4Bq_}rilj}`5|=u+={!D&b}%>{H8#X4Uxnp%{O*w)h&AIdTjjchzIkTJHgRHxLz!G zy9Y85wIM1(sb!QWZ%Gz;dwu4p={AxAsb<^IJiecRBau3^X&Z352ydFra!;S7HYm|@ z#*sR>c_~D@dPV1LQ9M?sk>Fbz;)Upn@3x;j!8#~b);rp+eBnoW3ge5_%Va4Y$`4s0 zj+vT$Fe66>anpty9xqXzXI!{SsM^xxrhAI_g*=j=nJr&g`jb#rIk_?Cne1ozdTuyy zG8;MB8IhzVpG5i~0k2D_#?Ut}xC6UF<3Opg<3zu=fWG@kjvw5#DVxUa z`3CpBOrx~W(C1QjuRR-MAo=Zk5U*|uyI>Of|F9@|5)^TuqTiT6>I(0z;-p z9AO4O-t~bYiWaZCF~m_ntd0t(@OB5|1`r}8UvNSd8UAF=buvL-gZeJ^y0BaHNuY#p zTEVzbfl5`DQ+A3(O>{9mFnazbsrpLYCLRt(wz`XZEZhbXyOkFeUI^h20`e^0nVFRK zYJ!|iZiuxn1$v+FKmB_F$_+$`R;bzY1iuseOIEaARe5CC>O6GSDZGqgzK3?QOX6FY z5#q78x)0Z>$1dGvmr26!9>~i)p5racY9CM)5WDoiu(1rn6ihZ*2!giQw{r7}s&Swql)z3uddFDl; z78W`n+l$Rs_avdig0U%=EKim1UqAfW(Ag%=^mKqu@7ng2d!RB8yTcmhU)9r3^&7mY z7T8XP3(x~zAk4Y59E!R2qh+}^*p{1bhp1lxL3P7!(i&^`daFGOc_)mhbtBy~Z?FZC z4@^0B=-xL2l>E;vTou7KMVAL+i~GMi8>jiBJKK7utzGF~S|c-Whsdecl*OggsF}EJ zDL!>_;{Z;?f1Rys?M|XBJrjm8dxoxht^auB-{gvWIkn&mUE~QEh;qVpT-L7vU1a)s zo1R%Oxx0F^;rP|J_yRDlb5y8!h_<)Z`E<;-7m9JrGVHGRShFhbo$cxL1~pHfVxuqg z*PRI1I<6D)JG1XX1ujAJ{4l8KW{v1U*b{T+v`v-7lyIaM7ep?t9XkxJ;Jes(z9wcu zUGl@7<#LXi_CRWUK#IC6QATGtO7+Mq>vX$b;`-vVwQ*LM2k(}IX!iuc%18EVUNkyb zfK_P5KfpP9t+gta&(f0XlhF2^1FEjosT&#CRBc5G{Wm-Ru9cL>!@2l`;l$qRt+A; z#sBCiHRwD>2bwD}nKJ*4@Z#xCzK500J}NwL?2Xi!%$X~ZS8fU&-@E>MTY31}AY1eN z{Vq!>_BD5EH9RZ-o@WJfL`L&=a^z{|+qHIbr~DU%BTE_oc;bVXVn+Wp&RThOoW@No zP{6bdiC5puj>ayWPkaY3mzOT4it^n*OiT-`AwbKFqL!&4A(l zt;u^!SEy0R13C@><@#aeBIACQJf#F2cABcIV!~_rb^<1GL|v=yRgyS3Ei7D34*=zM zhDwoG()Jv)CaSqMHo&<|!Jv199usKx9}Cb8F+McVG61br$En1WN$DTaW}kYzdl-b@ z)Xyrs@wMq!jjAmKgNkHT}N;HS$jyCz|_=*<*w_?m#=S$?+QmWAVJ5y@LpkNV@nOfrH)hC?t<^| z1@|CNU*~<%PAUgbGZb_~&bjSpehT{TG7y|C(6*KXHjMqDwnxUf4vK3+~-;ur_wg%`A#H&3rU|!Dp+ki&8nm_#CflbU|Zo4*h=Pi(d z8xcGONMBh*KZ-?k2QxNZ?{XVBa^KlSem6(^z@GHKiscw(*}JbLhb4%*501D_`mFnZ zM2!F2+&n(jTCkpkr{sS?o}gD3xOl52Wdx*pEV6HP3tLMWcUn{a;=Zpw-rr!+uBgS! zd{aKqv<;EoIH6O{lQ#nvc2BQgJ5)=RcMOJ4kH?%Tr-vSrQZ6zMG+-e#D)eeR@d^zd z3TFEJb*t5e70ZkQpq^tS7&)29;R1$w*Wp<5?a(=IvNXmodoRj+<6}mY_YTE>$$V7; zxUrHoFoe}B*XyuNB5|ymTW~x`?5x1yhjtb9j5;45p^(ocBS6;~x{lSR70tKvrZ;%? zRz7JkaTpC-Ekblya(-2*{{MZjF?vcjkWSt;M)Zfz=+keJp6jpu6>%S!!h-^wy*DdB zg!{h!0YZs_;K@Hp2@NJiwaQt`foCsM&e;FZ7q32;xa}qSZL1h7B_DB3OFdn%_kn^Z z$JV^S9;vx)hf?LW_^fu|2qg@6+A;2t@#0!Z;LcBl(g1aXGE!M3cSfasr(r`LOh?Xv z5l`CJ&?IITlePhOKe{QA6I)lQS_eLm23^9MrnWsv6CYiU67Go~FT|~Q#|rrE z{0WofJ0vxmyIaLr9^e<26))WMczP7Hx)As|RUluj9kYFpC)Zhe$$~i34oj}9Fu$Yx zT_!pTov#2ju6I(U4#w!rzYZ);`&v7BHPk0?^*Uo*dP&iW3`kL5sPFzm9xlxOK&s)< zc!2&pXBFR2_Lp#|+PeWQ?BR;RtFiCTB*r%-x&RKvaFAIpX@KTYYbIrkS% zgFrQNF5C|J3DtC%>`R*6PBl;q@0P}we&Sxcz{`A*zcHSf*mD0ZD0B9q%|WryVe1vU zF@Uvs{*9>JB9Wu2r0Qq54L?La*BiAg0{~VDOP_`YI9UF;MOB!~OSSXTuAPlDcm1I> zUen0SlK1sCix+Bne)*Dj|B*6M&jowQST29+D~qin2-1af*2y@lYkb$FK_48EPdWv) z;y~q}SKkmRJchDgL2o81ESeCwz}s7ImZk9kc7dq6n4l?jlHR)D#|)W+f!S?SaQq4? zmMzhq?K48p4)xbCND>b#XM68)P-U)XZO>a1>NA$1SF|*57ruv>)KKqN0Oqq9*6P1X zT7H)t{`#XC^OY1=J#9H_Hg;-2Zmm9qT^Ofg*pKso#N7HQ zBRaOEPqk8QV`3)<}sdOy!o$?Cc=3B*)T zrQ2pD!;E2O$fbsH88ZrFm||PU{TiNfd)om|1L~;^=45fqHESb|>ylL4|wybr+P(<_lD&9{2%OcVLKBtAvXD z0r(h+RSB$`Xo0RwGJMSHnvNG z+YcIPJ2CCWzPpBen}@8_IADt~{pG{wSKM2_&#AG%o4h$FJ0W1eLY&I3!6dRAeF$6i zyBtUEoE$T;5mPE3+)BJr?E63rAIzOO`N~GQzQxf%geDUBD}$5G7^8l>=a2aJ z?6H?4_iANt5@^FCf-SjpPub)>Lhrd6I2&8oU4QQ`kW3|>&DiM|`OIa5T$aM10rLZ} z7kyCUi=BtNRW+tUMJv0y8!1!Qi-lzoKaPd_gtnH7%itVF?cvOWvg$M3Ca~waK435} z*IqQtv!rsEBg*a09o!=!L3HtXOnIU?By)eCH10+EFW;eDXTN0aeJ0eL4t=W33Xqow zBrnqM%?6OZ0y8$$l2ijGC%ab76q^MJ(>Z)jx;CtAYX7%uw(J*c`GkJh7UjPapCrit ztB0cWznV|RpyiMo>P+#f(Be!FpVc&z({VG41&zJbZH1p)v08BZO0^^S@| zSO808;TN0GtMGT0eyj`FWCVU)%3?LlBS6v`4X#k24`c zw6_qs=!P(@tv~gy?lCZFaN80TJ2v9iV$Ig8*ql65Vuq$saq1@<%wKD;$JeN_bBip z1%|WSVX9|ay&_RAa(hE_l+~EDf^?lJ5KTkBvG_dJL;dwGiMiD5l3?w8lV=*K(QhGo zNeflz!S*Mej*DuRbeW(Tp6L|cx5lP#`QidQAD9SGj~jcZFgi2|Rqbqaw{qs>0S$~+ z+0_kk4kI{Eef~gif~b&n`6=P*iN2edIjTH9MqUJEl;@h+p-~SD7=&=1}8^OeVKxvZo64*n#D`}9T% zbF?(@8ttyKMjiC@V}0u;Jb{+509#YiY+kJ1f!51LsRt;%f~XL1OdYwH1vlML|Fj=E zFLkI==70ECPmR`q7zyEsQ*|J46n#m}x7R2}PgBA?JwgKB;D|ykqNxEvv>ve4@`?cN zBrKGq0-*nJ>M)p(x7^ITj7}0XG<>@!r733zko9#|e?Cv$38r9cDdF$K@4)(FIDw}Q zrYo`vwBZh;deIU6iu97y3wJw;!Y0DMebT_cPY4;Ghn&CA)u*fYuz{kZZNdj7a|^ia z>oh#?e+qg2E_K~K%O>fG3H~*`6BV!4Iq+iTB^I(qfQa1>DxV4r0qr^=FDMxwl)dz- zdQvGxBp;ni43Rdc2%~diVn%|;=kS6cnne?~EGQ<1a*k?S?w#u8eD6YkK6^*hG8MZR zu(mn2RmP={C!M*1UC}dGt?q&tH_(4G=QzznwY(N})D|w(Ft&|YCs1{B7iS*e-y`W#c(?L0`UvK3294yeql-hl(+y@9hL9=I$rLY&DkfX*KyZQ2~ zQL+@9@QijC(m%lDKC5$9X-^s&%hnulCvYBD&jTJFn)YZ=MSo6(C17R~guiU-s->=L z8q~Hn*xTr{jSP!uBV4YkZQIx)INeuj)gC~^b&x1dY~^!DNo9LJLdf7qW<0D*8*U7* zSc)r5_(Ihd9>1$`*KJqbnBs*HBhd)-!p;%Z^5Wg;=)ZVt$Pl5=IC}l za-Id?&n{wFz1AlkkNQp2gt_>=H<9NZfet0%k6Ldix)iXFwEMViPc@oVPmdpaX(Wd} z0SljBZ?(EX3nIyo(X8W>t}EV>=Ep1!NE_*G2bxWnjxxjs-k(%Wn)ooN`!cy=@ftlO z@%^c-uHftr^yWI&%0}y1#(4nv~}}r>%YH215f@xIgdWEQQQJMDhAt z-opoNMM-RK&QxBbq`yI=`;8Xwr literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/for_each.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/for_each.png new file mode 100644 index 0000000000000000000000000000000000000000..db8da7ef89ece1840ded4a5997160ff181104a12 GIT binary patch literal 10025 zcmd6NWmwc*w>K(CN=pcWbax2|$k0;KGBil1;(*f9(j(F!5`x5#L&G2?-7s`XGqemy zpFiHueLdGX&#CKN?}zup#GbwP`tQBhTEDf{Z_kJ48cO%@9^heMVBAwtmexOE7; z$Z&20zkpC=Ux1HW?%GNqjFJJ`O`w5kE2}Pxfl(fde_??Iv~k^(4c##?C|GV@w^X#5 z_c1V75i0Vsx^GQ)G92AZ##8bx{Uhi{rN)2R<|WgcD1?@%rItKXSJx(=i+^Jip3lEa zp2SQH3i^<>8E`A!+{(SG{2@O>K#-grjg=2uqDoqT0M$O0Pe%o}Y9hC4g^Q9Wb?--( znYVNquJ+d6t}2O-PkiU|5z|$?3t;bze(^z5+g{~(1Qq>Yf2O|$GlF*Qf`2_!oGX~v za`rLgv*h|qudBvURFav*k|_b$BM^~XS_1K`X0E=iZxu&_W_xq2zMpV@vs%tp#Ks*tJvur%H#avv zKAw^*hr=L`Da2eTpKM3=E_GqJU}v^zD#PQBjb<}aPGgjP5x)I67K=C~nBgT5A75 zhDM_y5J;6u3_e4!vZcO!tTL${qZ<6f6D@W|h5Y&LW8ojgj(0_A^371QQrqt&%qSX1 z>z2v{6T4nJIye*-6%`d0a>naoK4uIiR`?KaPU_C|Q9c2O%$ZS>JVLo?iiA5=p?dh9 z_gR&T5&G)tYJT1nA(%XR9Sa=pCxOZweauLk%g{LjCsB=9q_g5op*vx--rnx+TI3xu zYJE8?upK!lJR1|5t&QDEe)TQR}y_2|{^Cy-Z9@tgXKS{o&a6?%msK zI+>3;-@6_ra%H_bJ)SXuc~w?dBO$h=H%oNTMQuzxNhg7w``;ZM9v+^Z?JG(ER(G)Y z`(U{l47WS2uqH3Y>UEvgJ=|{->g^>mQeESRG3kv(m|x0-cE3k*adK9CK~tLfywd*Y zSW=f)T-;Y>8WBe4)um|iZZ(14|KcE9A@YX|vhvlk;=nFv+wYY3m=h1o+qKAkPL^BM z%)agokH=>iA-wC4_H35>Np3vK-{7(1_4A+;(73Ub5O4;m-Y|E~NQWl>-xJu_SyJw-+caDWxv@9&&vnl;uU5c7rf ze)}!cB96rbrOk+o9rZM07NKM$)Pc8Zer$|<+)G8JJJ#II`8`(g_|qdx+h8j0CSm9VQ~^vt|>M2;7o5~m(BIg+YP z>6?~YV(lbuAAoH^Gj=oc^s+)}tBaO1k95jt*XnYS)FAvyLqz66Vn0W5Z=v+*)%hM< zijGl5Mo38rKBYEGKLzary29z(fP%FvUNJ3kMn^Yz`d3@`QW#Jd?)n{cEYv=;*#|4Z zPQRjS7W}+ts-3wEN{lOBc4v6bzgvzL+nsATNiZ;N**uay+sJWW>ocsh=|{qh$^mWm zDtn{H4V<}aCn#@SP6d&hi4@$zBG`a9S-Tgpc=vr&6SVFj$AiDH(M7e;lB(6p+R+Lg z>@PnI{Q^ETBr@YJ?ob>CRj6A>x4fj#X=3^tT5A%vId;RWoDL>PzM<$iXBczK7_RAp%+_@=aJJ5JM z?Kt&%{>`YmrWAUN$ZtRB4mM$5hGbH&{DjoWY+H=q>ESBTlYNZoYz&wEWEsH@>&c-{ zl(XD9qFpyn6Y31F8nMsR;I&cMn8+#xL9lGA zu|_vs?T4qhb#S1JjuRzwjqfUp9dk z06v|5LnkIusI?RNju+~AA8)@y!D(9RmNLJB-(fc!Er(GK%UkW?`ki8d0%tf|E_#UQuFu5dDvg!_LT*U5j14g;Doj)6 z@~B2N@$FJ5{OUMQ9fgEJ68hqr!6%bMp!1LZ%VXdlLEgSOR=dk~Htk-=+kt{SEgl!D zYeUHv3TV)CqU41XOiVSH_~8 z!fDoc4BFVfGDkx}^gd-GzvEVhvgC+lp14nxn3Q}Lh)_jofzqt+bXq($;J{QvT}d+s zcZvIO`d^~f_fkF918qMW!rhkSh@|(sn3|usEe45it^>()C#wK-6p#Z`g2G=g+#qRj+zsUFE2Dt0$dwBqbol*u`H+!dVvvvZU(Jzv zVo*EY4Y*r|++b@t=)ax)?}nRhbA#a<{&)b)?ZN=#Nq=&Pc^mdnojCie7Pnv zeB5@w$IKxQ(9)=Hy9;bOUz0dzuF zd2vgxNcqv!-m2WMb5~M7fj3ie4`*u53pNe?KVB7eZQB6MIOCKdl zz0l@n>qrQ7@~}_;a8I6YPcZH$#k-c1@~ZeouRl7|(R@s|!I^>GIYcW>*J;LS=HX^| zNHWC{r!S!9^>6#(SYU;^IUK4~cDw`vYWPJyJDe_XDQm9Y|8*-=kX1y-=)K~vg8Q7D zoRgB3>ebPe6GbFr_06}QjtuU8mK~@3{_*mH)g?_vyo=`tQMqLBpoKuUeZ~7f>x=?- zrfvJHL+?hw3&qFM#_$++veAns?=e+HLEv@yPxdDb5J@Os0L%HQ=gzb>8JG~Wh}?-& zk}!IZ@s9=s93B#XlS*bC`dT`@Oz5i36%1E>uSlbMTTk({{7v+4r#aRYJBMQ|oc_W7 z@1@bSIME_m*c0jLtTcbAr4Vv3PIa*Jdhz?MX^Y+2y4iGN$K5it+Z(j;clD&Amf`V` zF2=@d6MI@^RL4NLDdqYo1*$f=y{91EjuItie{l$e0>xrM{@>uh@%}V1oq$2<^C$*x(ic2D z)i#1DY^Qjkh245MP@A{Sbt8}CkdYZA3%sT+tb)M`_=vU+oZ;gE@-k7S9(bI&AVh~5 z;>4o{Di!&t24skfZyKnR@2TWD#ZgQ@nxWnl#2O7zNl7{7S=h%lXJhQ7_)fiZ_o-xv zoyc$S#f!8a3aej3)~a9UG&+ZyG0PZ0xk)54`8f65e3G+*Js6QtGRlQb z#UN5?8RS!;$PP>@brk%L_lwdeLJzQ3tOvjNf`?q_9FMSK5}*8V$)ND+F7JHMZ6C@H z3-c;SwKdUxP3ekD%W*CwSf^PHQbv(?mA_OJNQl0N=-a4-NJhfa84!=;r+;Wq2;2hT?U4Rv$mItI;M>i6FuUo0 z0(z#~8%lWqteim$k}(>sj8$-;rD_}QoPZu~+#(jv%NlUwU`((`+($5c=(RG+^7bE# zAE{5q_F9E$~AWMYW;BnZpAbm}6w9M3IZYHUgA z^v`~jB@@6Vud(R9^4Fdey&Jv=oeT9}4YnGdQ}M4L&UY(iEU~Zn#;5j4s^|pws3r+Y z1X=x7motsSpWJNOJRPire5w5f%Rsxj`BzFGu~EHhpE?;$XgB^X=&>$COb)XYg8nhlcQ*pWj#fK&Hj& zpcINc#?Fr+UAT=jfQ^usA+d>QCA^Q4iM!JsR@xDNWBW_x3K6yptm;D8)+nIHop=LiJ8(uhv2+5v^>AXxG`=gM&_bvoiA* zrr0MHHvJDwV^CbeKXM?yD(-KgP|j@lvY8(TDJG{?azb+SNLa?>kOdk(yEF&cZ5l{<~%H|JD{Y~Dtp zQbg}mHh3M%#pHN8EyT1Jc*Tw)ywF?UkYdi93=5boVTsPtM&6DB6L+wBiCTX`wGL)z#gKq&?F-354V0b`A3r!Mcu~B5>LVVdYI^j4nTIp$x{5A zLZqx5rBVciMPF1?bKiQ5rMG5S>y`!QJ$#=%B$4(e-Opg;@OW@%WQCdz;7xnn>OMH9bIBaKW=U78q>#fGEf ztGg`h=H})Bw@a-r&(I#_c#*hGCKY$3tJa04!mjhO&Vz}?^Qo!^5_?29KOG#}5sjKy z*Y>dI4nloqU^IP|UgMk(lxB0XAg0g+)o0Iu42j*%xZE;?15wr`2eTSqY}V}-9I5Y; zi_k*lz2-{$3Dk1D1rV-TFBA{+OeN&pRtPSXmdW29M(@|f&gBgg6BD~$BJwZ$(aI>} zi2{W`>iC9+FJ}(Q+XFSe)qv`kK9A1^^6xfBzSd2fanQ)=kz`OMwQ;@awYPItWA>9+@sVY1M`I0}i^1n;m z0HpapXKMddVi(e%a)r<_OV`b1sZHLkP@FuRZ-}JmGx)0+(f0^ODas(gp-tdv$n=QG zfRrOAGQ~a@-OBosMImB|*AX*?J$l2^=7D`v8LpuU)Uvksfh_AYruyU*MKGTeNMAdb z3XmH2VI-W_CJ&0lPm4<+=Ll^mCV81Hoc-U3;^-Zo8a6dFGz5da_7__!D&+e6)w6;H zvKxvjE3&goN<_y#&$uOtfC$ywm29rBF2!cu+N_gIJb<#5&!m0~l8bRY?t(bAk@hP2 zY?6ysW4hT0m$i_@^h_@iJuerRqm!MTI(%$wOjtxT^z{!M7u+x+`VxQy;A>H$_dSYs z^#KaXc{@kPqLPyNGK(OT@-2I*d1X|Hde^h5sO3&a!iN%{?Cg(uY#gp6EBrerI%6K@ zU?|1X?QHJ;lo7B#Mz08qh`i1vxPM=1gQfE$HM*mlPR2H|%>;>4C#dD>x~J)XrjzcH zDHk-@8|!~zCAw!|=8K+h@;*O1^Eyi@`z{ch0KR5K`Ra7ge?Tf(lioADBa%`Tb?}$cdu$$AGER~TLm+zh zja+pt7Y}~?xErjI@=&6w<>eYKt2@!YyN&p)b#xpT+0w$E@18fUi4-pVxAjc_&qTcw z%~z1%fgkD1F%Km-1kEbN@+YcykiU0a{m&Z~E_roYa$==>#uJfNQE=1A;NnmH=1hkA z`bcEzJ`V$|vh&EqX&g{+QE8EtXKZ^8*j6+%z3s+QO4Qmtybo8pU7OH}MQj!gO)tAi zrRBf*5WtKgMdn}k@>IKvajS!4xkkJ!$SSl&b3}#%ky8O;Vj_$upLa{X6ri@YCOs?V zJiB2Zvgk`hMVY~=y*-5QU=w3wL*CmjL`F23!QA3ufL8?5rrM#m#tlp$ zw=w-ZNJin0rHKoZ&{KGzZY(QTC7!qW;*iqxt;ODa(}J3y>wF_g)qrgw4CV}&5#T#h zfT@+cE+8(?PyE*<7cA};J^Ndw|5rc$e+UWxB5L61B&0p}cTY>lnEs zt!XYwGfn{b*HRpSLQxhegd922vGVAE0WZ=uFfd?*K7RF69w3GPBcrK_y1cwhF9izT zs;a82tgO5|#lP1;UXXpmp48Up6&jWOxu8|Sf-~4HWt`=9I zLS+}lD&u^VB2%_AK+!2pjC_6biN}j6g-bZIuS6Aod z<<-~M0{|tcq7c9YS_uSzOfy3wA*To*3Q5O|Po{zXgL2P)?k=H?HbQTZQ2~-#M7NKF z=h8Cx2tUXNCWr_Nm$d_tyS`o`5x+B}i({|(S{l5*u?1QotYq|(|M-p6B3pgs1E^{A zQU@|q7(_kklr9Pj0x0+kG7nb|gy0)b&&s^xV-J_d+~q7Pzxa!d!qaauEaw?fI6xEB z5;9c8kXgD{QvZ{QM{Cd@6x2igU~*mCK871RJ0f-NMHa6BV!4=9BDjmhNB2v~@o#8_ z+`05jmG}CwRD*{P!jnkv0c_$c9u(3S_h(UL5`ey$Bp#-Rj}}47ro`jL8l-IZ_V#Q= zW?%O0nYS4h5l@8;;+oy>CG_*FJ^F=|$KTWNMjc9jea2+MJlUxdzHJpMZ1iV$Bpeb| zwtQ=E%4$k<+&&6BKHR4DkaqQmmlUH;w2lyaQABJQN~GehvplcqY3X)S68)4CH+PEd zSvdDHd5W(1B;lN~MD-|x4p?lvo%Q6)f>g0yxKk@zZcfuZ>ytO04K>^BaZev~A7_y= zrae|*6>v{gkOPU$8hIoiInKG+(uhiyJ!qp~lRsXnY{6c0+iV$q}tq1} z_&(y%dPh>mW++mjJRoT>U3|GJrn8ff#u{u3Ov1ymHzCK*Ll2(pZtkUZ$t7P&hbp78 z1LFRS1|G#pn52HBlt(ZuN2T=?=y~xQph&T?vC|&V5GMKUriKD5U=|8~Kg@OrT45Wh zXQ$XdoT{|d%#`-s_;n}i-nku^E&63B|8p>9NFbay0>``Yv+@-pX_1czU=ELa?C-9yv@uOKAhD{C7tP+F~=!ZRBvUM0V{dcg79{8<3ClUO?yVP%_W(9(b0I> z)|_19xW*uv=~;;&YcU3-)sHIA9QmO#zkKJ?l5czbF(Kk{uH3oJhGIXig-c^d~r zP1zl|h&*xxs`MpgaCVc|)2!$05&XH35KvaQo-ztA1VmC4hrEv$!l=&x<08jXC8qI+6fJXDc%Y=NtewCMp1D`EJpnyDnSoV93KgY_zhvgLkHyT+>5(0MS}++Al)<1Bx`O5W z-FE0wQVT)fa*;H{V`OGH?WmWXXb4Da1=}7ae=IsxH7JQ4V&f4acu16I} z{g;*QeRa(+{w+3+U;!RZY&PV(L8_{~s7$R8Q*Oj&yLH_#>}4pCCoW7j>v=m9lINPqVs*>+gDstRB5+qhep-aa zGSK%w1g$q;#(VeuTt?H-Y)S9ni8kSQ3wZ{FEY6nl@${{29GU+~B+SLW|+J|eeqYu}wk9NXHmFC6K zGkeJX%fSRhQO)vf@%7uyFn)@+#94duV7lq`nDX;H{%WKz-&#kja7-3NhDg>X0$k(a zV$foLA5URe(bO?xUq;Yc#;+bVi;X`seA0W}Pz`f1NAE;SJ7>!XDtw~9d_{lzUZI;4 zEN4J~uJ!q&QP1JWsYsQ|^*u!7#iF230VY~cIJ5I&H_1Xq z@LoxeJ}IqgB&7VVX-C#hXOI<-Qr2^F_mu`@!xr}XC7R{RGxyX$*OQhWM!@y-ZsR^EzE7iI2LFPjfl$ki_AC3QwL(bcq026_tQfDhUZVl5{ zz#a*Zc4~%(Q)2}>;`Q~!AyGhr1?T;9yYc_SM??$~i3BqJx@R9rst~W1e*j=;K$7hS zK;5u_`6uKY-<8(Dc(RpWgw zYMIhaIXP`;T&-jv4ozAN`pr1kEFA${yUF<hgJeNwN zzzUQ~cGQt;hPw9b>9_yzBhTgr-&+4u$P9s(0QxBhu9yHlS>DI`f-bb`G$@(pSJc&; z2o5FAnkWGJ6-ZA@(2k|oOOkue_e4T1+k=Ntx&Y!be(;%)fF94CMe-qp?USQf(&)S| z4q|1d=z6G`s9FiK6a!WA)KauPYA;^&9~ikbp@CSDJ_IMj(>NIFOG)P%lm1+`dcXO1a@)bg#q^2yTJ$z<&1N;Z! zKSw0afO6N{&9aOH#%EmHo&h(yEr>?0ZII#MMN(Ww=#*&^#jsp( zP^mJRd;%E4;CG>UpM^gJ%2erXTH~})Thi5(`|vD=JV)bKzNBwCUYx*D)UwXd4dQy| za_}pW{t5n0i#XtvvhuI&A9jWuDLoPl3`{~SG`qtq?1vB4QMAsVh)9RNYT|gD>hOzW zrS%LhU%I4-Cemv36sSC{5N$u1{#d;?+5MuKpT63OYvzpFdc9&P4`P$kF@mG|h1dZI zVs#OED#ga8ek+^#nQH)Ig}|@Y!}x0xq|iX&=UnPAsUi9pZ`H(e4kAlw^r&YTPS>b8 zX*&P(i)@&n-1E^jLm8v8i3PgHiUuHrq%5h;qxZs@_TYS}-*+%1ABH?{0A+Ql2n&nC z)IjeY45yZWYvjNiXa@9-?I&>3VkUh&;BAzD?Xza3$y4#;YbmUD{mSeM? z{;H8404&eR1CVUjqp>wE=ebw%ZO0}JrOlh7j_FsWLR_3hU{cs%bM2VzT_zy<^y!$7$p z3_5csw_xj)LIUk~2xSf2ERefJKxlrRjR8lzMu&<`I4Q%cVW!Q{!)EDy99fHAY>pt&uaE2?YoC&f_)MHtOlu1PonaVeC9tm=SV%^;O(3hH{~-i z7I3ZjKi&t&&&mYc{O1b)Un=hZ#ceVPCGUlQ83(0-@++tS@b@+h6$K6X5|DY|zX8KJ BtH1yN literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/readme.md b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/readme.md new file mode 100644 index 00000000000..d6fe0339cd4 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Username-Breach-Data-Playbook/readme.md @@ -0,0 +1,55 @@ +# SpyCloud Enterprise Username Breach Data Playbook + +![SpyCloud Enterprise](images/logo.png) + +## Table of Contents + +1. [Overview](#overview) +2. [Prerequisites](#prerequisites) +3. [Deployment](#deployment) +4. [Post Deployment Steps](#postdeployment) + + +
+ +## Overview +The SpyCloud Enterprise API is able to provide breach data for a username or set of usernames associated with an incident. When a new Azure Sentinel Incident is created, this playbook gets triggered and performs the following actions: + +- It fetches all the account entities in the incident. +- Iterates through the account objects and fetches the breach data from SpyCloud Enterprise for each account username. +- All the breach data from SpyCloud Enterprise will be added as incident comments in a tabular format. + +![Incident Comments](images/comments.png) + + + + +## Prerequisites +- A SpyCloud Enterprise API Key +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the connector documentation page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to deploy an ARM Template wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Username-Breach-Data-Playbook%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Username-Breach-Data-Playbook%2Fazuredeploy.json) + + + + +## Post Deployment Instructions +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- As a best practice, we have used the Sentinel connection in Logic Apps that use "ManagedSecurityIdentity" permissions. Please refer to [this document](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204) and provide permissions to the Logic App accordingly. +- Provide connection details for the SpyCloud Enterprise Custom Connector. +![for_each](images/for_each.png) +- Save the Logic App. If the Logic App prompts any missing connections, please update the connections similarly. + +### Configurations in Sentinel: +- In Azure Sentinel, analytical rules should be configured to trigger an incident with the Account entity. +- Configure the automation rules to trigger this playbook. diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/azuredeploy.json new file mode 100644 index 00000000000..958f76f7434 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/azuredeploy.json @@ -0,0 +1,686 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "SpyCloud Malware Information - SpyCloud Enterprise", + "description": "This Playbook will be triggered when an spycloud malware incident is created.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "entities": ["ACCOUNT"], + "tags": ["Enrichment"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Malware-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName":{ + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureSentinelConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('AzureSentinelConnectionName')]", + "customParameterValues": {}, + "parameterValueType": "Alternative", + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('SpyCloudEnterpriseConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Check_if_the_incident_is_created_by_SpyCloud_Malware_": { + "actions": { + "Entities_-_Get_Hosts": { + "runAfter": { + "For_each_incident_alert": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/host" + } + }, + "For_each_host": { + "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']", + "actions": { + "Check_if_the_records_are_returned": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

SpyCloud Comapss Devices Data for @{variables('infected_machine_id')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "Check_number_of_Records": { + "actions": { + "set_more_records_display_text": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "more_records_display_text", + "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/" + } + } + }, + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@variables('total_records')", + "@variables('min_records')" + ] + } + ] + }, + "type": "If" + }, + "Create_HTML_table": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('compass_device_data')" + } + }, + "For_each_response": { + "foreach": "@take(body('Get_Compass_Devices_Data')?['results'],variables('min_records'))", + "actions": { + "Append_to_array_variable": { + "runAfter": { + "Compose": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "compass_device_data", + "value": "@outputs('Compose')" + } + }, + "Compose": { + "runAfter": { + "Condition": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": { + "Document Id": "@items('For_each_response')?['document_id']", + "Domain": "@items('For_each_response')?['domain']", + "Email": "@items('For_each_response')?['email']", + "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))", + "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']", + "Infected Path": "@items('For_each_response')?['infected_path']", + "Infected Time": "@items('For_each_response')?['infected_time']", + "Password": "@items('For_each_response')?['password']", + "Password Plaintext": "@items('For_each_response')?['password_plaintext']", + "Severity": "@items('For_each_response')?['severity']", + "Source Id": "@items('For_each_response')?['source_id']", + "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']", + "Target Domain": "@items('For_each_response')?['target_domain']", + "Target Subdomain": "@items('For_each_response')?['target_subdomain']", + "Target Url": "@items('For_each_response')?['target_url']", + "User Hostname": "@items('For_each_response')?['user_hostname']", + "User OS": "@items('For_each_response')?['user_os']", + "Username": "@items('For_each_response')?['username']" + } + }, + "Condition": { + "actions": { + "For_each_ip": { + "foreach": "@items('For_each_response')?['ip_addresses']", + "actions": { + "Append_to_string_variable": { + "runAfter": {}, + "type": "AppendToStringVariable", + "inputs": { + "name": "ip_address", + "value": "@{items('For_each_ip')}," + } + } + }, + "runAfter": {}, + "type": "Foreach" + } + }, + "runAfter": { + "Set_IP_Address_to_Empty": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Set_variable": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + } + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_IP_Address_to_Empty": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": " " + } + } + }, + "runAfter": {}, + "type": "Foreach" + }, + "Update_incident": { + "runAfter": { + "Add_comment_to_incident_(V3)": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "owner": "someone@someone.com", + "ownerAction": "Assign", + "severity": "High" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "put", + "path": "/Incidents" + } + } + }, + "runAfter": { + "Get_Compass_Devices_Data": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@body('Get_Compass_Devices_Data')?['hits']", + 0 + ] + } + ] + }, + "type": "If" + }, + "Get_Compass_Devices_Data": { + "runAfter": { + "Set_Infected_Machine_ID": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/compass/data/devices/@{encodeURIComponent(variables('infected_machine_id'))}" + } + }, + "Set_Infected_Machine_ID": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "infected_machine_id", + "value": "@items('For_each_host')?['HostName']" + } + } + }, + "runAfter": { + "Entities_-_Get_Hosts": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "For_each_incident_alert": { + "foreach": "@triggerBody()?['object']?['properties']?['Alerts']", + "actions": { + "Check_User_Host_Name_exists": { + "actions": { + "Check_if_Host_is_Managed_host": { + "actions": {}, + "runAfter": { + "Set_variable_2": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "", + "" + ] + } + ] + }, + "type": "If" + }, + "Set_User_Host_Name": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "user_host_name", + "value": "@{variables('incident_custom_details_object')?['User_Host_Name']}" + } + }, + "Set_variable_2": { + "runAfter": { + "Set_User_Host_Name": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "user_host_name_trim", + "value": "@{replace(replace(variables('user_host_name'),'[\"',''),'\"]','')}" + } + } + }, + "runAfter": { + "Set_custom_details_object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@variables('incident_custom_details_object')?['User_Host_Name']", + "@null" + ] + } + } + ] + }, + "type": "If" + }, + "Set_custom_details_object": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "incident_custom_details_object", + "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])" + } + } + }, + "runAfter": {}, + "type": "Foreach" + } + }, + "runAfter": { + "Incident_Custom_Details_Object": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "equals": [ + "@triggerBody()?['object']?['properties']?['title']", + "@variables('incident_name')" + ] + } + ] + }, + "type": "If" + }, + "IP_address": { + "runAfter": { + "Outputs_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Incident_Custom_Details_Array": { + "runAfter": { + "Is_Managed_Host": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_custom_details_array", + "type": "array" + } + ] + } + }, + "Incident_Custom_Details_Object": { + "runAfter": { + "Incident_Custom_Details_Array": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_custom_details_object", + "type": "object" + } + ] + } + }, + "Incident_Name": { + "runAfter": { + "more_records_display_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "incident_name", + "type": "string", + "value": "SpyCloud Enterprise Malware Detection" + } + ] + } + }, + "Initialize_variable": { + "runAfter": { + "User_Host_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "user_host_name_trim", + "type": "string" + } + ] + } + }, + "Is_Managed_Host": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "is_managed_host", + "type": "boolean", + "value": "@true" + } + ] + } + }, + "Machine_ID": { + "runAfter": { + "Initialize_variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "infected_machine_id", + "type": "string" + } + ] + } + }, + "Outputs_Variable": { + "runAfter": { + "Machine_ID": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "compass_device_data", + "type": "array" + } + ] + } + }, + "User_Host_Name": { + "runAfter": { + "Incident_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "user_host_name", + "type": "string" + } + ] + } + }, + "minimum_records": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "min_records", + "type": "integer", + "value": 15 + } + ] + } + }, + "more_records_display_text": { + "runAfter": { + "total_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "more_records_display_text", + "type": "string" + } + ] + } + }, + "total_records": { + "runAfter": { + "minimum_records": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "total_records", + "type": "integer" + } + ] + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]", + "connectionName": "[variables('AzureSentinelConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "SpyCloud-Enterprise-Connector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + } + } + } + } + ] +} diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/check_managed_asset.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/check_managed_asset.png new file mode 100644 index 0000000000000000000000000000000000000000..aa70bfe9c50e9e0559a916850c2d4fe5fd1d10da GIT binary patch literal 29855 zcmd432UwHaw>}s}@t^`86*+z0~HfDL){NXTj2P}8zd`RRi>-L)oar-PZ|KKyz3 zR>PC&!T^rXulOD``0-!94U2a?%yF6{_r>X4El;CEw`$hT+|;?LLr@fwvMn1N?PsZN zSqxV3_Md4_F6C~S!FDANzMndM5ZoRDIcNAS=+ORuY>UGQSI8b zfphy`m+~x2YzC}?ERGWTDig~S(v}BP_dd_;@B2;BPMLRJIzX!buVat=UUz`8j40V)X3V=keAO2Vd+w+IVEW`y7@^$6mRBJO*bvc>MKd)0e{w?^ojImtdY z!z;u2jgifHZ@7zdU!Od6YI^$osC~M7%h8$was*iGE)D-s^?>#Vn2n;i+b+TLO!?fd;zwC(NV&_BYSJ$t5!r9W-2c8uJ>lYN3252@M^TQrVw8D1tSHXIf}`I1;~bC(n&w4gTMbz0Kf4{= zc3x`n5bHBvR};wz1Ex%71J=AQf0AwCc-gF2!ta@37aj>Wcz01ojVj#al4T~@3#{`| z=*WJ=WpW8_HPCxD>AmZs`f!E&aLSo9PBE)!GY4#TqqW!W)}ujeSlG~VUhXpoSYx$Q zM;bpbJMG)T6d#HFm>{4q!ws?mBgY4!v8B6fFVq0M7&J@JJj_om&q z^NP+1wVNTg1$8qrDBGe2UAVm2%3oa$ju`zTYzwmPs4nXF#Gn=pb>(-NLi*RJjOPni zm310ebS&k0`zrSLOjg+_nN8(EjuW!x-aM|T$DXrq$wq}H!qrP3emG*7+h0jwbRXE+ z%W*ueH3%*sIPa7J^G)}Ma?eHE%!}H}zj&+r|cUl*9aHYiO+im?KRu7pW zt@u6HLviQSh0^i(zV$%HEK^mBNlUw;rKRQA8yFwwBj|3Fv16Z@-B7EB)HeEX&roWt z%EojxK-?vF05#`&TTw)Q$RxSxHIL^Ir6xZX*N3$lt8*AS!oCs7KA4Lmw`UZYm67e{ z;zmh0hI#WvA3A(kYc)YOMQhg7-lW_obXRNjqvCptxW-d|VhsPvlu}3TI+}I5G(x&~ zV5INmYEQO?!+K%7g4RlbZE;2eDjEU|{<$ zlke{ThQD(l2G?N_oM#z#ge;|}7yM`Ud*T1n4eu3M30g$igQhh%#bluN^O^} zah~pHXkVW)VSwX0EM)n)&mzH^jaS(Xy>$dZJJ!~<-})8fjKhnut7mk+HZM-C&HH+V zbl>gs`}K`wur9DHWP3VMGHA`&r7!P|OBX9^@nlm}WkOnF-(*L!lm_r2j$*mJh}#+( zZQ%!)a&(g=&5FXhGxcnCLll?Spp5IQ+8VBPoF1stI5yK64^NRUOQ;itVqT^V)|u*y zSqe{-U@xnEf7O;Oy*c=66_O@#rKz1@r8R?@WcqgcBpw(W^X-l@&8 zFxjR)?_{Omir44ldfoD={j<_8y_e(`>sH%WaoeC5+BA3(_7!DOMZ7nUpI5x$4vS>t ziK!MYA+HhproSGOh})xL_oPVHU3+C+%CRl6LT!~}p`y~R{hGm{8>A0DSQuhGewVg6 z2I61rM$PWVu&3bCJe`Cq67sBDj*y#;5zx^N38~xNp3R(DA5h&Tm0-2Kyh>fb=%yU! zx_-H_S~p$Zv{Pj-WVL2+bpwuaPqgxSA;+6rGI~s+?!FBk^kqvlzk09DF$BUly)rWv zBjHJ9U>iu-l&He2#nOQ7j8J}i^tgz0-F%biHMAB%Z^e`Ia3oKQO3q2pA=r>(01k& zU(;J2QSuNv*3uJ$J9JlxGnkvEs=B#36>FgV{UwLPXpOJnB@xzEt`o1$h>0MfXl(_; zW2PhRN0>^m^qLXBVRu2@`M~+*>n4S7xMj6t1@&^kCG(!{kq@X0G-b zsJLf1-Mg0*_?GL=Y*(h|Mn3OV#g*oZd3ufL^Od(=oQ#Q!i`(FT5{2+=geWjG`YDhQ`j-3CIOvlFl_S-jGMlk4UOz$d17lDI{dP!)wH_KjaFwXdloR2T8 WAv^N$ z=~+P(@0nY-Z(AVcvUzV^#?OA_J@_mlA_ZcF3Gyu~ZmL}U&BoZyD<++pUo%wUyX*JSm%UP^76I(b z@p4V?Qel>nPo7ix>4$_5HeyxPBYO6Qk`B{nML-;4Z6E z#qmbzm5mu@j+LHc9y?WLb%>s=kF$!h!=B;#x{f_CdIw)?_H7;A z=SN#qr`A&TA^bs$yQKuvwn&f=^oj{w=U>mWg)aNeQ^w@7_=EaC8qPdDq`-INBdeEO>UM>)o*LY^CDnAWWi+3tTidJ;qQHrs0L4CJaS3%a?#ZL4-+ z$_jgope7;yX~xTm)^>POA%he@$^3w^d)#wHB*6R4-`UAZ?YMP?{k7_PGZz<|+H#Z2 zrX#M5lnTOkHGOrQ=kz6`V$J9{7GV+D0WmSSP0c+=CEv&GAu9(h##SG=;IA58FdE=6 zAZ8=>S;Pb<mj%{aBU>xfg{IIgd)kw9(W$Tg=FK{% zDqF{>Cv*G;PgINK8obf;xVi61H60?!efb7$z`rZ$*L1Q?%)T76n#A}SJh?u%nICf9 zzw&yC=^YQ36a1NCBSMMCp~5Ut*6TGZcI*PpLZw7>uQ8_!GWHb%q3 zzW|?Q|73l9Ftd#(Q{@s*eaNNJ9QPW1s`HrlcZnyJp-bJ~y=Dc_yl2%vYJ=NaS8m0= zETv5A3TT@Hnv<@<%n2KnhbG>ImmG}xx+%v_NXfUGG-w;?(3q}7u{z*T0R{9<$%4^MgX9`Yv@YU9 zR`GBmp8|WPE-{t1M8m(F?p>xw3edMcA2;=|4qeOeGs1>^)ZJaKEqARlYgP%` zSH>cZJbg1B5C*c11ap$Egwijp;vSHU4+i)-M-%GZUs*lu5immj2rLb341((wI=q@` zfg_lcXo8o%wN0o;+An5Udr_@7Tcng=iTp5xgz-#C9MqSjGq}Q`ixq;c?LMD_o?RT6 zR&kjiAok&0bg1S(yk!##TIRZ&EstIz6lRd^elE7fYZiUmf0009P`U zMiixHy^^XyW2j%2`&Q`1)-$BW{%ww%4!vRA&Hdu6)2%7F#b)o`z1nO=H3}hfi+gNm zJnN{B3rtFOWzj3ertX&aS{@qr46IK&iN|oEN%!EAHEXSK`}UGD`{iAg;)K@=OSFzz zb(T?vg+w}=@vSkb87cgqrz@`TJSe#ye(fq5rx%f>K?6MW;rJ6g6z;Nnt&2R z$9qtDD;-w>g95mQ2b~|NO>fsYnm0zW zCxVc4PpAGcCTRy}gVH|D8elaBWtnzdqH^!D;9gtUt%{%+4(2PLzH@gaajJ8%lG|Q6TTa55kH)|z)Y$87ywY_zMte%33&OL z@Bx|so_q_Pnzc_ng&%CROxn0!z1lx>{V&#vZ#>}G0KvX8%;xX(>7be8;~gtz5AMI1 zs1r*I;bi4)rhhoD|2LDY_kdLcS<2G~4{{h(*-1za-3CxipC&!+A*c`srzf)EZhd3N zs5|8#|LH;8c89Y;AbYDgcBXCav#Rp-rBdpDC7J&kZKj&x(vON;v$E6>4}Sj|_bYv) zr=HbQ%mK~l+ry_CxK%T%$)iUlw|0=F3#pA}ul$Fcw)BRlDndDm&wxYT-v10fSWx((7+v@ z4c!zMGFLojJJU8G%&%mIOJJ^imO7o*yHx2oDl%9vufO4WgMTdSn%0L4ACTyWrn7ZH zD=k!*!p@FW;2>IZJUvR_(xrY^5V6BWL2oJ=Ub&>HpQ%}qU=)us(H+oJ78DDPi*KI) zp4(zW{3c1F87d^*?rY(J3gaN}S!#l3Y?Xh8pJChTN=(MoB2U?SM`@?Q_TzQhmm{=$Yb; zn!?@Pk@H0YxOb!Z4%FU57Q55@#H&>?x}gpwx_e`xgBX#Xd45UCb0x3M{CI&v$45m1 z-cVbl$!9O<9Qw`HhH>DB)v~;!gw1s|N!yisz{k?2r)S5a*LD1o$yTiNT}1WHOToOo z;uktOejV}yDQhF53&@npceYROq|o%YZQq(8P4sryLey(i)?Zp+?+>|dFQjG(K06RK8tZ%?PIUR+^w;VK!}3(v5xB*|Cg?3oM- z`jNEDP*wRXSsAL@)r9xnMr@d@rmdrYVw}ut?xKe0w@Isg?u#B_nQ{pm7FG5(LnQoa zHDRUAU&>+b%kOzcY>;i2nK~E8((gRVaVx=;i>uDwi%gK}+e^&Ra4n}8hp{oC>Gpy( z4$onNuTXA)^Y3!;(T@;bG0hV^`NkWz()K;Cgd3LfOY)mV7kzYUI|G04_D!V>aHbR% zDtnCVMqSFd!M$Sb62|>OV|k4#;nSiY{>VD-C`Qu8lh?A;4+<@P);|#Au?8&+~8R z<(&^Mkt=F0@{42Q97KfF{q{&ifQ}Kn=#)Jrv`~E+zRT_LW4P zt}@*xy6I)GW7q9QESoT1tC5OTs7wyku1vo%?PUBI@7-OvQ9-txih5qA`);Kpobk*`JTkSB6AeGAzZ|h?LnoukvJbOe=hQ*)<_wU<}@| z$Wb;G@Qx<-7J<7eUCA2L1?-TiGYo%pBR%QL_r^~8V=uK~qh5rAyUUJl+?Czk==O6D zRppNt#7+EgRTIWO?@Vh)+~&V=_G1ri9RZZ}o*sx4;E0RlPTSKaDD6g^F z_s?>8y!jxeihFx~FAHFW}4`5wl%GU^K zPtO~xSFw>hUq}2(=zylWR&?M&w)f!syhEOK<4$>Utls)a9%7&vmR^C>Q~9(NIx=^> zaUOV_qsKtZ&?rt0Fxg4R8s=dzV~0p#oC3{XbYzlKi>4FI($Fhz28Bdvv8i~@F>RKB z?B1dE2pcXa+(e;kvIBR%8mj{h!`LP!5=?dS@LRt z)b6Xm^Mux$+Lf%lhu8@9MpTf{eHK}>^EH{9${`wsCdIBI!^ujrtR(q0%h~lbpQ}CWI4{v+ZbJZ*%)1=NQe6p!zKia zri&?}y|BIGd%0@R5|}?WkOy+w9!9$wjeU0@XHrzbc$qocX@>P}ywgmEP@>Y^AFj*# zR7IuQyms2v0avy6pEVB7ee$C^x&a5*{O33;Ust;x3jyKk8SOB3t^!&IkcfXnz7w|o z@Z<0GTB+4NslGgnbW8Go5UT5&xK%5Niy$35szATPJl<;VCkWWo6RPwbk_2(Iwz7`4 zG2Hvn@L~}M1d;~-pGIEL8VKZHC~5s~u)_b^DNE|q4RS2YDZzU>7E&G~H(tDXgH8ZJ z5zDCIjYl#c|AP-OlhL2;nxJC!Z@8qj>v!fwx5uBdGXnp(#BZQTxs`QZDM-`AB#xz@ zLC8XtxaGWZSmpq|6FZw3Mqs4U^e5x2kZ|7K6FjF**?p~KhI>v7+sqE}f|EHJ_$gGR zY)Nm986?~%K)G+pjxrGpD4smTe1E|+05=aFVn8mH{D~URv3fx(__!I@7g3Xs(E|YW z>~eyA;gGxaA%Vt&0E(Aey#4dfXl2BXrjJj#1;BgsSK!{N;oYs9!HXCnR&JR%K-U@* z!Oc_;3FLp8QQ|s%>f&h7dT9cLFP;Hz-+%hGXa}ME1+&iejIs7{B1;)X%4ju40h4am z-u(M6;y51@Y%uvR@Cdm9tdB90;ZGSI0zUuC4SZdQ8=p!PA9^-j(c@*CvvX&V45xL0 zzYP?*d|6Y*W9Z6Q$fjLF-ka3QdzOr3>o4r3t*@UTkA?>pdjzM<_se$;Njinni9!X? zT(6;W`<9d2YkdaxeR+CjQ44*DxloLp&s=oKQUf(6Dajd~n?$I_Ke!@Ipm329@%l)y|9o02`v)Ns3eT?Z5b_+zk*$l)ohjGW-w=di8P7Jur zq*cd6pUm)~4^m2?mJXQ_CGLA3u{;X?xq9YSkDjB?)X$Nw`z=I;a@)Z1D6yxJ$K#uu zHH*Ll@;wBGc<2)H&+{sNRv7^wif}Q6uZNHInl{9nX~ROR^IiI0mhi~?Vn*>8S0v5} zU!T0}bKJl^h#qvs9p8cxA-^JR*JPx^*Ta6iKDz=QwI!TR%e5XJRx~S>aP!FmocLFO z!Z!1%I9hrAGIJTy+F_uus)AHkK?!-4WBXlcM_mqq;I=<%+}w;PrD&$ZI8JBw_tl7D7pvvdvB`;npE z2uww#+n|v$J>ZkiVvo9@ZkoMFGsUBN-E6STDJn1nwU)L%;;W(_$!fr|j7{|;TgucF zyO?u*^&La({Am96;#51lc=kgRPMOE3QxC>&4j?8bg9OOaT>W%;qt6d+TVR6F?J077 zZk!;C+i^L8Z>^(+EY{Cv#EsJu0&Rx!hHFsR$xek1Kgf7X+F)6`y}~(8r_lWQ><$bF z#fJfOKA3Oc64P7Zt{?>i^^yXMvb=BKd15Te99!1$(o$+>ywb&BTAFxNP5e0C5VW)A zBG?^R^fB1maPo&FFx2w!f`*>HM+Rv(_&Y4im;U$@*ERVgmCwb1>w0|X_;^r#4Lb)9 zkC;XjPdpfml(swo~erih$J#gcwIm`aK~x&sZQE;Zy)yV-y9X|Bu9nqoXe?pRGv-EAEyV%^Kv zFJn6Q5bcU01_%hB1n{m?)$80cEgiCG$q6bwSfRBwZpo4A{oOTi=7q*|MXG015 zI{D+xjBn@5k8vtic$6hP;&pH~VAoq|(m4KkKh4cGss4wkMgsde#rx=-#K9ooW4&K6 zhQqgp#5P##pII>PYFcJTtuU(G2y}D}BAb>f<%)?@KE;W0r=M(BxM%4Q#jJ-J@bCF` zJMU{ztXVQ<6lX=Mtp@@Ye~8G8z~m%lH_x{?Jm zaKb%(4eE^)43_uMug)w{4&z}fna!7#>ytsS$zK{d|CU0Yag{+RZ~D#K7w&3TqPxu1 zz05=jL5i3N8qPc@SIKEcTMxR34qTl{epterHz#l~2$TEv^xd5UPZ4Dm zCL?F)Hh)?LjPJe9nOo!1((`?f-Jaw@r}p|4tiy*rm>HsRPbE9}*=CG59-bPWUr1 z;;7PzaH0B8*{lB##615!j5++Dqqu1(-D7SHi+#N(t{l6UXUNuS9 zGXoTS?|?dzGumDcO!m6fPK7}N<7&+!41Z}0;us*!`1cFqEBaPeX}epKQGz+arS2dr zQ4B1-Bp_fR1`hvX0eb&H7s?E~yV6$bHQibszDuVrwh3j1Tu@U}bL=gw>ZL<@@D-iu z3T;4kp;s%*HJ2(47X&b@>qNb@kA!7~u1DSS9buzqumZ;Y|HPg=aHtNuN4I2@7}rU7 z*|t48wIoo{Zy{-6wAMT(Hdc>U;RgFz$y?_`mel&_GpU}f8{}cVFc_#+^MSgeCTBgl zd$hvcQrM=h%7sDhjWFVS-S=0VZPSS`@vN+@-l|7-7BxNvF6`{=iM5OM!|moJHr4>j zUHts{bE)^NzVUL!Ft?1G^NiFaS3RiP=>X&hQB45O=}TIIYE&a9#RgW%aF?cZ?_%2n@* zXVbyY`}#R=dEikz|9-}&@ajLh+)!U|!_32~f)jnin?a$HVK2Op6?m z3{R+>i8pLS(RKJGhp4Xa?yx6Tn)>J4 zw=y(vUU=P||90m5m$`L1u6QhevhjV=AH;#8MD!s@!OE(?I^cgD7JhynFuG6d&U(5w z*V70+2swS|ANvFl#p@d^RQ8bXj#dm7(+75b3H)d0|G;>wisZu2O`v8hq(ZhH!r30b z*GUwgd6#KXtJ=)R>UfBQBWwGU+4c6YCd{ za$QzoW`o<+6Cm!G&a zebFUW9A1mUheE>J!8G~OWs1qKH*vMJ{92fpa8x$a2|bgUVXzThB!Ov#J}JV(!mLxS zyF3t^?%Z0QWau0QjOcRaP3s!7J7X!>?yHEI_On{Lx^XUh?WI6V<7Zt$`)v#oEeCR_ zt!j0hjijdaYp?7VODx+%Je=d9ML56jLB!TvFESagRj^~|XyJm>o6QW)P7P7=D=+xw z{tBxtI2kgM175D*bDHsAXhKQ&W>AGJ_aI zcJgF`EWHJ}RVZrhu!8{6B<7rT@LiE|l(1gDZ(K?`w-zSD9I8~BZ-1|9;U}h1_su+v zFHyGMY9=c4BGrr{NwQ{I-or?1YR6snm?34D3t3~;BkdgUgi#~$n&NZTyrOuU&^N_a zwY|m0@?*q};C6YXx6H4xvZzG&S2C?#nR}NFe>XJiD(*ul_L8wKvvc(!D27l*(y{#y zi_Z_9_m{xNT=jBoH-KbD7ExYP2mBjDtHdHEPpo4edo=kYSsBH#HrQGcEbQ$5btjem zDOMKMD+^&#sPY*3N55{Z22Cf{(JS-Ja&{HA5bf6stg?)1!gvQA!v1jdhIJm>2s7Ss zHm^f`7A2sD4?q+z1~7$Z9xLG$)-WT>J|6!vl77;PU-zx2(uKXc+Mo09loDY+1y}Y+ z2HQ@nDn=z{N~fUcgVyzr94x997SMxu7$RLdvDH|G^^~j(++hZ8Qs8mkeb|pKD(hD> zXi~L^SUDgUF!#P3j!0G9`86q5|JJl|PqeG_%@7;c(He9e zh&ktrzHxa-_XEUZrX4Th@B|s*%=!a#Sw&!}FUibhsJx&+7486~y4=IR-}lz%F+Hn2 z?u>v?^j%@p6V#go>ctURz-vLKV|QE$8$~uZ}#-{ zPS0A;^lS{qs5_Q2vH<$)eLM8YF7>+K$;KjLc1wFeBz7ecskw%Z&oz0P_PpZTcvErQK8m+65oc+L~gud!i%BJ<9T@t@2Ha%#!a?-k3d?ZlBBH4+WYO z7aW{*MkbgL+HcoiXxiqs*&#cYRMCFLvf_%n=FYG0uMipLHVpAkxhqb@daFWx^Dw6s zpYMGCHTP`+Faray|q_NK-^_7X}PB;jWgb_xf5?3d8C{B5YUnAF_^d?RJ^Y znE})2h}Ge?zA#Fdx25yA{VZ*8?cl2IbvLh1|DY0BPc@RJ``xcYMZT1ZCHBTuSu-Nx{7sS-X;2Dls8!+scX0H1!Mhn2m|> zK|UM{+oPH3jQ182+moeo@4Vp}JUY73Rrr3-(wo;NBYk2fnO3>Dqo6nI+yD6Ok8U8! zx+e)u;N5M51`p)+yvbSR*i2@3_4%gJ^Wk>i;fF9=#k+LG_Sb)+@=Fjs3iNns!V01H zGLd|DyNOp^0v=g3#AG>;>N3v61AiEyL^#$7hNNhuC~Rd;Xi zT43o8Q*W-e(CWvwAruLnSrW|((FC;GvZ{U_%v$O|3F6F=8d7N6WDE918+6Ec`x zkoQTsC*Hk#H&gl)H~=lc7ItJaVx@nH57WNK`Yk|yM6s-8G}b`bg?_J{k~4fjRSnQK z0CfreU3Pv_L0Gm?uT-8d1ym0?pLPIJ&j6!}m>&w@#PNow9q8AC={^dO%O4j`Ak~{0 zCFsJTopg#rYuq(kOI}}#VPDLK@iR}z(wo$x1I_PLvDMH};ooF`7r6qU%`j0_ry2u{6{yyJo}($>UAZbyFo^Rb)YK~B!@w0 zAB^CsFvwIE6Eet%0~&%Hy_#aO-)~2v5%pia_3;NF0KA1mK4k3x6`W+i#;jMgJPKa_*Lj6w;Pdpi5 zx=sOb@h_g$k&ZmdD4ZK?fxEc+LI~4ec|GK}-~RGJym)YBNSGQhqC?LXtYEEZuma{w zCW9UhZ9&(#cfpgy|JG+*sRcmDGt$F=3a;Ml334V?)$V;QfiRE}j96@*3H(gATd`k1 zlA{x^KVz7Pw#LI%L_piVz!=v%(17xbeEwX^-aaQz0%jv(T6ig5)LbSC^j{4DJr9W8 zhbTrCdO+=|&*ul%xT#y4|RIpFgmS?)+u*yZ}x@witz-FN=fx(8y>`37ZiU zbYo*yc8z1^|30!X%l&~S=iHgr1-TUq$)mxrEecF+O_ZeOtqL6nyZr=Et zf(#G8e+2ZMkixTJ+u@9bQ1EzkzRPm4i{@wl17(ff_4sXmE%s7aa6Wn}4EP$44t`m$ zRnz-}EaMEXGXwde02qMr7bRn?pl{@EF5L-TUXz(7A=`|*^LAMIB$oe!k$ou%Jl4B0 z)HY6O%G|epLbJa++D>Es5bmt zrofmKM{h3Cfkt;~xrw(jA=xLsBwv(Uroki#2G#F2F$r6{w3<>VkNY9ADM$wqAS6z#)W1& z(?#`CW#Y|{(3XY4G66ZcK~Qd_MsRyX&&@fXz4qW4NcodD7}~w}YEN~kqyA%Jsj{9j z%i$q3_s{67P|s5?1dvR4%Mu3s$zA`&7}c z8JPh8Sx>1UwU-AhKX~!#l@!O4EFnOhk<|}YdS+Sy*p#QImoATUEAyJxKC2k;3C!~p zKTqI`1=y9=?$#{1M|!y9*TF+H2LrQNVuIp;J}!|<+Eo)Mq^Ce20xLA2gP7pTbMii# zsQMjOhF$)>vN2;uW ztTljcMzwzA<7D}GG0TA=NhKa5RAYNn6tCw&A5d0eup@aNkOve?1}B0Wo*ZUeBRoVE z46nED;$3ARxIa}d{ft!Z+;aga%C-UUX#;Zgc4;s*)w|=(ek6)n3M%+huE%yd#Yd2V zQa-L5%)w}OFf#RhZec%mVxVEp2{AVHE<^M8~{@HL; zTi>=L_&Qi%vcHn#fNJ5BrCM9cNHt@0;4Ia+Pqyj|Gz~2HFlQJq)6zHmA~Rs2&i#MM z&@sFxJMFe8tUhK;wF< z%$}^H{wA(MoQc)Vt}Qj3nH0gE218;VZ#}I6dJO1*wT{uFFUXEuQFFLZoKW`ULUwyi z&S7t4!h*sd+@i8$zLlq6h{FXzqV7MmK{SUknAbxY;l~JEHH*a|wQ0KY!fn6k<7YnmYi>ucbCZ?D3C-vq! zb(*4hVrkTk0M@0sQ;LMlKb3g#|?`T1ZN}hWl*Es2ug+5!rHZMhsD!H z(u;A&*%LQ-7C$8@4u3{O>h1=9=to*Lnbdi@JSuY=F2(J)EHUlU$sDPjut2F_y47sb zVVGe5zPtlgPXo#oltd$ITmw*lRZ&;loDmCerV(ZFRiz7J%GVdLX!Wx(fzO_(=O ze-bApU7P%SKa8v!<=eaWIkHROeT_HtWZh@AUvWd5JFBeoej$xF&4cd2A&|>ozJASd z9##-=nU{#UPUe&nK@1=eb8J%b2lr zi2n%|whHL#k5S;tv!>+TLU1WqNs~IV?Oc#`mDvwZP&^JCr_=(yVo=`buzAb@$V2h} zR9x^f*z_;78zAJUzl_lQmAo(}xBHnZ>Kt_KYS3F`=E2lWx&%+=g#dtY8>!F;bDPcTS9>uz8G?sgeajRjS<_g+yV1XinngDo5vtM`3j z*=~D{$={y%f3TYRALsr5yHo!2&`1bT``m%WFLAUCJaa0M(pjnHHlhaC3wrT_Me^Z8SQN>Z_f=v?Wr7j4 ze%(W2uxgsONWeb=v29y}nD*JD%)0c^Mrh5*vu`KJ+xtrWqvO&9WN>1v==rx-R~<-k z(dUa?b)H&&1>#zlZmTkncsCf25LGrUdJ&s+$?*4{fuXO{g>9+L9~ZIL9|Ow+##kNB zO89>B$<*2ld$_PEQTx07=#*V=sfNXiVjHUzMGgVcdX)>06gthm$Lb5{d>-e63&S7S zu{ZbFX&`gUu7~)A(TL?DTPTdeG+J3HXY7cl7EM$nxR@(Ao5OB2lA^O&K;7uiqxQE} zRKRoP6s(Fi2yd6kKi~DPe~+9V2(}Cu32XWEkcC}BAU5w!8MM=D6pKNII%lnJkaA`{ zH_N)zTxu~$6eAf3e{zBEslN~Mz+J02rR z3!^%07Tzj~Y_8(mXdcZpOZb@b9huN>4TQl)1rHotyz#!o2#cuyM(A2P-)7jDOEoS@ zLa+wRPL@|N)U6e@!()kO{G4{Lb(CY1ddG0fTXtT0q+@*t-O$G_+Ru!Pwac?s97}B1 zDHPpuMEoaCTpYy18LRWPlxQ6^yOo( zQ0dCTPWrhe0mB<81>x`NubK;A>l94;TD(IHck! z>fcqXW!Zzcj_F+4Or2vz3Vxo6FN{NF;=M<)X74NA#~uufj?zP;)JLTk#FHxI#lE;U zd-SX^mr)oZ(*SlB7HP23w72Jw)#jw*^Yc_JyHEUbY*;zesM@Rxwm97Q`t)6~l3K0# zG;@QmH@{95wxRSaJlu!Yf4VYclvvv1$DK^7YSD}p?!ulo06(m4tuGnXYW&aRDVLMu zbP>UsK3gASa4{lR3O_!(eMY*meUd%>T?+o0*293E{D9e}c>C5=YWtgkQXQszn=vHa z>hrBa^8%N`D!*>r%SW0I|Fl@_0Ag7SZ=#EDNGrRy{ZCHb6#kz=MhEL69BXePV=IsP zcvSJ?&+mYRIG_;2rC-8(BjkEWc)>2I+7+j$P>!W3`W_5_!UuF*Q0dx1pda~gp{;dt zFR*i8dI8o;ocx3j$kf+O_+{&~r&|5qU6@#3T5%mAsC_0hRMU~|1|Ls^N$W#9^!qrc z5THO1J=)OFF!Sg~S}{9ou}yA7h>AyC!EsR@Mo`6pi9vf0RDvZ+mfou+jmdjnxAMzU@ahmb z$oMMjXX(Q9+2t8msK9{juZ^Wg7=p!S*6`etuX`V<)RzjCo==+p%*Ir?xmb@~=(dA@ z8laKt<7{Hdp;pLwSjdFKOjS)MXK?d2=ymN|$(jto_)Iksy_EY^#{wfcORt%G=*wu` z<;!3Nef4{{{UtZJHfSp*ZNZ>&5TB1h`ehuL2>NdXA0FBtf_{~vH=zbm;uCW%fwc{$ZCIlu%6{p&iuBGr!09LdDQCl(QOx!^c6tIzb2KA&S;Aghp;1) zvAu<}eyJ4rmz=OE+%fIb!j4wrAgl94;7gY>Bos7pWPHrNGuC=Hdp1=+IM}j?CAD&_s)%o2R#lqg4d;&So5& zDxu4^9yZlUb$?r%7P-;qU8zpp4SV1~(s0iS8oZlK-Bjyi=JPz<4zw$fyFaI=XnlB@ zK-zisLn)2R`BN(D39VZc{5>&?{P^fYTT zM#581(6p&Ld6{OVi*Tck;|D5T)&qZfTDI3wG>~Hm-3)i*;b*SFgqfg)z2J|JwEq+r zOzeNHS!uxIN_T#h;z;k{#kcB^=UXaQ{c_SHDdxm_lKIiZR4((YRP^lQuY9mF6tgFc zd4mk^n0`}7;DtCLZ7}lNZxtw4qaX)$_Ay=dC;5y3`D$AD;TCFCnr1!X%kI>)C7XbX zidQaL#=GgHfq=^LAb3N^qZf{W-v_Fu67L{oqSBSE+y+QBmOC9fHnc_Ce>i*h)|W~x zdz+*?QYBF}3qv#VB@1@K!RboX^Q)_4GfDEqY7c_{6|!O+qP`}bqEX$+^jz&9(DeQ; z%Q10Rk>)5wsZ|9fD$%^&@}j4Y+kIq5no@h+&E)%KR{0OKq(-bn2@YRhYHc;1YG20{ zS`qIXtD&~ONf@mr3zs_VJ?itQt#W*JJiUI<%AX8X+q@ICj^DVL7nT~jsym!5=9*)T zb%*8ioHuGuYfRzM(9K*Cp3UmA=u)SezBsC9&VOXQI2j`rF7YQq%D65lw z=S{I0a{nur@SM57ml3#$^qethavTG%G zo>D~NSs*J1_ov!_(P$q|3H9{V7lJe&1Kb$n^Y4nO*#*+K2SqqEz8E@M+mrcknpcpuoPGQCFc7J!<7a=2z42}Cjn%) z+eZmNm={Yz)#`uv@BzTuZ82F!PfYQ^7Ha|bdjI$zS5@!4{(~Q=1<}wDZorX-tmDjA z8jkSZ6Jzv;B7XqW)u6RGTM<0hM+TLL4wCVj(md7O7B4CUw6S$K#;dNroB}>VUEN1l z_chBHS25cw*R5O6z{@Z+K4fQiNP_+0 z#h`&p+M;8Nn9U3ZYq_(zXpsAtTm5VCU48u_MWF@Sce5fmI*kL3cq*Nk;lTu6Au>y( z{lrsUY_O3aUsw#mEHdjZ5f}k!>NQ2w)e_`_TbU)He`o^F`z2~SXw2d7HS7P*g8%1i z?cd&$b#!ig^rN*fvAW`|)rRU>Q0XRTBe)6BR>nd#&|QHCca{QZDb`1?K4n<)m!^Xd9eW}Y#d$P1?%t11J5%q z9zG)a5Fb!UvDQZg-1yp_h%~+#R9q;=>cJx0CYPJ#(@|quittTa7<+iLe(yodt=qRO z;pvb znh-8ldnIN|INa_aTBofXuRdLlCEPjyW%QuM1UC1B*YA7hgzr=FKhO!+yIOSRgoW}_ z3~}3liOd51Q#J zHnC<>w3q$AMtv!Nn|sV!i9T`E-ddWbgrG|0BPDvR31@6Z(R5YAMRc|!MXE^b0@n%M zMT)~!bmFfSi&c*l;nJV58&2F^(|r8@HFL z6MYS89z(pN|C`JM%%RVX>lX(f=k2FQ2HWrbSn5W><(*mLE5SY!pb?vJf8lGIv<#Jj68r9R-Z-b*PIPlqDlbHWGVsP_ z9f@PP8N2Mo0>(nWlpHn)s-$REscGU5ne_EIxDcZdUR4&Wg}*#DC0wDH=1)B#nWbw7 zX*XbuiBGa4T?FWjco&y04N;8`ruAs<8=ea>N+{wJ+&v5Kgd1r~@>Q9*zHqN+MMleK zf}~er{hiif@vs?qCLe6r>e8ifqLWu1P*&^cL`7Dw&nJ94&Fh3&jlU#gYhG-q?J?gO z1jd9zp(+;Qq8Y+2IM4MQ*Qi|>vE;v@@O#6agetXy4@D-G4z@_V-9UHv5kO+q25A zum75_{j{%pCy!nB&ojhkN*=PVN9ZQ*?;RXJ7rn33CVuyS545diKWeCRSsTk6>=f>U z)ey7@!2&gZZ@PU8<9~W#OU%sdh~LFcu!pf^&RH-71>>WBrhhabFQDx&tPJ0FS!T5L z`8T-vJ6HkpcQ~{z0ot|E*57vBFL1%ipVgl0I&c<@lKN$f%Oy)oMYerZ3FKV)`VjG|_D46+fG5xBcg337*x?*HRu$HXm z6ClBLz{+X|as~)u{>|T)F%@$ouhObG?Wyc8mr3?nBwkN;6~@lvIoWdnB1uz_L9k z0sb}abbpR6XS$aG40O`u@xt!TdD0A3lz9W`3ceo9u=m$+-vI2gHskWU?9`w$$;M~= zjKGO#-MI2Ph%Bg}ndgRm(9>>YBxB=DO3S+ZF8JK}^J%+(5!3w3xz@i1VGbA9LS^Ne`704!<1?A!{hk23e1_Gy9F1u$uZ=-Hua zOMQo4K;YOzO|@+?;LXc!-+OcbwGiIFJ3fAbT#UpQo{y46NIic1*i0YLP4J2}U{#g< za|AeA&x1LDTI=55EC9HHPei279Wa{%o={;I0r+fqsVz&z9ndUiG?s>U%#W$A1Dfd~ zh#0=6@G2_fsa#n{$w*PQc#P-7m)e_``oQ28pyh{g<Jb2C-ngYj*H48Is=o>G$C-6?-duu$w9=-8%$e@uDu184&f2P zGwUm(nrSi$KvAbCjOsnF9lqIfI1#utWdbf@=^cwjvr*pU3tX#pu1a#P`m=9!<5nPspF@DWo(oGx+yPyaD>P`S;`Vi{lxqA*xU)mz;Sj0<;xx>?O5|@FanON2KlmGA$+pTxc5A{eZH+O z4`){&HBz!ruArWVH}9ga`i_NcDH|*68ArYw#d8bB)8gBj9GO&{nGkGA=fZm{%y{ZZ zX@wvi|HcydK<*QyMQ)X;*uL#03!g2TU>w%fp%oJzQw1vy#;no79MTVnI ziG~3P2M(>QCb86y6X%M1*@Qi87*`YY{g1Zn$nrn(N_b%uiufYAbH2r+b@$TvHh0*)NqMlK(Y0P>fNDS#6#%q{QfFZm|zP`RM(1P$Wvfbi6KvL^}O+9W8+9yba} zLRKLNd(D?wo){kGtbVP5h+g{3zP=y*OOxl;_+eUWv#c`xs@$k{_Ka4M+YS zh4}%5#0x{sJcO#qmHPzFe`5#%m2wxhifijBQa5DNy`YZWxEY{l;9 zE&Yj!nnyOheqTF1qx;tm1D$!U`_$lnqWjGkAJCo>M_|07P*3aib#PTI`=!2lJW50W zHnkQI&DjzWka@-L5-10GnH71O(P|n27gg^pT`bat z{B&B&z?J&J>R2{xM8Xm2++H+kPVTS_@l z%;dTaokt2JZ2yz20X7!`@JUpg*5$KtnolV1m^)#*A2rd(n*A%eoq*CHuo)BvIY7uuKo4TT4 zKPZ&zx^w_}l>5ujFO1&(s}lPeLhjy>XO9qU{iaPZF7h^4{euXoPN$#`sz>-qKhCpY z335$5?va>}qEF`x;`Srd!Ads=JS^jU1(<;K1P8?Md7et2P-mrH>F(NYR!TH2SUQb8 z`Tp3o{7cg%OM?6Y{5kNZHYG&5Kahs20Z$*qY*Q#=)~grfWgo7-;qQYYT**S4zI{xg z5l9ibd|WZ5~gYz)g7tkZ#nUFJ!Zs2Jv_@_ZBcSx;d@(-X_Z| z%W2u~Et43Q{-j`fD8gmk5c>%DDAkCwUFRE)Hvm<*ZCVR2iuZY&$g9W{6J2-DsWX`^ zMQMtO)XPp@E{9l{q*516HLs~&nM9ZJ3lM;wDPPWkYpN7!m;r(DaLd3ci-Ow`J=BSx zDQ5D=dUz4t?a|hDU1XWABbH>;$<=^mmP4$fdx9gX=Y39g_gC_yWnn$B(NbPh!k}6o zqzu(gWJAa}jftQ3MGr?hSVxJ_@76w8E)!?HyjMzpnepfdmJcTBlV$3Vib<%;WgZ=tP8q9d*L z=47PR)oNZJ0j6-B*~K3#L=z+p;*T(Pn=ARRS>>JGzQd$kK|^_RgKX#T{h;!?!a{S8 z^dIfD^gF;J(zmT-z*|pQN}6wEGW_)~Iw`g|`J(}wo}RO@w9q?QLYRRZt4y%3HE*@SjP2WIm zz|A-beY^VkD|X+NeCwvtxy-P+l4YIpAm)y=r&{xda(d6ZIho+Juv1qM%5z=qRAnNJId~@+~k{i|Ngj#M8I*NrT}#yFo1TZpu0jKTHp@QjoRMs`5jJw<;Pz81)D0kivG2cWo@0zlb{R)U!XPi zlr-GA5$sI``bx}#p76%j&9W~uv#AXv>*RTYH|02Ye5{$#+0?vPa#*bx7$akQ#qZ8W zoc5x>D-=5`W-Zqi#}jUeM}?>olnvB;=Tc%9qz_LKwwj3MJ{6X>ccEqqqY|I&Jo-ZR zj>FHN^5*>7B0;5MGm~Bt@Et5X05s69%m&jt7Fv^YheB8YZC}&lK{reK`D~pB0jI!a z_g9o?0zkJRZQ*t?F_$uzHuOe>$nXLUIGZ2(zV4P3I$RUc&X=9KG9bN==SYvD0aDm9 zB%(XgnJayC$`>(e4g4Npu0SUS`|xaU3ad3q(YDwK&zyt;a}oprUmOriK=6>#Fa72q z2IgWuZXPF3okfZA{z``f6lxJemjJESZLpHRR7nBA5ZeB!7X^o_}zfZld~;qD}JRgpli+yo2s22~ypC>u|C|JkbKH+v6paP8&) zSGBqSm*J7X98kW*9={PpdUX=&PlIY>gOd!D1PRn<;QDO)>CsQ}UX$0bRb=40P-|}E zF9De?w?n1dMza|>H;aLU!|pp4NN#av&F7!*ar_Qb=*}1h*2ZKw)MoVo;?nE49zB2j z_{4zaeG>VrGr?mD6heTb2H>P(>_gO9sB91S2ge*Q2$_Kd-Rw-0^z9q1>OFwjtkJ4O z1CL(A0_q2xVxW1(rTq{Z4b!56JI%-RUpke*!cT%-T01hh0Qr3h%zyQO1~e1MAz(0- zZLbnO#&K?a8-xC-BLZ&N4quEWn{_viHZuU7Ea=p4+EJ1&2e*TK$M@ggARL=xA`U|L z<>HB78~I@0|4!xocf3)&L~~DvxmW=i_>&0nE#%~HASU|)ctN{)%a#|<;+5)^>8mlR zjzc3dRFLw5Z8!{YGRwllXeZj-wO+PjdnP)GWY@H^LNUHV(qj-EYhOsrji)Eqq#4F% zi**9;+f~dv?%j!6y!%+oen{sSZ8Loohbr0Mdjjp(8-^9q@X^$^v|spJ5g0f|GF2Ae zGC`rJ5mpTzZ{Xog=M?sjv+5>C!-bRB(99OLN%PA}r-;po_Q|n~nytbviS|vg()>qn z7>_1Tt!0s}vK{yJvS*Y!b3DwuJgbDwuOSmnioKk7owm&Y9fZ1xb}S7PAS+ogad|H zZ}Y;8+*DUz6#lJC@_qN-==3eKIwID#VhA!#Xscq0dG@u|W5r^$y8@o&su->2W)gz) zPWZ0#yw`LWO+y5MnyDmx#QPHsIV3;z94h_`uM^(9KYN{=9sWnJlm5&NuM@xQV@TI2it>4l<*}P#{)%5a2QEnpwA8J} z>{au81)%vDFM-#XXC?pWZ8Dtm7JtKIvO}E0Mpq|#!;wv07brYd$<6MMq)jH1+9=O5z(wIz0zfFL$FYAh-1_5#wU4+DXB+k zDEEfsdtda$mm4MBw(eHMXf0&o~F1P?R6zT+&dt&x00$ENYFB~Pz%5M3PzP}|&QA>KYB}*Phtt~kM~i3J`q)E$?vVM$1%U~OTqi^@J-l!~m$OFVfh8!ii>1A3 zDqY;wYFa*&jyGe5{J1>ufa~GZmXhiF<)+~pL!=P+*^DnEztXnhx$U|kOuxbLMSQo^ zss+-{DlGHhwn-rY5DrU4bgx`_0XoyM3j=yrLDZXkDyGdz^+%t(7wlt$FE8_jqv4Y2SmlWV9%ko;O|`xx!A4!27&sR3Y<@Z@YucqE~_cc|ZANkNEi&C(*#T5VX@M)@Y@2j8ZuAV#RRGbthmTu~E6#2|S zm1r5_$vnY|^Thcuk*PP#%k_-9oiPTulrF5J@TuCs}+z_x}WL%*9lH+*{w*DXOv)V{L1_->^G z3jHOKvZc+zTXRRY-BKKLvg_*R+Yh_6Ep(U4$02SGfkP>|D+KQEJ}{7Fj5z&p3g3=N zBn}!ttt(hR;X73yWRA6T$25gNxf@+;62K`Cyw}W<{_HuoK(dFTWWU^BpR&IWToMBf zoh@p=cKR7if8~wYz*k5@92oGGRaXChpfG@XL}2?nY4HEX3o8bn-t9h{Q0-|&2Z ztq4`@{;D8CJ92OXxY8v<2~dB)f6As8_Zw^1#+RyC)@dl!4yh(Wmt|2hNV(tPw7@}{ zW1Bur@8xo<7_IZA971#5L?a=$7Osbys4Lw?#r1ey!#rODAelJkIR*mYw9bHhZ_B;X z5aXJ1zU{UH!Pivo4ieiZ#1;F)VoDnug!~t_7iPMBuK=ZhJ9qM;UT?dWbFzuI%c=EE zu3NJkCGAE@#Z!tz2E|z3Wn7k$_GX3ZJsO|yExB^D%gXU2oHm{!>^?=f>VymJcE&53 zM*H1)VUfPt(_I!{u06f#nsZwIwgp_rI&1(V)@4p^op0CR_!B=7O?H9%RqHj#Cm((Y zJ;`M(Z?;Qie9y3D7xAPyHw5jSs|b*NF^rl~taqBG^BHQ<^0CbGwGj_YsBxz3BK1m_ zNVHm53h%H&+6!w5sV_vwzfl8kBdy+rPOc9tsQ>`WqAyp@I(RkTVr?SeU1xJC%`9>z zsq{+Ook4k%sr95Hu^ zrlCJX$ls`Hz<{HFpo8Kw9!CfINP`H#Ea(z=v$fgd@Sx13&EeXElKQ+Wx%|oWl1Z zar3Rx$DI(_q)phQwFD?3CdUwts-`~Rb?;O^%#u8+}S z==HUYj>5k!SAVTeBM5Svn)!bl)q=cI4w}}A%`dBi{+Q3`Um174_V9wNzWa~$d2E8! zX!clvRt7k*2e{ETe)wjuIF_(6eVyZjWWwQ^ckD**2>n`Z?^OKP|Miz#8vl5p|4;uV z=!MC(c`*4)PuoC%RA7#-`X>kmoZLv&_1jY9B!Z@P~YmS$WOPkRjvRfZ$`1 zv%Q2Icy2m#G(hjZR4SuWi3G-xY4{##rnk60*@cl`DUa#%^5vABH+wq2u&3L`+QP-j zssci!`Zk=#G;=v$`Ik6aLC1QwNmm;u% zWhtX-sx+9y-pd_`ZLzC&S8KL{|0mj)E9Y9h3fEYPIT&8-2c zq{6mKi0N5f`$V<}itDl_SjefYnyYya9xvxYsCHEsn!K=k-(&GWA)e4 zh|jSH&s=+*O)Pnx&|vNTf%wegy|%_;v(Af^sYH8=##QcX{;@7Ebng+B7p`^imvz=; zhYnn>%V@-_z&oE!+py;z#wiI@iiSHsL%xbwP3}2deV(XLZ^^Eze@|Dcw^>Cgatk?K zS#!O4=5^7=R`yxFO0@aKsdjt&n&LPT8;GJ2Xp2@tWN5-Xfqr!c00AOUCNUSWd4Rv( ztG-HZUDg@Eq1Yqh`ln??Xragb7mA!n|66f9{3met1m1q6>2`klZv~f(5_O|q?~BkR zf3E$}2A4~(B;9x`jT+qxDePY0nQO7-1jH=<=6?S)o9q7YUB- zp5EX6@=W>d-2&ZS|ywJ3^-CYL{fwc+^EoL?ENgxwJp5e zD=tU4Lq6X(*6{%zui_U|*eK?*_DO&=e6J#trXQfDi9SL$!-p7wX>^i4KL;;7^P-}v z0ntk8nu5==b;433y^04Bc+dB~vPGr-iTP#(7RH?`>dLzHR21ACt;i3>y>J>F#Ms;* z!VVtTK0ZY)reVX~09@=Y42Wx6l%X^+a8H{Q%4qzOJLo5z`l|kGFiSZ2dye<%w{MdB t<2NHvgo6G3SKoRxzyIz3;Dr+h)`jY7Jw9LA@4taz>gpJs!=Jq#^dHntS(X3* literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/comments.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/comments.png new file mode 100644 index 0000000000000000000000000000000000000000..dbecbf3d465dd8b38b31e201c94bf01661e4625b GIT binary patch literal 77253 zcmcG#2UL^W(>IEGuzu6s3d`kR~v8EOMpZ` zq=eofK%|DyNeCf?kPq~n|9#)J?)%+)*SGFo3wT2E?CfV|&&+RrGy9`~p2iuL%PdSx zOlLG7KYGfOLg9V86Mahb${r>%%q| zs_CvvpT2BSx8(h1Ao5E}O>Fb3v=f)`nfnnXBxx~2arG9f@YLfgZ%O^gSk?l9Cf0LT zz_yWkjB+}xnE7GO1D3ad}{sFz*ovotwYo5)(;o`d)y1w;8WOf>tjDw&6q<+h31~fT4(IsHN`hM z;VN{t=;4rZ1|zmeQ9SP(M=c7RYrB;`2``SWuvlBwkE#jdQs}JLJ;q|^lpAz5l#;mo;@|J^=R0&hX$k%2T=Jb zdSXGz-%6FW>pSz&JBGF1#$kIKlsPt9-JFKpMzSUsgM@zC`oy*it_)XR9DF_QN)6ov z%~8x16xW|QY*1y01)F!M4|@cZV{`Z2tM`70>aZ@*qV|Spu&aSS!Q|lK8_xR=Ea`9O z8i;NM_VCPZq%ke4BtI~f9U*cr!pJ1zEF*63cA5SszlJ|j`9MS0qT}lPv~KDzH~oCq zblakBSD%sG(Y z8U|Aab;`TH+B~6fVcL~uH4eSBfQ4BkaGMp&i|?AejDnt(ka6U%sOUK=9u6}TiA^{z zM9W>!Y*1>7-qr}=gcl9?mFrBD8=7{z`)3gg-St}>$+nn8cN2ME&N@9pFidBC=iysI9x z6XIKIw!aB%2j*K*pTut^2l%!dGN{Hcq#Il7iiTq?4g3u&T8g!ek0;#sMKuKu64&>i zZ%t5&IsfS428YF+3|0;peU4PtJyHhX{A+(Y&wHQB5Ms*Me54%w9{gYYs=9(vlH{&cNqbMdUF1R z(K3(%+A90uhDB4MoP8fbl$HjfzPG=%EbQj;`4I}OY$!O9oVw3Qpo^IT`}c(Rluy%r ztS1?&c-**A#hs}68?LzMEa+(7L=@W!@tFeGF0X!O9*7}tOW!{d)#RCLH}fNJ&wZJr zZc-DYiw!BG<morYs`{|^_$={jw_X&G@mA~yqZJKThB5T#=@f}i;`-I7C}6%oU*DUf z+hV)7W7(4scqiH?;Z`{Ve0`U@Wn}&~=Iw+MF zy@L5~MYt3!ZR=5^_KNmYGfRpf3gyKITH!2aUvC+>hT8+VDF(ZmTvvX&%((gVgYh@p zI@ULo}Erd$O{=7OxU++U~ zU5dlz{31tB)UpGNnmh-#GxzrCMLOHAF`)4MT(x?qeAQuKMKB7@x650}U+hyC6?r_L zW^75N3svTMwYZdHyC>8V$EnJ3_2T&xROewEzzQx7WNQ*sW|%Iql(0u%?-<8b(^Bd` zyNnp*KdF5=Ll586D)REHm(n-DYeDU&v*avn%Nw@S1*2g4I|?At3Egfqi1~6 z{KVd`mW&P~Kc<-rM!hdYk>~dx2YE~fjIiuN0*{P51%V(mqlYv543sx7-6C;!MZ$G@ zsT)N^44WQBquhnIJGeBe_k5ZAKO#y9)Vq~zRT?d}W5!K86i`cX#1DEoyNaQpUi%M+ zul-c>!dHqIYJo_^mJ-zc32F?fHk|+1Z=V194meJLFboY_GfN+Drn@br|rGe9^0--#w|lnv;Cztwi{Bi zf23njvcq?*xMc-lDTb<+w*qkBrfwk%eP2u0J+qQSMA%d`;2 zDku~o+b340`!YX^I=d_#oakF|ZAcS5LIh}=SdQ-}yFR7u@r&>I6h0V7PgFo}p;On^nurjM zqHjq}*Fo+rd6$xdu3)J&TA3Rjh)HFIi74-ahDr^vo6D@}9WuqebZf-xmDZd*x9+;n zTLs=I_w_D@y_43y2VRan$E>B!@@P&XYRZg0p7NrAw(^3MI81|{Qog-+o!Y1D`;{*n zD@-&7>a=shidi?w5q$dX+3xzmEyW^R+{dy>2b+Uf=hTN(S7F${Vf}*?9w0;f<07G} zS~w6p@YI(RBsX7+?+#Oqt4&?tYQ*Ecp&Qy?@IAJaCwJC^tFZx8EofWl+%ZL9%1$mify$~m5m4O;ji zeOHKUAO4g0s4+~T2yYkx{6I~8ZH9Ig;n-RZbR)zMVXKi27V0xnB`42#Oa=Sw-wjw& zW&}I(GVp%#^OUW#KHKdarPk{VGMgPnKS%(#w`43lVf>wMCMfd02^^$EPx=Cc-La1^ zI!-cUGUQ|(KnA0zr8ewF{YhwBvrxs0oe`%P21Vs)ZQhqO?qi7~&xPo;<9@6Be|DcO zsqO6v9CZEX>!-V9@r4tg7%NvTTZr+V)9K?Bgap+&4X!$NFONibHVF$fcf$Zb!>*%8 zfR3!xmhN1$Ip9U=TO#_%pSfP`8pQGQA3s{ncvM{yUX23rgrQ*MZ>13!IqF-ri)#`= zN>O^k{~*1~EQ*I<_V;*sZR-%x{vH`04etDV{oq38i+`_Q-F(>c?=_R|yHEdoClgcB zN%mv^zHu)qdcHH`Lxr{hE8>xaxEKsumSxB#x6!U6H8D0nf#S{_0Ff)d&y;t zFOP8_CFVoToOZUP9R2vk-WS`B`aYc-(w`){rN%l;I$-jRs%(S`v3{BEF2j>S`c-0O zo*8x{5?!9%D^5OFwF`)=DN*3+$(Qycc3X4CPIicPsu?=gLQLGhbdZV=DTo%1Vu`cg zg!aWYk1g2x(7DW7@W4Oy(`1#*yt*~y941U`U?cd(=2~5xPqNlbut<`m(dBG@ z&y0dG-!$uGDYGug?W??-PO3yqh zW0=5x(d~G!s~dnbgnD(0XT`1JJA@2<#Kqq!5l zv8I0h=|CRtxa)2cX5aCrBy{hJJ-bynoA5>(Xu{&-621yHpW6mYUdGzXFWN*0LA>i< zjw1u!u8NwbZAW4Wx)KeY&@X3W+FGE#7McXW-$@$A3V&gZ7yQSsj&ham#(dM&G$>YHJ2@4%z5fUH0k*CsYxg235;)vS_iNd3OK9=zlvBf+AW@$!P*?wyg zJ7J4rkaEYG8HbP~=QP&WXFui10B{0%1)*o5spxiOeUmjeNm%Voxo+1<<=bYFH0P+yIp=N$-JN2o$ezo7m@5$WeN)U%J=u`~3!t(<%H zP9H&Bt}8Bjc+CSv{}7T-cxb02i1MU1bLkaC`=Q$-|i#M_$P(*4KO3ON|UR}C+5Un~Pg()Hg1%tcgQduC-+gUf|d8WQTn zy+*{_T>~aAu65}NR{V-M#j@7S{APJhgt`X^%(U`G85uKK3cJde6@o27#E-bd_%<{z z%MB(S1-3VE$$T^0U23YQb9TmRa<(Sh|1>7Ql9bnxi zx4A9f6JiBLS@ZPuo8FsP#~ZoE&xZYt;Im_69Fu+)eIB4*qX%1gUP?OEa1dL+mIZgK zoL=HloN8GsSt&8DG(zpTubTEp2}|E1lzw3xMfoh*JApf{uc=<|z9`V;4x{B%)H%>D zyqH927R=T+4*$&721~7K6}v4}q}RXU`8;J~Nema{-}Ep}N~M5Wu_dyRo$3HI8~pah zCc9@y=q|@I1)jeHWXv-!M3=y(XF2u0_R}L^Yo-qUo0K1+xlu5Ft>!JNv&gkj$D@CQ zYfCmzR&p_W0dvHiLF9P9h9MoYS_e<3M61T5&l9lDEL~}9eTt`=g7G3>$FbJH#&Z1} zZ*A|%GR0%0Zx`ZG)%tEyi1y9kI77fWLzi~oEdf_Tl*7gcHAh09>| zinC7|OCRx30p}5KaM-iF_epv$tg6#4jGu6s1-0*U_01Y5_8-`L zW1VZ-Jz^^vT%Iak=w=Vy_hTL6t!6@)jPFACP$$|jfP-@s?4hZ&8Ks_!tPV!}gE zdhF_B3qN(=WEW>zMjX`SY0?!=a|udkkuITd~izhEhv9m3lbGxcxf z)Ie3lcP+1HjRr_O0^Aam&=2^qDjILuNbLAYGU?oOS&e*{9knVuy*Pq=*9{e0bhR2G zjYtL(-w0U>7ncG(#D!k^K@9@)`84C5mm#KcZ7M4pdGU_3sSn1pgPCNZ|02A zGFa+s{{rw6Y$2u8ou{%4vsXPu?hLbt@-=>PvHpE)a!}N~Szm?r=*UBBYP{qvzfTQP zpA8ThqeSg(eG(74Lk)bbg_4`o&t7BVQhXHgTE6(U!5Jhw z2-m(SKPR!o|GrYpdSq4J(j{yekiGn7BCUzdUg9rOZ_Y@uT+@nRHh}#Xp>e1@#0y^$&ZpBPD-s zGr-5%tBDA~TDJS%%pJKanZf#WlI@gstvA{9$EM3zrSXpxRsF|$sp!`mw6#k2`rPf% z(`&o&OZ6-)RYTMvN>Yj+ZB)?s;U+-$2)*Ts;-D3v6Wrt-O5HwJeOBtPqPEbj+7+OK zO5PB?iqNod!o|#&SK?h9iZWH*30t*@DE2#R#p`jM~0|iRhCKE_3`Bb$##mZ^K>6>kMl~4lOIyURt;KM`=t<@Rokce*hVi zl(Q-L^uO=Dic|Z40mIG-|NAXWFRwlO&&|D$^8PdJ{~^vhBnj8RGL}&^3fkA^-_>PU zDm-iXZWBQt)jcxiu{OvTu4yw`b4%WW?qe zs{SJ&Ox;i)e-Cl~A1BH5f4I7Z{7VOJo--ZtFirThMB8Wztq`8Ly6sYcO}`!>6V@R% zA{zx85KXsvexr1DXJ)jJmho_UHr9JGQ*zo{w03GLmRs6r_7-@mv%>^E$@n(GW`22O ztKt1UKz)*S-OTQ%x5#2{sU9yH|ClkQ?^D4-z+@rK)ja-sCKN~{7w%L(ou?NFY1bnb zCctg@M>wikJK4UQzXw0d>p zuFvlwe=aL=3CSwi??S2D(;)7$H+!9l-YNCKcL8a{l%qL zsStkiAQ8Wn<1VoCYTv@hKH2uy0HoH0bQoZGaiy*O;L+K?6bk#D=}4Y2 z1pmqwryevdZsE+PLhe1_t-JcE^Q>8YGeh3vadQE2ir0ryf9(BupI8y5qn`vl8MN5*WFLx7$nc8E^y7;@CfJ4u)((?-2er z7nxq}%Xwa+-KVgM73vPyvn3OQGca%(y z!AYa7Ypih=&Y3K7ojcX{hEi zb6F1$JXbrcHYHd3oOx;30391PqD6Y|pLU^#6GGLT#Q)Zn_PE#rSN{9BiDm_AdsqZ6 z1`8F`#fYa?9RTC8QCiJJTH3k9L}}(zyQWrd3*m*!tLHSq`v!zz*}SIK6VK}B6%olE zXxAf|auQvnV6iMAMF)q@p!OD#C6Z~aOm?wQxw0nS*8>PJ|G?3}S7$qtflTX?RI|@T zKb;1{YnWa8_p^CVq|fYk{#?6L=?$fAOKq&wIf2Pg!a)+21S01&WI+TA1-i|*V)vxk<^t4tAY?>-g2U!sxVEoqXsKvZLDUIwEI;~2ps9zV*!_mLBsI9GC zAg8<~OUy1bqxfgthPk^V2-bgJ++MyfsF&iM{!RO5%g{6wYG$`J8(}+Ae55?Zn9^YX zQ{-GBTcrlS8T2!`bhvfMZ{=8{hs*A#*WFb{q+Y>gxgWL{#1x5z$UeO;oum*jVdaBD z4Y&wsZpG9-g5%J#AO)j7e9R{L0EfNpznazpXUcUuC2VjJjUSx^To| zogx*-VVACKTd-B5AbuIKi}&$bqueFJryLA_*|0i7@P#fDUzE_-DMVT7-u5hUMZH>i z%B!wMA|ELe>RJi0@Z?;TjJIsszrlAR-3sQC{dk8jCgr$DrZ=#tvfoX5bSl0R1DYkfbg)-rftAg2V#+H{Y%7~e;-toK*R$yuw>=Mb!S8HA^$ zbuC<4wkZ-}?hl8$^CVZj_+D?=Z6{vDyVO*xSj6WTCrdX#@E=F6oRNu5Oz>xyB)yxm z$mQSI=U*$=QmeWPQ*%{@Kc#v#*{ z&^VcQ+;};BVt|`R7C++%M1rj2vP=csnDHRbU0Rj0%1Yq9Geb@$a0hbM*1hRa1!Q%x$<}Y`NyqXT(WjQE8T1O-i%-ruyrj5q~)&EBN}Cyw0Vj|E%l42 z(>D-_4)2R&cW6ZGFn6UglP0+9f*LhkzmtZNspa48-yS-J1$#MYX1$HROeN@*<0C@4!C z>bx*JQb?ORO`AMPYip?7_c&b;QlWNzre6JPey&#%-~YvM{%@hR{{aMC2njuakKzJN z^u>{=`sA|$!7|ZJY-tTwY`nw^BQ2*(yuEBB+6?Jm&wosV4eXf=e(CRViFcrrJ#|8t>=K$^dItNHQ$#COq-!1}#96vz$KogdOCR}!;R7HL{jFr}jCWG^lzCebiX8Zff7 z^odLy?*ZNW>ii)Ew2F#Z(k^Nn)Y%9g3VJP7^eYXf?^f6Q!+ij-#T=)S?>>+ue^KJ4 z8mE(m1L{(1Zh2?2Mf3Nm@8QgE;ylB%-q1Tl_7F$ z%bm7;KtZ)rSO$<^u6*#i4pWqj;Je2galmjt=qxm^+lwn)ei<_y{$jeCezfkn-o)-x z)XrAr!>j&JYshilXTNQ19*JAd^Cu>yumSp@5DPcRURwUEUa{o^wplDu8Y6zUN6T@2 z?Ao#$FxuH`GxSTv={BxP==5-<%vq4w3WhTzy>!zJ5vOuNaFBMTaHF=Z zC8eWNkuV(-q~nBbq3^1+L{!C20{#AHu+14} z!)=cP`>;3XBt``7MQxE?rKanA&m>q+A`i9$6p`qmYkYCB$H!mXPYnP7bb0@M0P~(4 zlnFj0VcPM<%-E_JVE#Fa9WhDyqMsu^AB5gJ5+e03$jVNP3oEWkoxeG?O0iAuSlM2t ztm)`#J4bYEiLc$|%5W2-c)Q496hv~0G}4BGdlBi;q03cmKczW~YyF&)AKn|tB0AUR z;<^UMu8IXp{+*TV2@d=j7M##ymOXjnn}j0d49h@-rfWGuE-R!s9e`)g^_{XW=2mPlC?@tk31e$;A3LC$7ivD zNUtR0zBdpY4L=|VZ=i}nAbUVypmegfs8p5})-WwTfanx0JT@=vf>0FMv{=@9Wjhn=W`@ zfI&rNrN*vr#Y>h}KVFO_7_)vP3|X1Ae%c%5c&|7Y4*^|9_B568#RM88!I_-8o|@($7;SQnX-zz&KP-cGpk6wAk<>gp{cXppY2&``?QcYV6 z`l%qY$agdyh_Y3Z(4bsC8OZfl-0{nYCj2+;@>K$M1z=yLS+{$%fc2N%h$TrYgpPy< z%;`h*}ArY)UCZl1`o(TV`OM~MMOL~SqaN z^8FnV-ua*|$X=2UF4-E*ZOva>J**sVO^&R3`6y-NzqHGLE5ZG@0JZm% z3C_D7QJ}~Z^Rpshc6Zc9+0zEIyiW&Bj1s5od;VKkwjW(rAJteZB1hPmC}xRWK8KgO zta}i24~v6^_bskQN&opmE5c!kFfRbr@h0RTHXM#5uK!vDw9C7c5bq^{h}Y#F+91}5 z3cL^2L0xZ-xyI^n!i7hs-qUv~NJ&{7QFEIYAzH0)SFR8b*3hzNZTUEWJqLl;=q62x zdSI;+e);P-FF}TMabBHugr$84Qqyp zYWKv?*;tBO2%8$2^vjx=17FHE-d3=ld5Kyjx;Zb7-Bdusk)SAi&PIUL75t#%SG?|c zRd(($zh>@^_gAN3`nH8?Hr{HIXdbhd5Uqt1SCmDZyE)Mz>4lc z3(hGADLtd?f0~bhh&{@Rjj%nRgr2C4^G0ZfQhHy|a!2AEslimqoa^uw5ecl98beo7 zR@VA`3rml(!k(Tj6yF`r*=?w}NO;A^wxAtKDVd?=#;4j*r>SLG*DvdnMUF4vv+Q0z zEVfLJ98ff#`;7Xy+oWK$dP&M-Yl9@#)2=OVRA4}U5cJHpEtr3$%%eOpa&NN1b9bCO z+Ep4{j+6Cl)fIG&k&+EkvkgmrY@pQLyu#09CF@T*N>-b8@SJ$pLaHjG?1!|8I7f)z zr#&9m!@7<%pUAA2yq(BNaDyv!`-u)wiJHr`r(5f{OtT&>*tP5|h?wG>#`ZHUyJfj1 zzNBXk?lh8xC#o%kut+3Osh6}gKhdys`DHAwI@;MGwBcv5C3oEFQpG1=sIm;!h*`Ku z+Ew97e6C)*p2Zc&RcVVJ<{yqpKIqCU=UcvKhsAoN2#mDZTD_rwC(*cobwP~PjWvYn zg7!zldc=(hAaq$r8zCbjQBlsPgFw$!bdAee9( zE!0~kq{nAweqAux+HwiM7;gO5GRVvsYzxKuZEoCQ3sck0Cy z+fp&9;pB(LN2QQU#-|G{B`ktz%aL4}&n=GUPuEj3UIv*Hi|Smh_vfA`!bO%a zAHolM6GF`DFFHAE$IHmBpxOk67Q2sQPN5b@Ln;T}I(N06n|AH*+~Om6#8{@?4<093 z0VUV@nMCjSAYSYL+;jA)^GAPabx)1oSk9d z4d|_P5l0WBw!63}qSkhee z48|PXNa5+JTx(z7qr}*ioTrSOCf)ei?hYgs4R9~4#SeV~8g$VL0KQ}ON<2Ae)`EI; zWY3A&Y5WmIE}%M`d=b8hJdNfl1b^vO6((~%(svFnF;L*;NiCJduWS5wfmL%WUSGZo_M3BhMRwX#Amr_M0UH?v0`J1I*9n(>(u^E86bc! zY97KG!b||{d=JyuZY}>Tx-2C6^-j05g}>{Fsml<`iR^UuFMv^X!oyYfWr!lsq^1Qe zQGAwlX7Q?vo3FaG%cAt`E+XyhVt`M!%CEO<8g>U1O0w{$)`1S!5RQsPHjv@p@E)Mg zRd|{)TcB*Cf=ZI(CKW=sbW%c9!jP1$uVC@Erm=>viFV=eQQyU%!|{uW1zq9cI2#c{ zu(L#Mnc6Cby`%=&JeaKLZd-e)qH@b+dL^>+^k`DK8?{rd#Jk{=bbO*{=Tuz26xc-! zdnZbNE57w%C}&($%{Tx@M4sh~pXxraRP$FSUVPk^B8#FSX4ex2<3PJ$Nl5FQSSgEPXu*aRCj=4D0@9k9h zRjU4&QO%9vrm=$lVIbrr$+RXwKhPX;Yyd27jmurDDyV>{0%kUypDdbm=Xz8cdXQ~gb!kpt-0IVh2%tRau4EC~ed)w@Tf82(pX&1nTA*y6 z*$2OT2T2kSSGwD?E+p>iwDYY^o?pV=?o`?dBm`F~5}4y}Y`Ib^Le=D5|E5Fn#(b0PxiURhYK?p)Z=w#d zj9TUAi?^Jl<&9JNDm>qfRz~i)ENQ}k6VY_v=pM1kMNi6QK_N?`Zyx?3c`t4GW9kW^ zo-JlB44g%QaRL#7$~+Q*5P;5rNIha)!$x4AHnrlIL7 zBjt1RvPT*C0u&S&?!&=?q}=}lSKovWpH_odscE2mkWQ?Po%g?VEg@t z!Y8k33I*-Uo`<-e@+T*a zU-3y{DVjO&k4SxYG(2nhw7H!|h2Z@W?}q^^e*}D_Ie$DI;4uu2 z1Eo4*pLFdEq0sj2%Yr07RA|7O7%_XiIvtYrO=J{8PpO`>g z@J>IDQwD{5J?B-r*YHy-Jidx|m)cM=S%4kd9Avk$>-g|_#ZFuEP~}UK%g@3z6PmqQss5Su62;;#hXDX=C+?NF!r4&$5Z1wgotbRckm6S-tIVnw zMg{^;0=E79K$0-%j3fMBx&*J3Vo~#3I0+g5&Ju39&~ujewl&I|d}_P3`oKB$y|G&) z6Yl@3Xi$HBmlfB6Zy3q=cB0k2C{wU7`*~_gF^{z*KeBXjytDW1XH=pt-a)z8 zEtP$s-XHVK$f?_#i1$tpC0gOhw}{ktDO^+?b>Agc*SgQ`IbUXu{?gb8e1{fzOOUQUN#!DE#loIeeq_L^Q`KL=gg z={}bJTiv3h=aWujy)oOnXT+w*I$Bp8wujLV>`f7^NY1*O7$}?P7wV+eq<-vy$?wK? zg_h$+Aj>+~@NX?ZIL(<_Z>b!@jO93a`N|FoPfO<%hUAz`in*4fBkvYpRi!#a+OpkU zZzjU83z)NN+FeC$^_aVT5l9Q=T9;i%H z=6mk^I~vIxrLwuKm~i7Xo+wJdWxpMunwb`MQ|SHT?oaUEL+f@_Lt_T z;y+SV70~TT#(|`;q_5q%1Iah=#3C!KPl0e9kn&}+@i|In@WNhIw{JUn6eoDQsKk3z zZvi#)o7EG|}*a#@T|B4yYSdv0tk!@Py0!>{aXih&=*Z&48p z^=ClCedLBOUN2b>>2qN9U*EzH7<%T8BZ@_4un^V&a!rt3#J=d>nm^E-e=MW%rCl*&;iz=okrA-Kvw}!c5o4WXXC%7gv7z%^1Z&|Bz@{*#Ui!7^#&(BvUIoZjV2*7vi&$9UVSc7EaeiY>Z#?Fd{1$LZ>UvCXL z!t~)(AeSiRRa_a$`k$82Jcq4I-^;!-Yp(u(OGF3$Q~v*-dqmqlJwL5;_CE<>O-YTY zM@4Y?F-Zl&%`L>hiP@`Dc3lw|5jmYR(*f5otSw{rTwpiM%Q0Y$nSy>&QjMGc{7OCT zQ6ENYG=7lE#3Ul&%f^O3W=bkJkAhsifw&bFi644bh~)^)B{i$fzjl(HhE&)O{BCxA zb-6^6{n!$Q)-zXQ-XMK77hK%Ng^TxN$HxqN5j<=yyBq2)eZwa_22Ryuk|L+SUQ-p; z3E^Mqw@#ZcT8n4XN%4~Or+h0onecCp^}?Rjw9;l!RG&>5M@*@&u&Jaya{al(9wp^= z?WU^|)Ax?hsb*E`gPgsNo_L9@d3Lg`q(nb&kAUKr&6{&NdUP(Tnq~`_BlYd}{Y8a3 z*Ly{t4-}8R6Q=#{s(mRvgt&CFx`qw#px7;5kCa)ZK5owCU(+&QWEz!rX8Y}PZt2j@ zT>x7#e3f6XjnG)>HlBE9SoR>Lbzw!>=~~7))?Sm>t#IazzL&j1B!BBN6*9pAfAu`259k$#ngxJe3R4 z@w(Cy$q)@oE~B^I&dsx%{z=`*;P8&#Ul#2rf_I(Lrpx;vliVDcL{etMwn=POrk=9T zo;YvGz|_6pO(+?q&(SY3dS{ddqn`$!sSL73z2lFYEVGEueFr#bS||agxv;lSR^YZc z-7KRV@4~z0QqRo@&_sDav!oxRE1HQJIiQZAZZjb&HQ^XElwe8+5G zs|j4qYwPPDIUnm%ooV)9t(2XwqiGEIVXMy7v#j$3lSu#y>~Es&yw#x0TO^iE*)iFl zH_L%3W(O=z6kZG*_wiA7(2!h+z}Q&2bysQoQ{=%&R@!r(h*raZU)l1KWrnM*-G-7r zLjKTnL7*|j`W%V!Xs~o6+xl5;&z~)*@EmdJcF__2I=FwP@s@YRc=W61#SgM?41UA0 zu*?b0-Kcdo>+@@{&OroDt@8WIzO>5&YFe={YsIrWhM9bbx36?r6oR%G5PU_V=5^Z= zqk3FaT7RxedJoUCoLH1BzmYTaRosaT3YlVos;fF~lmmbI5neRt?h!FC5G9zXXg zOlDkM^_22<0azyCzSF2|T`T>u$CGy7f|3o;t|b3l`~tUf zbk%?~nv$LQIJ9E25`E{&)IS1u`R^q(rQKr(B{a%vHF|m?|IPt>_rpV1W7jrbvFN6) zzsa0cJu&Oiuz$yIpZ`c?0ctJs$}0~gMcQ;8hJxPH-QGdxrT~ol?}t>!znt^1{Mt7- zAlq;nec0Nc)V%8wOi!Hst>{-y8HX+YgT>wy~KD0=C zA}=+OC%$0h=A3sAyX;riI_R@{eL#=e?4hR}+!}Jm+it8q*G#HBr@NqroLpz}KKrxZ z?qlKj9bx_zlhyw|*#UQgd=e$qztEA%+Hg!7Wy7+^X|EP2J<4Y6Iw~rO?Gzgm6p%<3 z*r$E>5)O0O?ZVW?eQNa*|r zOuV{%*unU?)Txy(O10_+El2g51VQUn@npaBQq!PS;L&$eQ9y`Y_k*k5-D8TLC8wrt zR2-OG;ZuPUKoy%Se4@`IidTcRK}0&N3KOYiNEgnDN)<19sCb-11TsN<81YBPO?&|x zzv|W}{ngfR3;-W=>x3Ii+Zq-GYpyl4`A_Xy91PHH+bC&keA|NK%wygS`9hk!plx}l zS@sz&iMk`TjFM>%l4(-%1Qo$}nwPG+_IxBZHe~U7b{g5)x*t{5oQ8^ zhi~JRe|v5h;)8}*Ehr1V^+Sw*de`nZcR(wPl75@@G3X`)vRO~kYuk7db@hVM)f06( zRzo@m7A;~DqBp{(1NhzP`O4|*f%kbOsRbZ8lV+nqlVZpfu;>& z8R%XVmitJVVlpY7>h{bwtl~yoLmP@PDxNV{9Kf(ROw zD0uU0Q>4GD5&p~XAB^F>NGe&xtGuQ}wneU4XZ+(6u5KUtgsvC#O&9%F20cfC3i_i> zD;9}>^47K117dGNB=Vc}e|*6Km8T#4o64K7e0-JFA;i}H`@*)1$xxwg`H_7A2&X&uY8<#sc@-15fO_27d&A z5T}GdZbmGMf=Fa~`StMpxl3bi{ni7S8U0obJUlgmcPBGHMMmHMEv5&*)pSwp(B+j5 zFYHz-6p6XLC^f>oPn%hOF9&cH+W9stwE%i@C(ZFA48Xag0eo(&7Vp5`Y;@p<2LeU_ zFwH9EMu??7pzgY&pg4F~UeS5LTXJ2ZVuYYH8?DHvk^5x*PV(8n6148^tIbs1{?uy3 z8Di@nGd-+VGG&=m&gN~+nPa>tmW*K2&8=%~>Xfs$G5tmR4wMA`BbJpm5p7qws|b+^ z{P(thIm%x!2akku^ctHh7{VMp|Ne#^s3k@&084_CMO zX#<RM=f)o46P`S&iF&@0I)0UFY(JRw-UWjKy}vK{jC>^>&w+q5JB7BoxBs(RUdMS2KGY=8b~z{h^<`?X-!%y^rZMyQI% zm;aePwi?2I?C{7SBd?QrR$u9=K4E&phg9l2Tf)jZlbyf~RtcY*d^gJ~at`1JnAj-W zsu>fPslPAn++h!fA^CAtcv?)~K#QG6eG5@*~%Z7%#wZpD*>heDS>Y z_5Z%`_%|}0R)wi666)d2r*Q<_Je6)N(U!n6NV@5Y?KfPG$TEZ=pGYkS(TX$sy-M5y ziraU{vA&?~N%`}n@81qM(Sql0N?qK!?m%r6+9(M%^nqWQ{~H+Ar3Z?am1*cPWcs^B z@z~>P7xrT^N+^MT!cD;Oxz3`)laZWrL-`_}sv-HI-dVG6SZGhXDVEWFKUjyA9=OU= zp7KTmR?ATwCI^)zX@Ez6A0dg%$=vQc~>rHNON)_w}lwBiC+nunx>$WIwy z`!2w4q{cEl&~g#nH8sMf{Iy90!bei_`(0Gb?Xk20PV8o{I0-dy=qI=q98Eq6U z&U`c9-rwGH&dHy^kGyTIcdh5XulxDQH3h%CQ3Q6)&T@#J6&S}?$a&TIz-Y;)n~4`y zlK7-Wtd8)&Y9F!gs)PQxxLNYPhCa`_oxL!xN|G=` zC~ZP;(M1_a+kN2N5%>niH%&*#P$&W~aOALGpi!?t2WUH6nG@sk`*O2*xH~ABQqQ{f zO+}35{IcAM$V51OcGP09hyoIX3yr-RN2|B`8=QkP(XN)`$ueEJ1+^YFYH`(}GdO4{ zEk|n0<~>r!E0w*zO>&{;X9qa{_EFj6{Tf4IDfyF*sOgiv2iwqWbRUo%T5k#Rd0t|gV2~_ulx?+FhZ1(N0 zQgeu_14JFa2O_8<>rutl!8EkPq~?Q#)o>ppU!$eb%NTnN$FKW7OZQc!uEfEb9N%m; z3CX|QzY%D8zAR-{uz5V9wt(z=nD?3D`IvMQS;OnB!ROb`$*5A$cb^D%Uzb-1KG;Ls z?4B^&7~_cVXJ2We)Z_PYlry`z6`U1hIaL!c;Z*00nvKa>8fIQ^JQZo_jcmQp-tb`j z`&UK&IGA#Dc94TKsOT12kqH39}y6E z=Y5pls-qAjrRQrz=l61N?|UGn`XjH6JbHmT7GuugP8@4c?P4B9d*2>jifQ-G{;Xi% zzP4qeO5~SUHpw+5JpF_LOiYk7JbOVGzIuI01UZf!*JS4AL&OYw9O_*ak0~2)H%Jo^ zk(z70itzkmQUX;@cKCQTtPWL^@$9DG;aGfP%(q}%mx$J0spUvDW1iPUYIv0k)z-#| z`$E#!`8WnbzUyKoZu(Gjq`cj^y`S)T-cCB@(Ek1g=Qpicg5KRDp$AD0$>8E?Kiz^o ztsPX6CTC8T;=*KYPE+NCMPwL#N*W7d<1nT57Q6iIl}hvF zGAFy*3|p1C7(?&JgsWG<91E)eYy4QRbq=1eSMpdK?)z5}45fQB9y|7EuQb*r`2}r@-Y?&HX%!dfU^L0+ z#7$p+3jgWxGDXTpm0{BSu#Lh+NScec{?Lv;Or)?n+&Pdgd;vGmESBo7ADu>PF=H`1 zN{F~eK7+Y%+L*G9+vb4m2OE=rPsM~gw#LJOm#bV-y+{3x_ml%Z@8}@`579fI;6pVS z@^sM8Vi6FviN)Y8T%A>;$3*!(E}#9~cb@2$Yjx^XYhyggoHREf-ah=CSn)Oa%5>Hg z0i=O30kB~*N#@u2>>7smmFOOU6@Qt1(diBc< zl~9P+=GiIom{mua#i0hpF-6-rmd*?i0uUXQU8jXfQVsq4G8UoCERQ!$t4X;=C`jk{vGZEtr_`yC?39fm=;mCr ztX)5O82Cg;*qkBG<)N&HY=%cRNfnW$KD#qND!|D#ed3%u;6#eX_IxEsKWp6gd>o-F&O>I=4dmZWh-l;`Ij9q*B7Xb<#K_W7B>UN zS{+GSV=~eYm1y~+K%vJgZ8BL`K8F@rg6jPU8a$tkR_nof*c-_q8E$9(K_cx)Wei{V zfZO_#lj8HBmF-gW3tz94>r()91~b7FMJf&_im;HS-F>*7JWV*tp1A#4fKA{7Da4{9 zDYY`k#pRf_T-2yBzeNY?>)V>{% ztu2mlHL>)aWZ^Av^^VHu&}`EzunPVB(fNTEirT*K>SZ4Z#> zb#|-hQ}6|)URly+AmCQ{dD>GgT1Se5u}5#>({}ty0{zolvTR;+@xj^$0_6x5{Zoqy zNCggfiFS%>q#xz#&PN9o{h<7^)Z6Jht+UV7_%{()-7}#LU98FOY(`)riRM?Q)iG2$uj0 zpp1+Yl@UF{r^h=iv8K2UCH~uk+JFfrcwqos{6TAUXT#=S+Q>%PU$l`1lNW%geS)#P zfZ#pY(s_24NA>aFVbUmrg?NN5uZ)9o1 zr=w2<=M~@Xb|;aR!wt8PZ4~nmHH2gO@F3=~u)3zBvP7xpwjf9+Jx9MpOztUIPi3*S zPzk4=>Zr+9l_UO)V1=IC^pKninPArJ_{yV`?bJet=h%0V(@DBd$6+0Z2m$ALpzZYr^AO-dw;J&g2-u z$vG-T7AHm&*=wjz4aU5!#c>*S#MYTc>3_cc7=j*=-ZsBlYx zaXV?@hRRD*hh$_bw+w!R?8)tS?hStn3YzJ5m(!CNuDzRAmQkSb!|)5ul)r<1CoX0g zq`oEQQki_%`OX7fHL|TeoNti0@g*dkSr3A)mlRZ#(pX>+qynS;g17{ZtS&rETn-la=UXOzh)a|65 z{ZhND>i6}{_IYfHuhLJnCqB+@xlHNpg^)EsTHuuX+g2c*KBA>ut7otOPW}XvG_Hid ze%C%<4!nj-5tTook8;}r4DK4MuhTOOMw3l?chQiK(S=otK=@zO{DxuEXbv{D+m7M6 zb4TX-1c2bn9Dcs4uPl9IJR1w_DG56XQxqj0dOrG1Xu3++6@kO4Sp)UXFaV`l85AP; zaPkg%=f_cyF#M`NG5q3a@|NMXNBh*W495Gnk76f;NHAwQ+VD79VT_V^KRE2ZH{05IQtP3%<~999}gW&B;;P zs=4jZdC9X*Bi>=JNsA1r@xM?&wJXHLB-t{LTl&WSiyoveO}j=S>MQcb2ZVmmA6HQY ziN&(x&wnF`cOJ(hJrco$btX}vxju@CaSN5vpwf zO;0?29q1CvEV2ne01`;8lfDWZg>Hy7dq(eu%k^MqrvJJ{oOTlkv%>)6v+`-8_-;XR=)SyPg~VDKY)%IEd&v52?I9FnnWmBDY=7%Aw3OaO#9Q*y`LN(&G1& z$(K~$^hND2#ak`LtPyvU3sz#ZamjSCer1Bgtf~+t)F+LwV0KgMvrXq3XeK1njVOUh zP=2qhS3EQq_E?g1^2bs^Ld=Q#!;YO-@32NlmF7JR4D_NPZq&?dwe-e*mxfsIoLVe2 zi~xdEuBx$K^u(@5yxCR|5p#Pu=6~=x@p6r?Q{E$p0Zc&kpgV;53(PxXS$oa!(z@;) zS0_C$gArgKg4+j6LYLHMgy}m(s@RT zrK+$>5ySl!_Nn2@@1(s7>AD0wAc{KXE|oRfr)%UaHI;muDiz>wePO;Dl)uLMIdBMR zE?{2w8}EjvNu6DEaw=*jYAC31ZNNP}lB66GY66HT@pQ{C%Nov0S1h~xrK;owrNJH5 z;bOPNoPOnbT_;r#pZ*%rX8zWY_O!y&OH=IY?EH_ZvpHp#nD<+>7wa`Xl-YR|)i3yc zt_trqObmVg=`>Jg(jEA9$yfr z86?T})6{WU(2Nv^@lrAn;iMrSvh#v?Fk~;X{$WiL5IcZvsT?47>}&!(Icb4h4#dGB?K6{LC%y$fZ^R7?{uzY1|elwL`do zur1xi{V5f}?^KPyWE7)V_M%`Wp&4Sa?pCq2{rvA<+(aEk=oTMoZ75qonjIK83ic~V zF;d|-ggE$fA+b{Sb6kBesWG4i#Yn45szLEjT)A$g`)FI+Oqst! zRLH-?Qr^`dHpy1h%CzhBIR4G&<&Xb_H_QdXdI`u(u~sr`S*{ zEN7IV0Zgm+%+Hn3bg+z?)6IridY^pfMYlKW*|cb}(Z1f(;3fksf2y^wKX0BGp|v_% z7P42KpEZYT&ivH#JerGwvjuhm6NC3#HxP04$9%K+-=!2_#o{^q zob2i{-IllE3BN4cus6rGh)O3o3NCZAP4&j^-TTviRcXR0p3GmYPO$nt4;M%gc$`_( zMmy~85Yw~FAOW7YSQv8&vOS-rib%`5^JH~h=*B{~no2tI=YW*{`Ug|)`)c+g%bSCQ zwEk%ZPn%bI8$0i~<&|o>B8n;FwhQtq z<9g^SAk?S)=h3sjh$(ua_Tk@>YziPZ$5USr-|Jp%fSBSnEFoe#fKliHy(}8Qr{vXr zXzQ~YbZ^Rj%d+Nh1t3yuy89!`{#{LZIqGVV(y*qNQinZ&b$`gAe;``x9-tdzza!HC zKRo*iTG+sbvm4RGwH&6Eh#4ie<6w1n;HE$5Vf5J`dEwhQ+dZWqro5*Q_9rTqn|NYQ z`Z~1~!q*d*OQ!YE$eUw~*DtC?UJsoT7)bo;9abJT0>h+v|2}cgr?Vcsw4CbJ{^38$ zDZ3+KlUKhmBh~(8M5|k~ay1NPqVrUN%t0vs`IMom$wj*8vQq!!OZoW5{AY~nuilLH z*5khh-o_0cxu0Guvf^JSo-D=fjw4=e4F2~2mw5Ah8`$}F3jg{B=tttCa{M74oGiId zK?A)|+SaS2}?tI*0m7MDzej-PeG1C81twPN7T(@4h-^#_kWN)BZ_+a;r#!d zX^^F#F60CH8n6xSvGO{f#@~Bzts)@h*Y~|VO>_h5KknAepl$6pO?xIpUp-*@!u-oW zL#DlSz5Z(WyBVlT1i%*AA-%}a#bf{uYn%0KR*vTN_cJi+8}Rxq<&L9Z5J#V*{P+v_ ze(2KVW>)N_L{7FF_)pN}FEcO3MK841c;c-pF*;liR&DiO7JYtoAkY?YZDvCVZ2GLI zIl>7$2KWg#{H%ktdlC|@D{B&C0&8|bdntQ^Kc8NM0|I~?laVT4_%$Iyr6RDnDNp832wV%JC|)7 zl(ahu50M>gYAE!HyG-(zR0mHrqp@`R@8H88 zuEfIN?lS9$zo1~^z9zTOY?HT~txtkYm!YVJwh20>b*7pO&O@S9gX_8kI)=eQy(&k) zrgHrY23zq};D$JGz}41tZ~5^NCT#U-bIZrdw~lpv*VmhYBQ8?(7jvwRb(%f2O9O!1 zP1Se1Cx1tqJc1ykJ_B}fi+BMJwJmVWEB~DWAwJ){tNx=KMY#`FbbFqkUPk}GGEodB z&dj)XA=V`hy2*Zg_iOpF;TQ-sA3m6#+3 zl6!J8BG-jVuj~w8v+^z=etJHXnumP-Q;QL+CtlWM76ThO-%0kb0Niq;zVSWXCKA)B#~@j$EiNGjeP2*wrG6m#?%(7XqYiAHwLSn;yx+e( zXI5RbKfFxsjD=da2;?r}pYx3;x(78uv2S{*FMp+t?(=9tRyU#F>Jc_|MNT^oqJN)9 zzfZ$TjHH^V7tLFKyZ#vFF3S%R*HB_aIX}NA`5P>ukjb65pGSbEx@5MRf3vEsPs?a! z7`t_c8M~bY>q2DG9n5UL@G&+@R$NKygHkS13y7u7k?J!>)X2 z8}NU-V5M6{qf`b|a`1wK2jTbchIQI&YTOa?hWox$h4sWkVx8IKYo9ljhzJT6@;8wT zoBCWXP|I6A-?hRgRK3%AC+gV-Eb?8ZPP(FH=7#mBshkhT>CCw0tvMRyp9~k@qqQ`c zZ(-)M*Yib+dl-000ONxOw*a|GytV3*z^yeDkzpSYcZQ37RC@nClX#C|krdWymAJ=3 z+Y1j*Os*7l`-bl>xIbF1U6NGseNCx{F_gNs{mA6?YNxKozK)`e)%(l#j+L)=znAai z$Q1KW)N@J|!W$nXr{7w`5#6LQ4oWJLethScp_!I9GMaom{}5`tV=Oau4)-b|_jpa` z>~mKfK>`%6R9l69`?50H(T|BU4(iLMNYt*Rp?gG8htkxdW+S%FybM6{KJBMc&ibrk z0?CQDwhB;%`8rll1+ws6nKGi*royrs-t&20+brc_vh}-E+k%&JDr>gl#<%^oZTCg7 zQCI3IyEK$lp1FM3IP2ugj2wNfENK;TToF%2s7lcWbHxXoPmIe#wP^{!ztf*vf4fyV z?B>km@3&UXbrYVAni4U7`_@}EiAI{~ITGW%=#ZtLpcZewyt9DTW`|Nw)W^pT*+?$|>gg-dkaQCFV6C{z&HPqjXm_ZLG7s8OcgZ(Fa&*jpbDqhcLBb04)V- z;e> zR!^jj)*CmBs;SaXt=iEHj2H6IHO+2WSfGFeae%3`;)Cvn|3wj&#wvk$FY6Ucb zj71kJsK8$)Qe1W2t}6}f@cH6MPE$g30`iqxe1zHPzs;o>eg!lq$X}%{%g@`8I(#&4 zv8;#ni0u?OW5ZQ)%q-Uwla%2y$W+eCNxetcq9Shq@2t1|-d8>y zdWO%|z!lJSkVo}M0a2JB$Ru=BQiCSj+%;sf3b-Nc%zYmKtx)7wZl> zk6f_e&;8)IkN?shUxp_5hJ9!);+isD_MF;GrjXW6F%+ENT82pu&3fB^;yJ2+_Tul_ z5d%cg4DYAy3cTZYxDx3tA;5$hU&;JD7{ZIy_MfuzqN}A_Xk3lMpmmBvUQe0Un(!Qm z$9vSbV-BS%92mfyVxNWp&mxZM{@gXQDF2x6k9#lP-1bSLY-0}2&>vVm=?G9qhGd2M zFbX85ncx;s__Eg}-6zW>j{vaCfiZ^(EHqx1Pm}M}(g$o9U(Cin(B=h-!B+wCH6<}s zXyC`wT%zIm`WN|w6H3%UKM5b6=MEhKmdL;j(*`Gz%L0-PMg}~pI{}yL-T4uQYvOdN z+A_Tc7p$8BOv&D>N!g>ayPV$<{p=cDRvn0fp#&HHZ7=LzbiPcpq?#l(+qnWAx$#5} zsp8v2=BUPhHS=)G`{>ce>X!de+jiTL5#Dv~rO_hO2Wp-ojPzSJ2cyh)h_<}wMfW4g zEkXk@WiDK@%dls*z71dTGS5XXV=Ox2o5Fetxsv@G@CHDc(!xT&Z1mX8+Q%A%;eFr8 zrPK~I^nd-6KbrS6E!p2TiCu_y_(mJ*J!*Lq+Ul?clHh;|qMbIDzP0-eAFUc{@YKV< zAU$i1I1D4V>br9yQ0_yOz}RZ(ASCzH{T(-I-L^M;V$AboaJM>UjszZ=I_kTeK(oX@ zaYQgx;^@OTXO{ci7(M}EHZOrWa@8>Y!Zowpxuo^`r4Pq8Y7xJ^y1@Z3)Ikz5O|Ukr zH_l(?LV*GG^R1jCek?^@VLfjh^JVvd3Ga0S6if&(((1)s=P}%5J?{lhmZ$<2@e=IIQqKm-*YVb6#b`x91AdhS1i6K zxs3%E&Y1Vu?rQlkJ>sse?Lo%NELclEJVBkE`6zR4^Um^sEs+`ud;LFBLx0%-ESm$? zu404StFnB($Qwwu>9T+0f}ncNm2q^?tF8Q@sJKDvV8>8LHyTY9z_j-6A4MpA0+ciR zgNh*2{3ft_FB6V4{?OwLViygPiBlM+FfGMww81t8mF|%+kVWG zNS`J}-;SfqouogJBF%$YN^}A#_#&CzeWJWqz(eTKLLZx54zsOVeb{Ff8$~GygpVbEK%6vZOmS!$Pp&1Bc-#~ghohodPUdgG^6pCnmGg(b$k|sqm^eF55og}-a$qPG&yi(<}AMv!3 z{=O9mX)jOYx?8iz*q93_XsmCbLhT$cau(p9)MV&6NCk)r>dG^yZK;1$xCVo#zjvt2`s}B1c11$=(L-aUq(xehyC$2a`}lKd z8#I(CVgc^jZ)Sb8yaW3t!2}QKcC255k(?$V(FqV7pjX3Rr~V@~hRB-!_AMsSq=BEV>A)z?~XnS))ic+@ayU(zTq^DE(3sJr)|I}5@Pl)uK zEOnIY`Rro>*>jlSXO9I!H?S!P=z~>RJokwmbHC^WG53L<`d8>r2X7!_j23!KDQ@Hh zUEr9nfQo>PUGEi8rNDWz-g^<~`~U$^zbELTg-e6+c5YsFR=qX5CrKfU-mpon1g{ZDM;)wn_FPZlvR$%>}-dP@BhX#Pj@jgCE;>|~=ln2&P z-TcrNj4eG2QEQJ?$2Dau7$i6x0^uiNoo=*i{t7R{E9(GJ>E^1?Y0|M$&;Kn==r6Ny zl7z_nKj*U2oS}E;X@Z$PYo|oDUsLas5$1LHooD7BQ8|V?#B{kd-F%qVNa}qcj0*VV zo+0Wpvg<3`nDd)~q~|Z7i=;G>e*It5h5`g{1;L@&A=VzA26P5->W}L89X%hauNr$a z{j|DvK=Foi9aMJ2&|mZvm=@;&V8EW(+YTsIAD3-!A;MET9BaJnz;`4mD?_TGz+1T%;|5>M${*H-%s!hpQ24? zp>MVvy7-RPi?!NQuHiDk9Fjz(_d}MqjxWp|k|Vx*#gD-n-wudMM39i)Hpq*@0N9ju zjC$%0aYxiy@tmR~v4nuAMDy`{!;_~PQ@M0KM$wgo9eZUnYqPpX5Fc#rBM86%My!6! z29>x!EVpdLv`a0!8B3rO*N|`BIaqm?QftTg<%yD##hJBjA}ILpl2YzL4pkfx^HakG zj@AV>Z2-H4bZ5Bza>rzk z>~!D3-|_*L>8zLb5(|T%M2^BOTNs(h8dHs_jHdV*_r!D2&kJlatH!lNm$s^VQtWlJ z2xn4hy*YE`2k=SE$7R4XM1Oo#U!S!~+*^{O)b*#LbmxXZhoKc!?B_g~C?>xm!_c96 z|5`Z($%=1x!}oW%JwrV%JSmahigKs$%f2^T0bgZoqgA3`4uzqf)aiy$hN@2;lD}HT zoFx`f1Fjx(b^4_a;y1S=06A%l&o1Mya?<&$vujC{>=cR9hH_M5s21*rCjpY9*P?@& znSRu1$3N%)M=}Myya{E z1ei;NeoKdGW1$ol1QM}apcLn$2%KHFpgM6_i}%vQ+UQ{tsCVaCX&D4(t~eD#Piu7p zBf9R5>yiupMPm0fp5+U4Gc06{9*>I1 z^czjQ#O4h(lxE_peftJ1{E`(4V}Fgyupi4+4`7Hdvz+PtH7A%5=Y&b#VOH4g>9ae$n=R;fe8+J+Yko{u_J1~<{C4fn zxnSO@XXn|yN(F^hO{3terLWwSfT0d{gIe+rQnFsD5)cnDcQNP*K}5!0`0nccOTQr@ zLr)(sqLjn($Zq%Z&0?!h9x9KrkZTt))84n%uUW;evOYg@xv~4@z|#M}DoFt9JM3;3 z5juJwP?8oG7H#X^MdrJwA++LhcXkuLY%f}5^*Vpe!`+tvqFX}4*KaY4GN0q79)>o) z_7)sq{(hG0tOcL??`hh8r!N#r-1RWTgy+vn3ByYj?xfw$-Z;Gr9O$l_gbMY~I zIj*n$G0z`rxp->bwFTy3!DRP>omey66(XNkA<^$VTWZ-bP$sI%i6+Q-CvOPxkIp%| zT-#wOTTY|Eji0_En1r}F>4_V=?tjd{q>&`YPtPSnmDPJHB;8Rvpg3A}fj71;D6%r% z$rXRMu>DKZ&n0$0FqIl7Uii5Gz|^5$D;&V^x^{j8ZcE@Y{9?mR3fnzkE_nVe&1Yt@ zfhZ$2I1T+vM&kIJj6{mWAjwFNFZi1ofd+>V{HaTb-!^|9PlLmMGk|1-5qnE4JoJAPwo!2YNAFlqdd{WrFc z<6k7S|Md{-j=fR9uQUW$zMD+{KW7zcQyyOcAldUDcX&vfAyPct5-u(-aggJq>n7oU zzmAmH)vNc%Y{7i2Np6$_!_e{jm+XtJF83LGCO^3pucy@b3_(jdAc$9nPV`R`i;1V_ z93b>R7>NXE7sE$Sj_rzu@A`euHUYV~VEm)6RWdA`Howu?*{_j%I@<20_nhFp;mXvt zbz8Be3|_(5zd;@Rv*yWt&;y^bUX2OQudu|;8iphoxW4HuVxR$;Ai(0nuyFfM z4gCKyIM3x^I#b9q9P4FgQDt;2+=l&&3nRvX6YU_eW|PcrMjug8QR_3Q<*=sy;ZuWe zfHb*WMjRlFlln7&u@RqF5)UUnmqT#o!ujU1J-N#Q_J&`ya|+w3g~}A4)`KH0JdY_C zM`M+iDw>tx2lgu>_x)GxJjbeJDD8cG9%T-w-qUR^_5i3IE=#wHTCQiE+9NoPX6LpA z#8F-a0oL^P6V~1TD7vn4sMp!N0}}Ph{>5F4=ar<`XQOny5~ zgU;Hiej88bf>NK%fY+5rwNPmNeP5m$Hxrommd)0?(MoO&tDV8fUrq%6i_)x#p|Q0h zpNO)>^0n`a?x73wHMbf(6H(&Nkq;mFAsbS8-~K1@=dKlOu?03*rclAdt#LP$`C50O z;VFwvN`JTc&BR3k4dTWkEv0dOG(^<-q| zYb&N+(TQIvkuoO!&^)_WuL*Nz6V)8jyrB|4Rd{Zf^Vl`2&|17FDiYS~_)JWHz)Lm@ z7JgS`3Ddh=#A3#7H7DWlEGaXFqHp*vARxxZ)=ED!%=|iykYp^7)cO8^54Y!>via_{ zb4EPS;v=C3gbL5u@c;~{La+613*2!u!R~t)%|jJ0Z^tCSXaM_#HDW8`WZ6rV5~8tG zbTZ=I#zG^$&I~amg8kabXf!yGvM18)%v&bII{GF9jbjl@mk#zF-tLJtK30pos2T;g zeBo-BX|YDI@nz&-^U@Tr?{;;)*Q|(cm3^@71YKfiGKxAw7po6_MJ>YXyj}wcZUx@k z5=VG5hWwv+k!GKdj)D_FJ`?7B4bHq`mj2leVa2nR+s6UzLnEBJ{A$PWa8??3SWsCs zUk7@PtV_O(Cm=n+n|x)PU6(%5Kg~mM&Ec#)D~rBt%xv}E{UCD+CynlID`~zwfQ(W* z0wSbe0nvJuZ3~n_%=X_{S!iY#oV2@KbPk0OK3@0-)hsT1Ey46%2q3h(Npxws`UQj6 z*`HX>xC^s;G2h^fVf1t$3!etB_}VJ@i;4mQhxZdyhIr2C4a&oj@U^!s6BR0g=B-Sw zZ<(W|3OBD;p8yC805a%V-mQ`!XrT-O2DIX~lY^>YG<%-%Yu!eN(Y9*{&-Gy;1kX5)}J=l?Dn3 zW0Uk&z9^zMZvJ6Vlc#=%uQZ3i_5%A%v3NTTV17|LMuB)r{~ZOI=9?_LZj5kHcg-#L z(bofl*ocXJfPMEhVBh`BsQEONQ<=|A_ZyloeAW>w3Gw_LXkEk%L#LR}+2^k~`YTNJ z^Zl$F5_<2s8%&b5Ng|WSh2e~O8^MUGeUI(Bh3eEyVkle7A?&mx*!7_44e@c%A8LSP zOPO-`XY&{ix;svKD1JceODLban{CHHv}i#S;{4kOR|>Oh_E=yhVvp4&Vcq@!M8xM! zGUi2rAH?2Bpwsx&dA6&$A#Z(%{92Xz*t)MZ1p4#x?u~pi|5+$APH8@;rAr6Ov^btU zvd#Fs-*IiiQvYs6c|kOoMZY?;jSt~D=g#h)(<`npu*&ne%JoBa&@5&roy*Z)I3yGI z#cl^&rBR)RehqYAn}65_U`o-*nj9Mr&+w-S0x|E0RQ&GH+FR+EXceluN7-3Tl-h)K zAgO2xU|;Rwo!z+d&uv8_Tc)F9mm1Vv+(sh1+*zVNFr&Mmo%cYldnxD$PatVe0QU&a zuvx5Jm>wmUe-P=Ss(=<{{m--!WDEHITg$7V;u z+^6p3qjCDGk-5lS-K%XEqWj247{zw0zkLOIS_EzmSBeU)XEg61_0(Y&XtClE*lgE+ z?is^PmPO)?n@EfoMKAATQ3#|Q9y&;VpjRiYF0UN3tXq`Lb3$0kzgT_CJpDdza~KT; zO)`;ADk)HZtU|qWhv9n#zjbs70N7+%Jz3H_igp{~ZADu>N1~--A(QR2R2TUd4c24* zhF<$kFZ+%29#P@-PjHV+EUAyUt~6Haq1WW&9Q@g!4g49L0)TgEHP|z+-hWGK)NK!8 zalUQ?kv-xj_C0eh?iRlOV?UI}>+Q>MD_6~!UU}h*jWvD3mr?Q$q%U7CkE#M)C5(Bi z!!qYpZ}Pd_a0|6=H8HxI5hw!-mZsDR}tuk90<;eJwe}9L&~l7b2sfky~XTG4$KaB z+c?+D?u0UPXX!VA>a@0v@|5=0x<1DbyF93)tG}icv9NVN#1#!hJ|qr^(*= zY{}Z>gS(PdXGp;igLC}Wd?aoDrH~i^=-xbNaDE}0t;t_MtMSbhQITof=!PU~O@k6*;2YM?1a|6N1 zOlI|Hhd-Bg%BCHiobiX!Bn&CTE?FbgeE?*#_8u7Zb~irl9Y9U`I$_}}KS3#^`-MTh zw(FNRM`#u)T!G*of>&!$Zd)jSXKTb9j9wS4Zv7x(c*VUl!gnW-VjSL}D?Yh(p?}={ z{3l#jN%Qsq`9dm?-yW*IN$}xgk`{F8d@M7Gf1JMKD;u;Lvo~|caI=sCVfnfoCXCl( zZIG&c;XjVvJ^YCMZPU*5-eXu%m9Bqw&dv)Xs;JVg;!VGIvCH}b7kB?V-YQti9TRqP z!OMDYvd=Yt;%=WzWpFN#P7aySS?_PFcuRNU+se$n;Wt@ObP+VXnazQN_WdA3O5lIl zL^*s5yMZ_rys~~UJ#r)1OT1`@2DhS(T9Wg*{s>4Ehi-D;n7;8&&tg3`Qc{CV*3kPG zZ$-N$RqW@u*89Q*il0sz2IMGqz+xOj^a66ZKVG`4@!iPl{4=M50*s^4hVX(>)IUls zAR378xHKLrAD0)%bXb6T&TXjnhq|lBJ880j1;rM!0NS}c-rU$XV<+HS33v3DtSej`m(ZzoJid<)nzAqLZNEq@d%ir^vF*l#c z8MH%h*%lcoWMfW|J=0!eu|o$FTL(`>x<}1HbGSR|N*7CbfX25iv&%k3wtmYQF;{w= zJ0wWouB0U)b>{Cle|Fl#`C2AV!}&PMqkf#tE)mz49%%juE)cBF8}emynwwK$OSWeV zK1>wscWmTcB{5pG+|TNHIqZNLWfj2q2%KhsQ+-01>;=a|R3Dr}Y$qWJvQsIU96>xL zeY!}*;8!A;uMTFW4{)G=&`N4KD?uns@IA zt?1z)*G&s4&C*@7Z0we!Nho|}bZ}00h;pH6nB@Acb&QecuxbKbTp_J-^+U_*Xk^hb zW`F`PgD2zbdc3W%SuI#D<9!9&@p_z5X{gqy2q7y8fvrwFLzW*mB6UD)ce}OgUCPIS zx(y`N#a8`n9(1vqGT{kz9SKhYlIlp*J2=)~(?~M^OfoXCZEj0A8HN2f9IFOgd^S1= zj7yLLK&9LPb!JE~ZmnD_gml?o+Crb+eYI6;v*S;~uUyfA(k~77iA`eBodIcSa{=vj z4vBJaj`?y2-jq~(j|G2IZ-3_ve|3?O|Xvs-@&UC zEA;Mv1+P5qe}PxIJX1qks}fdWs>%dX!iH>yUd*T0;0M~b`x|r*23a+y{hjjclB;BH z4;J&yL#lz^tUD&yBQT5hi?qdcmq0!XuoBJ5$=O#$Yfc;j&Zev%4~2~`Iva*o)4gt7 z^?Y;kgRD)Po|uKJTR8`Bo=d6^w8~_BaTJ^BN=Bw-RO4MPfck(G*s6zCb>(})*UFXZ z@+3TJE%TVS7DIT1U6M0w{__4gfrRHdjLvVr3sFE zLYWo%(22lw`wzOx($nkw=>h_V=j324CZ@8Y-@U1_XP`O0y$-8yZd&B)tCrc4mZ)8e za6^v{zgO6dcQjN`H!3ElQn!!B3V=DsFM#L=xVJRnY`qOBITiBrXqy(JvwYT<8Zp4G zfz3{6%G_#;c#A&RCK@UFAR^%>$aJg-k{tQMsF!>lps${>4)I5oU+Y&>HhQxs+G{#p zK~vRFiCjj8&ZRH6S=5oSfrzucIDMaF4N2ILkMTo*H1gBG9~mbju^>%BEUKhk;!_Vh zQNxzaG3Qqz^JBcB?eKP*-Q-Jeims3bjkqb%1~{Sj6*S;{r!=E<|BbfGe)aD5*?WGL z;g<7!+PN?M+N)7O5nzu&^OY%;!6&|xKoiqgOM$v!+(AQ=b=@1QI%>l4S%8A=6Q7o% zI#z+c4dv&tOA+Z33@`vnnDQbV)~JrbPQq;Q|iJ)sro#K%?efh9arDf zi@QFwABj_)0kG9J{DmL2z9lZYY=4$xNQZbF@s(+{`o$Fpt|}<68ZD7S1#lvS$qCLv zY(S<+;2_Z1{6m+pv&!xR2F@L*sv*zf$Cfi&4+rN z+oK1b83~MaZ0j<* z%pEP~4uEZEdr7aQ7c=(E`ZjTjA}5{caVa_-Vd}3Gns{>2)agh4fS>)MT6!_=8@{l& z#yd>Xd-OeXf)P*htzv*iS#4SdXik|+-blaR(uTgS&Why=qq#g9Ola=(EBXs2J%pY& z8}~0_3VWpl&Ab#s4639~4HmD@YXebr&IlIG^nRcx;DMJdF{(}2X;LUb}1hmV1 zSg6_t2xA4MtCM`&`>Ppj#D%W5qzEwZpCznl-)%UmSIN@|d);!5wJNFCl=M9T#eZ$P z8w0q2N&xa;ZsHrUz002gk%gp{88bft40w5Dt|qVUJ9Y3_{L@PJeEitAtG5qhny&z$ zq3A=0UD>7IK}<{xD-wcq%);&W>k84INA=sL)^>HK}0bE zVRaG_?pKs&&^1py@5UW%x?-(1YltIOjpF7{o|)iSVTaq2^>)vJUcH6vd;0Iy1R`U= zdknu;Xr(}Q6j{Kz^0fnV0N_%`*hM!Q7I0%~=d+C>(N$A1IpzQ&pZdj)6H-dl#qxk&j4p2-2eJJi-iH9;eKB(&*vZQLsAVspyn33E6%?@>QW=OF z2vS!@)WYX|{s^oC(sEpBPGyI3=I$Jilm$x1I1^Ehn7?F`E%z; z+kl{lPQmyU(kqTkhd57vnN`>bm0aZ}`{WY5*HB0Xd0MI1NM98iTyK9Yjz!F6U&O^R zy@Kd#T!YnLXfF?-fqZWV$f8^Q@VRrVbz&+=%x7kh6ESc_Ui5u`wnOi8qBs`+W!oYL z5XWYhQwrRE-i>DBtV(e4u=dxm+WcHEa*q$|B}aRM;}?+jYfMT2lqub@Iu?!rr{?RK zn*!bx`DDAw?Q{Uu+}D5h*-~%T|2x%TMiF=ES7_NMV_;5hf7Vkm42oD+zY`nj%`6q3 za)n-MH94Wg%8MOI%&hZ+4H^ENTM}N8Fdle7vs*<847v#mK=+5A*`FglD}P{KYvTMc zBR4+Sq&FUE@pB;fI^(3o4_=k3gVZS-zthz~Eg>8)y7mok;@3OESfmO>w;0B)-klCc zQVkT{xEAFr>H~n6M15>y%w>jF<+XH;34C?88>928VBh)jI`ze~Igc(XqGFd-`-t%) zYnEQUQf&52(&k1W3`SkT?DwPAfIs2{|DJaF-(%s|8*ywtKKt9%;{lTL zkHO31i}W|-D*Ugro7?e}2mIM_Q}O>K=lvt|;s1+3CJTh*DaIc^)?|ZXM6H!}>p9)h zukGQ^YkE#4!2|Z? ztH*s?z&5!UrhNSr8$my*tjR=QZ0JwP;_pC_!#X-q9o@<`0gpfxMQ1yR%(lUTR;EDF z%3ze%<*JX%raIf_V`AKxP7U7cv3jx0=id@gI|6tR7FH@K?@u~E>{+6M(QBE={lO~5 z`rVe{7R;Po^}OKrEer{Cy=qtE6kz9pZToWTAdj7vY*zdFw$}ikCHJ^?-5s)AXCQkE zMEm||rvmX&i%GIZouG{!O(jqP*dkqUv?uazVXt2wE~%IPJ{wBD7K zNMGG2Q~QGXucU0wa$dCNB8t}mm1sHjzxm0 z)Bi8^EALkB_kpRdvr^Z1Cx2^{R>_iPkE_;lxu4?t4bLo{_x^gQo|=#T%KI@l+~X*% z!XI~KnP-yD#2D=GoB=!_<AX`<*``01P3!xOl{T&NrrV#JV-whT3A7o2rly83 zt5B?UH%>+Y?!}I-07J_v9}CMfWW0Ih-X-=s@I|naH(F4gCC#v>#>lj7xV_yY*9I&g zLm3o^ZuKB&v%9ds`}7iSyw~454zFM4qXBYFBU#|9KQQ?!BUm6&8pw+K5_6mt=gghl zlx>Neh>JKdcw+r0fwakCrSyMzd(W_@)@=Ivw3Ilf$$jsq?sR=&2pq?T9B=&w zkMYyFvmhg+7f{Z>5^Vrl@pu4`rTwC0PEUv3q!Rwd&&@Jrtp7(O5Vc%98g z&DSi)3O6HF&YzS~DdVT*X?+l^M8-MQtWcZWuBWC70=2^$boU_*-?;J99|hfY_h~V? zRHE0=!QBTEU9+D8Wcu9SfKnPWai7`|di|0&dT%gLZ#yh#vFO2+N;3cExBjV{6O-ne zJpD( z^BXcw8N@M`EvIItWE^;+tei%0MVZp;uGx`B=J&=FI5odV!X|8OlTl!2N?&eICu{bo zLB4S)zzJuc@$NS#oTk%d1L)sdf>KE0)XfWy0GHOq>tpq%RKp#XGU-uc#@4iNLx**+ z$Mde)bJOS|l=H8Jvzz@l&E<^ec+MWRigdFy!+o5+R;-z+HD7HR)ss7BXBxR@`UF|3 zz!OM{x9!vjiJv)Wc02_1hfjhV_W2x94gnPxTM}hk3<`JHOcT7vChfm|W5RJ*02l0< zZ0VLTm75>Z%8e`cqZTPr-be&8i-|9tS6EUT@#d-Y)b!@iTP-K4A-}!R`r{`CeXPDr zh(!<*8>pS%0t{**c}t)fztxa*z&>7b%o=-@eg@VwaT|VBJl9Fg$^_u*^?Y;WBEa;f z43f-CJK(taH5ret-GEhoU=y6MOzZmRb{$i{7C^4-_N`Qfzw*76o5?I@R0pWhRa9Uf zHk*j++&{!9OC~FidLB1IqYGA{<*}8im;Za~&JpGsHOkRQLe6mMP}i)cNR$O`<~QoLIE*WWP7h<;Y; z42lY$={@gpSLJB-FhD(A+7Wy()4F}_T;4X&+M+d5MT-O&$iq-V4(ukMgEtC@+ZbHRJx3&2*iVac=VupT}G0uAy!mL~21km40L?@U-B( zAGf9a!l5s_&b!LkET(Ve{i^hZDHGOK`5RcPt;%!X{@!Qv z)UWZ&pN%$}|Gm+s`gi&Rw=(1c@I@*EV{DoHk{YZGB#W1S4q4@%2!sLTs&-%Q%B#*> z4w}n+y3V~g1MIGvdM++%AUl?j)CNI{6{%KnM3_`g#s>u2JYfC8zp z242D@gH&-XoUV+{)Y>iON-#M6!0!J(;C5}(tbtrZ+kP^3j|rH}< zI<;H!%@Pp|M0To|fH2HpH>zdn1O?cz;3HRXU4s8vd;jmcS>Q4D=KyH=syqfF<6=;U zA1(S->*tJtK7OFr1gPG?1*MN9J^u{!uX}&k5xS8TyYIZ_K%Z{aEW6Qa)th>VN1{pL z40-Sic2k!FUq%8_6~`;7>eL~uukWSZ#+7JlCs6b3HSmb$nUa(kD10AZxONqGdFKnq z4Qc@1<@?)z5nhO1y$uv$|Lzx$m#}BXU=!_hffb{sZ+zhD@~U})?y_{Dpa6K z8&=J%OSWVCz+ZE&s6ofxd`20<49b?iIM%2*DB0B>X3VnXKCRiqB6=Q9;v7O(uPi%j zE*!7tHi}}llJhJS+G7sMN9zaP39uH$i+0M}N7Vs}4;ecGIOFAYCtP=G3!hKuZ-%|t zsVw!6wV`_2ehpn%5w zmyI={%l%As81QB%4ej|=*O#zUJN&$%?9cw@wOW4z@A#6e8o2gYbTPfdYrbO9doGqB zw44iCfZ94Xr~Dvmc;XvnjL)2S^%B-y`nJfAwD1X_-2dGma~)_^u6lmf;B!Ha;RPr` z0?L%0FbX7h!s`Iv&Q%R8i}44*xRcP^;bfxVPhW#%!@1&fdXNz|ec0pyIFI8&_<5i{ z`Td7IeBI)ym9I)||4vVzH3wL!DIRWtC|pt#Njg@n>JMA6m2-QbJQ+^dX~~fp9_Dfr8hQ zfY1$x@sCF%>Si63xDa1wTeTZfVh)xU@v?sSa5Fgu+q*53vr(vfY0P$y8F*An{yUCS zoj@b7>@9Vt3e_JAZrlK^j}Mh`7FhBCi`!9rogaP?gxA~!*k81WGb-41`O7vq*FSL4iWWWeWG?sRNll{O}QpMtv7(V;FE{=t$kzY!&vwcd;KqMHPlmow$;Qd!O}rr>~Dr} z_BHZY@rL~Q+II|=!d~pw+ltcw(HllO))L(uwYR@JB1Pzc#SjSe+E=<2sJ6Yh@#^U+ zV)MoOtE8&qaa40iCtQB=u-GCeABSt7D3UWj{*hMmQqeQ-sLl3YZ3^M^p}7OE)v6C3 zrqy1blVy2Wd0}v+PH|-!DE;NC)g+ly%_s20rAf^L=BD?Yn+02p=_BwXoo|DaRvIzy zTf=txZH(hq8V!@;zU?F!LVq6Ghhkw@@+?TwyRy@!AC=lmba*&sZ#tx#3cB=uip7{>qY48vdb%&w-s_W>j~!cw~H z=3l-hNG)>yO|QS^$+l#MRVEPN{}8n!5A8aWA7M;RmkvO2;;(EUp4R12VJl3+4-E4Z znTUnYCLbYIi)a+fd;)p_%K;v@mTx9iV($zU?u-WsE9&OgR*4tvt=CrOnT8Gwv%^!Gp^AKlD%IyEr)6%VP+bJe0Zl_Wx1bIu+VT~vNb ze+j<`Sh|pTyELyOx&MX6t!sy(;mSj05wtB@qL*Wdqhi;L746s}Bi3Ci2C>V@g2#E_ z=@}m}_r?Dqs`bM=I$&+?esln!dvT%Xgig&PYM6cNA5-sqJ7#OW0ZM|_15{0Aqc#<< za?6mLsZ(BnV(z#XP=?R7rXx#X4e{tr*G{Je0&yd6Nvt!bBHa ztK0S54LxKbKA_SWOi;fanIBdCOvS#BXunfqU(s?R1Qy#?NFMVb{x!Mats9};o3aN` zeDc5rWO*K$lQ|`lYu0nutvt`UZPXp1G*qOy$*wHAta~ps3#iH8yYogzb~_}18vCmU zf?KlQt|z!e9_q3^Bv}NGdI-6+VmXT5LZLSYiL<*yut4bI!oV<%F%ux z4iew^Jlk5XC=8l4$-60hArOj6#x93={`^NU1Q58P0OhKtjUC-8^LJO*B7v_Jpu|Hw$|Bbv*9wn4j6d`xk=fn5pVBt9{z5}*=ZW`Rn7H}9I~q;_E;|C_ zx8wcwIE3Effh-hq&F{~C-O`=BLhe8&0mv)7E6Z4*J=J@jVSDidMugyT+dFYBT!}Bo z2I#H(nGtb~&w1r}GC@GBR*B^g+Iz^JvOnq>YJKB!=tC<6UuV|Jk@! zi_a&NFS%NI^5Q2elKE`Mp<=>4RTs!(N2~DI}LE}C5GR(hI-S@A?7AYOhhbV}6 zbnbGundF8aBj58YIPOdX&A}leuAECKtXu>ILkuEtqOX0sUMS zPH4qzJ3%wZ-)&prNIREA-HFZMW$=)lMG=mfQc!xbn^L&+SguB+ioRTWV{140^IL@n z;4FwuNp^zG5h*oSMN=Su>zgF*d16}CwLK$9KmYYFs&_#RM4!BK=N0~vQGjc3^v(me zAO|3Bt8MlTHWu3tAJ4Hw4agE~zLie2YL&>Uo=LuRgTLA;OZGPNWLcUzbz|jK0{_+z z4EA$wjiqvX&9z^@JCMHo6|s-|pP0}9+SL=+6~#R6{YTtw>;FF_75)`T?D@Qn|C`4f zb$r(k0NIJxOk=To{dfHvsX|~-)Y*4Af?3Y+Fc|s=9my4& zXSaViC-{kaMTS}!R9SObCiR}0qRJuiej=mo?}9f^w=A?%U+tzAu!==nYf-jSYw!J< z@R?c{@rSj*cHtB@apBW9Tc2TP7hIic=^x{&+}@EtcaW8p+&ap{l}fkng6oldhQ)K` zR9+FK1C%&&;u|YHhm|L!>hsq)zcA(C&BiAP827^~rDF`I%qjDTRT@35YNaO>S>D6I z+&_dB-K!Ji%leQhB?>gm46Z-GR(S1jjI&X?)V%)ejxp0)Mi``0lHG(|om9k9xC3NkDi zu>vdD*vS=;v8$y%wL4sC@adns)owc62UDYTa9TsWw}H`%^JG_QT8T3o`L{b}v|dtu zSwy}m?JF=EGrTFwfd-vS>1Nw6c|$a=EuO>5MEh~yPENX$n_DT0a^shztVm^K^}?5= zHzgn42TY2ZdCD>$SI!Mn0im0rk_k5bBC(n)y`hf&Vv+pbrG+AvQE#%($|+CZ=q`JF zW%l9&`~B%77rMr_wg=Fur{yChTN!BtL7#bRPQ_kl8S{^0{vgQ1*>Lgu20=${pKCSU zH8Ekm*niUgStzLK)WIWXe{$WvFLUwfp2!=+U6_*ngsfX84L1`_v3tc1-3tFS_H85< zgne`IxT8!`cN*ujtEzj=FbAqP!yA#O1^ljy=9(H>#;$F$yl#9Gw!!_5=iRAyA4(VI z5|Sud@y3pEEDOXyqsTe76>q+TFj#eg z?a*~63;da`>I0Faj)!Fn`N=DF7QIG8?I|(iMggQEDt?@nj`yldPxKy%ViyK+bKmrN z=tRc-=jqau2WG~xS)&yu&I?H5 zDZWtOYY2YHSjxUOd)x81lle6|^_&i|O1LMGNUsipwOjkuxt{%*wi^q>rUYT854bZPI)W>d8ZC zvB?$+%coRiMi80;)dP&sFd7rJii3x@pUhr78 zt+}IkITnI<3(uve`G$5^7b_^7$IA#!4%SOa`y0zfNfX-@wwn$-i?4#>UUl~%Qc@13 zRb0-82tB_fDjEugR#T}m5|g?ZWF5^!Sbz=qm+{!n{SX1#(KE=xZD z#y6b%QYIvCAXl*5Vk)n4ghR9X{l|){wA!4>Yd`R7ismU%+=W7?wr@OLAFG`2Py<&& zL*j|+FrU>Q3_Q0g8BM(-;d^T_&Lz8WFu(v*qa-5{k1z(?l0DA)7N7mBiP(@d+d^}@ z$~??VfS5?sJMr7GB<7XydrY50>tml;uWZM4?=O#`(Ks4LX)W*PqTGbVAc`rIF>bsg zh%Or=742D~kW8wg0WGn*@~LgsvowLJb8Cpok-eLa74wmn$=ne}pqEeAn+yX<#wI+0 zUn*d*Vyr110Yy;? zx>Q6j4j8@ZDO2tqP!Gn-$OYFn67|t9k1>F+VV$RJR@Dgo)2P95su;;Sc-O=VY27Dq zWiBk1L_J7W7(Spz!x`(E{KQ!5`_^LbDbD#iUgAe*9=j2xW^R3dV~X&OF%o>A{3#D3 z+%|ws+8AF>hp)}1v1UCjh~|EFwpzd30!Lx#rs>Op9 zw3_1K2dlW6?V7sO=mM4PQPNAbni~17@@=0h0b4@b!?{B@tRWjMi)r&wfx1WqeB0_k zpq1FDn==AW*-kn)LnT#T46wUfP8)jq87&Z6J8(PshKOir#|ll87p3pL9p6!P1~j^K zenT9cYYTg&$0uiPjVBgN85Bm2r}bF&IN4Nk_|d=3yWZy*C^N6j#rYUxK0T_;SI)xO z+YBOxhh`Dm!jljcMFUL7Cmfb^Jn&7-cxIQZH~VNqu1zW4V}h^56>Gk=Xksk9RT4Ni z=rIJ9PKHgBMVFshq@MmZ=H8kHsZqLgw@>~NW`686D2C_juOau%b+XmTQGZjj zb+Ip2+vAT8e|9UyMQ(k!b@hHj5>WbjlnY7AyN8hJ&>%)tz4;e-9mq2K1bhc8G z@=#7=Pc^G6F|)dHcqKFpUFk;L1938$1w-fPu=-uct>=&OZ;h_vGWa&m)%e zxI)Q*{uJS$0Fg%);Inc)Iq#I0-We%(*cO$_Z}(SGU3#gPX3pDE#?EtwhL+qu;ck)c z0H~8ryxzl-7q4Ra6#Y9ozS=Um1D-P@<&U@jdf$z;`86UrTp5nIzq!w6gAiqjta~K< zgI!BJWleV_>ZX(;e8TYvRhl$y$!_O8R5i2U5_rk)Ww%L^*oo5Lyr97zJzP6by|rf}U1jSE zrf_rishP@Te4TD{vN=!OhyG3UYIVp71@91lv}|{xTNf91Z5B6}l1pq^sT&*@uH_5# zQyxSsZVl?6VsG*ewdHPY7ewP&Ck74&V<0HwmTTA21qr<&`%WvUb ziYLS7-elH6Yk4mI!Ch9{P{0Tl2E*L7cttkj=+wM@2!}u0Fv^CZN3>@Tp-w@+4IpB| z?Kpx(8DQ(;VGCJe;fMH9PCBxVSm5g@Zx4P61$pwCaDgxa61Z!ra|MHs*(Hg7KLrp% z2q0F0=(mZ^%%oh6)x%{X6DRxB(| zvyO7~+@s4g5Q!N!2cGTiW-F1K3KFfLL9_Uiq#;kr^`U|)ugL^c#b?US@D1!Ek(YWB ztuJk8hpJ*nVHnN{iF#cwuL6q{G)#TloO)7k2vH%5Sfskq zZ*MT$1a%r?I{c|xZFNFm3!%WVg1fW+HA$}5;V!NA%l+Ch!trgkUst4w zCx?mNPrQL(Ldd)dfXHz--h`+!Top6va0kW)i!5{?5j_JuY7@OD2R|eYjJ;IwTN@Vl{i}g zt0KI*F6|N_R+WpAq+*|DKjYqvBabes*AIofgD4#h+(8o_dJiSBA%TL%?*K zU)mJvk92#!Ghg1%QV=r7*2=}+wXQZGH0uMz>|+zTZlA`o3q#2(IF*D}%KKPq-b&nB zU==0XJTx-8o{e4#3600$Q;Y5@bU|Oz5hW#*p!WrH`p>Nb<(=U`Ajepm_3ZVmqzmoC zr@Q*^K+USr|H{Wi+1PEo6>h$TH9GGH_=)D zUk(0$z5f`>8R;kPH%h_Roz5PLGunqxH zI7irH6?jQz6(sR;{%g1H`6b{)sAghMN6at{r1+q@_6HzRzgv?#+>{?XRX#EmHugH4 z+#<%w)$PCjF+mt6GTeS1ueNSk6iJS&38(G8`>ovvEx)vp1mRdGe%n7W82DHEiL=Sz zXVTg_q4RUWx^`bjg3Ig1<(@Z5h> z6#0|HA?)={S7pn>g`a=yoY9Ug&kvThtQ?RCuKbd=9gUY9Hd#P)yW3jX!2s)fY?uG+ zpa3w925r7GsT??)ee}Yom$8HZ_u&WSg$%v};djX5zIFSkp0z0{HKNXuFZk-_iXD@c z1#9)K@We_tXqjwt*Hi0&OU{M|G|yr+C%?DMcUzDHxfaKsD_N!qU$5P$UHHL32=9vv z4b=-6TyyQ4*yn2#+Ss{hX^nG67T*}H1Pl>tUI!Kp2#y_GX_=dOvol7|Uomy^;Ju2L zm~)@)JtHGJg~8Btr%4Q%2;Q@GayeMbI$GLKov*HY)@t^RD-4@}O4B1N>5w?kQ`$n&0s=F!ilw;|V_`A9;9fbGUD$)hEfBR_oV& z<&jLt5J>Sf(SO?WAYc$u^H&?PKRk7o*I5$DiWd~=5CP(j(hk2QHpSm5n(0VNkIMF^ z(^Py%hn@B2I*40e)t_HsG*r>y(n2Zkl)lww30y@Hdf}yA)Zj+o3-^yIVJS(Qgs%!u zH&4B zP3_e)xdouvoy`2*(3jwq|{~E;^umIPod&j9<5KIv)dfsy&WMo7V;ni!$ zsfkL6gKQ-J&d@Bi0mGsyl;yph&p?(5d(RwUc)M9}_^UKo0;mQJN3N?Lc9bioI1LX+ z3qhZ}dQU|zzw8;=AlF7oq*6UESomGyKO#JOoz%PKEthxaDJTU8Y(hqW&s_G=$ohGe zV7v0~U(?o@n_sy*&C_2z>*CG_o|a+StI6Rw^qMWrGa;#uZ_ZM1^Vg3T^WDNKoSZnS zY{-z^_DQ1Le3vf9RJ`(DJ%E_pKy7nIkxc zwS;rH!wK@v)lJRB?;GK?ZGW5DUp=-KXwDZ=N!!U z`0PRZ@YHd_0)yX5FZQi9IJWT(MdU~-^PYQJv-0C-!RQyFAA_JB9IqSN5bt|LUp1@#@YbWgF=1u zVd1&Mpv|0-(z~zgB|~dt{Sp2Mc5+zT%|zf0FGtj66NZ~m6Lr}0c#8MP&UpQP&-rhI zne(dcd!9zmy&_pj{aVST-}4bJHKD~A#8L>Yp3@z08}Dy2~Qb1rUplYg{t&)2Nlr8k`G=X z_=TYjo~sQvC{h(5MYNl;#RnbmP1oNUiva1R`FqgMNyJ@6d3!2dH zuc$b$>rRHzAlvo9zZ7rZi%Q{mh3~N3rZYxUS@ZzFp!S)<@-YvhUW8!yRH#?CS z@V`ITa5op&N9p#@PS`t*b{|FYE7*kmX%U4S#?M>+AEpm-@psi9i)uL2rtDt-@9y7Z z*!-&J4&?|x3C&!&35IOX_RWK~7eXIRUkZi|FT^|bj1);-j*PP=@Jh`FYw%`` zk9F8OC1pCAXY{Pd=bhIJm1-Jb1%1i)gt*uNHe=zSDmr8Q-4)T?Q>~)19jmtEh3)Iz zsO^<~LLv2y8%3KUqFMycQrj`i;$rQk;LL~+MN)mow+@2+pjN5|c{~$}i5Z8XJg4kT zvx{tGEK|jCtj#u<*@fE1e3cAG(!%vCLmd7{7@@$gFDMSFZ`d!Rk+fotGpwqaqGj1U zeE=gr4p4UJA0uZQd;3_Y{~C`j7l$Zjiv(pj*T9>FA;~2c#V$qP7Cw;{1@8E{ptD@s zRucS(mDG0k0m^Fr`xYy2F*sRW&`5?lt67eEgY8*1$WBT*Ef_f!>B(rE^o?{F3n5;6 zcwoYpd+X>EyK*n2*YRZVk_SH(*Pb3aS|sI1Pa++T@`D;f;fx?sBmt6OKUiB+WUY2Y z>q-+gb$gL;&a(ibz(~6KjEtx^Q0JX+shf2+PJs}MVuT5Nvh@X0Q7lr?J#Ss>0@v3A zk8INiD^FQ(&%WL_?6&Pq4!g=8wt@=Ws<@7AIE7=?LAsY>HO9ImZI=)}wt<@54?{VH zEU%%sWv+OhU7OBDK?y&mhdb-TsrB$|b_}NTZBMl=j7Uk$PPNU%tX;4ofdXLQhC<3` z;nWR{BP(UO&gS@hTllPbz}#4m$6BTRfQ-E+pFmGM$SN##yR|Y9axHJs^;6kgc??3W zIzUhRFg1B`TIOe~z7|`3aY=gtSB)^nZ=ozxOvN|$2C*ok$L|4`uy_wax6!mAH|%?tTsRLn9p#kcIcyT2nZ%hPD%2`#gb_%0|!KD9@*iiPk{3dMcNsK+3d;-ujfHNE0F za2twTtWvue+wEkOI?l*{%0?fFVgrGytIEY%tDUk8RPdTGx&~^A2Luu97A575_>y&b z>W7NPw;nmpe>p+1!$pQRCs7Y?!^osB3A%(Tjs7aq12Vs3&c-0Vm7plz*jRFZe&Odp zT+zmiAu)E=7`662Tpwvc@16=ag~@+eeUdPq8;9r_B6{hrE11*7@*|uI@kjq>%gOJ7;DN9U+EkoQE7Y7X(vo^%pqGpe} zxM6j;;;abqncr%=L`CD$#zph7JwB)E3t`exK2wja>57kD%PWZ@n)pEn+k1X!TR|E=3q+;1+O&;6# z6NU-8ml0A`=$nM~8=qir<}d{(nlh}x1u^gXBXgQMp<(F?noWa)Yrvc}fd{7BF>995 zkc4t}h>7M@j+awG3Lt;g7@zsa*;u`Os!1?gtOn&n(Rzz0nGUb--EVGYoMr7`8Ql{! zdef`5vtbIbSD7y|gUT4~mZb1eTjh=UM=RO;q;=zF(Q}XQn+OK-XTnSkSKzoCv0W0m zj@TO-^y;3{HyJ=CMV;}$TO3(Y*8){2n*oDTU2}l7tddh=nd! zXGzCc60{JT9nq3C%A1-S%Km?Jh-%4WL!bFQ(g;71Iv|%PpK}Lw_y4>hH)Wm2n_~!<+pMPo5kc&<^KD*njfUM7T7^=WVv| z-N0O>m7V3JmknhR)MGKs@eWeXbZ}c^X}bgYkXi(9$fY(mu3;d@>J2NCWloP-J9--P zpo-RTdO~5=qb3j}w8keUtD4ugq_rPvnGjY^{RFmLSRK983h48kqRRakhe4pGUSvKl z>U!3jG9?u##z~$wvNz~$s+ukCS4Iw4IJeP0Gu$51zW5m*ZIGg8JMbRp?zh{wVg$^+?AIK74f@AjR34NHgt-mmQG9e(s%zG7~vcI+HeU8!1s&@)^w>a?rve@ixebxbBU}yiPjf>!pBm7JY zvQ(2$dbr@_I9ZyvR^;_iX}R}2?N5sIo7cyMSQOwSvcq#Um@kkHegmKJ*;n`<0KzOaw5@JM>E7g^s1h4W1M6Bc(bg% z8H&A3+>laKL986L#80_?@>HpIy82KW^XzjA^|i)*Z(Vpzt_Q>)xz;nX^4%;3l{+5m zB*?S`%W2Mm2aW}v9M3IN$L9lM>(^K2z;_Z?h94CNthYz^EQ$j-j1H zwRgUmnSB99#z8R}SwkCvmuzhG=4c`G6ZL}To|IAQr1J1(=Z9P~YqF#-=htcvjq`X- zPF>+;=UwR_#5s`M{Ww#)ZPy+%P%mr}ZOq{H<^HsoW`)Md&tHFR z*sA({dT*qCXSowe{Pm9@KdNNmokVnA^IA{0zgt~^thLY;b73KvoMMJ};;T_!9Z3zG zl->?v$PAU+&e;rIn+KxV+D-GCQwJF8vqD=B^^&`hFj{?T_hGsZ<+B+?nS;gtKo@uQ zbTGtASHddG$J*Aw&2&iGb=uWjkh(-liBPL4IWqo&-K%?-wa7fe3-=WW`s$dWV5nOF z-Mp}HY<@W19q#RIUVhCQKAM$cZM)zFOv?5Y@|qZMtSYHIWgIC%s7*JB$o_w05#!Ca)@N50t5)lBL> zGiAx(!UZ%TX;>h(Z*tOgr*es%LIQC|8R;7>cgv*D-i z>>Uq|4_Rl18@SdYsU2kH<4>mR7ovI#j|1@|yneAYQXooYrmNQty4p7sw|)(!aEaj4 zz{?^<0=)D5a47d^i9g($2(R`Mv#35k%BQ2UHl|lQ(G0Dh)x+&!nf-`f6q{xyMB?AKCRwm$P6k%B1BzA)6rOC?N}ABc$~g^DA-sk10e_xQ>A~-H{y*A z9*^OM@QUb_sjSYfPW^`S3GCH2UjxSYq#G!w_Ebqy0ly`3(~Ve~idBAyk7JA?A=e(V zgB)+QQ3AgV-y&tZtJ2N*L0_D!*T5YL(ic-%SxU5sJ_!1B1ZGa(rnu|bh zR8H>V_hb`+I8b1o17FuK*Un$A9W=$1xskw`LiLf4?&*<7HLT>vf-|{L;@Ms}Ix84qXdj8vzO%TkmNez6v_ejjg?UcU2M;@SD#GRyCA z`bx=L>Z8}Gr3^)|U3t9|)p4k0SXwmUj zVZ%|hdF$L6gM<+$dB?}?D>5ixsZm+G5z&dQZ1iqQo*JzK$u7mtVh?iq-2JhqbyE7~ z6%_FY1)E&14Fc9xsk1a()R{j!zf5;s1g0pxh$J|WtL+0zN&SJ*p_x4g9cPS{sF`V# zv3DAiihk!TiWKs#wl~5bVL)11sli?ptbz8PrJ)L%aU|l}KhF25B^}WmF!F1ptD>*t znc2@PwcUGhZU4JTQCbuR7Otvqr^8Hq)h=57^;bLdB;62~a`;E;k@?!45mEJL!tc9R z+qwUG-xjoWd1Wh)bXaBMTgtib@i+#))XCi}2e8BOv3VcfkH_eJ9Tg>|w^>%}p10S(2d5k? zxauX6LAUP@QB?WfoknHtJG+BIe9cI=Ve-&aQLOa#ngkVRb^UPGJFqd+OY8MfDs>0@ ztq#|p#wpkHA~}VW&0b2Sc8mhCv}o2%Ij`yQ1XlC1K_P-3i8A#?>J9X!2&trdoc|tvJf^;5o&zC|5Gin@$yR-mN|LH7+(Prks zv&DCDa=7adf(zEwB%j+($tt1i1lOq}wf2iFwfB{@AD>f&(Sbjjdv3uuqf)YdIMjF< z*Z8~X8Hz#7-w>vs!j`&vY^qG`zRtE?FLf^DIJ7h2Z8vrXyK@qS-0LZfR+i4YGiQ|= zkm(zWPT6}G(4N6w$JKfsKyUK6MQ49gp`N@3N4!r-zQ@~7IHjqslUqDqh!cEmJ#}Iq zpe)C?^OGi1|AdDRRe??cc(|d^)krM9K(R$IOmC5$Hp{JYj)T@@5 zRfrYk9@xxmr;Pde@F(UH7F7S#|+QA+%J~=d_#+?RhJ9cZ=KL+gp zub&G|1z4)^5caK!(&Cy!D}%)sBmZ<*d8^8?fo|+X0B4CHRMlBg3Rs^7K>^Rf&7Mt@UoE+@Z z=MlKkDH_0)4|zRW_t6&Vkj@$~Mee$37NR6?J>b&$Gi}otys}H;nkm z97oM6%0?Y0h)Z9Bry}PRdnmA5 z5&gD$#}+>|_@gOS(0YmlJWmZ;IxsYwxIB_w$k^F9%io`Kx3U#0te(m;o;#A8W`Vd2 z>9?;gbL$sGC)H>tUb@4`yg_#oT12pV$xUwmZE^h^5DWiC@FV|C*YO}7L!^;d`PKf7 z;PLqj2QB38rip&TTo}8T*$z7YAKZ`q)d)Me}!QGJHaipv|ox?<+VK* zXZ_?!1N(uU_pt{v6E3@#{W0c!M1%hCzeSnu&i(>~eHTjp#q;fK$j}mt(E1=AGveF$oAeX?4A4Wd2+IicRk`^_16y zsJV6Bxk2GkYi;0nlRl3{Lu>~-?Wxau0m5<_bEv?Zj&)Zjw=(uciJcGTAS8!u_ zpZkwGhQPEKQhf3J@UL(ChBKp8s9O))+&!l|@wAE}Yj5v?9|8B?{4q`^Z4L#B-@K#` zZ*pAa+#b%K*W2D`6|F6aBGU4Gw%5r~qN7e0?#^wVyvCGbs&mTd_NGsAOT3d>RfLo6 z%AC@WjV~?|;a-)aIBPiPJMM=l3be@HGaMn?>P5Ia6`ho%AcQ*9{}r#r4y(3|BRgi? z=P}Rv6J`d^J=~*{COzb0^^_=}&?nZ#sn5$4<&SR_7+_^LdlDegU&fx;aR;{~oa)D~ zLh>68{E}bzyUsW$tjWE?-hNv`mq4;}KM@7u-0xSI52c%rFfAW?=)OWddeV>I1pq`37BE_VQIv z^#Xmy2F`nx3+oBHk*@Z2Y*bsqg1*R_oX=;C5Y=YKz|!+;XBam)&B~-jNG)xx9(TUA zSjMIYH5o6WzRcalFBUD7=vGo=>9)3kL+h@2lRlg6FNBSp(Tl$2Z#wFi3HcWn{EaJu zVKf||+5y=aPq_z)aX@0^iktFOsq$z&z79U_Yv@NEypmoq{alcX@*V6x^0 zvJCCjK%&)d4KtQ!qiBsj6yOZwf45wX`wu}EH=?;osmhdxLGP<0k zriQNf&nZPwBSviv;`{UutPw({uoPY6;BlbZJ~5u?^)fq$s+4PK)a4iSe!@4vazbO2 zOpaV0&ns`Kw;fZdItlGvbH&A3CXEwxy1F-IrsNI0j_7_WdUic;Kv6RsgXOyodvLKC znd6czazZJH2%;vQA?Fd;iWfXgXw6sg#^XVaC)uZ>*^SBvO5IE`G5KtZh>5k7` zm2sMNIgMWU6K*^q8{Z4uwf6Ur-MpY9w~%F2cGsY;(VyaT>gYJpbxUZyde*ec;%4a_J}`7=$T`qgsWtn|w< zMl?uW3bkA(ae;2@I~5PYX#p#D!PaKMC&D8^yHQIN^`obBxJ%%Q<-suH6vxl{bKxUd zpG~ zN{k^9oLgp-K%=_@e8f@}y^YbzvyY3y^$SllV72t*++fr0#cWF( zk5IlH61eKBf}=PW9>>n2Lsk+$0~tDN^aQ!EP~ytm$`Iy)Gyjn1(h)GQOg@>C zl_c?|tI$QtRp44bbm%89A0pYmHIs(ZFol>2FfkgM;?Afc*6w`E$LGW#6yyh5Ap$z8 zHPb0kI&V{=Awv^|3+Fa1!WSNkHyZ09sw!M70oUND5ORu%Gfq398OBgzT=oe)T;6O@ z{=hUp&gG*GcG^rtM>aj=fdlbL&n4u~&C+ zXqNP3q;@m1V!BX2L78wuik+}wR@RJSGeacExKQrK8#kCExhH0WYQ>w-HtmOb+1G^R z#(_?y^jbCU_W)YpkB`l?s^SMBP70G`S?o`E9gOiheAi4j%k#wtV#Elr8S(z8e4C}sQ~Z_v<`7QK_ZVs^jPy>ogG&a;S#i#p|pQSj;0zmT?YfCt7849mf(=S_fow4g-Gc)D^ zrOZaPyW2A!&T_aQ7w^LjEVVMHp182aQ3c(2;<(3zLn3T=PhxWf=WvhG1^`7J^jfzI$p&u8#m4K7=co_fag`a#NKoBe-AAe?`{F1 z*1hIAGra>x4osoT{sEXWW3X=3{ynPam*(Gf?*?YF?bn_c#>$M1t3~@TpbGmMxYu?A zxaaO)1CKl$lk;xSGfe@C7R%kl754l`)$Exa3WGdGvb)b=8GUj=U|*{M>=ID6XvJpN zk{p>TV-Mck0uC>)37=?+O(R1bZkCXQwg0ER^9*Y$>)Sn!4$g?cI2JSr*b(VUKtpvH zMHCVgDS`wM5ds1t1PI+>fKdc=kRnJ?N~A_G6hi_E0!k+VLNPEBS_nO%g?82sPI>Cg zd(Lyc*ZJ`5PZrqOS$pqQ?*H$;*Dw7`Zc5?dW(;qEpquseYeZyrwqCY3_PqA20a`C2 z8bIo`w4%FKQe547Bgsx9dj|g#i0$VPf(q8b0k)Y3~cfA_-qzh+4k}r>1k`34I(-8o%RK8ci?%l61%;wr z)C5vBXJ)kXqRFH)GYFaCb{U-c760M(i_G&8oY-BgQoX($_cOxF9WMyY+ZOZgo%~3vMb3YoHa?b|Q_CRI9i8#-ONj~Cp~O6;HLDba39 zq$YpYHuqc)8rPxab)|^1!%9bHH}KpDp^HSfGZ9~+w85rM`+FxQUeSfk zZGULB`hkaZ6Oq*TrixmobcSXT_2RUSO5XTO>CFI;sBR`te*wg2N?jnqO3FEfE70)GNW{i@|03wH$9!_}Zs1&zjTBvl9D%F2D0$=z^7%`N)uAa_DPx z-+IHT9Gu*3#5@Bws!^ZIwLuHZ%%$seS;abP;Fyi>Zjuxi9byCb-bT%Psbyb{E9hXA z22j!t7A}id(Xp@{?=K_N_z(ak1YOr?B8Zip5e5H;^)?s7mc@U;bmA;4mPukyRFd*uR7@;n$WF z>}YUtDWt6mYHIvrhS9hwv!hnk~=tdGv15FyI>_Xfvu|+n$9yX zx!tEDR-j8U;+{V^XxKH+zZ{h=2|B<-&M5cBWn?s0@@B0SGJ|-alMn@kp8+SxZWBN~ zk3zJuGzj9&$uOg^@aeyxpHgnFL1JkF9%)`@chNGLJ{> zq~cVZb(5v8vs=7^#~$*(%rz>sde-@pF-wr%ko)!u&GAMtek1bf$vxr(HN)l~g~W!g z?_JvA^i&J1(hj6AK9=;A?6U+wBK1Q`tx9|nW7n_h=?)i^SvqQ$16qh?{1uG8{VSYq zMe_S|6}02?<2_PU{7-vxp0A&r7H+sM+>p>g6X@vlpZewQ?tJ0eb z(6q!g4!a&)Bv{?ra=AMY&J~Au2cXRX$#FGrA`{*D$AAA!>Mky2%a z+K@i^9%cQ+)`k?!Sbb3Pq3xFxulu_xNPQIYs4%$HjI_-5u9+!abz5`ZyEl#*i|Y@Q zDT&FOZLT<4vs6grUNNs&t*_o;BvsqAupgCh&oA#RuZ@nfU_}L_XwLX4!zGD^qq%!L zYPbGbF#xJB3S7HZlVQAXO)*SWBabibtdsXaH5c`QR^qBkHQ%n^3X6aDK=Xe@VEsW4 z(t3Kzodh^vn2J0YMl+Z6N}k_d*^pl_DJDkn95#tBn3Q77CY`j}r8o>^PBmdviSusa zvd737mK`RxmQc1{crX%$1VFA0wBXh*ViefgKaH)AQ><3H$XvZ39ViKeQ*C%rfqF&d zI~Zl>+?%=0%wL65ATVITCTHX-6*aGN0`{ncygdJ#y}8YQctsZ(%g@Uu)fyWB5ViI} zTFR>;aC~gC5*jUQ53gyJ@L!YnctgNV0+!EwIJi;!yxFdyGIqOGI>3FsVK<3U33^Fe zPt|Yl5i@iOkhf;;iml;)gaBWPH#!~BI4aO$HRm{`h7X)Q-$}x%Mr!*GEZ&}HSX)i| zA6x5%k)tTLHIQtPz`QEhOE`e@%9wr0at}3<0bcU7kGz2=}Mx0&f1p7l+y z|M2*PPmBxJVGp!Y$wY-M%H`48h3zjYL{>sLHini0Kf=-lfJ>kv{ z2j_@iRFi7A!{?mNS(^-0b1I>M2}S82u3ProDl=Z;JtBq~vt3<~i*!%}|)6WxLw=sUr z{yp6>9p%509s?Vkja*axQ|k=wI`{@#4J;wgB{<@5K)u-d@sG8%Kl^vDs}-w@V%6T( zv9VgRHNT$cO?qiwH5k38qf>f5Mmu~c1=s<#EBD(>Fo8#Jr%?M4?*FT z^^-y06n3P7sV%Yocctf%cg3uiF{Od*l1kCQm-w%yWg>+GUwg`jwkOfU@zW|})~kb} zZZDqCcB?u($)X4PdR8xEJFc8%v*6YY|IIslZ{}B+GL|y)iL#uwIg=k(5m>*6$|wA@Zp!hEZw~ z!2nE?=5X|BN3>Ct!YU#0FBMbB&eQ$+CVLKj){cPO<{T{?E4Gq3snqY(19uKC-|V3= zkC?ctU#T2X49RWCm#m1y%Fnp0N%HL;sb$Xx_)oIpsvgX_1OO>0l!}0oqZ36Yk6vuE zN<)RWG@a=Ib9XW0l8PoU%pGa?h_l~2KlBR6mJ<>XJS?AhNO8&F3NEfT5L8O9?-f4A zTmw5hn5y)z;R$QCQ(*dYQY3JxMBTPid$~&c9cv9Y@$r7CszWljtmxrnTxL$)xQ3NG z+9$tQQhc+cjyI?VmSNJlAE0{E!jM{pi2>a5il+5E;`x|{%8H!qV59URFJQW!rW|R7 z*973g_0ke6yB>>q-m$n8^~Iv=zl)ck9MwO(=01^PW*|#Rd;uad?1qg3_&V|*DcN6Q zq^pJ?HrZ~mD`)FW>|x4Kbm2+N>!BDzFQUF!7cB5E56aevCh0i9A~C5S0qeJmpzx#b zMAx^qvsst|^>0-kKj~I7d4TQo&?1zGSdC?hu~iA>uW(C?%4y-nppq%=-%}gch`P#>AX`UCK9u?12k%;Dl$w|o4mVr+<5a7g`Yg;?*^EU z2(;aO5#28GeQR}Mf7ja=7+18b#M%0tW#2pn1-v9PFDLJ@L#t|$g0V)K#<4J>nM-(Fz8%!OK$hGbDGopKBC4&E!NX3S_ zdYfvsDmm*I(PPFc=_u6^eIX&5;U1Woba?svP%CX~Lb0^CM?~u6jv=cPorMNI5zh+q zZmnjI!^{@p_5@<V#YpO<6wh*bP*!L1%Ex>nY&T%t4BQQDUqX7^c3tUw zg}vin=tc-4Mt00G@uJmAlbc>{ylnHF->A;o4+lAG$P$cWo}**|cRx>0{nFni0x^Y8)q0P!Z@|Rkl{Yj0SG4M)r#UGrQqA$fw+x4CU>jD$&Al3R8^d$h zTbCHQPA8WrF7&O7!dn+7#|rt+Z5`p1Z-!yh1@=`*y?V2R?6;RCqEz#5Cj}xv>MGpT zYOm1y^;SJQGhF4_DuWQf-p;bGQ^?IxXd2To(5B!xSaVczr7=S0d+AsO@5}L>g?H?} zyqEQ=$!`(yTFQ6qk@s_UnMlnTS+batd?np?=dIV-U~$M~r^&A1vVX*(PSOVR=} zk>60%5H#KFlIO(0Ep1<{%7&F}UoF+sK1d&IVr^YG*Im9Y8pP0OVn_Q)g9#-~+2gxG ziRLjOn=p>Fbb36RaZA$5Qby|g+Lz-|`Ja3wXc#}1*Q#5rwfo#FSL{q}xNYqN*j{)( zc7)ediIp6pJM9&E5f0c#STG!LOjbrC{d&PZNgn+pL94SYGtwu-Gk7Nvsao9{6~Nf} zLdoA^<2k6alo%l`6i#tBwG-tP@!qOY&SCgIEG+34)y_1XUccUQrE z=(ffDTr+9Es{d@|rF&6RIVcr;KPeeI>OdBO_3@M(O?W@4U{%!b1&Upl|s{DkV99+TrrtNKaI$X;hNFmlnSx z`m$&wNb(X8F!&bnWhh=Ii4SlH7#xQd^m!`U+EVHQWN0Q8e`7A;XsQe(P($mimMto) z>l0!A+H|)%?%?Xa^|heD`o9RN^soQGgBs9(a|xg3nm-KzI8%7ub;Z=Hg-BlLM=`lz z#wCrU$0)EB>G?6CxOzoPe6dX5#M9VBfcdk>?0W=K^^atn*r&+Jdw{H6k|%HghG_~S zQ)oct3~V|0vz_#Z4@8P<=4W4iY=n01tkHZIMo}X{mzDO?cr_ErnnhzO-y2R z&_#XZt77K?(ehErb*~2dui(rcbmjyC zuWC?@Ny8{^6?mySbKDwR38pI7lYWU|Q`s_K5F|fTsW@Y=k@kY>WyB~G`3E%<`w~9N zKH*O_!t{p>f|(kOQ+Ywxznn8S$^2c;JjmMJ!U!b!P67u^t@{3mnmlE@Popsl7?nJ! zRmXh=IEtCj$Yx5wN4)k31+s+O%iru%*UGGt8Z1nWX`X>N8!Ztwd+0InL?Rm47fn|#*DYGFmw*S52is;Wg|`&PF# z;$>$5h>1XWSf%bC=T7Axtjm|b1PQP)(mr*ll-|!O83Sn1Z9)5cWxvdQYbktG#*mHF zrXY19nA!n6qpfsNPeZ)$(4wf1VuNLQv7WGyg=z20=)%w~(P}q-DnYs~qT{jNz_vgH zs@HB!LIVmndjah_01_!03THe0=6odDCFXW?#mdjuHv26)HNplWM$bfpsFAj}tDUw{ z?@lvo$|7HoiXQ@t0fYR3rbPc$O@u^vPr7xtPKsK`uou@<7TPu8O)?=}^QtLgL-N)U-|j+r zS!H_3XA&D#3Fz%NB6h*J$G)Iks$9Rf^=92i8>sKW=9mwX&4%z~-eH2;9U!|ZVUL^J z-(@r=cZf32NgS|~7|+r`uRac`$(yz&^OQu5VKN56uqBgPAIwpoj7Kw>W1rR6u|Kjk zHva~&OV{ni^=FAUyKMQ3lBZ@N9~tGe{}&nkFEaZ7B{E9cg#IKTAfKiG{prj9#YcZt zLH~=7g4mP);-mk?NB^BS>JQ1#f0JAXshaD@Kggp&cI=LoGWa?gDiCxLz}PxY-VrmZ zpMSv_;PXM{IAJy=v`9syM`?mewrE`czn~Awz_&CUsj~o>> z$q9VbX0blS%w-%!N&bQjjJkM+w##&9bLULG1BF*kSH+S2k?mGUOPOYm2M>gtFLcd$ zN8n3N7$96z>Ouo>_2)KkwN4%~EgxMrdU8`YpxoQ8&`e~go}dm?jMlpSJubpPC$;mo znCm%yho_Z77fRd_s|q9Eq5h@Z0jj%Zl6Cf+e1*&T65T#buZo=YTihs@&BiBD2c395^@(HIGI=TYy)0q1ZrRCe7ynH~a~b59I-;BO_~dPyEp^AFo* z-II?I=dM^7@i3Mxk^`p_LTzEpTL7Z-+|O;5TH66wh+pmtrO_&U4&UnaGgEGVt>nWR zXb#V6A}8LwY1&{}Ova}mc2ucADCzE@tnHICgBPZKqZ9@rL3Jgd&nZ!3Q47zzf~4Vu z{rH&Zr^(fc3Q}L5XQ@P)*Q5+XGB-Ic*<@o)RFlbIL{n7Y3a8es6BL^?>@VS-s?mVIk49iK@V>;L8(%e4Kr3X%F?4_wO z?-Y)7qEEp4<18uP8ToPv0SJ|4!S( zV?W-m$Lia~q+N)w&$yADX9kvX2QgameI0R%(oq|8i@f@9WxF?azs*5CsKYMpw=xw2 z@ySgG{r~gY$dhTs?3hMu=qO7zcuQFd{w}qJ=GGP&uS3|6}W#R8UMZJGXzG-7{NeX@j;R zMDDT@eOw*AJnw$xs%GOeC4aoQHg!-fB+`96ZX7=+k4ho220w7laAXx{uXtLWO=f!X zbs7k4ytX-4#Hf`RiWdIj`S$%#YhL$K9@$hBE?&0%5T$B=6n^_zu_8~K#8;ElTAd;! zWwlaal?xWl#^}8>bCOalwp$hc@C)ZlrYXCfu1?k6CX9)xM^VGiR~xc- zeW+?1$>*KJzIhwG`FiKc4k1=jsAL9)aCXo5t2qX&kL)jI_0fnsmKF0Sue}2^ z8icZ35=S^ZpmSuoMHOS2?a;$+u6LW-wlpD%9{aF`l6sFus-xNxoR{u1nu-)n$eg?E0d;C?0>yo`oSFIef zeeR32Ys25P>_Yn=FpWx|IZn*n&xH<@dDB9kj@)P~tyFoTGgT}zJpQV`Yc-4BYKfHG48#RY*Hdcs4Ik++vru2V z3VkLH8!ndVV>BBVlC{BpFY5;e*eA?WoM??9Wx1H9J+5vqt=wTovxw}U@1ECKJtLt{b0gJDL`;&Bgl}}~?$&u{B0k8a!lqaqqWEo(K$aflHE_ywT|4&rCxKGsh}x!;YhSZ0Ub`^^#cYGk=KYF8OE*`n=q%q#Yaa@p z*g|9alfK#$6Hv#>Om;U}Jfmsaw~uyy_`55%@6$j1X~yKtvHb$^ha3$Q#CeZ;uN+Mq z+aXY6V*JOt`3png9++v5k=BGD1$AE5_lDm`ab22*;W`;5paLk7H!u#&mSS@i*JGiY z3wKSVZYW70sw5D{*URtbLLOVM$qh#M=Ip77D2ae|zw24MC{pUr{5ikZ(_wvLrsL|d zHMM|zwyJ1vQ07eJyv^r5J(3EajA?cUKAnjaf5#SXe}DS~ zu^&X(x2A+Sp2M-faSqO;jicykgO3~8R}6iCmq>RIXCZ01Cn<8?55qjEh0zz!0ga$?h#D^fhu>N8R16|#d9q4yIl3l zXZw)2Bt>J8UJTF}tqxz{w1=P)h|U6a(nVmsAYsS&xagVob@EX_g#oTe6^RmqjJIB9 zjt^ypI5zB#u9G0h<3hVtyd7XOM%#^OqK&pakMmLWMYpS!S%|jQ)VB`Wd8aFf3e z?Rmr`$atUi3XS`e@l31FhkbQf?gCK9!I1z>5*_8t4u%EX?jZ)W$QpQYlK>OCT3T_u zqVSU?4MPSM^ZbROOhb^c3^0|GE-7cdu3G3um>;|k+hQOILTS~7X=Pg2`RC3#u}(AC zpWsM`D~=CatWsD32_9%g&Fnd0@QNRMMUy5c1Fi}(l+=(g@Y%Ta#DKWVdSd`Lp5;x zyYk`;Jpuk+9A28}p%H}#Q3C-E_Ip)a$UddnF0o)F_4!#CHwYKeK zw9ii^t^z@=muw4Q+3mM;YaA(Cq>B=G^?>XgYQJDn45L(!?j{6WmCY8VA@U6*QCM4^ z)CLy&M>45R=t5SS71sU=!{yg-;_YA-s}u2&=awHT0^mB~-8^HR5KK#yPe_K>dnXGw z`3B!fS04Hr1OBA@X@a?_QCGW(#oYhNvbv04MgO*IW3EgyIP1| zkc{o90{(r*71I(n1Q08Ca_4LEYoOi}*$(ry~5iw>+-j{!7b@n;LU#^ZD z;R~!sYu3v@!Fsje6L(ws9NQOo{0-2Pp<@=}+}4kO%*N9Z<)wXe^;>cJ1c-K-@BDD& z>gt@oH}6B(`}(;?_#ED4qpD&*Zmo96=3?#6q$U|ZT0_HqZ)0O|5aJ7{yq(HDHZBu> z^ML{Z9>3g6W|hD|Z}mCD@$(5fPik5LOoON?k$U@SenYbt4TTa-XT@n*J<@V} zCjEt+LDCkMMnduaX3+xdNZDymKm>zBiN(jlewg6VqXjyC$;H5r_s}*-BcDEqpeKS@ z-w+{pm;A~oi|uA+QJ%|T*6uS$yu&WLco@if92hWz&acL zr(HX|PTdOLED*eD$i@gbjcIvL>1?GtxkG&>-@6aF`G);@S-J&pErR&xuK_%vp+Jf8)+Ml}=Z51{v-+6_XneY~^y5%)snm+%Q(jx zI_LTRT!rvBPJavlzVJP&TP*?*+~?dvm3k)KYQ4z%A`C*hc`tqElP6NTCprsGAnTzz zVf+iXHDD}_V%C(WBy@KsS=(HX=-uLbZ7JBTJA8N=oDm|CNuPM`y*3GelA$9WN5;mk ze}_{3jSgFO320@^1NEZ6w0vzKI;yO%!gJ2+liud!pO`-fru6V%lL6Wh3bW$Y6}w!{ z+aak8Fyu039i^z!0=G1TPju@wrXfS04&ECN&xBXR65NC?F!>+xIleWu<|bBPM8Oxn zkjNKK7zpuNhzy2Cu>8-i{aW-%Njx^JqQgeGGhvrvGGp2mwdSgomE?0u!J3KwoJzVL9pO-E6H%nUF$ClAJ#t1zy<(IrErVLp z!Ji-f(FL~CcKtU2GJff!Y3&;l*7_K*RJeRxkgaWs|BXb~vsgSA_fO!6KSp+#eGM@W z(D6U#VF6+K!g+-kSTXwf9B;fqjKiCAEvMJdDDWT*&f4t_0#__3yI-0lwp1E>Eu_DlYngU{yo>3@$s?b@k4;g;yCFd!B@>M#VH9#3f+R zmXYPMLgHpD#!%XB-o+SEI}g8sS|h98Ia6U~Lr-t^v&i;=F#EPeL?rci-QyT%Y@J1f z<&(7is2rj}A})+O_9hxZ&SISDzNjb#U3YG^Xw>v5DCUmx(m>=ZNAo`)`C64p9F57$Oex(h zQom6`7UrU-z1W4inkwaa%grFo@E_S2lN6CTD0%16(Y^WF{3mv6WF3PMKjXGMA>qwCc?PiNT0Sq*`w+x z?b;&hD3qB6LV&!dCadmkU!%lt(TtjRGxqB1A@%hql_1V8X*QkB>zlElx>M7ao}}Or z3Nt(;dFBS(MJ?q<{Ge0PV!9j>ov)wJ+l$DM^AD4-25Fg@MCVJfnOOn-svjI_p1TE~ zY##70i>P;NRE{{k2VY2vd!zw^MZYdv(h=JWg|CDH*@P+^snAcAlJs=LFC?JE@RxR> z#LA#q3)7A$DSsi@>c;&Vyqe3gOcyJB+m(Rwy)u^eO_ug`bF={(#hmA)69&6TdFzd{ zU%bJ3!Q#`Qmu+0X4Dca4p%ZJ%)mS{94O`E>Q~3wSl~{jlOw3!%YqY5dU1o_w%E{Fd zpP#W9j32E68L`5`u+f>i8o$1sE;c51EDO%erCJ?^QxclKdtJH3=40N4$A!(-&1Wz4 zzBWGVR&wigMLbMn=~<>=`F|iDcD$W|Db0Utz!N`~q0|T*+@2En(>u&CHg3cT?h z(aR!<+*Ysq_QC1QUh;J}>Lgsjj`MKdT$oS3_JWnIhtX*NFi55PNlXu5raSsP97xE$ zw$eW-jCo821~&Jev{r~PqXT1AsoY8@ZhXx3e#)tQ2{ltx5>U5H%C7r`7;scJjQx0} zCZ~-0QvWESJ^q@PROVyBSds1tP)bsaj9Z+l3ZHhlF`fgHuAlP<2)XU&$k%xbeB`g_ zETinmhYWt;>(AB)KMTAWPA0CTERfNAL^CWq@~!@5Ph=)GQ4jNo?v-{Fm7TtLxk%o` z?zw%-(xBDvd*?wZ2^OYavVl7?LA-_~S@0ZTBXvfv_F1JI3YZwtEyq=o(ArQcwAUhO zT9;{9){*ZnpYaU26sqQmM8%9Ojf)1TN18S2_S(WvW}eDa_6By)meWtr=A)@d47d@k zrvpJS)r>du{#KPSJdK{ga(hh_$y63J&D`X!;CeF9xd zxr0^#W~by9V;}Qp55uyy>3w-G)-Ec1xW4wrG;C05@jbmacT7ATJy_l@iawS54B4f4 zKap;Q>r8)4=c~P08J54Rz3nkS*Gj43&>fVH>Gh;hD91G+{d11%q5p>**X@J}U>am7 z;u7zU_~;0`WoabmpSop1cTd;_Pq>#)80Y0<=-oJ;5B(A)-`%haYmOZLK_2fYIU||# zRvB~>Zy{fS!m&2@n;y5jiCSgxOn zADikwk?bnWyl^(rMrfx*VqfvfsSrFXGu%S+w2g|37zgt8XNP|Mo4||B$Nui=2hUr~ zKY030D)cXzqSI5HE+&JmGDowF#poa$8`=SnpNwsiJb*2!8E>+5nxeX4dK>`87J9PB z^aC@4MoP|c_fykPD6gY0TbyTovKr3ba9OS)k)F1IkV>a(3}~7L{|3V*9pybD2<@AF z%KEVoGwT99QxeOh_)GDENmmn46vqTrG&#UQQl5sqy;Bk+npDz+$o-||TGak09!aF# zCC(@so{pfMES4MhEtgX?s3M>$sKRtrfj5UPb*VYn+1)l-xi)y4QP`JL21GR(0(ROd zLaKON)uDpwVH_L`%aF^j*_m0I&~ax+1-*QjA9~R7x+4qhN%wcg{^|Tj+>OT=s7VER zC}#D&x}dZPe>XZwLOE@@N&%$-RPg**vwR#BQqmn(xFYdAL=AUK%BvH~+81upw{;7) zy4~!FcL|5}@0bUX_PgTZYA@ii633Dy^6G{^i@@7v>mKg<36Bp2({tKqr# z=imCnKTboB3`xZ*qeoZO=f}ym72~n7t9iR~!Zh{-t_)=jEOv)3v!#p$X)3u)fG9iJfrQj&+R6f{ zr&d`hP1UC(2&w`)+JEEy*Kr=jH2e0j_CYhcpbwzDyz$7MT9p=Y!nc+0BY2MzR4J=B zi-fsO)A8F0hew+oXH=Wb(1(fCLz=xM9p_}FSjYd#mFRXqzjrdfRVCWPfTkSu$dbK1 zJu4!u#GS6S)9u6~Li@QC-e34t&awT(NLUNS=4V6R-1-7pV0RK^skeSJp7O>Wq#lmR z_pJGP|zxhE(qgg*mYuqLJ@5KqBJ$HW9;4rxDV8yDr0HC2dKut3?Lk}w`?j* zNxdv@sVWena&2HxAnI1}BY9pRfE9eCK#KuxMFk|V7KoH4@!sTceAoZzpxf{J1KwQrzcc?myHwKXWOa5V_UQitcK&*0ie zQdE~w&hf`;T7LHI{EJ(fpME75!JqXz6arm-WI~%knFr}| z%%q2QT*kpZhKT_PnRSW~7(LWd8t@BVd$ir*8n`I5uk*zUo6$Ed2$lS|6M{+ICnca{ z^s90HUkD_~5K@x;W~8BHh3gUpw`b39>wd-}OHO-Z(UL>$+S&N>3VYYB;%417V2mZi zlNLSBXz_Cc){|Fzi*%BlgrHs%0k{LKz0qYfyK-IYNBWB9&fL-CtDg(mQ~O zXaAaRdgABE4P|VUuo!OR{njWq_@LNuD^ogt#yfkMw)WLIYv}1tDHW{1*q z_v-{pPSTxV1_%PoqRsock}&Ty;p~RQ4n~;czSdN2N#gD5Eb+|QPMUxZ{1FV7TX2@W z3+~XVL9#tTVQv#>*=sTz{X$ZI{lW&wc0M-fl{C8?S4j`SWxWl zTSgoZy+9Cc>m-o6F6g$(M%0aZ^Vf|D6aPbi79}zF{4dJ3H=qROprIUEry`cge}04b zl)u0OdCi>DMrmhyOR7}W&pIXUAF-Tt@3q} zFX6Z9f7_wMeM?GjDdr5BaI5nhJiH;0huQW@0z@tomb3-H3S#m}K+g1gFR#zhg@%$3vhH*532AP-W;1&E+;A&V7#HwU zo^GFTp)TL=5Twr+sdswNE0Q<86tp+YdDN9Gvd~q)ESUCjWO^)sY3pavo$NYdloiE`^;cz7<3)Dt)+xe&z ztsPaf-A{p?fFBwFnF5|d0h|Aex~)06csHcmg3U;3|59iG)Ctdvcxit5u>7F5zg=Vq zOT=^OMDG#f;J{v)>s-WP%~Q`*h>UrdGE6NkLJT(P%%iny+tV)-g9OiyCNoV5sZZqxehaEkb= zk&(P9o@=w`TAOKb<{+59bpI~i0>f~gI-&A`{~9!?((I=1Ks%1npdH6f*Q3JFkI}I= zam%E?-EItWsQ~rXC2*?8%>pD0tAyTz%|m)+r1;V*WV;?I&@U@O+D6;WZ3BI@>`qS=uD zvdmzjd#A07bB}i{UgJbjp^?+4NR+i*Ks7mZ&v@F2*FS^&KL5LGKl~psp+}Yg literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/for_each.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/for_each.png new file mode 100644 index 0000000000000000000000000000000000000000..db8da7ef89ece1840ded4a5997160ff181104a12 GIT binary patch literal 10025 zcmd6NWmwc*w>K(CN=pcWbax2|$k0;KGBil1;(*f9(j(F!5`x5#L&G2?-7s`XGqemy zpFiHueLdGX&#CKN?}zup#GbwP`tQBhTEDf{Z_kJ48cO%@9^heMVBAwtmexOE7; z$Z&20zkpC=Ux1HW?%GNqjFJJ`O`w5kE2}Pxfl(fde_??Iv~k^(4c##?C|GV@w^X#5 z_c1V75i0Vsx^GQ)G92AZ##8bx{Uhi{rN)2R<|WgcD1?@%rItKXSJx(=i+^Jip3lEa zp2SQH3i^<>8E`A!+{(SG{2@O>K#-grjg=2uqDoqT0M$O0Pe%o}Y9hC4g^Q9Wb?--( znYVNquJ+d6t}2O-PkiU|5z|$?3t;bze(^z5+g{~(1Qq>Yf2O|$GlF*Qf`2_!oGX~v za`rLgv*h|qudBvURFav*k|_b$BM^~XS_1K`X0E=iZxu&_W_xq2zMpV@vs%tp#Ks*tJvur%H#avv zKAw^*hr=L`Da2eTpKM3=E_GqJU}v^zD#PQBjb<}aPGgjP5x)I67K=C~nBgT5A75 zhDM_y5J;6u3_e4!vZcO!tTL${qZ<6f6D@W|h5Y&LW8ojgj(0_A^371QQrqt&%qSX1 z>z2v{6T4nJIye*-6%`d0a>naoK4uIiR`?KaPU_C|Q9c2O%$ZS>JVLo?iiA5=p?dh9 z_gR&T5&G)tYJT1nA(%XR9Sa=pCxOZweauLk%g{LjCsB=9q_g5op*vx--rnx+TI3xu zYJE8?upK!lJR1|5t&QDEe)TQR}y_2|{^Cy-Z9@tgXKS{o&a6?%msK zI+>3;-@6_ra%H_bJ)SXuc~w?dBO$h=H%oNTMQuzxNhg7w``;ZM9v+^Z?JG(ER(G)Y z`(U{l47WS2uqH3Y>UEvgJ=|{->g^>mQeESRG3kv(m|x0-cE3k*adK9CK~tLfywd*Y zSW=f)T-;Y>8WBe4)um|iZZ(14|KcE9A@YX|vhvlk;=nFv+wYY3m=h1o+qKAkPL^BM z%)agokH=>iA-wC4_H35>Np3vK-{7(1_4A+;(73Ub5O4;m-Y|E~NQWl>-xJu_SyJw-+caDWxv@9&&vnl;uU5c7rf ze)}!cB96rbrOk+o9rZM07NKM$)Pc8Zer$|<+)G8JJJ#II`8`(g_|qdx+h8j0CSm9VQ~^vt|>M2;7o5~m(BIg+YP z>6?~YV(lbuAAoH^Gj=oc^s+)}tBaO1k95jt*XnYS)FAvyLqz66Vn0W5Z=v+*)%hM< zijGl5Mo38rKBYEGKLzary29z(fP%FvUNJ3kMn^Yz`d3@`QW#Jd?)n{cEYv=;*#|4Z zPQRjS7W}+ts-3wEN{lOBc4v6bzgvzL+nsATNiZ;N**uay+sJWW>ocsh=|{qh$^mWm zDtn{H4V<}aCn#@SP6d&hi4@$zBG`a9S-Tgpc=vr&6SVFj$AiDH(M7e;lB(6p+R+Lg z>@PnI{Q^ETBr@YJ?ob>CRj6A>x4fj#X=3^tT5A%vId;RWoDL>PzM<$iXBczK7_RAp%+_@=aJJ5JM z?Kt&%{>`YmrWAUN$ZtRB4mM$5hGbH&{DjoWY+H=q>ESBTlYNZoYz&wEWEsH@>&c-{ zl(XD9qFpyn6Y31F8nMsR;I&cMn8+#xL9lGA zu|_vs?T4qhb#S1JjuRzwjqfUp9dk z06v|5LnkIusI?RNju+~AA8)@y!D(9RmNLJB-(fc!Er(GK%UkW?`ki8d0%tf|E_#UQuFu5dDvg!_LT*U5j14g;Doj)6 z@~B2N@$FJ5{OUMQ9fgEJ68hqr!6%bMp!1LZ%VXdlLEgSOR=dk~Htk-=+kt{SEgl!D zYeUHv3TV)CqU41XOiVSH_~8 z!fDoc4BFVfGDkx}^gd-GzvEVhvgC+lp14nxn3Q}Lh)_jofzqt+bXq($;J{QvT}d+s zcZvIO`d^~f_fkF918qMW!rhkSh@|(sn3|usEe45it^>()C#wK-6p#Z`g2G=g+#qRj+zsUFE2Dt0$dwBqbol*u`H+!dVvvvZU(Jzv zVo*EY4Y*r|++b@t=)ax)?}nRhbA#a<{&)b)?ZN=#Nq=&Pc^mdnojCie7Pnv zeB5@w$IKxQ(9)=Hy9;bOUz0dzuF zd2vgxNcqv!-m2WMb5~M7fj3ie4`*u53pNe?KVB7eZQB6MIOCKdl zz0l@n>qrQ7@~}_;a8I6YPcZH$#k-c1@~ZeouRl7|(R@s|!I^>GIYcW>*J;LS=HX^| zNHWC{r!S!9^>6#(SYU;^IUK4~cDw`vYWPJyJDe_XDQm9Y|8*-=kX1y-=)K~vg8Q7D zoRgB3>ebPe6GbFr_06}QjtuU8mK~@3{_*mH)g?_vyo=`tQMqLBpoKuUeZ~7f>x=?- zrfvJHL+?hw3&qFM#_$++veAns?=e+HLEv@yPxdDb5J@Os0L%HQ=gzb>8JG~Wh}?-& zk}!IZ@s9=s93B#XlS*bC`dT`@Oz5i36%1E>uSlbMTTk({{7v+4r#aRYJBMQ|oc_W7 z@1@bSIME_m*c0jLtTcbAr4Vv3PIa*Jdhz?MX^Y+2y4iGN$K5it+Z(j;clD&Amf`V` zF2=@d6MI@^RL4NLDdqYo1*$f=y{91EjuItie{l$e0>xrM{@>uh@%}V1oq$2<^C$*x(ic2D z)i#1DY^Qjkh245MP@A{Sbt8}CkdYZA3%sT+tb)M`_=vU+oZ;gE@-k7S9(bI&AVh~5 z;>4o{Di!&t24skfZyKnR@2TWD#ZgQ@nxWnl#2O7zNl7{7S=h%lXJhQ7_)fiZ_o-xv zoyc$S#f!8a3aej3)~a9UG&+ZyG0PZ0xk)54`8f65e3G+*Js6QtGRlQb z#UN5?8RS!;$PP>@brk%L_lwdeLJzQ3tOvjNf`?q_9FMSK5}*8V$)ND+F7JHMZ6C@H z3-c;SwKdUxP3ekD%W*CwSf^PHQbv(?mA_OJNQl0N=-a4-NJhfa84!=;r+;Wq2;2hT?U4Rv$mItI;M>i6FuUo0 z0(z#~8%lWqteim$k}(>sj8$-;rD_}QoPZu~+#(jv%NlUwU`((`+($5c=(RG+^7bE# zAE{5q_F9E$~AWMYW;BnZpAbm}6w9M3IZYHUgA z^v`~jB@@6Vud(R9^4Fdey&Jv=oeT9}4YnGdQ}M4L&UY(iEU~Zn#;5j4s^|pws3r+Y z1X=x7motsSpWJNOJRPire5w5f%Rsxj`BzFGu~EHhpE?;$XgB^X=&>$COb)XYg8nhlcQ*pWj#fK&Hj& zpcINc#?Fr+UAT=jfQ^usA+d>QCA^Q4iM!JsR@xDNWBW_x3K6yptm;D8)+nIHop=LiJ8(uhv2+5v^>AXxG`=gM&_bvoiA* zrr0MHHvJDwV^CbeKXM?yD(-KgP|j@lvY8(TDJG{?azb+SNLa?>kOdk(yEF&cZ5l{<~%H|JD{Y~Dtp zQbg}mHh3M%#pHN8EyT1Jc*Tw)ywF?UkYdi93=5boVTsPtM&6DB6L+wBiCTX`wGL)z#gKq&?F-354V0b`A3r!Mcu~B5>LVVdYI^j4nTIp$x{5A zLZqx5rBVciMPF1?bKiQ5rMG5S>y`!QJ$#=%B$4(e-Opg;@OW@%WQCdz;7xnn>OMH9bIBaKW=U78q>#fGEf ztGg`h=H})Bw@a-r&(I#_c#*hGCKY$3tJa04!mjhO&Vz}?^Qo!^5_?29KOG#}5sjKy z*Y>dI4nloqU^IP|UgMk(lxB0XAg0g+)o0Iu42j*%xZE;?15wr`2eTSqY}V}-9I5Y; zi_k*lz2-{$3Dk1D1rV-TFBA{+OeN&pRtPSXmdW29M(@|f&gBgg6BD~$BJwZ$(aI>} zi2{W`>iC9+FJ}(Q+XFSe)qv`kK9A1^^6xfBzSd2fanQ)=kz`OMwQ;@awYPItWA>9+@sVY1M`I0}i^1n;m z0HpapXKMddVi(e%a)r<_OV`b1sZHLkP@FuRZ-}JmGx)0+(f0^ODas(gp-tdv$n=QG zfRrOAGQ~a@-OBosMImB|*AX*?J$l2^=7D`v8LpuU)Uvksfh_AYruyU*MKGTeNMAdb z3XmH2VI-W_CJ&0lPm4<+=Ll^mCV81Hoc-U3;^-Zo8a6dFGz5da_7__!D&+e6)w6;H zvKxvjE3&goN<_y#&$uOtfC$ywm29rBF2!cu+N_gIJb<#5&!m0~l8bRY?t(bAk@hP2 zY?6ysW4hT0m$i_@^h_@iJuerRqm!MTI(%$wOjtxT^z{!M7u+x+`VxQy;A>H$_dSYs z^#KaXc{@kPqLPyNGK(OT@-2I*d1X|Hde^h5sO3&a!iN%{?Cg(uY#gp6EBrerI%6K@ zU?|1X?QHJ;lo7B#Mz08qh`i1vxPM=1gQfE$HM*mlPR2H|%>;>4C#dD>x~J)XrjzcH zDHk-@8|!~zCAw!|=8K+h@;*O1^Eyi@`z{ch0KR5K`Ra7ge?Tf(lioADBa%`Tb?}$cdu$$AGER~TLm+zh zja+pt7Y}~?xErjI@=&6w<>eYKt2@!YyN&p)b#xpT+0w$E@18fUi4-pVxAjc_&qTcw z%~z1%fgkD1F%Km-1kEbN@+YcykiU0a{m&Z~E_roYa$==>#uJfNQE=1A;NnmH=1hkA z`bcEzJ`V$|vh&EqX&g{+QE8EtXKZ^8*j6+%z3s+QO4Qmtybo8pU7OH}MQj!gO)tAi zrRBf*5WtKgMdn}k@>IKvajS!4xkkJ!$SSl&b3}#%ky8O;Vj_$upLa{X6ri@YCOs?V zJiB2Zvgk`hMVY~=y*-5QU=w3wL*CmjL`F23!QA3ufL8?5rrM#m#tlp$ zw=w-ZNJin0rHKoZ&{KGzZY(QTC7!qW;*iqxt;ODa(}J3y>wF_g)qrgw4CV}&5#T#h zfT@+cE+8(?PyE*<7cA};J^Ndw|5rc$e+UWxB5L61B&0p}cTY>lnEs zt!XYwGfn{b*HRpSLQxhegd922vGVAE0WZ=uFfd?*K7RF69w3GPBcrK_y1cwhF9izT zs;a82tgO5|#lP1;UXXpmp48Up6&jWOxu8|Sf-~4HWt`=9I zLS+}lD&u^VB2%_AK+!2pjC_6biN}j6g-bZIuS6Aod z<<-~M0{|tcq7c9YS_uSzOfy3wA*To*3Q5O|Po{zXgL2P)?k=H?HbQTZQ2~-#M7NKF z=h8Cx2tUXNCWr_Nm$d_tyS`o`5x+B}i({|(S{l5*u?1QotYq|(|M-p6B3pgs1E^{A zQU@|q7(_kklr9Pj0x0+kG7nb|gy0)b&&s^xV-J_d+~q7Pzxa!d!qaauEaw?fI6xEB z5;9c8kXgD{QvZ{QM{Cd@6x2igU~*mCK871RJ0f-NMHa6BV!4=9BDjmhNB2v~@o#8_ z+`05jmG}CwRD*{P!jnkv0c_$c9u(3S_h(UL5`ey$Bp#-Rj}}47ro`jL8l-IZ_V#Q= zW?%O0nYS4h5l@8;;+oy>CG_*FJ^F=|$KTWNMjc9jea2+MJlUxdzHJpMZ1iV$Bpeb| zwtQ=E%4$k<+&&6BKHR4DkaqQmmlUH;w2lyaQABJQN~GehvplcqY3X)S68)4CH+PEd zSvdDHd5W(1B;lN~MD-|x4p?lvo%Q6)f>g0yxKk@zZcfuZ>ytO04K>^BaZev~A7_y= zrae|*6>v{gkOPU$8hIoiInKG+(uhiyJ!qp~lRsXnY{6c0+iV$q}tq1} z_&(y%dPh>mW++mjJRoT>U3|GJrn8ff#u{u3Ov1ymHzCK*Ll2(pZtkUZ$t7P&hbp78 z1LFRS1|G#pn52HBlt(ZuN2T=?=y~xQph&T?vC|&V5GMKUriKD5U=|8~Kg@OrT45Wh zXQ$XdoT{|d%#`-s_;n}i-nku^E&63B|8p>9NFbay0>``Yv+@-pX_1czU=ELa?C-9yv@uOKAhD{C7tP+F~=!ZRBvUM0V{dcg79{8<3ClUO?yVP%_W(9(b0I> z)|_19xW*uv=~;;&YcU3-)sHIA9QmO#zkKJ?l5czbF(Kk{uH3oJhGIXig-c^d~r zP1zl|h&*xxs`MpgaCVc|)2!$05&XH35KvaQo-ztA1VmC4hrEv$!l=&x<08jXC8qI+6fJXDc%Y=NtewCMp1D`EJpnyDnSoV93KgY_zhvgLkHyT+>5(0MS}++Al)<1Bx`O5W z-FE0wQVT)fa*;H{V`OGH?WmWXXb4Da1=}7ae=IsxH7JQ4V&f4acu16I} z{g;*QeRa(+{w+3+U;!RZY&PV(L8_{~s7$R8Q*Oj&yLH_#>}4pCCoW7j>v=m9lINPqVs*>+gDstRB5+qhep-aa zGSK%w1g$q;#(VeuTt?H-Y)S9ni8kSQ3wZ{FEY6nl@${{29GU+~B+SLW|+J|eeqYu}wk9NXHmFC6K zGkeJX%fSRhQO)vf@%7uyFn)@+#94duV7lq`nDX;H{%WKz-&#kja7-3NhDg>X0$k(a zV$foLA5URe(bO?xUq;Yc#;+bVi;X`seA0W}Pz`f1NAE;SJ7>!XDtw~9d_{lzUZI;4 zEN4J~uJ!q&QP1JWsYsQ|^*u!7#iF230VY~cIJ5I&H_1Xq z@LoxeJ}IqgB&7VVX-C#hXOI<-Qr2^F_mu`@!xr}XC7R{RGxyX$*OQhWM!@y-ZsR^EzE7iI2LFPjfl$ki_AC3QwL(bcq026_tQfDhUZVl5{ zz#a*Zc4~%(Q)2}>;`Q~!AyGhr1?T;9yYc_SM??$~i3BqJx@R9rst~W1e*j=;K$7hS zK;5u_`6uKY-<8(Dc(RpWgw zYMIhaIXP`;T&-jv4ozAN`pr1kEFA${yUF<hgJeNwN zzzUQ~cGQt;hPw9b>9_yzBhTgr-&+4u$P9s(0QxBhu9yHlS>DI`f-bb`G$@(pSJc&; z2o5FAnkWGJ6-ZA@(2k|oOOkue_e4T1+k=Ntx&Y!be(;%)fF94CMe-qp?USQf(&)S| z4q|1d=z6G`s9FiK6a!WA)KauPYA;^&9~ikbp@CSDJ_IMj(>NIFOG)P%lm1+`dcXO1a@)bg#q^2yTJ$z<&1N;Z! zKSw0afO6N{&9aOH#%EmHo&h(yEr>?0ZII#MMN(Ww=#*&^#jsp( zP^mJRd;%E4;CG>UpM^gJ%2erXTH~})Thi5(`|vD=JV)bKzNBwCUYx*D)UwXd4dQy| za_}pW{t5n0i#XtvvhuI&A9jWuDLoPl3`{~SG`qtq?1vB4QMAsVh)9RNYT|gD>hOzW zrS%LhU%I4-Cemv36sSC{5N$u1{#d;?+5MuKpT63OYvzpFdc9&P4`P$kF@mG|h1dZI zVs#OED#ga8ek+^#nQH)Ig}|@Y!}x0xq|iX&=UnPAsUi9pZ`H(e4kAlw^r&YTPS>b8 zX*&P(i)@&n-1E^jLm8v8i3PgHiUuHrq%5h;qxZs@_TYS}-*+%1ABH?{0A+Ql2n&nC z)IjeY45yZWYvjNiXa@9-?I&>3VkUh&;BAzD?Xza3$y4#;YbmUD{mSeM? z{;H8404&eR1CVUjqp>wE=ebw%ZO0}JrOlh7j_FsWLR_3hU{cs%bM2VzT_zy<^y!$7$p z3_5csw_xj)LIUk~2xSf2ERefJKxlrRjR8lzMu&<`I4Q%cVW!Q{!)EDy99fHAY>pt&uaE2?YoC&f_)MHtOlu1PonaVeC9tm=SV%^;O(3hH{~-i z7I3ZjKi&t&&&mYc{O1b)Un=hZ#ceVPCGUlQ83(0-@++tS@b@+h6$K6X5|DY|zX8KJ BtH1yN literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/update_user.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/images/update_user.png new file mode 100644 index 0000000000000000000000000000000000000000..2985d8e24fdd7bbe6b36e036b4eaebae3ead3800 GIT binary patch literal 22599 zcmZs@byyT(+cpk@fKmbq(hAZg-5{`nptN*}NbSx%~ z`h4$qJip)Z{=u<=JF|1o%ynL8T(co6N^HL1HQeZ=(lClC1(8DRkH?aTE0v+Gx2N4_UdUulKa(3LQBisL z0P~j%ANpO)%~x`|XqNuN#KcgGr?=NPJbOIsDe3du&)`Fc{gu3X<02? ze`&NrkCc<)2pV23eHHt|2cd}L zu!?_X>H1pr+47qVwIQlNeQ|0 zHeJj;$8PC~FbSD?eDGU*j&JQ&d(!vUV`UK^ZCJ7ULrvf5K;kN&w}sq!aEHvm&Z0oS z+2f^Bx{yt{yl8)bdpTaE7+tUM<3$MieSb<~UA6muDgWwKRCA+iF3T@&{Jh^{U&;E~DjqLGgmJ+eUp%!V zYWe*oF{%Q=*8BNz-Sl!|zyWy{KCme%si!fc$(D8fILPuj$69-nHdaRp^Lo#?&PIt& zu>>9RZfbZ$GT-1UNym#SDoF|kEl#7DtMkLH=}il|px0zvf2Y^9N)6-h+{KkoazGfY z1RVD}s$($G!R7aq9BR@&M=YATk({T0|4biD)U8oC88upBH@J6yv#w5CnArW5=utM_ z%JXpXCY?)0Wb=0SZ@$U4W@~K+%B?*nskqpsOFqvNE6eGMT+GIg2k)+omP9WJyqVP zU28onki=v9rRnBk%VDjboJG6r+e6m3ukMp^7Ws!0Tr+nFeL97eHZ#UDD#jQzy0{xK zin?s`OynjwyQFvMaQvaD^Tv47dOb4hR(49Fy5@C`NaQgeq`F5)m}uM)2(CbILhJcj z%0+Nn;McE@$$35m|LW}Qja8OlF=%iaaiHrJ^9-MwOr+6!IB76)}`MhBJ>O931#>2IN*s`+c}rVx#|sOM#CtqHoB1YNI(k@svR*+Z2OmFU3W9GnOjB0T_$TV9chXZ%rFFHUDQByyk=BYfe`h zcyO-Nq?`Q?!oKTMxUHfTM5mpm;pBy^`JLH?r5rV}A4Pr{VhoY2H(M z!6~K>R3|QX8}~je{ro(0+f5(&sw;xJIs<&TxR;_ip%uwY9vm+PO)yOd>+D(EPCIOG z+dsVd`n6Vx?ya06>+7mJb9%u6&0vGhtGkD}@BBZGX3Ag}ehRMma!;=eyIeGNJ~K_L zv{j|xg^za?c7wNslbMbWuHDeS>}h-Q81f{BM1+HgNY&;9dO3=e4t)~>6|2abzFpJwt)St|abiC1Tmb@XI~BvFVi2 z_Iz}ky=`=xpOo_(&Sa};rcA}Z&y;?#g@ft>+o)frDIyhS)kgPD=qMJ`pV|=GjhVjm zgWIuaV7fTG`I_>=^>-tGU~n+As|+I@rJ_<^LcY$^->^&*hI9j6fk6@q{4Wpt*%(4s zCrb(n;nf(@5J()o+gi5yI<93)Qb=;Z=!yNN{i}bFpxeh8n)zPwOsHb=E%|k5{S=C@zOU zAo7Fh5wXJXH}SQGyG*ycw^exF<+WZC&`+sC9>0?5E}xP#->qG@(^POIX{eR6mHvp7 zKkWUTtNJ-hjiD;)VSl1r){s#&cVDE!y1i)5O4lr6{&x_=-y?>eJqj(BoG3naqqnut?n&VgA`W3ICDy*Vbl)OGU7NR;#IscC8C)@Zgu=~ z;lwyt(&X<{G0wt-t7qaDSL(f*1v$R0JRfCV_pT^Qa&=`#beF&d^m3;+JHw8g-DHw6 z#F{w`ni-8sBw0$Y>|XtdV}FLR$6Cr%7JfU%fke(Da;56&kQp!KR>w5DR<974u#%&c z!yT=PgULS=QQf~o50JZ*rM)-Jjm0tJ#y;#!!r#MdJ1&f9r}hG^6>#4~of#LM2^mJ@wXFa2#8b3;OzTibS&yiB$(HjgKAbD`lAOv8ufd zD%EdccWk*)8%z_=?l_BdZd4-d%`?*K{e5HU4UYO#vWF%-<{yUS9%J2%~ZwVY@yeVAF{cyvs^1KtMXnHXx96P;>hD#nG+bmZe*83d!%>pY{xLauoLcwYQ+qy z5VE8yi%i~6Am9%`IQ-;4@9M{>5L}D7qH$CWgY|D83Os}zh$*2^@h&zt5L zZ(40hA{n3WaT*&;a)2DpXy~iDmtnENp(CU`AxkylK>w^N$4kPbCgIxk>fyQRNTe=r zy2PnD`S}5)_$jS86^ou=$)x4*Z%D>Cg2B9FMq~FlkwwqY#cIAt6m4s=B#t9U$_5CiKTpf{JLbjU!g%&^X-Q!fhx(E#| zEJqB)%0c7r$Jl!OiKcOln<%Wd{vwjdCq?S9c21U~8?HO!3(ID7xS7+LuCocR+H-5g z5~#9pY)*heJJWRe6L1DwC% z@!xKc$njrM^1%@4q=zOcWedwC$0Vw|q;IPV9^PkNw&7PKi14PB^w5@m9jM1(Nw%E4 z-m`wOMZfq=n95PkTTK)@#KlcB{iug!f-y>WcE$C*YZN&tcQp*2_A^XgPPWeTLpw151(nz^f7@52_es}`b*oIyyw zK3CAlc~$;iHz5TqBm2+NibmJ*S?xS6<)_UaDVfui4m*(CI zx!u(&7`QS^_T<7>9ADS3-gbBttK{`Uz54shp^W3S@$c{#KQv0+W$J~oBB=cpG-4vq z_hw0!Y#M3~^^Ih|C5ZJ^;|c+`rde~Ic2ZnVaS^b=4rdtCXE=0g6riem&2JyRhH-3r-6OAr7cS~ z>9US|N~=GG+78V617@5%dKu;s!+9Oe6obq%ZOIfu$>pjMB)^8Mtc^0Rf7MkX^;@qY zLVR12=T1hh>h;qR(w}j+4tZwRg)^8O-P&g5t#JB|FomGAwfwM68-lJ7OB}~f<(2}c zMdBuBgpsE)cj3y8g3T)s{{Db6IX9*>zQl)DdGfTgrb;>VS#ydhReQV726X2cOcuyl zNn~5u;7T-HW0JSpvP}Xi%641Gsn`qGin)!zOaEGnd0pICf>kDixcNhgMWHp15sd(f zRt~8JgXk+AcOcE8+g-Jy$Y$dc-}lT_VctHXUH?&h>v{83*p*!HRlSbcE_MW?{rHa^ zrjTfhvl65Fw=>Q@-K_Vhgf6MgvzR91lp*zGH@bnm!-sVr8!f=SMM8*KM|;*LDubBT zJFI7o{Cqr|x9;6u&ij5BmjI?&(m!+QZ=M^fMS{3Zfb_i5a=qGqRCv@dg{x)S|HTA3 z6B*qTD0nVADi8g9XE%$bAT#@3+L9t<;oG^s-rko)oUi+XN)q08IrZxqJA5VRxCSJi z6rN=KSy?ID+!sEdY?9&m;FDu$^G9p=?Z8Z}Yu%KBELYt!o5hc=5F0>MMKbn&>MOm9 zvrNfC*uwW5|I|hHG8IPjz*}ayGKz#b543a+8R_VHaayaSzO6O$|NYps{KL7GZ~a?Q zxEK?;&{Aq}a4@@%Xs};Xi`{v0s;hGzOB(nSPoO#a10o_}mAqTolfUARoM?>PH#zsT zWa#PW?qeFuOqlk;yLqS=L-x+sd9naE^JgAZG67{2evmTUv%bG~#|6kslSB`)4W28(3T5BdQPFJYf;{=> ztFg)`WuTxmmZzAjQ)xD#(z`EMfnF?wsGmKPv_n3{6q5LQ_JoLNWMHCLFL4)b{j+}e z`WwIe;{bU`+-%ONE030bH)8Z>t^)_-1O>6M+x|Cpy_$Xsh51kSNIq;$6i=uS<8f)1 zwNdm^Sq%+m${>z5$3()?;)&>GU!CsGSMzSQi>O8%V690dC6Sdiahr6`J*R$?Az{!3 z1kPYo^qYS6)<11rw-su{1adv`inBT0j^fXJi~mx*-JDx+>lGM z_NR}R_Q;hy1|-hZ!3$rk`TpDpWSPmE;q&d8UtlfuN8)N2W=eBj=r_odtp4$;gWv}= z&)@kalp3`f=HCsIBkwe(z#B>xR!{VwIY{C)KMGF*D_7*VI5Lq#TWa>cbSXR%*{(uc zpeoQPOb8Tzw*Z8S(nFW-6ICKkMLJR>D5?`Amyf=>+Yzh z7y2Q=%U2mDcRhE ze3B`Q5p{J!NrJZN6AsvfH0++IyMG+`is_yD5|z(uaztHsj*c z2x)!Pc}1Y`f|n+`7@|ZLd98L!(m%SI2OQh4lq{tMqXvv$BKvk8h4xl4!Fpp_|0Ld6 z_w~@)aIg&3a{%kTuyjSbxr>;y5?moRE(DpixIkS4b#rv`$(w~xA#3?FL z;^I}`fW5^hmgGg%HQ{Dz=oyasCAZy}myL9t)pUg*Up7W(CTZ)39^%4h--}*`l6pw% zD(vgq;h+uW`rh7nxV6bEkg+|%4&sY8GO|Dk`5mqws{vUkM-EI;$(^YW_IP4#$@3-hUMx+U)rXC^YI8 zH*P~i+9_pdBEjfj5%v~DxRdfLwyBw6+ZlPR_O~j)3r>}X5PGt>3`>yfBY%P zT`8llusTpi{w%b8^~yq?qjE^{GG)_YFMx1UNNjIpuZ5ws`OxUJYV)%uQTk`4xMMd` z5rk0JkYV%*t!?6$_PeGXq4*!N3p-Y*OBP#BW2q~K?(c*>=O33}k%g;_y&QJ7hU@pe zQKXE-F&=-f+5!Yw8tL-|!;at2p>5h&(60QI_lSU6qr|6N;=bzm6xY$%r!Y6$dADmg ze&@@r)xMt-!c@mLuxG987pj-swnrf(YQ-LEU-Pjt;VmoI4fHP{aYT4_3YFz-k()^r zV>fEAeIi?!uUp|vDFhjb_P#$jf8R&MMrzh|n*Tg7Q6(ldQ~>fO`WU9wdyuWl<2&Js z{C#@JuncLM2o6V-B<~(_;ZHbV_*2vRO7-1bXGB-DSL00`%$g-}`+koD0>=m5{2JEX zv2giMAH!_VFYd+55y~kGFoB;Xq= zuye!>m|mXJ83eY7k{rQ1vsF!784a)v%^zxtL9vzAhqB~1Gf(ih2ygckU3VVy?*O$X zuRcle$vnJXcBetNM(};Uji<-2^e+j+F~$?a;WukD!cs6aY09N=Yvrw{cj$VlQ3pMB zR#>t1>#lpb_g(kBOlS<3Esdqx(@n{}>Yuo;fe`rMmiU9G4ybjPlL{(HSDh}?&pUd8 z^{}5VBTNyE9S^%&!zEoj)d1u?_-JXGJfwQr)r6~QUH_e&y4sd+ayDhYoW$Q`iEJ=K zd9vJ!3ajk^>F~(5=`1qso_(Mok$VSP{#%3Q1ZHKWdA4;frVYCVG56IV^R1qOpdY;z zt?<7$gl8xr$7Qr@FK#yQ2>+vuboI$xlgr&xZo6#9Nx9YV#M|!(p-ntHeR9Qp=EKwl z0)DUU$5WC1DQk`-KXEkqvNIx@eRh1pWWI8yiuSR}v%+cAwp;*FNyZNn1kK{wU96?p_IXbI+D??-Q*JbH(|TVJ{m(*pM+D9hOk; zbZ%kDsP7uOJ8a3=nlq@cq$^U3DmLHzigTUIynUw+7?g_OvT#o7YitV|p!@9AQCB=g zraGNlC0;pBpo=RhK_EBaoH@z7<%0WaCSRWlo?8xC;ycsPA-S-Gfd7bbz<#8UWv(S) zIr@u2VWCT}a@XyI#JMhGgRT8;F%4ZW52c`u(=VM3ynTJMtFr@5S|TEbeEXG7JUd{d zriR^u)PXLG&%_VK%v2HtGBbX>9s3LDUT>0u>~8r*OxZmYF&qs;2ZyryLINgzYW4nG zo8PTJ36W~A*e!OtS_>k$HJZB(BcooCM&cC&;#BFpHNoA+vY&G*Q44|8hu6Y;Uf|hj zc7Xj*1^;J1KKT2^dbJ8DvPB6vNUDVQ48@8l3F8~PQj%-G<1E@B47|AT$J})4vrhYq zQaUwON&HUpfTlU8G8MrligYH12WCxaZGCBQN!jfZlYH8?LL&g@lxV$scCgaLZ^fvT z$_#i!ERDFwhCP;Nuo*w5{y7ri?7h)OtSr7c)f(5mg*Ud?;LJqA?_B)~AsH>!6BMr_1k^1`A)d7d1P61~nwXr> zD4b(Jn0f>8DXUJt%rrE2Mm(sQT;>jQR}H9{G|cqAJh{M$6hj6F!hxaT{MdDkhu^V3 zNUlGKps!}qg(#-k^K^n|{7Y9jB~t)4p;ApJOqa4O6{I1BN3xfvdx@+XKeS~m115or zrXVIG%kQwBt%(Oj(o&L$2tfl}_|$MRV&eDs4Bu5UKR)C#)Q3gm48$v>cYU}WN z0#VG&%uLIY14?ZHL#{*J_tO0WQ~~br}u6DIN(950C%yhz&YSH*8anAT55H zT|bZc@FV5Zpgg-ap0$CL{A#^%KO(cm9b46cbGm)JZK}nGHy`ifqUckO%g&5$1ob^p zc9OnMk+PClCgr~ZdHh!8G`!*>l{BJaMnf~T-q;-^>964}-nr&O=@;Jk$@OJz$kpd3gc+AM#a39R$8tYj#D_xt(lC+6WBgcRL^szQa z->YMIov=agbvp05Ycg2yhZ)fq7?op zm7dRX2$Pfke1mf?;HeZA1)o1Q2U?mZhn3?wvG7xyoUdu~iEL9%br34&aN$k;UdDNta**`f9R@~9S*yq;%WKLo$pbbOfTBE3ENj~y|U zE>X;^`~ibuNO&-_DS18dtlvZ?a?YBdo;al%U-%Amq<~{(0O{<8q4cpYVjpNhcz48` zBRvw2Co+z;wI+Qit;pJep8nP17zj*+!*q1We~UuZ#g2IR5;s&qKAiQp?cY$o6%o}`fL7>(A= zygE5s0CQdC!x&X(l;4KD>Z@w<3-vT(}flaXQ z4Bgju(apdG+ENp2N-OH}W-v`Ozde~$>2UCT!50z4dR6S0%Sw==i zCLTxsm%sz-tFi*o>}Z*>%#Jca0ucoTE4U;6ME$CHM_IPJp5bfgDj-&iJ$v=Hu=MXe z0t@QrWrpLwxDCQ7_?@ut0wjBiLdvC%AXu!#oeAw`kLsh15t;RN`oNJ&p6WN*eCB*l}v+0>Y z0`4Q$ilDr-3E`FKswAga{&0XxX;{~Ox@^$Oy{5wm0#6%duwK*7Fmm0#>d?^8*aqh< zs3c9m$B$L5hRq%g9mK@MbT7X=9O1$6hq>I@4>ktl5yoAaKmk&upE3DO%MR^;6IhBz zBc@&JzR={}5dPR4Uf<2$q&yV}(s>;Q7Eb^(RiMMek$Qd^V(x0NngWh2MtmHqaedW* zg(}O~z{hvofh?|Y+Eh#He6IMXAbtk6m|jNjmv(0bAR0xmpM4Lta+gzid3l3(X%q5` zMsiiayBh360t&uYx4Q3aiRHSpI|W8Lnx-j;|y z>9OW@d8pFZC6KMr)?yO-XkYAPXEwk3%E=y)p)*rG7UKocE*nPm4!H@l z`5mwmaGP69qclCdUl|hjNdFiwse(mGldA4r{4>I_ce?#6AAE54E6s-*V1ap^VT@+u zHY4m2$qXM!tL?`}cbyb$Al>We@7#?VCwq{Yee_mlIZB_wk0R8?^N z*GME!SO=fZKt__q2cfp>=_9{9L^QozL*#MZcu^{KKl#SS@UM(HZWt5yz`776jhz?u z(=ZYu`zA`oYaw|;sfd+np&EmHCF(R%yWO@p7Iml8!o1=>0L0is4^BY>?ZVe}x${^^ z7&pSab^j;sgv#hWN1-G_^W_ycK_~*S-iaBZ3wtVBW827R3q)t& z(^*EIEOfnZe~>f6LYiq^$`SZD8+H{l9fXor;ZNz1gqSD&H1Vc`Mr@a2P1B#0gt4H@ z1>V^m+{mibBv285DB{`JYvVbr@XrZShQV9`v*N#=8Ylm+-#R?`XTqu`ugW{Q`<~fZ zPUnSJq5O6G<&kRG*T)>>yPXBSYgmG99gS;HgiG-=o0&bD()wm|MZQ? z2Q9zD$N!WLcN5n22cJ3UqfoyZd4|c3#W}OV8-CQj)$XeZv+iG_F^vcR-*#X9w2*h$?{Z zBS#YN+R!!^nj6C&b4v&DZh>yyz%B-MgkS^!1Ge6EXnh)1UJOqD91myENO>X6> zLiW;{McSECbG5cc;Ce&>`}TTC(rF_~Dbmbk$dc2jg*~24E1|-)?=N5ab7jCUs(V@h zpH*vgv4-K9#xte6NsH2Dy@>wG%wwvaS|nuG&MHrn*IxCttLKVh(a#V6{{0v*3S}`s zUJY~9Z-RsnU$iy?^H3hRrcNG1miI~73lJ>d)pEaB%~bVV`-=7IvT2o!QwX`#3?uz- z`Ino|!O&L`3&ha(+L=SSBu@zv7r%e{m-Xr0T=;f&#jYKa!w)sMSA3jk)dhMWy^1|M zCAH7lNL6^5><)$LS{?sSGR0N5Up90ZNfr7{Dp{y zrbH?X3|zHTc0QY~v(K)w9Fyfb8v{&5*mXBGfqt>kWrr2~#Bk`aTR2|2{38g6c8Six_u{~NU*DilQ18;DKiTk2288x}tbI{WvgJ#*V z-0|%_-As~G+x8SUS^_DAA`A*T4S{wQv4hYWk+tFohn@L|OtJ7EaSuWuVbGET;iCu125|fge;TzD(k_Zn<%SjHt zesSm#Nh6-)v^lCP@S*#Gxa!D)GGx^jXFExpwJ)_*bI^VXAJ4A$d1{fFlAT_QSH0NP ze#gXPFwZqypl@7XY-J2%HaGTD56on=QL^iZ-`5^v1pM|tCHcQpfA4?IsE#yLlP>4v z07kZHA}#$942WvjVt*lUJ^vX$*lGJZ%2n%^!m=laGmS%_vcx%r#%o^+798B|4upP@ z1iZ~OD@DNiZ_DThD6*+a7Yjs^Lkr16-h>f%?%uaZl=SuKN#x47(POe*Xu7}w`Cr_h zzQn%J0PHP0+2?JJ9U}+i4m?0>Py@}C6?UNaPd}i-5|sNP6@ax#(+f~!71aL3LqU=MiNXMQ(uo3+ zo(y;0owLLbVb?Bu0R(ZTaf|s7O>um-ON6e+hYvYnG~&9Qz?1;SOcV;fu=8lq;f=1g zJHyHVV^hvJ+F;`anURckK=VEW@H)0wqEnfN1#0DV&M^{$bT$x?zsJa|67l0k5hpRoGEhPpwR5&HZEcba@B;+Uwo2K9J?uXmK17x-A=%Wu>xltA6Os z6VkC?{HPHl_9noRJ2DpZHhV{>tEpsKlQu#gpEp~RrCjuK5l)eE%$V5NF!DV9>&K^S zDYk#z`a_N5OvKKy?$iJUa{-qvA0A{*32PYQW15AOS)QvbL zlu8@D9Vw51{`tY6XChGTNaOO9?y9*#;g!^;;AKIPD3xve0+?LJ&#S(P+0pi~1q3HF zICyxbJRf*nuER5>apNThqNjs84onP;*rKq4@7Z^|7OEm9&`^77toie$JD)HyalIuH zNwEwDkHL!4Ky_@YWkK#0i=XbyYQb7ho@@_i2B3y`1*!hN2&el0xx^-a#XV1)jOLkh zJ2+2F0m|5+NEUIw&)O7MPX;wd4p7D)jHW{%1i#S!A0!Ch zzggSv8)P|?1YmG$3&=>E@RIK$%A^IoALT*h=E%n~Y8v(a-%Z)dfy<jXndscxrcw(9ohXWR;q z1n&q!LE)da1OlzObzKym^)eJ?&Q;xRPghpJCON_XPnHy)&IG23y7q$E>?&H7hyy>< z_tP%goC$A2~!)aiujWQ)~pu=k%nf9~O^oy)p*!#~iS;kTMnLG}7; zH^P0x$8OgH;mqDjQ`wJ_)?-sqgE(zr#sG>pCz9V>6UmuY{>0{%Uky3O! zx9BW034BUwC3%;$UkPxJqk5Sjf=yh{JWOEK z=)L~@)9Zwg2>fmQ{BYeinM_n*4YwN5JW8Jz&j-CSfy3cA)&$I2XRrhP9mzY7&0AD} zbQT=Yt29$QC4+)KaN*C7dh7f5?`@LFhPu2mff1P}>VgG!`miM|{cu_Qxe@dB+!F6Q zu&o=l*g9f;O~l9MtRCIRrsBpiAgUJI`w3DHpUP7lxG_-+&7LUg2JvSRPx{>&{qN2J zWk0Y0tZdb9j?!l5)?0Q4)8-l86DSMmzP?g7yJiTAU3c4}M^rM~YtsGC8#&qzeA`P~ zZ)X1A8~-!Jp;Ci&7EDBs>OQ+R?H}(>eBJ(h+o1gQ`BESoWjp9L2mlKcQMSgEz{*&u zJqE5xfZA5f~F@d?Q zj;bk|OM!Q@ssYNl`o#Oqrwb_WMHigMIMTW=%sx{I(^)D!zJPs_vFQ2&T#4CN;$t3Lyy9H{o}eQ`8`3=YOQ zMXID2R72zWO=GHxaM8p1HjR^?$^=>@QS0Ijd-z3lI(reVYOjf(&Si_@omjUW``c^M z6A_&cg1$VzWCfi`rA25gGK{1Bd4%L z)mOR*{Jdv@jy!y@TC7{$@I8gkGR9>?Zc#KIeuv66{T$Rzac0WXHc~FbBI7`c(t4T5 zdIXitxA)MtfvX^WAtq=O-cPcxRiW>XUm29f}uFw+(09i|H<)wWG*el)2LO?rd_WEDwr+&U6~XT@Bvo2o_emg zLBWoRIr`Yq9vr?UZ>mk2*EMejEJ-IB{3g)ob}P7A&X)5ifaWyi7~`{9FJ?@i;ocwT zVS6C7=8|QBOy@O^Fie>Usn&4J(l;BbVgkZ-y0SCX-^QV9_IZhWgl;3#f)Zcs@OIdY z0JO}u^|}U7;@_%E*1BlJnY6`sKxOK*mzrm;tX3Yig_wZmJHGO3O8qCiF!fie|KQ3T z2>twLj(CT}9MyR}JWQWeUJZb{yd9tS+-sfy_Ib4JSCfS#;f}d`Nr+mL#h!M1tfCvq;VkdLV&mfb=azl4gh)p{ovRK4@M0}ZZV)cnrj8YXDO`*qt(jnP-t~-qDq0k1doiA zG|!b&MhhiG6;QkC18TY&s!_jH(pZ!kCZ){<@-5l0$C>=Q`}=krAW|4!S$#}PLXvF? zmPa1{CCBkBPc%4`?h@;Wj)*aK@g zHmRQ@bcKFWb^Qe3%+srt6dw<6eekh=JPXbE$Jkfhb zwE$=gYHsYm)@(?u1bMk2KJnmg#b17?0?I0S3a(W+nM3)($@{QNx3E-6-vx@S7n)TTs+)(k zt*CMkro@=Tnv4_oxvHCUnYGpo>2ACg)W>Q`JqTyI)vgE6KR2svL);TyhKyKz|`~@JdDtpFO$rHd-F5LDRm#pd~2%5SKdY-!6yF9ldl%kroG_aqH> z`R74W-3x$;9-DwF3XH!2v)Zd3HH3zWZyH_qCU{bXCG8epSi)PHQD#=(cAioiYXBC0 zOc#yk8xfanW-ux@?jA@$&5BZp5u%Q3VNEA9FpmV2w{PRbK++;IpUe+i1#V|m!ZVP% zWb^?{WHckj1KYx+v-bL-&y;a)EY1?!VSY zCL^ih@(Q#pn2<;tksHYAnlohBWq{YM|bgLZ1o9?m+A zF2yJxEoBEpY&l)^<=(B=Cn*9ep3teX%%-E!*E7yLGa8B4U6MDdpv&YeH3NP;FJHIU za`^#B%nA@+o_EmReA6P9?)wR-auEXxy%uZHxHOBtrvD);cu;n@J~TP3SMebPOM;Ux z;8rr|^JmK^lLe|W`STT~p#qllb>OJ8+V{SL+P*kN7qh*>Cp`RCv+!M==^QMYzYNU0 z7FK(YZ>#Ec+1p%MXTJaaWkRi~OjsL zQnoDVY4KAw$P(bXlgD^Vtcd*5^#BPwfyq-D**JHSY@NP!>Oq6PV7{j7;X42$Cxz zsa{*PG1daue}1+SX?n6fjht+~(O^_gFY4QZx3*q>6$dsiflniG%J-g$9~ynE2Ltg_ zDgkNWG1w~vm+#VbS0zp<7;Of#E&U2g5v|0O&{UzCHvnWe0LcEwX#YkCC4JjRzNyN)T+Xh;>~$8j2bXYzY&j8MuHK&Ijw&krL;8oI>;i7v@>b8IG zfyt9taIK({i@WcEBbRfs!uaf;&y8_9DUdkWQ7mE)Q^Tkw|GguFo;Y<0NM<#>?sUQP znDc|5Xv&g6CYFuLd(JT5?J4f&{MvcY(F!JIutBtg)yqu-MpkAC`uGK3va z;O^`1r*7|i?Kh#7e!lKxccb3-Kr@tSN^o(bKJd7+fYC&TW$4>P=yyu6mr1=K*%aw_ zN|S+(u_wCV`+Pv#o_9XnqIZ% zq0D2`t0_96mGIKGWq-f;yY0Fheb(%@0)2PZ;Ky5*oi6O*xlfq;AD8#g{nkHT+RrWp zK3&UWtcx?WvMM^kSojKDU`xr8dYjvlf3&8Ewb%ZqXnUXiC*gCF z)O*wmGNMhsZnWro;u08G3$BO4?MfNz5wwzmlLw9+L-_lSvBw!HAWemuyO^oPtf1@+ zW~OC%D?ljX%>F|Mk)9+C*Q@BL``I)iC7-d27Ne_&0EPL$zC-CJh(E6RT z;N`b6?(GCdxXKk!?O5G|=RdvnfAu!NLw2AGKlpDG<)I3CMB^{i!{`^1j>>hh)4(Sw z%6#^97tGYhfR2Qk#@J{;wY3Bey`oIYB@rgawSJKBMQAe&5`&G&$ZLO9!cznUe-iWv z!o5rY4^l-*#i))0OaZXsjO?V-#xoe6F}7?%DZS{;Xap&eJUNY;Y}co zKpsyT!N}i5-ZKR~^2eY_kggc?ud?KIl}nzB%^J5U&MUDjGfCjf8j!73!EhECoT}Xc<7-IJ*}4JM&mS{BH#21K zdSjaqf*>J^cCEY62_m4j!LcV<05eyK6#P(&B$B&t{8l>mK;|+**|H+Li^Hfd*$mpG z2aD)7!_y)ni^r`X$KM2~HaT;FMD+2a5yfnDiD}a$@B*%k3Y`ph3ATO>Y=ACVykfs{ z0n9s{*YfWZs^7KW!8dXP&%itBXt!Jk9y50h?3xdzexJp*P;JA;9`iZ=qvc`Q0>m@) z?7iG?$5}u!7`dAEKcbpmgBUyQ;d?K@cIPq)A4jfBK_ESqK|(&aj?!*2ZJ0to4O>& zR6?b@opF0*K3xq<_pW@CD@W6K0oG=qDIlE{cLW?)b+nfx zIhB)8LO1~WI`D-G4Tjq|ZiNFVlDK}pE_wUCYh95*-amElsIi%LQ5@z?X-0s^oB~{x3O$YgJ0r-E* z^2&!)q(mAB%7+_Z=<@NfdFCaMc$slphVCy*j}=jWr|~&6ZZ2|$g5n4DjDTFx0`g9j zOa9+={a@y2G{*m8a{?%c)>`K>h{wLMjbC-Y^4yW-I5TLZtzEq;WTBDtmd_BS3Aqz* zgy99q4iAWKcNRRhIE1|~s`we7dx0FwVPp6y$d}p<+xa)_kDIF6Jdub*qXjLmP-|9*oHfTToAd3!<2>z?W}0 z89JeQBtPTU5^-SNLd!IIJN-{w#PoN$NScc|pwo&=O~1(m$K$X*Ipt?JiPx|7F)E7l zuqhe$w#=MRQKhe)994DPyF6!fcb^e(CI7nl+~{;<%Zd6cZO6&xb{SQejP>Kb-+Ye+ z#ys`3pj%xvCiCg0CS<#@=_>-Svb9M2ijGwq@T@YtDR+j*`?|_l=#jNvG6tHZ+E3%b zklL3LT2G8gDZ$7(&W6qY>Jh>8S8*CaoV~-BteZ~X&w-p-Eot110bj6D`0Sp~9B@1f zSM0;5?muGf)-v)2gqO&J>2aJ!si8ssY`IC$nw3K`nPu7PrCTV{I7pE~_=3OiJ zdJ7)g1u+)YtWW>c2?$oZK@gMkWlPvYDU#L|m{_>_wWOwusbzz|L&>)406_kqO3pkU z%JuK#io>LEsv}!wN)BZg8W~JdMD|Yhu_Wuzh#5=v6j~%2dyOMYI?N(F6X8VJMPnKJ zHpE2MjAfon=l6TPp67SY^SoZqzxVye{krb^zOL*0`F!5rYc?m$PMPTJs7Mn$a%2MP z0A?rm9DuQKVoR)caA3z)s+^5Pp%t0t`G+M@1{S(h&qt5Vm;^)@Em<0+3aw1ZnOE3vQMOwFY8Rv(Rl`f7ejHX^EH@Hh;gu{4nmnY#OjPYro#@(IwyB-zm6|(w*gH8*6l=(eKPf+N<;&vps@?M%_Us{h&S9*t`dJJ9n%c=q0Rz2FA~*CGz`O{EdBuHK z)+HVnXMt|H9AqWr-JW4PmL|Fcn2oaa*xL}1ZR_+5zVPQu(f489Agc4S0lOMDw2y=; zqcME$;GMOAU(&NSh+F742ZZFS*2eOXTZM1ko-Cc6MPod4_D0fT{SLWkcq5#&y(0kkp*FNYk5^LFbhOfppyv0R7@<=be0Mp-GoqM1 z=^Im348k)Y)8Es%%dUJu{$ASn^ijMF2l1*@?Hy(;hGq4 zPFmDP#|o|_f>8X{1E&P)P4`gv()pEbsFXV+vBYvTz6>Mnkymk(wMu)gU&R6_WUMW&4F2Z4Bpbt>x!7gx|Nn62g# zXM*cQtnmDW^Gz-qMgkBy@48@A(&T2fLv5&yoit?|Y|wK7r=D{xauO1>D8^4u8W}02 zZE(#un}|9Hl@Q%f5CrwuNKgps*+E~-qM%oHzn;Ihh!T_{?v{B-W#^`q{16Ga$<^W1 z{QPt=dJOKy`5Cpd2!4odTQqYyl<#mZfh<=l*VV81yNrm*anfD15i?p%L7Ee4 z%b~-XNOlm^Eu@>*Wu&mQz`VS``;lf&*%;oQn)G{Fzt3U--enT%%ToY{822t5&QDY} z&`EG(wJ&13To$B}VP>M1RlCDlMwYJHzr7DyzSvdy6tRj^qJKsobby0 ze)!LXmvHd1*QDWD<5k3&*dtvxAJ{6VJj(aAuDJDL*CS(&61qK>vr?|m$y6yrZdaa? z{JGLYqB#g_b6ZY?{t)LJT=2qK47^|3BfpR_j*AUkocj+f-2rg271gpoTdDEPi`X%y z${4e3dEFtqtlqmu>-o}P*v?uX%i}~`aeNwdF=(Wk6bK{3*aOc!8OY7AGNVYJhe4}>jYtLeqNUCVBq4cV! z4Es6tI=Xq5DxRaTz^l{yr+Hyn-#e{j8S^WdgUZIA!w;6OA5_#fySA(O#R^q>zQadz zxc1?euv(MztCyGClWZU9ZJ3oTTWD1Nu7+!&goE>E+WhM~?%EK}D>x|RQpzE6EcrQK z?n7avge}~=(0&DsQU@J-mdrY>qP&q zvM9Y@fF9LxPf%M?{U~&NKcKolG0>xyoqeD2!L^q8ZS;_z)Pu?K^CgcNajs6A-`j3D zP^H(I?^fQUF%dg$0WJ3=Mh-Pc1-`$03SfwN9 zbH8Ip53M`hooYGbLpjCpk#6~DRuaBYSJy&qZ^j1I%M#xb#!aR!4G4~f@4(cjz59zB zi#Wz&FQyAYo3=veq zx(frSC+ELw;eV)^PY-awBhGC|<=qClyDG8H{~5ry04ZtcA2~|hcxSuknkR{=bi?F7 zd-D30oD5PG2h|sfk)BxF(Sn6%)8U|vDlX|e0(Onhw?uiJ@9LL62O#b31=7>(9ax6d znO)>j{`Nqz%fOJAGsyO-b1ev7P5y;*sMc>a(**u>4~ocr`ap_m?B2gsVv&*2#S}l+ zHS`=92XRSnjttC-Ow_iuXg*L_1SFz7y)-c;aO4b0M?9+e-*H30-qCo##rA-E4F?A^ zQlI%v4x6N>Q|6%$|W@ z{ykqLN-MM;`XOlbkT<5Dxe3wc^Hr)xM;N_U=@DKBxTwUdH?d@`r`Nu;sjllcf@cuw zy(3m>0(Ux`ls_duK7*ZJ|%I$7sM9H ze7^$Ws5+1yE5hq*N-&N50qYjG@}UA+lJnwf zgqQA~-WhMqbIm;WX}JSIydkk%ifuNq67u28Gp)HZP9ot!ic~fHMNszU+Vb@B#8|zh z0jrqX1g{5KeERaIA|;cM*x<9G+kZ{ZJl!0bdXkw!GKqgB_hxH-&nMQJk>J!W{*h?*i| z-NDJOXwiaZKbkYY2Gm`NZacIm73jyBbC?!NQKElfYn_{SsvVC)uTP_TQL{IX27X`p z29izBYi*zwy*|1L1*3@nBSmI{_vT{zl;FkaT+gzf$&+2q4w!W)Lh;wTydPfR8m5f4 z1^H~SkTw5jyC+~9UXnaHiXZM@J#f}P41Zi~BT_DmNK6^XcH3@jB}(3AHGZm?l>a)o zy}+lByMu4H4zq53Tx<%b&DDkO2KfARL8*^ucCnRGv`>JR#KsmX(npx5*JM+=f;;Ht zoM108{!ShYGvt5#RWi9T`sRC*Fo0r5!8+=Cii;6XAY{;GyY z|y1Gx0zwlr7Y75{fukgO& z%#{8yU0jcXLl(SB3Vd=z#G{1mCF^J{x3@(MlTS+m`G3lFYx~6YE%~RQ3`SRV7kI@z zMpZ86iw5~oNIr?~w+f<=dnLyA^7BtnMZV#~G0fP`S=BrgJu2fIcx~5Di{wgI9!_L` zyQpv}o#NJc#wv)rwb0Qg73x#?p$rXrJ>+J1-3UbEOCKli+sC~bcrSZkxj!Nzx$wY) z!Q;CVcp_kWB}T!lcHQ5h6fwRlx;*_*ce&ei>n1HSr6}xZq9bVbI~{LPeT;RaPu>2u ze5r>{;gp^M`v9Y?>%nOQOVw<^(SCwhT@RV80pvW3x_bpB0>mc>J^TH@X=d{>x!- M+2j)GqSM{~0-y@Z-T(jq literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/readme.md b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/readme.md new file mode 100644 index 00000000000..86d37342a52 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Malware-Playbook/readme.md @@ -0,0 +1,51 @@ +# SpyCloud Enterprise Malware Playbook + +![SpyCloud Enterprise](images/logo.png) + +## Table of Contents + +1. [Overview](#overview) +2. [Prerequisites](#prerequisites) +3. [Deployment](#deployment) +4. [Post Deployment Steps](#postdeployment) + + +
+ +## Overview +This playbook gets triggered when an incident is created from the "SpyCloud Malware Rule" and can perform the following actions + +- Check if the hostname is a managed asset. If no hostname exists in the record, skip this check. +- For the specific machine ID, if the organization has access to compass data, pull all the additional records for the specific machine ID from the appropriate compass endpoint and add them to the incident. +- Escalate the incident for someone to handle the malware infection. + +![Incident Comments](images/comments.png) + + + +## Prerequisites +- A SpyCloud Enterprise API Key +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the connector documentation page. +- SpyCloud-Monitor-Watchlist-Data-Playbook needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the playbook document page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to the Deploy an ARM Template wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Malware-Playbook%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Malware-Playbook%2Fazuredeploy.json) + + + +## Post Deployment Instructions +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- As a best practice, we have used the Sentinel connection in Logic Apps that use "ManagedSecurityIdentity" permissions. Please refer to [this document](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204) and provide permissions to the Logic App accordingly. +- Provide connection details for the SpyCloud Enterprise Custom Connector. +- Save the Logic App. If the Logic App prompts any missing connections, please update the connections similarly. +### b.Configurations in Sentinel: +- In Azure Sentinel, configure the SpyCloud Malware rule automation rules to trigger this playbook. diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/azuredeploy.json new file mode 100644 index 00000000000..9aa81c8598d --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/azuredeploy.json @@ -0,0 +1,718 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "SpyCloud Watachlist data - SpyCloud Enterprise", + "description": "This Playbook will run daily, gets the watchlist data from SpyCloud API and saved it into the custom logs.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "tags": ["Feed"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Monitor-Watchlist-Data", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName":{ + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + }, + "SpyCloud_Custom_Log_Table_Name":{ + "defaultValue": "SpyCloudBreachDataWatchlist", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom log name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureLogAnalyticsDataConnector": "[concat('azuredataconnector-', parameters('PlaybookName'))]", + "SpyCloudCustomTableName": "[parameters('SpyCloud_Custom_Log_Table_Name')]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureLogAnalyticsDataConnector')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('AzureLogAnalyticsDataConnector')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('SpyCloudEnterpriseConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Recurrence": { + "recurrence": { + "frequency": "Day", + "interval": 1, + "startTime": "" + }, + "evaluatedRecurrence": { + "frequency": "Day", + "interval": 1, + "startTime": "2023-05-06T00:00:00Z" + }, + "type": "Recurrence" + } + }, + "actions": { + "Cursor": { + "runAfter": {}, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "cursor", + "type": "string", + "value": "start" + } + ] + } + }, + "Custom_Log_Name": { + "runAfter": { + "date_": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "custom_log_name", + "type": "string", + "value": "[variables('SpyCloudCustomTableName')]" + } + ] + } + }, + "IP_address": { + "runAfter": { + "Is_First_Fetch": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "ip_address", + "type": "string" + } + ] + } + }, + "Is_First_Fetch": { + "runAfter": { + "Cursor": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "first_fetch", + "type": "boolean", + "value": "@true" + } + ] + } + }, + "Until_Modified_Records_Exist": { + "actions": { + "Check_if_this_is_first_fetch_for_modified_records": { + "actions": { + "Set_Cursor_to_null_2": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@{null}" + } + } + }, + "runAfter": {}, + "expression": { + "and": [ + { + "equals": [ + "@variables('first_fetch')", + "@true" + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_for_Entire_Watchlist_2": { + "runAfter": { + "Set_modified_records_array_to_empty": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/watchlist", + "queries": { + "cursor": "@variables('cursor')", + "since_modification_date": "@variables('date')" + } + } + }, + "Set_false_to_first_fetch": { + "runAfter": { + "check_if_data_exist_for_date": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "first_fetch", + "value": "@false" + } + }, + "Set_modified_records_array_to_empty": { + "runAfter": { + "Check_if_this_is_first_fetch_for_modified_records": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "modified_records", + "value": [] + } + }, + "check_if_data_exist_for_date": { + "actions": { + "For_each_response_2": { + "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['results']", + "actions": { + "Append_to_modified_records_variable": { + "runAfter": { + "Check_IP_Address_is_Not_empty_2": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "modified_records", + "value": { + "Document_Id": "@{items('For_each_response_2')?['document_id']}", + "Domain": "@{items('For_each_response_2')?['domain']}", + "Email": "@{items('For_each_response_2')?['email']}", + "IP_Address": "@{variables('ip_address')}", + "Infected_Machine_Id": "@{items('For_each_response_2')?['infected_machine_id']}", + "Infected_Path": "@{items('For_each_response_2')?['infected_path']}", + "Infected_Time": "@{items('For_each_response_2')?['infected_time']}", + "Password": "@{items('For_each_response_2')?['password']}", + "Password_Plaintext": "@{items('For_each_response_2')?['password_plaintext']}", + "Severity": "@{items('For_each_response_2')?['severity']}", + "Source_Id": "@{items('For_each_response_2')?['source_id']}", + "SpyCloud_Publish_Date": "@{items('For_each_response_2')?['spycloud_publish_date']}", + "Target_Domain": "@{items('For_each_response_2')?['target_domain']}", + "Target_SubDomain": "@{items('For_each_response_2')?['target_subdomain']}", + "Target_URL": "@{items('For_each_response_2')?['target_url']}", + "User_Hostname": "@{items('For_each_response_2')?['user_hostname']}", + "User_OS": "@{items('For_each_response_2')?['user_os']}", + "Username": "@{items('For_each_response_2')?['username']}" + } + } + }, + "Check_IP_Address_is_Not_empty_2": { + "actions": { + "set_ip_variable": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{first(items('For_each_response_2')?['ip_addresses'])}" + } + } + }, + "runAfter": {}, + "else": { + "actions": { + "set_ip_variable_to_null": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{null}" + } + } + } + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response_2')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + } + }, + "runAfter": {}, + "type": "Foreach" + }, + "Modified_Records_Compose": { + "runAfter": { + "For_each_response_2": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": "@variables('modified_records')" + }, + "Save_Modified_Records_to_Custom_Logs_Table": { + "runAfter": { + "Modified_Records_Compose": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@{outputs('Modified_Records_Compose')}", + "headers": { + "Log-Type": "@variables('custom_log_name')" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" + } + }, + "method": "post", + "path": "/api/logs" + } + } + }, + "runAfter": { + "Get_Breach_Data_for_Entire_Watchlist_2": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['hits']", + 0 + ] + } + ] + }, + "type": "If" + }, + "set_cursor_value": { + "runAfter": { + "Set_false_to_first_fetch": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['cursor']" + } + } + }, + "runAfter": { + "reset_first_fetch": [ + "Succeeded" + ] + }, + "expression": "@equals(empty(variables('cursor')), true)", + "limit": { + "count": 60, + "timeout": "PT1H" + }, + "type": "Until" + }, + "Until_New_Records_Exist": { + "actions": { + "Check_if_data_exists": { + "actions": { + "For_each_response": { + "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist')?['results']", + "actions": { + "Append_to_new_records_array": { + "runAfter": { + "Check_IP_Address_is_Not_empty": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "new_records", + "value": { + "Document_Id": "@{items('For_each_response')?['document_id']}", + "Domain": "@{items('For_each_response')?['domain']}", + "Email": "@{items('For_each_response')?['email']}", + "IP_Address": "@{variables('ip_address')}", + "Infected_Machine_Id": "@{items('For_each_response')?['infected_machine_id']}", + "Infected_Path": "@{items('For_each_response')?['infected_path']}", + "Infected_Time": "@{items('For_each_response')?['infected_time']}", + "Password": "@{items('For_each_response')?['password']}", + "Password_Plaintext": "@{items('For_each_response')?['password_plaintext']}", + "Severity": "@{items('For_each_response')?['severity']}", + "Source_Id": "@{items('For_each_response')?['source_id']}", + "SpyCloud_Publish_Date": "@{items('For_each_response')?['spycloud_publish_date']}", + "Target_Domain": "@{items('For_each_response')?['target_domain']}", + "Target_SubDomain": "@{items('For_each_response')?['target_subdomain']}", + "Target_URL": "@{items('For_each_response')?['target_url']}", + "User_Hostname": "@{items('For_each_response')?['user_hostname']}", + "User_OS": "@{items('For_each_response')?['user_os']}", + "Username": "@{items('For_each_response')?['username']}" + } + } + }, + "Check_IP_Address_is_Not_empty": { + "actions": { + "Set_Address_to_value": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{first(items('For_each_response')?['ip_addresses'])}" + } + } + }, + "runAfter": {}, + "else": { + "actions": { + "Set_Address_to_null": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "ip_address", + "value": "@{null}" + } + } + } + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@items('For_each_response')?['ip_addresses']", + "@null" + ] + } + } + ] + }, + "type": "If" + } + }, + "runAfter": {}, + "type": "Foreach" + }, + "New_Records_Compose": { + "runAfter": { + "For_each_response": [ + "Succeeded" + ] + }, + "type": "Compose", + "inputs": "@variables('new_records')" + }, + "Save_New_Records_to_Custom_Logs_Table": { + "runAfter": { + "New_Records_Compose": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@{outputs('New_Records_Compose')}", + "headers": { + "Log-Type": "@variables('custom_log_name')" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']" + } + }, + "method": "post", + "path": "/api/logs" + } + } + }, + "runAfter": { + "Get_Breach_Data_for_Entire_Watchlist": [ + "Succeeded" + ] + }, + "expression": { + "and": [ + { + "greater": [ + "@body('Get_Breach_Data_for_Entire_Watchlist')?['hits']", + 0 + ] + } + ] + }, + "type": "If" + }, + "Check_if_this_is_first_fetch_for_new_records": { + "actions": { + "Set_Cursor_to_null_": { + "runAfter": {}, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@{null}" + } + } + }, + "runAfter": {}, + "expression": { + "and": [ + { + "equals": [ + "@variables('first_fetch')", + "@true" + ] + } + ] + }, + "type": "If" + }, + "Get_Breach_Data_for_Entire_Watchlist": { + "runAfter": { + "Set_new_records_array_to_empty": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']" + } + }, + "method": "get", + "path": "/breach/data/watchlist", + "queries": { + "cursor": "@variables('cursor')", + "since": "@variables('date')" + } + } + }, + "Set_First_Fetch_to_False": { + "runAfter": { + "Check_if_data_exists": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "first_fetch", + "value": "@false" + } + }, + "Set_cursor_from_the_API_response": { + "runAfter": { + "Set_First_Fetch_to_False": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "@body('Get_Breach_Data_for_Entire_Watchlist')?['cursor']" + } + }, + "Set_new_records_array_to_empty": { + "runAfter": { + "Check_if_this_is_first_fetch_for_new_records": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "new_records", + "value": [] + } + } + }, + "runAfter": { + "modified_records": [ + "Succeeded" + ] + }, + "expression": "@equals(empty(variables('cursor')), true)", + "limit": { + "count": 60, + "timeout": "PT1H" + }, + "type": "Until" + }, + "date_": { + "runAfter": { + "IP_address": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "date", + "type": "string", + "value": "@{addDays(utcNow(), -1, 'yyyy-MM-dd')}" + } + ] + } + }, + "modified_records": { + "runAfter": { + "new_records_": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "modified_records", + "type": "array", + "value": [] + } + ] + } + }, + "new_records_": { + "runAfter": { + "Custom_Log_Name": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "new_records", + "type": "array", + "value": [] + } + ] + } + }, + "reset_cursor": { + "runAfter": { + "Until_New_Records_Exist": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "cursor", + "value": "start" + } + }, + "reset_first_fetch": { + "runAfter": { + "reset_cursor": [ + "Succeeded" + ] + }, + "type": "SetVariable", + "inputs": { + "name": "first_fetch", + "value": "@true" + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "SpyCloud-Enterprise-Connector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "connectionName": "[variables('SpyCloudEnterpriseConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + }, + "azureloganalyticsdatacollector": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]", + "connectionName": "[variables('AzureLogAnalyticsDataConnector')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]" + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/parameters.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Monitor-Watchlist-Data/images/parameters.png new file mode 100644 index 0000000000000000000000000000000000000000..d6727054c9ef3db5e6396e93a3bd557b0df8deb9 GIT binary patch literal 25220 zcmb@u2UJt**1sEdt9yguwjc@u+lok+rc^74G%2BlCI|>2Akqm*EE@|5u>k^7lqMxa zT0jDcN{NCHqy-X46a<72A|(kBlH3(^pL53lo^RZ5+a5rXFwHQ`=)>wzXhDOJ`Dm@ zq9s=^ZvyJ7Uxbo#(1&>lFvQ-5E??1`GrGAcf7pt zo7Tf4XZn8sYxoN6qVN$VkGsd_^+4uBv%STW7|${G8|_f7KglLvPsWy&(xHY^LRRe0E*jjH_}})hC-T*S z&}|>om;-I}Cb&umd2EPmvY*XjepEuqj*(2Ye?Qp6I72_XFlci z)xmkQOFR_bSUsDl$=*9e;0khEWoDNH8`+O1NiBa|=SLY#QDI?Sk|`Zjo-s~;mOoZq zrRUrH-&@cBY)en8o6b5O=Dx~RQJR4Iny=V=pPp`~WEuv{hY|EMV^*hbSFT!aYfTw} zS97$LlF`!XP2Md{{;kBFIHMXRh-uxtF{i@WRKM#)pgWHKQOMpPvYk2k;|gJb5=JsI zr2lv?O2vxJ;Z(pLdvADGx$9iM2Y&QSv+Nz5a(R=VfEv?Z)|KS-EGh=1xubArB_)2G6vpu7`z&uHciOz~QCJA6*U!OpFf0ZJm0$IQGj&BZB5@H9%x(U%Yyz3UYBj#hQsWsZpnjm( z9cg4b7=iIzx%J1;vxttbJ&Nab+}f&kwHIEi=s)lZ7SeGWK04ga_FRs<$m&bSCI6;e zZp`Z&8+{ULfU(tu#VII9AZMmF4DAtHzV}kZId8o07=x6YTdoeBjZCJ%BOqk?Cea^GEW(5YzjxgNDc58PGIeE>YdWl+Wt*k{sM z)ifT$n5|fzJy*gwDz5<%>V&A_kkg%Wa=FwDY_e3e;Kx+X+oQF7>>RwpH02xrx~9D@ ztTaYr)tSdTMvT^|aC#TIVn(N3WKgdBMGiemv}DDones8_qe2o&0mZqaT{WJdWTGvc zF55N%feh_pXP?ye-`xQ*@mTK6e>0J5-8?#A%DP9c(SO=o^$jjLdiUstGX< zkzQ^hDwCV8`D; zllMvvZE38ZuR|$8c6S;mGp7NJ=bA!U~o@C zYUx$`t9*i`O_xo#1~Jw-s)yj!g>+tBsGChRB-S2R7mboOM;!QZ&0!QHdYV#ugdWS4 zt~_8ko7G3i>2(gEsl5Lz^$$vsmcXi=+pLK18U*_fG zs~H{T?CuxHzkww+vM0<=80VOl&sn9;xrNZ@uBakg7pkVv4wv|E$NEo=-z1e$I)kU4 zn{4sPJv| zGQUi_e0cGyDn5^Wc!zxqg#SFPX(e`O@Wqhpa$kjz|CRbxc>bac|0+&LcMFkeEK+Y! zak3I!XbgBL(v-!a7M?1QvvY|$A+a8!v-6*q*y_NX+_2I4_7;bS!*>S{KzeX#M{FKU z&J1ryXct{i9d=fMqFX(3HNZq;F2-eHITRe{0CtZZ?tXffwzzaxXY0HL_Fhs~#vUHS zIo8pT;D#YsqVYxZ8sG`({u}*y819?migux#iY37l+0|@(KOl4d2f-8>W|eV5y-UEH zUHYKEIqpnU-1CesX1}9g(eZabrO&2Akfxs8_9qeLJaC%hS9^mHyNoBtyy(uQr>1RD zQ8`r+!)C%M#n8m!oVa6NOchQs>-Jo<>HYeK`JUY!ZN+7lZ#0tkKAeYFjJ{?hQ+Zx< zgz~-k%2ztpWBSOld3<_k2Ws+hbBaeCTFPq$!fy8ye}l;bRX{(OTY+Kyf~52rJ(G^KPhP{-A? zwX~d2%tyg--_mVNOqjXhZQ-NB5y6&VOLfAxfYia$ zV8w91K#rSEY_b%5R(jl*$R23+!Zz?cgduxJnG`FDMu#u1Ii4}Er;T}59Xv--L2fjw zhBCy7hN@>gY%8b~^n9rtSs|RCqj;@eXf(ktmGiY_3*z>|D)-6tlRMT;#bQ@4yD!K! zi7GxIogs|_GM?AZ5Ay}>`c}&VrztkS+A4Qv;aCwxRle>WF}9R1!@fCBNG0`7*JjPr z=7iDN^7^5#QlQJOJzumISNWwM;q2GG>7E?K_MZ%*eP$Z5viFRl7>KaZH`semqT+RDbCwz! z8?N~bQ=Yus(n&|~eOBwk!g>k_;3FF%ds+y+2mH~7SYb!$oC4n|UO>=}J9en-v;!-g z9F?4FWTK_M!tzSgRw2KsJMgCJY?#x`?X_P(G=@> zA2JFR#7OZ%a%I^Xiu?i7Mk{@(DR#LJd;}1w5C5qn+ju|Bh9jFaPu+5rKR%KWr0oO5j`i-iI<-j zLVm24%Es^ZgGxtovrlM=jFG|SMxJj$boNPX|dW9^E=?WwHgK<-CwIzc0 z_xmO4YhZZ<+}Cg|-|3`d7|BucLMbgvbQKhON*t%@FaC`c!Kc%!1UO`1Q2cnWMxv>xN3r#Rz7ST3y*}KGb3QvXiX^YD zsLhQMF?9Ac<03lzhy9PIMe){`9fH!+h1RZ+o-g5rzyc||!q08WjZUTH%f5D8jF+NI zi{hu$bfsftT5E>_T>NNw9O({3g_(mQOGAk5T8>0&Z{yp zKcI`*m#{=Sl(6t*E(fB{D*3CC`yNM$t4}yWM~DsP>6X zVpl3yGaO(}lL4_`Yg4(>CG!i~a|7Adbj90`2rAR6N^O$9jM;Z!180VcVhR))9XI@# zXwj>9w1q8<(t(qP8@?um4fJVOMUjbqQhZml#@hJdMWm`?T^AYI-nTe(X$TkY8&ABx zAgEztruTHCz+9KZ;0}^b>)qXDoaPSr=l(UMP054YY-sQ5_6If4dP4=2nYniVP zb9fL57>XY~ns`5Y`~@sDbxMY9GiBDA5zuy@SLj9~jS@)Yd*S2-C8o&^{oR{qAFcgb4m z<=&*Ov~-3I(B*tq$szZ8@d}CQ$>>YihoT+pvydVj;zw05F(VzJNq7ie;0Dz+)iacd92qUn*c5VM znkM!6yLj1zv}b4uW-P}>XIis%1UPx3rt>3>Sm!2w_WS^` zywNN$_vLiR4|~qs8^vX8J)DvgGh%IekAWPw7}EJD(DIues%)CH;9f+(+4rrev^gg% znXq$ukpiE+n*hdsAnm=Cybe#YahG6E_5kwTp$uWTM;snFRL)o(@0tOy^(i4dt%lkA|LX@-Y*tMToBxPhjVJ(Y$hNaLf7`>G>C zMVtoqakA0|mAF{N` zAI8#!ZB_+yM&xy0e6rADM)tSk@%pnLazeEbu>ID|xTSD*e{?RXv_G!-uWT2aUXP-n zykzI>y(-ve!|a`l2@#LkJrH3<+^x{|zI!t*zVn>HOBF49HcefL(8~65ob@voMnU^> zpK~f2dk(5mxH)@53inY>=07x_m4H4`L$6xS#4nA_vGFDfXf{GKXOMTvYEXm;wh)I+ zg<65Z#Qw%fDbdJxzEEY$gt4wWF*@NujdiYKZSVeKLV>GGR)KfTd`n!hN>{%yhjjsU zRBNuFh>TxeC=3X1Cc@PKei$E;wV>J^vX}IP6)RQ)n8ciWdzcbEr6^&ZO zo{h$1Q-vDV$)b@vOuC--AUSoAa8MNgpnQF3oL+i7*r_(%xn8h<@9Ki{4OWp0%n&3p zC_esP@5dstP>sEkQ2+hYSoJYl#MWNn#r^j2-%x2q4=~gGq4=e6g?rRVPxuVr0@+{T z0tw}%@@&tTSD6GxW@GV+iZ!aKYQp~aK#4i(wWx7@#VLkj1gG~J!SwOj&G7WOxtW+* zLi%}Lh2a9`Y$VXmLIxT;(x62^O^IHamR(rRtlVlMBPDVz8l&$(i3r3bNRfg4t?xcx zaZ9Mp2#(`u`%KD|qE*y}BK@F9a*xgj*G;r9vAoIUe&lZHX*S&cxz^lV%mK;h4%R!B zyHzM&7V)76NpFMzn^lfwe<|2G@3quqAYJpui6&g2Fjq}M{GZvdi@!W=*j^DcQ2<9ec}TK?GZ>J01!hmV`nfe_3>Ghq@&5OdL`;20aLTpY%U3XuW)NjE)pW~jGeHJhYxf{~n>M)k(SJ%>q zbgUle{T`43?nG*hMkm=%xeMkTj+x$ORT_(j$>5?i5$nFY@__YOkG(GJ`mHD#SpmN6 z<^bDS>!w%mR9;0kfa1{e!5?%_jIt|FJYnVmUL>Pn}Za17x}TDi}Uxpt-#ypyUUKl9R- z{YiLj{2q1r<5DuwR9jeb`&d^Z6vH*oJP`W>HQ2me>l3@g&uchUfGj{M?z#*s-9w0K zMpu^%I(rIlts}n=)A0zOEI$DsZLR$Nz%*$r<>Y=QJWgag>JUv-i84Y4#D94l8i2SR z#msF}(RV+7r_9W7fw4C92Z!=D(3;@9wzjQa_mxmiO-?X3TQF{ngeFs4;~uXk>xNu~8Yqv01=hG>JJI6WpYJ0KQqG7*;V@l%9-*A-p zDd7_NZca)o_SsW#|G*PmahL|;-ETKx*%U6vSp)@WVgfGk;?lv=4I3bLyd+N48Px=w za=5sSx;@6W(DHCW5LGRe{PYn2_MP+`&6!>!#XqtXS4htmZZSSlR#xVDqUhE3K9Ma! z?~>t|1F`a`a0Tz&l32OhDdjE7OAJ#V9J(zPylzhe&>9^|?%Svy!3HA1Ky0F*eHI5_ z*X&q31$jsO`Tv5oN643cphd!HIJMAqn!`4+EbIiv({zP``Uu&QKv^U9H*EBL+aAo| z{JbUKKC0#~PQ@nWU+xjm7Jl;lh)oU$*5XtU=>LiFKdCq?9V_>a~oLc#dc z4{+|x$Deq83pn4QO3)PNQ5F^mk5yi2uls1Bl>M|0bR)|C@*0Z2_Vnq7-YPReZDz71 zEwM1?rRj*miEDpBH-K15Ke_*&b+Q{PEw=ZiogIo}-QK*-KM6=g7~K7tjrel(=$T%( z*=H+H2;}Rsg53y-|95tze-kXfixepOb~H&*^DD2M30~SK4sXq z3B%EmeX^2Nm^06<+4TZesfO7A%0B%wk8C=I(O$4{(wgRC)U*>W!tG-X&8JOdL zed6yvNvEs?OoG2}CQRjSZEaohEq72})31h`f4p?N2lzu;5UGGOkDE6Dbt64eH71G} zpZ?wOMdv05tl*D}a>*8gPTb*=M4VC4v-KxAg){-57hpM^s|Ry4kpP)htR+^OfaV*A zMy8pe!9P3kRg$hB3LEu3=3$U=g+*+4L#`YJU!~bu^2TRMUE0|3i|SW$4}di zcolaU+H>r0SdCZDD@D-NZU5Y0o`^ix{7))R z^FfN!9yg7@)mCIjj*RR5w4cc$Mi-pB4`~5J40~95u;FKQAn%z5Z+c_nMjZ!uVlDVD z>Q(-`+nX1hyaMAZZDSeKu>wxSgHgSc*S?%0KVIRo8I0=2)o~4S8|du?oYDf4)*Mgsp@f3$ zm#Z#`AQ{lrB0EhQ+?pmLT!;R9dLr_uH)>t56fZm`%E~p?2y}@XVWeATCk<1ecEyz* z4~qFU<0+5LPEVcUZ$5KM5+sPUe;#dDt&Bz|WyoYZ@6~PmwF(cqY;Q{omD^Zz3j+FX z^pAm;%Df!lN;3h+(~c>W`Y{zehQdwsc1ObSkPQi}bw) zf;;f*KzkldZ!BzzNz z53p^w;#t>Fc0*4~gQ90DDvDoo3;yUoM*H^3V!Ly;%$yRll*tiWXa0*_FU?frdOJ#4 zM4_GgQkSJq&q2A-mE_`oI%2L8usRuelcrIS8;-3DelZ8~f04t1IT}6`QL}v%(MqH3B1}AZj z3A06TQXFPgsI`b%!RBoWGgGF((i}(+aS#aw{OYL60*-67zn?G2`w(>Z-zmQV+4PF{ zV*5Fk0PLg#M@Y$KPW`(RVXcFwX{(_bsanC*O-1mpnMD z?DuG=l4EGc{@J{5l-Gjh^QI5r7bz{-2yjCMjBSs}Ggh-PdDDP6(MLoRj%3HX(MwSb z!O2aa=HT}oW3{0O-^LRn^~4iLY>*t<=vFN9H2Z#Da~p`Ixo>|^*aQFlFcz-HGj!Fv zq;KPm7viFZw;*F-gzi0rg-O}Bv!*3B=;tAl4oYBBL1pvho`m%C@v&zM-j7&lEVnM% z(bcmS0c9R7EGZIwlQ|bWl*vOVg?KD9m-k=H=U*+LBepF9Ioo{-MY~ym?{WP?4T1m^ z`~@)PciMD;{^q4PQC?evYl%i`qgY~W%+ah;C}Vm0URK@t_%aI7O>c>ch) zmb;XAB2^K4zixu^REjkMv z;y5>sN)MTUPQk@<0<`faY`!f6SQ>_?Jz->YDI!piS`4O`*40ue7npzpqMCb4Cifc_ zQb%>5&4?gA6mTpsFBoe3AaKuJzV@0B)e;ngfG}n@OAi)FKza{s=vH14G%e;E&t=I; zwTuOtjNZQMGe5L*l+Fh1>`z%~U9y4Zi z5>dGZdjNo;;%{197K$JJ)=MHOK1VFRhfu^1+<(DA0X3R(&(zh~!ya#XS?r9#+k2$i zE^#sAvN%x0<06J-@jf}Cp3vK9xiM_6A}MFDzQ=JBx-NbgX=bz>(*iBpH}X69=f>WB z^Ugs>HAUYOXQ{_~_iyO7$V6%+n;ywAR3FVC8|fWUWJr^Y7WU4~1Vps9lq0OHa$JT6 zz^=KMFg3<*|A@Vz&#zKoy9T79ua&*ueZ!`Q%`TkHC9y|pHB2~IQ*^Q`{}kct_g~uQ zfp@d~TdAi&5sSgc3#*>frSTd10zF1`fGvGJpagt-+mh${T^?fP_oA*{rh{%s)r=2B zhP`WyU6#G%#C{r7)?E_?cf;0^*S2}KN$pso)_GK{ac%EoYM^+V#}QB>VY$a}(ReC0 z-VevPRCw{o3)UlEB^sd`(lAvNztwvt(;zbFQ?{W#UC6DQG)B~}cv6ux^61Kaa-vAu zwpC8i^vHy9%wI)>L!)d3MaA4K_+P?YvV3A;sF8ZnPrMCMY(ZVwDb{$`)||o$5t1}Xj&-I*lWWc+MW4~qvE;TeqbXG zq&WbX3E`)i7ze}MLi?R-p!{~hIOqB$$Z%2Nt8%r?xGAm-YEGtFaOYwI>of4!@BK5{ zc55I%r$35sd$mptauuHo%v%fLElt`u*l@3+h*rFQx(qts^i)O zyC97lQSl9NcK+lslpTGD=@UrlX-A=pvMa|U*~$EQT_8eubYkJQSY?1fUyee-;|9av z*XBLf90x-@k$#IGgV9A;g1&GrQoqHvD{<)^)4xr|v{IX)`Mw+?>*3+Cd_4LpHXzqm z`evL&&)t~e=Ea3)k&5I~^7lzz%nNjLgD5uil1Jux-$xx>#0^%Si@ zvn(F2v&H;y?@K17?J-z#?1xe9?zZD{M!cV>+n_V&NAPHiE%CCZ8vv2 zNxjyEeIFaG|3NoJYsZC{=LL3*wn;;LFOQ#8$O(s~jMH}enexvXW5YPQklG@HdOjVa z6)-ohh2c-Q$R~}>BOPHCkOoa$#bAzNw7)7=?u&c{8JScy*i^aBD2Fi6dN+;ysqDJL zVAd@Wy}j?{nY!ih!F`Z`;b($%r&MzlpgoG4pNjT)gEB{KV`<5$0klQVE2x_)Ud@aS>H_gMio{}FxWiOg<9Va=90vOJ5 zTeg?=@Qa{vs*J{yI2c)9xAMzMJDk;EupjY+)U(RjH#~MD&hcjy-EA)Mhk5navMZUp zJ3_4bqdVZGTO7s%J{gr&75a>1u5(tjF@*Y`%ME;Lj(4bjcmHwAve~dM{eT zQ{H)C^=50gLWj4)=6yE5Ad>v#g*$D{ZXcgovkaBIEXte%D7emJ+<^j%hnugy zth{Q$4y)E|nyfErsCASdQo4!_VFCl&f2x|)JA*7OQp0OGeF}8kPMbNorFZ}f7I~pJ z$qMbxvMc#Oa1^A_3@TudGdi3}19Y#U{Xnz7C~ofig|1FHm>)NS-Q5p9ZVlO8=SSJY z0%ud}zFSJ?$F`1eD9+Tn^LqJVoyfpkdPz#J$#Q+-^ju1Kcxqd3%U?>A> z*?&LWX9A~E4eL!eFRu@CRp@f^%&PWpD+NQ~#Z1fvEQQ-z2Cv}L`fHDLl`gz2R1OPJ z&-IkAz6PDD@AVn#pNcD479wtOUnUwbu!{TR$HZM5Xzd9Oj#I1XLQV94(MjNiFMt~6 z!uKRjBd(A>6<-NiaohTXbHXZfy8f%8u8wesR~oxzL+J$@N>0w+EPa`>P6bPqv$6ZS zDHqCLvr6MFbOn@mzrrfeK6!i;E0M#bkXDx$eCNM?jMV@|+yQpqtZaYGNZNp$eExTA zlNvzyHSuaI9n3%r<`nns%?++=(FtK5MokL|Am?N!?=5xwsI$X11+6ogi$V?~`K)C( zRN^&#&9KyJD%%tm>S zf9{euPFtp0fx4CdeZ~8?6V%jdL7`Z{y%YyrKyBOUslHPYy zuCM?0*mB+zls5tdE;nqB?;xhH$>N&MrMa={Kr|!)H~u>6-K~v9XE)uD0!H?q;obBK zd{w1<sYJT{Q9U=a}fxPdi;T?e9Ct~o6E7w&;s z@2L^%-CQI=*|xy7>~lY*q+Mx^peLQM%hqV_+&=hBW#zT6Xa1+>s2>aJ1s-!O*c^>U z%=m`&TI-KPLB15gQhaBJ-^_9Ah{o)_%WGp1@q8B*$tm+nc5a#mzjp%}*!+8v#1S6M zE7tvu$8RkltO;gas>x13ZG$eEO9Z2;W{2ZhA7WT=+b#&GJ2r&4(6JtJ zHSfO+r}}zo1Vr`Y=ih_Dg9`HNAvZkpG4Hv1mw%=Y@=t9a9SG_(brg3>9L@ZqteRI# z9{&L{X#LMCz?%FH4Atmn1%4F1eXXnnU2oHkb!r)$rCy!pQ;kChg@gEiQ z?D*2fqQJ@-+}WYpNQ(OXXVpIN0h0*9t$4mBe;Pif=oNi-^;`Kp#l{f-__>{i3tK@C zj)>UvcYf6vHo9iLA zy0gQnBg=V-Iu)*|v;S3?9<@UXJ;L)>ddiaujahL$+`?4R`UeWXo>%$fZx<8`?K?>{ z&gSW)wUrYmNI-xN(sbJzdbqd7C5rR-9vC|RXQiQ&XWg+0RYGIcVOQz0v9_SYvs~%z z9mVEpokg0whP{=>oZ`e07Z(wB{pKn~Dqs><7N3(XHG!`X5d|SEG3#Jj@aV}1X zcWy3!QWP5q^IkWimQD{ZnN!**3LVZ+V{UCd7adamKz5JV3u?B@n@&9&jSwtP+y0 zo(;jcby4_^V-+))K9<9~=P->G=QQqyJ>@d3sVMHsU>q#FTQ8xO5|T_24W*{qZO9ip z-?luR@wpOhbO&|ph|xjy_{s3Gmfki$=2^}VYS}7^|CK2$3W%i_JgEjo`1^0oUVzG_ zH~H9rdrmsUp7p=_i{-a!-olB}tfXNlfhqaW-8d(TqJ<`Bl z{k9jhv~h5UUzYDO?tDMx8td_3x87A2ip zBh!_UK9Yur<{P_?!}ixE%_)Bqd@tR``@8A9Ux*gLy%O@kB8ayEbVGPzN2*n?y4SvN zCl49t3i>|F-Kk^L#(6zg-U}B(tc@xm-pvY-cYeK*z73<{)GFF&_lw%?lKA=QA+u7f zD%7k$~j%7}}(1)&7Eo+NxG=E#6t*9!-5eD9He-=LL60 zVr~1$QHuBO;(2XdhB+zKGSB}U@#4GA)U!&;i4VCJ{372iEeFvi`?Ld|Kf!VsED=GO zzS^cTW=&j~P<@Ud&qJ%)hj*Dz8RVot(Q3i?Ryof+IUem3Jn z+8H2!b35|fv5cyz6n)Z!%l7j~m)b)<)&Ov?NGS99NL_WqNLHYy55pEM?eAI&nCUSIjy)=y6z(YQmP9tg>HH4y%mTPZ!w|8nsf!4p7|%& z_~pyJT=miiYDLBb!mbG?6{{pz?86St3&pq?ASRxht(sW6Uf(dyhIX^Ld{>__9v)82(3J#bIa z6gugm8_29~OlhB@GhwQ92B#U#JwIgsN`I60>pS?zfg?SR`|+AiYOaR3inE5h#JRH_!yI#x3O?u}e!x)r`7~`_9 z(V55JxFg&>Lvfgw5sI{c;AC+4Zu4f#uj^|biG#8|XM1X)6t9J`LELQd(8^BJVHr7- zAJ=x%rP8BSmz!rYt4q${Toi@`*LF|XJ4_)pBZ-}_{XsM|$@~GgX)y`jeSk0(lYP}Xx zydz?qOJ9w|H~YGtpeZWl=&4V*N80b68Hi)SJv4UT=!)cLd!_t@`BncG%n*(=i%OWU zzmBiBiEOZ@6sxcB08IxZar?YHbB*Cqdj7BM4?pSVelQfRE{t($p=1iE4dlZgp;x{*Xh>)UH+onJcy#;Z z7U;(HnsIOL{M?Cs6D4T*zSDgrv69}wc#)8wg*=kd!alslObui`nxjsLKbrkX_a~G6 zCHMc;dYW#qIq^S*jI#uEvMXCI6vd}4*9{6k^HKwTptOv1r z_U>L2grfkH6(0|j0Rfozq+ZD8* z8G0iAF5{Q)gSAlSaxbFE1UXmniIQy>d|jS)-+yVlIHmK(7{IW$KO?4yEFg-i4j^~6 zZ2_0QhV7=#ii;7Zb;Vz3OcEOWA2u=0E_^gEU+_=-0bs0CN_&C0=^q#8M5iTkKhC!NRhdf0esu)5_93 ze|EwAPxH}}#|Ok-3^=^4_5v~vP=#&MS^*35OP3x^Jw01%^xd^C0>CEwDuXT;YDh*y z&%8SD=S4pE@3WlSFHA_KB}Lg$%cIYBLdNJmxwBcmoQcC>oGKQFjV&KSP-1P)>MJ<~ zlW((YwSAWtqnuV0?vtwis!;5@W+K?K+iVKGQK}WzVW4uy^mq^RSq_`((z6iWpq4^+ z$lV!^^HjpjV?jtB&$o3WZa3yPL6F?q;Yj> zNrA@u9Tm=DrcrQ{DQ{W0Eg6TTc) z{*f<%QSdG8rpv0}D3UjrBev`~2IUY8vZu^PEY*;#i#)GMmm%n-p|mzEggO(Z*YkbJ zf{lBl;_T0(M8gjzGd5>r!9^eP=FX}aR~#V+%=IVva#A^^-{p+&2nitqJj%@USG@f| z*}Uqpvg8GQ4fIs(@73493f~4k%M}!YVD*m0=jn|r6W=RVHLUM8Ua`|1m75W4{dRJz z6R(}=)Bk+0ma&%xV3ny)%_66#4qV9rxE6D3Zh*Szl4E{F~Y^v7K$G7hI~(R;!s@q;elTy%NCc>7!Ze z8X_66A-F!2<1oTIeO$?@(GWdTO=+O}$`3LLUsh_jQ~FD)VDo!2i6Q3mlU*0q#5q6# zwESXJG5}6B)#1DFxU3o)v_=|Di{xer(a@Gp)uk`KH0UDAB$6Z=XW{wBgZ|vz^71gC zuHP@#_e6Y9o5hxQA$Yu#TivG`Dz{=eZVKT?tM=wOoEp$RAAT~v!pSfsH_T%(d&iqD zEvepIQqQ@}M1%Q<@t0Cxt10+OtgQU~O3?pZckf17!nRE>P1(usZ^iIN`@_cD;R~F^ z{ib(r4x8p@{0sTMa6XPnOmIE#QCq5>)m3}JZMVB(|K3YUEDn~G0p3yJ<|1ExB<^<3 zMs|vH$${e>uQvwl@>JV*S;rP+9c|QI9F2XnQZrxG%&sBlm^&<>(rf^5-#AR zMlr%%MXs2Ctji8v&ip1l*o*fG$!XMwdv2f@Hbu;B-k6LA`W*P; zEB~*Io!WIC8L%vZk*rbfyGH$EM003B+eBw;P&KK$-Fr6obI>8D!6-1{PpNTM!~dVV z^1eX4t*uPf475j}u72{;zllrDfS6&rb=>tJ?=d3?0Xg-Q{nwh0tLX%OO~AJ!O>Nmt z6cHUQ=2Hv0000xK&IeA)1sJDidS!PKK8rVNV7mg%){mvAz8Q?$%1~R{hW>u3h{Ol69%9+eu8ftpDTM8Q4`mz!43Zs4q7+1LCs# zt0RDP9Exo^As}CxfX84gt`Vk4`HRjuAwB?&T>Hg^lyWg{6en1Dvm=j$>>y|7^w+y@ zq&WN+0j6ja^LkQ@i;aN_MmBk+2R5yNUBjB%jwO#vhCa@%l`;awY->LfVQ_bCi5i&M z1;R(~EBRk$Rgx6MOi)VfPVbnBHO?t>ix(`vbdTMD=t@bDl#zh0%WD=(*)7RpcA1y* zzd&Jz#pgm=ff}@k$2QM*xQg!@S@4#t#O&&%q&%Pyc;A2@5y+n88WL4sCv2L|wueP! z)2*Te|L{@J+wPyU35dywwUUHiDqbvJ zx-+fsZULFo05o>|@Np2RPpnYe3>*%e6=%`^Zxm15^vJD{JERnO!_k|Y6+QsLL&X@{ z)CBmUid_LYvHtX4$}h@x3cz!~oo=e>h|2{2i#8trzSO2q*k0XbtR&9D&r+{PH%{nc zKT^z0#AU>9K~}N-f7g#{C_ z3jZ>6%}s^MXxr>q_W=d{uY1G38s^H0<1&b;TURdPbo^2S@nf1eMy$Wq)fl`tk?Ol1 zbjtW&oYDI!jkoxs5zHyKAhkH)x3zRIempNXW{n243Pf`eGaBHp1GCyL=WC&;QZNxO z$O*Qv=Rivzs+D?okSqjsB7RYD(;kMEtiz1gJ}h_7xYjty4G)B7`Ql$7F}N?b-93f& zd*ELUbL8q6uMOEHD?_sz=C1MRgR!LEFz&6LFZoc@B>6hyRE|uKNgyNQ!Mls^CgEvb zPr!Jon(KNAC85Z%)VU%r#KL8gMQZi=!>plRug7dVuS{wT6ZlqrX-GiV2_?yZ4pIy~ z+%`oc)SaST6jScy!he%PI3zE5b+8W1v5I1@gp*5EwsU^huf;K@<9LpHMxJp~5son=esoQVbBz4G;@3&{C z|7YCb1TtImdYTst6NezCD_5VR`U@J1oh7c2tiLA~D~u>A*~+0@PVw98tUhtooJXV_ zCEOh%gCs68tv%cc^x$fVVJDJuS@fr}id8`l;X2B-v}$7>A|>})y!&!dSrzU5@Q{q3 z=R0r97is8L<=~2?bd{7Ck_M2^A!WZ`XE>GM8OD-f1)-)9#kMdAu zWy+~kKOXGs;#pcIJsu8B*GM^8sXMFI9*7T3>CZ}U>F>bRnb18_2VUV*2*jfQO<==VT%vD*R_^j}va1|WD|Gn-FwFxkr6++@ zd!VGx=f~jB4p*{@XGpBXFK}|%x$?tg%qG@g7riV>ie;j z8F#iXuE;|nX;RFxoHs`@8V&R`TpdrggU}9X3LUhz??q6i4F zwTcJ`6cCwFOL-1JWe_k-8YD(05g|Z8kcw1eM#4n=GNMtZ?2kV7#$jt}u5JdzvemD1VjpC^j<9Ul=WieEuT$wPZ5agw zOOxD?aBr~3GasG$`tkU!oB46_8WZW;3^!V{ihjTt00#C&$)Qw7(*6X;Fb`xOI>~@Q zHmsQ+zm=>}z?f~s^{8W4Qj=R3>Y75%oMRQ6?yiIFP+KM7u@|^k56(UfTt4lC_NAdp z84HC09sWJN&zkj~H*?On#RtYhJQ3pdTxEEx8ZUk}mWJFjCg`!-3(q#$L+lac&<`({ zt$}IJ$rRsKvyR(Q7Ph=_VQ-3EI}M#Ag&gXBKn@RdAF4TUe{`t*1R^9@W1tR_(bGRO zZ1a%{Of$P*)Ls}=*yh*fx=H?*e~29@*@J-ENi=jym$P@*|ALLyNIZ({S=9vc#rHUV z)=#b1HP!Z}$#l`fO==c?j(1OgQa8kHp%m@XS1*2uI_Fs1$A5>{+dco*nS3$KOnDB5 zvuEje;iGoi?_H;@vC7~k=NjAe?Bt?o%&Wk28=Z7v@4XXfqtO@7em>m!^aY?%#YGOm zMr}|ZbM7+BUY>B;*~M1=n%nysXC0KI#tAyXH68v1;l3NOv}QQvmD{MGIEQZ&KYoiJ zoVEc!QrbGK?-aW6qFlmrX?n?#aohVT{r_fIyA#ZM>tog8GmKs8Z2`I}q$mN;8bfXR zs=I`=wg@O!tiSAzgIzrhkXcP@C|5Ygn;NL7&`J3FFvwD8Db=h|Ag9sY5HmO`$WqI+ z7avQkLrOP*cAMb7N)ADs#Ad?Qzcs#t+<(w70s0_*BQ=2~5=*~!)JJb7=4HTLR0Gz) z8vD!8%odRNk<|6T@S>SjBtiWWi;2@$*GYx{5vj+QoKbm-A4wadjuN-pvjQGRCrY^T zz$EMv1HiIJ67J=X`k>SSJy-b#pvItgY0Rp=KK*mx%4{o36P6Mwru4)R@bV5QOG@G) z5wX+nNXS-PC_s60`q5?Tu|$9;<8?btbbr+&cL1&{UD6AKhnW0`SiC+`XV%Vtk%d~0 zi&~1Cs(f<(67YB4TF|G4Y7KyTew)Ct#b7W~jCx}a(3KUPWGx1;^ufSZWf#v{bWd(wUbP%0 zw@m4P?+Yw=VoxuzC$#GTD;?v0B1JD>^>?B=02l-RQqv)aqvjF%CFfetpJIGXK!Ah| zVq%b1AePcWK)uy~A;d@1qz1uskqAJ>&nZCO(=G@WcbiSGe*LhE*>@3z@0fzfkGiYHA0)ENG)#o{48u`z#3O+mx=zT zfk?*M=(5R}u=%-dVwddi;csDS>|2L^+|GTz3g1I3`WI#JZT*LX*3vh9>AD` z4`ZsJvwZCVqPml~OdhbiR+axHrnwC{2G0{ZB+|WH&+%!#u4a|4?TF7}=O;!kiEf*d z_cHVi&;CR|hMY_=UYUih6SvK*dGJSN0W9HSa+=~s;5h0Vrf>48Oxt`j9v$PcGPl$l zgKDj@&6((r!ja4tiXPk#xKLC4h}H7Or4!fB>8a8TdEQhsaX=H(ToaVn`bwVlY>(|t zd6CtG$h+vmf&Df&UbKwetEFaq4nM|ZP?d))->0pmwnZrtI`CzBKos3c;91aA3-F?K z#)`PMg)oyw3vmYx43~NN#1xk2Nv51uOkGqc>J+x2=1x6_y9@ZH$E%~V{D1&;>hq4fQ;h9pRrAN~`jXJeY3Ik6C&j z9Cb(YC5AM7X9(=>i#Y&H?aI}xdZHLlp1%7-3OXsSr0TlgITzuy#&#RfsT@Qpsr!*r z;+&k=HqApvs0JKRrg|V|3K$sjiH6yqBaS3~%Y22G+WtADg8aRaoF_Y0T!6AR+LJ+x z-03d7&hnZ@%bTmui12yHsC;QsNal!kPzxB&NWhoyE)MM*bTCCMh~AC3g#|E$PXmlj z1t!RSCeNI36y!2{5mMkF+X{%kF$-e3Mthzmc{BpsoWU^cITb@vZ$@V7%jR); z%&GON-*Bl{wi)|l_f2Z$M0S(Mw?8`v3Mgh+r>UXGBnP)Usy|QK;OH42Y2-~I0Mx#; z%t0YL^-X&~-PdBEn0wTQ>jc_Q18D}aCgvW>sWp+)ak@fpL_xBYHG(OdDGLG&)s504+ z?pQn_Xg=?3NFNTAaa3UysvB>`&x4~OHLko5eOJD&xSQJwB-f}N+H%ks%n&yT+N5GX zdCow!r7{>ug|yS?W1|WiZGVt~A6!u^MI#F8>gVBb_LfodVtt%c3DHj9N80+1L-pyZ ziC4pT2=;nR-izr~@}H9Nv5yW1HQSBkG){RaBWFVJ*i*mQV8V8CjBhP~3dlSj9rGA#RT`9s{D$6t@oR_~e*e=>0P`6^hT>7*X6-g5CsTK6<3awZElZp8s#L?w- zJD%i805@i#rAE(=*GSaG8lAg1pp&YK&4@_Eg|xT?z7uG*J9+wwH7CKX7|L&oz8e4O zs!!c!d$ak>Q8crHQ|?4QceXOXut+&!PTzMjmPou;s^*})Uv1}pTkM~KL+7rztS`GvB{bZR!*+3hn_CPb|Vu(<`v$FstSsLFpo@52b z+1q5K5iD&Tr{*&;$9xAD?iHm!ogm!Xhi<4Vo4s~AKi*({b1W?wI>;5FT->#S1{WCT6wqr)SJVqHS|2}o2I0U2Zn0AZX{M;R>ftSqcOSLiofnd_ zA&jxUA);U0ZC)(ad3#S{W$1?`iqsRGfT7891Cp!aZ!D6(W>z=QR1_pb-voFZh3~~R z1I!n}@6m`(2R5lNTO|4fI1C|cR&@C4dVpHfL6e?|#!Gz-(oFQO^TUj~Lsm)#jLvwS zmry(BcUIYINpW`o2lvh^_nYgIxG+CJY6TINexX!N>gf9_2MjYFa8{5^M3kN`JGxBV zY8?y?Pv9HY1I@)&liJA{c>bUwXJ%0lGE#PX0Fr=Zc{n6#f4ex~>{X?`tCF zh{AE;9385~uzbK%XqSKRmqKpPjlKqcw7Xor`L=Gp<0dei zay}_*mqWHBD#<6iUOEaY8yIX?s(6_z70jb-+vrC<1-49;QU5}PJFyviD0N{8! ztioKK_^!q0TWk|bN=gnc_9Is#UicMvYSm7aLlxI5cNC3tVUPT%tn7E^JL>1zZ` zJH$;pz@4%7)nCKDu;@j|?r5Q`Rw{T|6EsiU#U!##4FlF#u&MIU6o*xK!63< zl`OX1g13ZyZ1)D}_Rmai)`meuLdjCw%K<<2fqvPA01YS#^3Ez4Y-!qZRzNhzrHd9X zGkTmAD}*U<6d$_6!W3GT?a@qCCIH z@`~OHKmfDAoVRCxnywbxum<93LqzDKWI(S@f$ay2rr@e`zYL%fK_vlIfyh?bnOdzY z3@A-w>Pxge7XC4^!1v_|>EcBAPLkL+KoAL&0m`LB5lF59-A2 z!@WO7HCg* zuUu^2F}kphF88`4jGog!7nSitUI_dJw&!kZTsgA-W2yX-hnEqmTq+UnE1v^HM`ucL_ zp3BYl_!<12yhL-2tjICM9&gCTn9MR~->vJTIywojbaK3U>|Ch_tWOS}$QJOjBV_0h zXqr4eGDY#ja2JxlcY)!GBpCC6cV0XO7sQLu=vRY&M^T*<1U{ji0NIW>Ey#BiK*nERDmfL(?)+8;KG<_@gOPii;@;#sDJ$4sC z!ivDsL)vL_+R349TjaX@+tz$WJqHoY)ts4Z2)WEMg+d~osE_8hzMGUlHeC3ok2z3x5R%IOCZYYw6ah2gXd> zAD13T94b9?gaLNwuh_s4w2++b&N*s&$XB=dK_IiGd3UnwZ7wKe8()ZNkSxCzJRDl$ z00r9pXSDSjw|OxkDP2!IW~u8`@nOUn$gP+Ca20G6%J>1cD*z>sHF+Oh3cAESO=q8P$u2BZ$C)lVuSQG}N5tJeOmEv? ps{sJwj*asB<-`awR9@)o?FoPLPk&tB? z%V5TmeHq3&mKno)&3)hR^ZcIA=l8y!_Yba_Yp!!YzsGT$$Mt<~Zfd~8CBy{+fp`pW z>D>W=_EUk+qlXUx|IHFJQNU$i&>e#tAY|8>IpE6ykLxDaL7*?m+&j((f$v8i+`1bC z0-cgz|Lrrpb72_-x@2ppcik%7X>pi4!`gayZ)H@WNufzZv6)+7<;g6Ey~U*hw}?-@ zR(0*r>|W#T(sz8*Pq#kYO>PyV2S~gpYnO$8HS+#oA1*IjapR65QE#ds_wm=W3SW=z z%;2UG6KS1V@k$Ca8L+PHIw*=xrXuP$v^;)yjEq*gFIJWc2??nR13ioRKKIssKk(s} zV52&4d1W3O0$k31y6xS?nC>)2ae_dzhpnxxi-q1?UJ<8q%{Bl(=eWH3a$EPj0VxR9 zvpfwHZ#6-R&%LaXG|JT{Rl=}q)JEWD%+O?7enpw?n1s74m}YX!ubrOQBzzPEvMTWt zxt>f(ve+1xiL@KFzeTVTxN!{x(($i|TQd$x{^g{3lZQIkSdB7BJw9wYP6nEk9wa^a z`@1SbFwUZ?T$HDuXf7(JRF+cC3$!KM9Jl=7bpI*2`dODr==sJ-M?pTLf$6wKpls`9 zxksgI_0>Wt zXRu?*7KqkVlfXA)|Li*WaQM~gkAk9^(Etu`ypnwPoew2I;%Lz)97syCTOQ(I9_ z;^+!`@%wVX2q#v>F1Ha&9nIND|U9~n$NLcmA|J0 z73L_kLfWj?xsCH0)!H!)UR_szExcaq7^!LW#b;V3%JQCeRfX3LzC@*o)P|KD18U$b zwJodSTw=vRcJYL&9(~wP{=U9~ko?OXPJ!D#4oasn(EIwNynrOX2+MVZ5)%(q#L?Q_ znbooD@XIQ~4MyH>FV1OvWUWEnIceS-J(eBOnq-87pEm##I!A{;ugrbqBZuKxA=JUj zYF2+p^}sNmSt?UfYC`QTe7n>j+UZPr)BJ1YxCW0tnR)SAM9ttVT*(1TUUT4-mciBvKQc}VI@UK)iTR$&VoI}1rCjGnzaeXNtN~IFf*O2y;OI;`uiJ8Vd z+#t~HHW}G{k5(Gh7JO1)R*Qn8^6jfXhs;;5XEv*DF2N1a?+YGHDf_1DLGO{BxNSbL z!ru?FJkoha`xXj3I`mByH8w{`Aoy<+_kK_zSN1iYKsN{I0n4p+PsM6L_ z>G5;$K0My`cGgQ_v9FfAkkr#*qml+2v#Au@CHgMvSMII3RXXUWmpOWb&Wv_+VcQW= ze(j72huwW8cZ6pQvqc!>=Y?5rFHSXl^aesP|MzgUz}*m{J6$yV(K4GQxIY;${U zDV`2F;%}|(wCSKqNaP3B4A6V8TPm0>yRb^9kYY~REa?4Ex{G_%l4t1pD=U|MUZ01} zUK8J*HpyHO67C;_C*l<9okGxF(k55c@#9aYHagb`w*pE-QW~OasVG=i)b>qVJXN3? z*AlHwWW`$sSMh;uR;YRKV~3%*1W^M@p7sf#d!BO|M!sKj>Jdh%XZ1dRPei<6cnkY+ z2gg=$QK5r`g)+X5-7TAvbNLY|gU?#gqMLQU)c3Uy<8etq)K{5g}f^@buRK+s}+$kf=l6E(>vKOh=Kn;<(y zdnFC;&1Ns+1M2#~yqkMJDL#w!VWXy;{{#WL?$R#n4v&cEuJ+8Jw?p9?M?5D{K;=17A zUW}RDrYLwZQ{u(Kl)y|4CNEid@%_We)TC-GmeHHHpf3`3hY_I(P91e3e8D=u6WM6C zpnV~uoltGK^@OECN$sFNOQ~qsqwm)-_qVSI)WKm(R=CNE(ry%lfF3R9sQh~vzbs< z!P^Us&OQQ)xziWWKkP?*vW6A?%a82qUQ#U@afW(U#oBe<%cF4Sfsa>ySb*oNu7sojq%5jJng9mT=s<-YDM6^SD{Kzi-!<+;0rNZO|ZCkFXG^%JrC=3+g zM&rH#n+uoBej_#aU&o-_7mZ<6z9d?z!8E*Mv`q5}GMOjU4 z2o*)2N_8~fVE#IJ0=T^x7&x7?5 zKrXj5({A|htc^YYtjU6>?ztiJN)M9j{RUdJQ@jsipw_y&x+C~~qwux{s6V-?tq;AP zUtHYwE>TzwJN1l5*pW5aqF>|pkp7O<868|VD6{ktHgUaj`?Xh(c&Hk#cIxS}DcGJd z;=J+D2=Ax~b1nfSf%NU5pi1!CcX8FVZ&ALzwx(z^(MKQXvxAf}hvD+>ti3fQ)it$E za?ylYWmD4CA0?%053W0Aof%=c1%{4VRF(zJblEsK_^7C;Ad&gE3r#b-^Giy8%HE_u zc)lZrE0;4^bO~jBDH|=@ooBjNrdCCZcX%+;d1yWxH1Em)^nq=B)kOR4!+_?t!t|Be zkS&w7JmCyh9%i|-A42*1EsAn3TbtbQV10#@XX_IqFA+%tKu}vj!5}56}mo=elgs1v;L< zmY1LlC)x4>bW7?#RWiE{kj{;F9h(UG55G?VUuMrfy@-+9&Z1A=cl}>V9Ait)nAr1d zDFZrk^Z(w|KLty?Jv|39N@hBzJIl<*Qqxua9)`%myu7_1x=s8@^sjYpI%KQ8{pFZ{ z`oR-J=NF&uMiqJkEe+UY3o^08VZFZ8q1wtm63O1gB(c<|xEoNt!Nnyd4~;Cqj_0)n z@BS}CcMEwu$NK_m)@SeMRNW=i5RqTHxif~gv4$?quXY>B4=xN=E)E3|OwivQY94$7 zum92w-QAvXNR@-!DHB1N6FAQ9sgDnEfVTfg&93>XJoq!xwSMJseA(`(S=ddw@yWM^ z#vku1xp$N+5j1<`YJTtUFSrsou9vRj^FA}E>l*EXOxRFhJhkvj(6n*?^ya54{zF%* zGneG&3oE?)q;U%s?U(^ko$Xfoz=`fJzmYiF!xl~vmkTsI@e*dJpHjrCYnbm!%O^Uu z9~Vt*QNOsoSd~adXU-Ee*Nh_};R^}=Ys*c1h0yHTYYoidB`gaBQg^x=PiH6=+AW^T z4!ueDo$ku?2?+^Ng)xFPR=%HDY?I8cdd$H|jy-b1ce3?$=uBo9d3mg9*wFj?pU05d z5&D>cdP^@hsQ~JY7B0j+#zc$pPJt5gzum#rUsM+Eb||%~egn0!GSPzL<52gX+ZGM~{dheH61_bYI{PV}T;bN<-BK2@Ha&QqQ)Dv9 z4-}Ksl0kp#-1Ka4EMAN@&(-JCk2FcvkBCI1^nNx>88WoVTNDb}l$2d`X?=ALiOg9t z^E678LpQ*fSk;xh`z|d>Xtj~>CL5&V9C@GBGx4OW=S9+*<`lebXFEd?5x`_DEL0Lq z<0qc-X$^#uy(Dc3`jj}aC(Loze?O(}E2%EiUS_YYfGi%3}Tb*(dh0wSN& zxjqvcy6D{x34<{7N^_5u6fMUVSTKNLkD_IYs0WG{mF){+_&^pPlT@_s1#rjhJb*i- ztD$DdA^i{lCsv!~qlr$y&}9#u2Z2PA%SU*z%a)SnaZ8S~u>}!1;|4=bDcPpM0rm9v zr5rJ-i*|X%iqUBaJKF@fsoB%HVO+KF>;5k{m9HT2#}kq?gzg3qsx-i<`oHri>(qV% zsmx(UpUKiW06MFEnCkE;<&A0R?*1M{mmf7LpY|*(hN3UajL0v*%=&}PzDd_L`zQsla)+~tEY`_CdcbdL1&3c&Uv zJ{5fRB)`~m7Xs<*zGG#CbWRe|VJjh_Or_Wxq0PFr^{*7qQ&;<<)@?7>_68`Wdpph9+36fY9<^M~Sr{6EWib1uy4%^7?P z-Va-USGZW(Bmc!RIxs6!mA<2T)6c$8Yo2P*c6D(7yB98pZ}U5g=otQb-kt5KGOps+ z1;a$L;)~G^-ReM<@LcPC<{z&<%dr9w^+J|d=c=SVt5}_4NU{{8(DpCRo+SA*l~Rr3o+oHA5wg$*%|5Ps4*XQX3SYm<;l1QT8eZh_3=SNlc&|#p zW-v-jHQ(N%7$C3XmuR1hRN;-C@3gbM@a zlgnt{qTr9wGuB)YM+fr_5{F^>@Y2%apO?y+IdYrHa{;)``Gxr+NA^OVOHCOk1%KB{ z$Zu#E@vo=bY$_ojIFb#@$?wG}*^0_8_4cgD`Ahut{CA482B}s!eJHLCr7YV_U>HW~9X+S$IHEe89 z0&vAwxR$Qm`wFT)P@aEZL>F^vpb4mLp6@WQ4aUDGI?cHb7F$YIBZ`Z^3t#p zY=+SXl%fmC80wQv{4O0Ohma{U%T(`6ETO7U?^_YAKI-y;drjVb1V>>+;5#e+Cq;`~ z4Z+V`xfTwDxB}gL6|R1ok&#V9C)5;g}4Fd;P4|1QX*`{)h3*F?KDNYttY&40BSnE_9zNHa^c@uo} z`Js)w-2KOUU$Zy!_}qchU?Qon?{2av7-5TYLaxvCwD9lQQF|pLbFB?amLAP$%=H)L zL=(W91Lxw;jFS?DRHVT??j0W#RXu;5?Uzg2$SqcQ%E=e{O;pEWcT@UO%PWO)v4>O# zU@SN72s+TQs{ldnW*oinr#3NkuDiLDLV847z95|Ciw1_!pY54q{K-)~v|(1pHRR0d z$wrT^j5(55@e32!D}iBw8{!L~D@NUl-#Is4@QpmqNkRa-?DmadtB!0>{yQP}7Xd&8 z9E{Fv&%C_*Q=VNJ*GRv9eT~c4Ic2E%Oe$w|=N;tmd@G>2&aMPMS*xEOqGaJm4qQ15-@EoKr}qyamQ4#%K9Nct?H!W^vzJjAQgnr3lBvxpcp% zoIEQPW#vg0@44MW`=e{UdM?`bcc&HJVNcC-IhaAAsN*`=t+ z;M=eE+Mm83hevBwP1+8|hk&FGHLAZlN)aAN5$%mDcNzg!;1%bNHQ%i)M~=vghP?T) z^wqx^X$x3}d^kw2x`QZxs4nA%2Spm+cjKO6Xuy8TbBYF#1l0XP)gV;)T# zz)tS(`IpYsCs`b;xy}PRn|+&})cg`5DdsG~|JVV~0b0#}OHc$fxr-2B{{GuyW>=qs z@GSAe+%b-1m|SZ(K$lr@<691DhtDzLOtK%6B_0FaR?bp#M{E zPk~A0SW`R&h*8KK8C}Y~%q<{Sb;+`zCNioBkLlS6bc&pl5cpLeL;&{#jQuY10H8F} zvb%GCmszZN1<@+|sM^M5!*58%$&6<`_qi@v-jgg6HwC09+NYoV>yxf!atE)*f&#TW z-)J6iB&FP<^@id@cuL&3=d&0^C_d_)**OK`*Ikr~$wp`VNC@@t{NZ;YcB4M1`i1HA z0E~61O}>3cVuD%5Rib-mn%hi9P?9i@?TV#auqB7~Lz=;F>mP~29)P&ZqtFs$ke*6U zgA82EFR;dCa zo+k#~p$m3uVG#TW4o=>xBPT8nw7wQ!?9x~Y z?s07_z9Ik#ehuE9OeqF`=*-mUPi&Pbk}3DWQIWVVlfWZhViPUN)qvh?9BwlvoS>(V z?)*Sv=cTJzveiT56H@?m zW$P?*iVwckGyru)Z*yCys5kfyRs`eOn)uZ@T}N2d+*4hYQ#~SVX#_Kq6-EBWDYifk z8xFCp?hTr+r3mRbkJN6WqP$((*F7X0fvE!TqH zb7sXDc+b;=^;DtlwOMKxI!w&ZA2g7|XLw;SfkB_c->HNxoUO7ILcv z(4$&!8KB$0_3p4iRL5}5c^Gc-v;Y%(9ei}*FSXjF{>rsZmkoFcNeE^+vRIC523!3+ zVcvVq8LVEx%Vr$F;=G^@yUAw5&Pvjs5il4`y(<21xm)Vj2m=}F{RM*OEOTsd`mIgJ zLiyuX%eO+cbF=)cGMAG+1M(ge^QQ1Y+3Qt>suq6yNOB2>p}}8eWQ1zyS1)U27*KSH zEjn-h#@;`o$fgP4BXH5V z@t-vDpO%KzU3ka@u*ANW1;$_A$=DXy14VusEsfMKj=zw{xFmyB``&0YU=_E2sw0wx zRDSwn=PnAX2YZ$PuTOL8I?~k$a`o$X(ys-%mq>*DGw(tcl0|IO1_(;s`^CDkGBWKUqj=MSl?DE?Wu+q}f(=C%LEVbzdZs!q&bz9>v zR9##Dh}szRu#}y>1sqpY0o~+Ke(yTa<(Qvn*S6!#Z+y}BN^Qz+qrdk=vPt1$VlbNl=DRC%+qwg$P+MAt;=(Ws?*1t+wUFx0~e*!^iPPykxpio zq8ij$=f-EW_qI=o_Y!B!iJ`|EO!v-=S6dJnn+5OznW^Z*4Lxyj7QpdzCB0A>AXEtU`wWad&)^Ml*~LS43J)bBwcr^ zWUCw*v$ZvmOeuG6LLiY{Y;OZF|4dN0xq@^@&quV{nS~$10mf!2Z5X*O#NA2+a6q72 z55Oj08#v;gPyy(NFqhzaQEC;avqNPLY7SrS$5HbxsWbAeag7Kq$938;rHng{5V$!U zM(HiKguv;nK|=I28Bn2Kl^%r9#prbLWXTo?n%98tOG&OyBAQl zFuQ(LM$Gs&k+zI(rQw$RU4FbY?5Ar+^1{9n@lR(*FZ2*j~d&@6V_+ZFE=S7FSVXoQ0lf5cwWm@x5 zq`MyZq)9oT4>LbyP`*88;xxdSJufyOX_BUAZXnDrLQ*-7uvqu3S?{q@CL?udh2c^; zG99-uA+_B_RgGoY$4_*(*6zn?UGdNclaUZc#B|5U6#JBPUv0Cu`ULt?{tRF>ls$(1e0%9YNRM&Xn@MuC9xun=~W@7qtDTLZ5pX7w!kKKznSwxZPAxuE=_^(!Zi)pH# zy{lbtc0CaQ8*t_84*Oa+{$klfd0>(Y%b&^Nac>x5#=|?fF~9@ zwhBNl$vYPZB|^^gvUX-tnqQ_y7=}!?FD)((43V`~51D@}2c%*6Un+?=nlxx8{N>QT z`Ik9eZ#?UBQXaqau;43zC~uGbe{JgjMCf+|fG2Vi>*R$owhuwME!4zL3Hsk2HYavGA>uYm4rgmoUzZ*X#!h^T6 zJK>tZPh)yPf_E>U1`;49Mh=XnKUF&d+}w>Dl#zqKZcC6P3Vc}o0kqqy{m}LyKN!JO zGbjL#A~8D&?f0Coubfmy#P1CT?yZcaHwplcP1?$xzU=$LA$jN4cjXVuCSz1->^PgU zwx{q@%>qCsNLFsa7?3)U0B>UR9%xk_kP;VD%99$6tb};kNezGBCd?oeUYtA4_2yaL z-q=|B*M93AVTsG^j{HZ~!gbm`>0MfWE><2JWOdK{&-su}DE(4x^#h0AD zip4p20nRZt_7hmHj@uc$m!K6a!s6QuILcrDceaD`Roio~Bn`gllbVx}@$EIl5bZ|M zq^fx8qZJBseDesXneB#GXDB#7aoDe;xD`|8X4j}gGrIalRDjI7)4ZhQcpeYDtCu)B z*uYK;2^Z{ciVW7^$D7FmF5f4|piUM42zs9_P6BlDj$lrcxrnUR%lI)(1XGK+XjNC9 zv~$VZZWBmTIZJyQQKiQ$-eQ4tzCZvO=pV6&?#BYfQuunE2Y8#pfh?A_=A{-OMI`&l zvydaYAFu*>6dSJtEcyP zM?b>9JW-hBFe;+$Ue8>(M<2%4#>jEes3Zg+O0>$S+IQVDeQUpQf}r#iG0>!u zV-0Vzwli30NWvb->{&%gIYY*8gw`DWJGsdG@b1-hXQNwC`nQJ^*jF8DHPzn%9O#vv zzf|XEbV|0$3C6JBeE&-{>%hLVqdO}XHEFRe=b*`$zcZ2aVnbGvC*FS~8QO8iJnDur zY|6I2l28sFQM{+`4`V|BhVM*M5hDwu>fIspREHZ(UjGZ+Ag*(A4}hJ4c`$cVOnfil z6iGs;YT`zC@Fn8n1tbqh{YjF%G>?oenapQPY1mWk@b>Ys^r3h(J>%J!*PgcTr-2b3 zOCz-JEp2={4c|qejjGUOISH)ax*}IzkuwBys!pj-!ruWjdrQ5mNLf{tjC&zKj&9;> zRnLuPK#Yb~X-c7C?N^1I;ZykneyO`00NIaZg03Ce-&*ZEreQfeA!w}$q(wP7E{~8N zWcg@=TJ>9w^P9jU_J+fJ;~QXpsl!*|AGApz+HnE$U-;h3S7(L}qC4Xtpz`{M;P-mW zX1|ue;;rK+ND>aM7h^c2l*M}c)l|vd)dG~q;#&26Cv1_<5N5RV2DEI{pH*fAfut`f z9g4Zp7CJQc;qB4qSgc_{f^oo6yxe8bs{pRPQem4~l*dBrMAAk+Y(Cvh@FmFnu=BH3 z2~$jnRGnTTqGjyDp&Y^B1q&~K|Ina5Cf`s~Bz-Q$KK(9IoLcd)naiPKS(cK&r&EeV zP9Hdu<9T)Cg6%k7ts}cG{KP&f<+ughF=C`0YcawRGmb?8G1i$(d(x99x0I;3qfR9<5%-H+b)t>Jo z2il+)ESVbw4v-F89#@$ENgK&4lx6laMbuG_%x*1oz!P=Q*%JVW3TXXKvi% z1nI5#DS%!*E-0DBkyzD@h^>3IesUKDQV6nHi-d~doF*5*x}FEbl$m + +# Overview +This playbook gets triggered on a daily basis and performs the following actions: + +- Gets the new watchlist records from the SpyCloud database and saves them into the custom logs table. +- Gets the modified watchlist records from the SpyCloud database and saves them into the custom logs table. + + + +## Prerequisites +- A SpyCloud Enterprise API Key +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the connector documentation page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to the Deploy an ARM Template wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Monitor-Watchlist-Data%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Monitor-Watchlist-Data%2Fazuredeploy.json) + + + +## Post-Deployment Instructions +### Provide Custom Log Table Name +- Open the Logic App in the edit mode, click on "Parameters" and provide the name of the custom log table, for ex:SpycloudWatchlistData and click on close. + ![parameters](images/parameters.png) + +### Recurrence Trigger Instructions +- The Logic App will run on an interval set to daily. Please do not change the interval, as it may result in duplication of data. +- If you do not wish to run the playbook immediately, set the start time. + ![recurrence](images/recurrence.png) + +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- Provide connection details for the SpyCloud Enterprise Custom Connector. +- Provide connection details for the Azure Log Analytics Data Collector. You need to provide a "Workspace ID" and "Workspace Key", You can obtain the "Workspace ID" in the overview of your "Log Analytics Workspace" and "Workspace key" from the "Agents> Log Analytics agent instructions" section. You can use either a "Primary key" or a "Secondary key". +- Save the Logic App. If the Logic App prompts for any missing connections, please update the connections similarly. + + \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/ReleaseNotes.md b/Solutions/SpyCloud Enterprise Protection/ReleaseNotes.md new file mode 100644 index 00000000000..014c56c6e6e --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|---------------------------------------------| +| 3.0.0 | 12-09-2023 | Initial solution release | diff --git a/Solutions/SpyCloud Enterprise Protection/SolutionMetadata.json b/Solutions/SpyCloud Enterprise Protection/SolutionMetadata.json new file mode 100644 index 00000000000..00c253560e2 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/SolutionMetadata.json @@ -0,0 +1,15 @@ +{ + "publisherId": "spycloudinc1680448518850", + "offerId": "azure-sentinel-solution-spycloudenterprise", + "firstPublishDate": "2023-09-09", + "providers": ["Spycloud, Inc"], + "categories": { + "domains": ["Security - Automation (SOAR)", "Security - Threat Intelligence"] + }, + "support": { + "name": "Spycloud", + "email": "integrations@spycloud.com", + "tier": "Partner", + "link": "https://portal.spycloud.com" + } +} \ No newline at end of file diff --git a/Solutions/SpyCloud Enterprise Protection/readme.md b/Solutions/SpyCloud Enterprise Protection/readme.md new file mode 100644 index 00000000000..42cbdf68dc5 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/readme.md @@ -0,0 +1,88 @@ +# SpyCloud Enterprise Solution + + +## Table of Contents + +1. [Overview](#overview) +2. [Feed](#feed) +3. [Enrichment](#enrichment) +4. [SpyCloud Enterprise Deployment Instructions](#deployorder) + + + + +## Overview +Cybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel. + +This solution contains the following: + +- Eight playbooks, + +- Two analytics rules, and + +- One custom connector. + +By identifying exposed assets that are available to criminals, enterprises can protect exposed accounts before criminals have a chance to use them for follow-on attacks These playbooks and actions are designed to meet several use cases. + + +## Feed Usecase +| Playbook | Description | +| --------- | -------------- | +| **SpyCloud-Monitor-Watchlist-Data** | This playbook runs on a daily basis, and fetches all the watchlist data from the SpyCloud Enterprise Protection API, parses the data, and saves the data into the custom logs table. | + +This solution provides the following rules which monitor the custom log table created from the above playbook. + +### Analytics Rules +| Analytic Rule | Description | +| --------- | -------------- | +| **SpyCloud-Malware-Rule** | This scheduled rule monitors the custom log table, and checks for any new malware records(severity=25). If a record is found, this analytic rule will create an incident with High Priority. | +| **SpyCloud-Breach-Rule** | This scheduled rule monitors the custom log table, and checks for any new breach records(severity=20). If a record is found, this analytic rule will create an incident with High Priority. | + +Many actions are available when a malware incident is created from the "SpyCloud Malware Rule." It can: + +- Check if the hostname is a managed asset. If no hostname exists in the record it will skip this check. +- Pull all the additional records for the specific machine ID from the appropriate endpoint and add them to the incident, if you have access to SpyCloud Compass data. +- Escalate the incident for someone to handle the malware infection. + +This solution also provides a "SpyCloud Malware Playbook" template that can be used to achieve the above use case. You can add this playbook to the "SpyCloud Malware Rule" automation section. + +The following actions can be taken when a breach incident is created from the "SpyCloud Breach Rule." + +- Check if breached password length is >= minimum required by the organization. If not, exit the playbook. +- Check if the user is currently an active employee. If not, exit the playbook. +- Check if the exposed password is in use on the network (check AD, check Okta, check Ping, check G-Suite, etc. +- If the password is in use in one of the checked systems, perform a password reset, raise an incident, etc. + +This solution also provides a "SpyCloud Breach Playbook" template that can be used to achieve the above use case. You can add this playbook to the "SpyCloud Breach Rule" automation section. + + +## Enrichment Usecase + +| Playbook | Description | +| --------- | -------------- | +| **SpyCloud-Malware-Playbook** | This playbook runs on an incident trigger created by the "SpyCloud Malware Rule," fetches all the entities associated with the incident, and does further investigation. | +| **SpyCloud-Breach-Playbook** | This playbook runs on an incident trigger created by the "SpyCloud Breach Rule," fetches all the entities associated with the incident, and allows for further investigation.| +| **SpyCloud-Get-Domain-Breach-Data-Playbook** | This playbook runs on an incident trigger, fetches all the domains(DNS Entity) from the incident, retrieves the breach data information from the SpyCloud API for each Domain, and then adds the breach data information to incident comments for further investigation. | +| **SpyCloud-Get-IP-Breach-Data-Playbook** | This playbook runs on an incident trigger, fetches all the IP addresses (IP Entity) from the incident, retrieves the breach data information from the SpyCloud API for each IP, and then adds the breach data information to incident comments for further investigation. | +| **SpyCloud-Get-Email-Breach-Data-Playbook** | This playbook runs on an incident trigger, fetches all the Email addresses (Account Entity) from the incident, retrieves the breach data information from the SpyCloud API for each email address, and then adds the breach data information to the incident comments for further investigation. | +| **SpyCloud-Get-Username-Breach-Data-Playbook** | This playbook runs on an incident trigger, fetches all the usernames (Account Entity) from the incident, retrieves the breach data information from the SpyCloud API for each username, and then adds the breach data information to incident comments for further investigation. | +| **SpyCloud-Get-Password-Breach-Data-Playbook** | This playbook takes a password as the input and identifies the breach data for that password from the SpyCloud API. The results are then processed in a tabular format as the final step. You can use this data for further investigation. | + +Please refer to the documentation pages for each playbook for more information. + + + +## Deployment Instructions + +Please follow the following order while installing the solution. + +1. CustomConnector +2. SpyCloud Monitor Watchlist Data Playbook +3. SpyCloud Malware Playbook +4. SpyCloud Breach Playbook +5. Analytics Rules +6. Domain Breach Data Playbook +7. Email Breach Data Playbook +8. IP Address Breach Data Playbook +9. Username Breach Data Playbook +10. Password Breach Data Playbook

nDh9!lhH9+FQ+VL!DW=&REd_cWfFI0UU^>##wN;zj?lD;2 z7&GR6Z5Pa%cu37PD!f`U>DF&#ZA{+ucB)>@6)gSs_{kh}4 zHl3QF3>LefrY zis|{D%x1I(ukPF^c%KU|?LXX1gC^f(#FQQ+-&`EBPI8$-tLAl&F?1{r=DZ^#T(b+E z`(h9tM`9jK;S-*qoTJXK?x+MMIMucblIiLYGC43{Gg&f*oqlntg+{i4j?x%BF;pP! z6D_HKRh7KTO;g&TA-g-s^c?t`vBPQ{6oL^ywX@n2&4R)R!9NupnPse@Gf@cUJr4L9 zOO)+D4SYfb+IG|LD0&ZP?<_<517*%C=k-8|gE=h-kz?ip5qz2~7p~-*o{p^OUm@Jq z%*q0dv39jzkhEGM9PHfRfHVU)Jwfll?fAvFZ%?ybpS`{nFVbQjepc{w9ffxm%ggCl zdO24Gf%`t?w0^rVCGAzY&&FJ3+MQ4uUi2#%ur)P(-_dFRJdpJO3RVrAW29-4l&*+6 z)fSzGxg|+Vq&zTu+8e}rEy*8ueBj;O^0WHVsV1&6WlsOjeC&MXJ+?$7*M-!zs9_84j^KuSjA?*UZviL^8c1KnArS!)guAp*md#jmE@L>zxyrm|uI2=IWo-dLN}twQ!B*Y|2ycs8qVcDxkV2iyV&1cD3T~i|J^~c6H<2p0avc?V)v9) zMZ&g>LI#uY0d)=&{Fczm3DkdJmx!~n%dD&%+)e&f2Ad@FKM)s_CNCVr4_O+BLk6aA z@E6yf_cFVi?fwp~BGB+i#yt-D4}pYAs`Bz|rGubr30;Fw67qm8H22%%+}+=ma{@5s z`SnvOs*|Dr{QbqU0T`lhb1bW37jlGd4r3Bp*yn5gHdb^1sH(@Jm_bdUZ^+nU|InFw znA(T9+|4{n*~0uyV_B7vQ3yKTSg(&|65585PjFtJD^lii#`7hGJ@Kl0YW%!Iyo~@( zK&sng$Kz<>sB!F!A8K4frk<;vLfy(c<)Q(6Z;D-l6=E(mw&+v}*FXQK^7p?)TGK%Y zRxTV+MmYjM+!A0qHi9B=xC_ty`2Iad|LYCVw%8{{MVK$=(N%4d0T?|zwl!+aT|9aGej?1DWj1B34B_e-WinpN^vr!aUw85FRR9$giz*lUW> zik^sjU^EBJiQ@#eR0?%;bXor3S8cRP#wttM1M35Rb`2}Rm?}4^#DR>sT_i0yp7&AK zd=OEfW3Q5C4KSz50RwgfAg+;Al?rH|_zoeDzN)P)cQT5{138(a@8VF4;C*0WRkIibXE@(%wKDw&bEX$RN+Ju; zvRvmi0T*s}tDdXcok=)UVj_DN>RM#8O}RW~ls0#%F-f5@pxNZ{R&%tS3+bx!bkK$bQfFT)7n2yj9+{ zZrigkz?-b;q_PCshgOK%orn8JonJUtciyf+KVAtd?mDX~31oBA7xa3nF83hmstE_& zux4Asjls0g=-k*V=Ik(6?nDB(+g;7d^h~(mGcvG5WiJHu6yHXzF0p=JXyvf5JFLla z(WYUCv{Drzn!Ejy`=}nD{AaV8@;ip_c+^H!@BlO(0?HpRn|LOHSc98MTk~05CKD)f z%_{BR>fmnk{W>_QhENI~VlnU;G=|WBEG{_x)WJPcQiDYuY9NAnAr7&eQIBe z5Li*<4oN517{UipxB-i=6?)fy*SYb=<6O2Dd48<2qRqGBO@c3#EpE(LqZN$~W4B1r zI>CDUf?YtT<-0~~jSD7>h71*suT6D1t9~QK9;8h^t@M1!zrn>K3Q!qbb!QZ1i3v{u zI(V=I;t7Ko_iO-i%|8Pft{5y7F@2ZUgdn};Mt=didI`al1d}jF$E%^>+znxekGw2+coX<*nn$8ND9kR*nX!-t} zqMk{P%~CohM#ZO|q-0>jB@v6*(VY1jF;*p@>a1h=Qpu1HC2~!60uX%uXs-};`SoOi zR_Ae4ZXoZ;`~2QOv0jPW-Y%DkM!w4}YwW}G%UfV&bue zU31_+4Po{eC21RNt9sUR>y_z~{!P8-Q(qhx)113@$NHmlY@+KDa4u`rVQ-fuI8?~0 zp+DlAZS3GgklgW_mwSA>usc?Tmx}ftxaQ{2Y%l^1dwvBc!X;b!BZj%aGYa^bQvB`t z@fp)3GjCs6Z3$H?s+c3u0|rC4tq#Zd1zH`9vFO#h3mqElJp9za$=kp47I9UxcV+#Y zeuTgN`$!h}nJZww3I7GtR;Pxuu4Z$#e+c+HMq3KihyO3gr+xUt5}=K>e;osfz+d10 z69oIOpxJ-?f4je^T*W0Nf`8+3fxGh+Tdu05WdR2@JapaWhlpLt_nrQ`1Ztw+LE+oq zG|At~@_4#wEJhjG{%vTN^%O4a|G=~U*BYl^AMH0UJHSy0;LQ0Nzy5R31%lekS@?;+ z?u|Ar*mZVK>PRm*hU=5f+@`9^T`>2=!FU}YYDT~XUDs$3^BK<@5JNAiNmL{lvLO z<084IW&m7l2?SD_Q(kiZ36uW0-0;t6KA9K}lc~MI52a4-?cOGuAKl=I8t#|X?B2f6 ziashMs2$vW7n^5$e}*t`F1r!^?(~+@viWk$@y+20eNf*Fx-`_UnFtVGt41Sg@$HhP zQbFD(V0iok8JUl9`Z6t8-#~nyo`j;AKw^3#4_2pW;p` zy6(T_n;>JkuN)l%>{*brKLRMTbHo9lB76y4ltv+!8p)L}u&P(9k&7cHgmK^IE$t+c zp8%9C+TARjxKuuXx`^`{j@y$3r@EQNC!iw|SRg~gObX0uE^X>?Xo1n!jk<=!7BD;l z0I3VLYeKI=^gnIvttG$lXuB4)2%1BB@kdS4K0UI^7>J~KI5slTg3VPIh!V{+Yrwyu z%XQWGMEg$!`giLrlC!RW*rj0~9b?s$?A4}z3nLB;O;qcL~N@i zxz;~UXzVnJlJazX2w4wwj0-@!TE_SgKX9?bJYKL$ADG6!t=q=kU;2=5STqV?ZbeD_ zXV=A6Bo8!k4jp4qi$>qnT1k-h)sJZ9`TmC)g1cL6+$0T^!LoI`^p~G@m@h;O(ROM5 zuXYBvSGARD_BCH3Ku~30MYjU_w2p&?H4yixno|PUSiEC`lk@QnjD6wC@orj|_7-lH zETRSWem3f9YVn|ax6FWGoZH~45yuD^J%QBJ1t^)tOSb_97y*k-QA#y!?x2Gk*Wh%zwa~t<#j+=atM&=7kTQleQA#1V zTptes+L6Q3$Kt7Gz4%+MFA`ZKl_zXc1EYZOW*pK&qqgk=B_|>|B&x3_T04F2)HE8E zs^`k*l|Xuqd$)4J=d>!gCK&Hd@!RB374hiv8P$3fnPB?{#!HXG)Kx?uf*X|Lua!|H zQ4LD)BbdY}snu)+`2gYxi9CaR7ml##I7kO9bcHyV_H^8PzWb7s3=7e|%zsycIf_rF z9Er(b{BeFOYx#`M((V#oNd6O>tO zvP=0l^qi5Zlv;+hBQU=L|W#ZXc)?;vFMhfKPb&Q6qU}}W5 zITZr}t7~22jtZR;#E|J_K&{r^;IuF@fMEp)f#c)iXqOa7 zM%KDQ^*BuFxXvD>8jp0Q=aYeP{jSQDbFzuStvt;|j(i})3J_F;RC7M(Y`u_APIev( zT$%Y=-I41f8-V!vT8S~+Gty@XYTXChCJ#q#X0@xPygAe=G+ zvU0`|^(4{nVu$(GknVtDGUdXwJzT-cCsHEf_|(BSKm9J2Rf;+^EFsAXw}tmL;6RLa z61QbtiL@OS+>I|;M1)m;q3o>ugrV5U;xfNJ#3?br&P zj4dE3!SmO~Q0f-@6IwBT8#|OjtJc_|TtjookDmIhVv(3KJswS@pY*B@w`WD!a+$Wj znYSD4gceE8!Us0oX89oCvm-zP$z$4L0L0qIKV8*ZSElFQ93k%7a7f$TwfN9`{a%#7D!FTW7-=)qqDD_+ zUg#OaS>Xmy?2%C3#E&tQP$cbFFCg>`$XY^0eC1Ib6Un;|Uw`=vPJ4$hk4ySzy@ zfWzw2qb5%8p6s{Me3*=&)b`X#k;Xighi0PaJ=YqJ1Ch)<@4i;yno3ju5}D zJmsKVkTbn4a% ztj?cXa<}0qB{tP~k*YhjO^qu$mI{>)Aj$oEZU3*vBREbNCgXt4Ti<7KU&P&QP&i$k zTe_-J5{7fdAl#Qi-Q@m#^%{TVSyiR~lE;9tQ2{m~n*@T-4z=&rz~=A5{%0dJdV>4Z zZH7=BcmBz*(nY6iPYIg!1bbyMpvZc89rHR9(_iaMB>{=8D%mb_B6|JxzBi?ov-QP0 zyI%l|{`)Gt`_J6J^S1e>Ro$FEbN&KmB|Mzkk3r_K(7Cs}(5s_f45-(YfL`6t;Di4m zK3W~qwaskiRWK3AMs0qyDqLE8`qE#9D?*GieqTjLYC6W9CTF3WRM{j-oHZbbbz)6HiXFhEXxdUyWK5#_VZF+zK zq=?&6rLTN`($!$qCBZxH(3PfG4qD&}QJl%nQMm6jWp+bovBOtjs8OG#@*3KaIs;)7 zfT<@?CWEy4OO!PR3QuNM9%VbY;~hr0>;}n-0qGhNkW-!a1~cOJ!2OlpoLh`dN3&_^ z>d%e)F;_t8jp^Xq=5R(#D8vQ>Bq_7_+dVi#k}}?Q*UV$6&ynkdz?F{#^gRH9J7ehF zRqYZ6`ios%Obv-%DAf!K?<+2A>IFo~-znt4L%kG2vVH1_<78m2QVF>1$%{ZLSZ)cd zVfszjTQw_ex*GGd#&6*=xOKAB%BGr<3tV~wH>-U5a$V}kFv z5S*exkJiZwlF|q>8p>ntRw_YmoV8XcmF<_H4tt5bi)fY6P3gfQ^YUKd| z*e~eGrw;AiN)`c1OUb!O`O#WF(>gMgI(%z6N*`&p&Q#EKgw;yZxcVz(ka?6|q74FQ z6C~WjOf*>B#2(mq6|z!AS0yiF4tv7IB<7?h5R^I>`Xgz6_Qy)5vnrJmtqZN+`Y^cT z%iqy%$)}3heo^q!g-()y>av{G7sS>3n&jKJcvY+dmu(i?+S=|ZKUH3=u`PMb)c7Ti z*XtGF#Lh=Rjf04*hC0SLADoSDBZKT2lXoB44W1$Iu2*ql)5F}ggb^BbyHsPgVt#Y$8!eJC9X;sZbOisaJ|mJ%jwj;$j=-g0^k zct{pniALn&`aA>bF8-&*0CZ5SXN62LHq8K+fdBkaH`vQJkSd3H9XJd zx1LJ7FVT+H@t(81inE zk@f+(IZi^g!N~bgco_)J5eRc}=g;hfxcu9cAW)>?cn!O1tP`Q(RuO%UQ8T zctlDhjgMu%>7wbmCccpb{7*Cy|2Q6@jJ(u;(D>?M3;=daMwy8HcJftlEUWX1;B znJCJ-2oL@I87G~1%x`Pnv0ipf6vTmGT1Z1C1o=8cf^CzM#}SZ1Oz0Qd zUYgiX+k+h*0QKt6{^Q{ie+lvl8f?pGXLNAksMZr)RCS950I5n_Z+8COC#S63s@v*3htl<4;U0(5sZ z9+o_zaTTa)Q4f;1M_?sP^v+-W9mH%MjMtvBUF;ORzBDGgDG1=GBo75CIv;=i5SKCtb)dKKY$EHyIhs)o~1=HFB~}2SAu{BMcPMkI*mZuY73y? ziJ>*A^KlP$y&@r8i9BmRQ5!oLqQ2~r@M?6OA;&O@({@I_J1m8{~ z5fTU(Wd>QQ+h%hEgvoE}d>e8%x!6DLl&<#09LEO5Fc^#*dCx%rfj17K&O@SYj?gpx zz=^fURS-Wa`akHlL8ZP0OwV?=f6kairEy1|dqjKo%2O7HjnB7$9IOf$fu%_;KdQCJ<=5*9GWmzFA)BoxuWngiDLg zCI8B;w<0(Rk3qn$Gi?fBmFCgd9%ecjh^@pINTU;@rddV(cbGleih>xAq-4*iCd-sH zR^@bNG(Mj`@Bn|zpU~H%A$?4-o&%?K>-Bss|=o86<#e^yM85ekx-KpQ&4ILgNLV z?5yiFF-DM2w^QQ@Yaj_4gNrN=*a17WazJ_JG)`(K0p!RH!+yL)64;KZCEpO#Pr8*l zn*J8NwZBvq=yf|UB0ffHw8o7XU(p2OkVE>CaqMW{S{Zy}~?~@rZ*j=VFj; zRWzo?%G@Vs+v9bnyzEM$TFz{C7nip;O>;%&I#P@3){q+itH8O@jBxz%PhF?CM*Xs& zpe-P(LS(O-l(AM#UTO?H5}e(2HaIw#seLigbG(>4YIM;4elV@9aYGhkz=tl+`?|}J zop{go?n(p#DiUykNGU>(HP;rxZ&IMHiD}m7N>qokfJR=&hK)|JI}rI{@|#Exb`$lZ zD34Co>c_;W^&WG9uzY$xlolWRll&QF?Yt5l-5nv+PmziUVD)wMxTCx`xDgJQA>MOu-og$;iZLHqaq2_$GH06jO=cra0zLeX0h-a|wjeTmCRUwj139b5W1R1Q~c zp4naR(b$}nr+Bb9tD%YHw*QB{HxGxh@BhZ@YFAQ8GD4+AgtC@hL?tBqULiYKhZ!@9 zD1=l9+4ps%(^rhZ`dcq%cItMve1Fc7cJEw?r*@X0Q49metd zVZs|3cw=}>cwbq4^Q&ELEh0IdHuzPv_mm~T<#-%1&UgPp)rnbB;O-Eapu6LR;bl3G zhHqx(>9&G2{Nq7(YMmab-vuuDmyqz<>`PqC{g>U_hbvaX2@jO|WA1JdJW?N7G@1 z?$K~YxNlzbF`eUxeB+1gTc*iJT|X%toh1t`0d}m=N}#gE^yxY(XQyk&?Z`gJN?W2K z!OZaU`M^e~@Sy0$oEdCk;Yy5M&e{!;MOItsuEc8vePE|gPeZZ7?48iUmdo&6VGclxjt^80|s9=?nA-dOleZ#&M!?+BRHV&;oyOXGSmAplX2^~l7e3D%t9 z+PN?Q%oPU3Bo5?e+q>T9Aard(%7@;e50GI>uIZ2qQ@U@66NJQHi`9MGDtHDe-4Yyl z$a&5_f|Bc%Rf6j4%YN}*aW$7Lb^&vi)hIz-ML$msi|EBAAB*rs94Pdvei1_7kp32Q z|FTA@rscImv%|K=IW+_`FvlvC-PhDA z&Zu4bi#NxiKJ7MZu|ui_Kin^uFx%geu{T458e{!cawpnWFtTa@@#mGCntDqM>g|1#)~^@R%Q%w*sog!JCj~c*u=fGg!#FFf<<7 zQ)CH%^HR0$az2wU^GThLf!FJ=k-Xb`Xq2LThfkGl{0_6ab5hQOLSW&~amn|n|A656 z)FFW0p_+G8=sA#lYV+*Ls7$(Ru@@8{$ko9XP)$QVUVJLnvZF%5wSW$BvtdUT^w1?| z5)`1z-I0Zu%BrVjTP+MMTQ+;4$hW*wQ_QR;^#kazFX5?a$F&pqgmato$t}slqC|~x z;m`66noMWn?;dqzo(p#ApWLxM%qmbE&Zi62|D|Yc5riDA7fY;4ZZ0R!y8yf#huXKV zZ7B3z8Qnio?8+(2L+M}V^jTgVCw=7QS)H%&mV%yiIiZKcbP)gEgxjN8n69V??*cuH zK*4bRYu;!;9d~;w0qmlI1>D$Q)v;}7O2ClF>M6q-w6UL1%ik2&YzmAZAv`PnD=oVn8phiFeh1K`T!VLKZBg6yP`;vB z1-4p671zUdjoRy6H4U2yPF8vj4Q3LxA80Pj?r4(jbGf5+XR!+P%LwIg7O+C=(<`EVy zy7h5-jf1yK#J0DxcIg{@U<|4gQ^diZ-rZfKRJHu4P4KgRSXTk8MT1O9 zf#jZKIAg}Nw~2|N?gqv(XwzP?Y74TYn@YwWm;FQTJ?s=rw9y%G-DP}q zlC1Z>z-oT<{-m)!7=CvLJ^K(I7nshfb|AKtEA<+H&G}`wyPx5AEtB4>=hGJ0r`AC0 z0qX8tO`tMbbvtRZtYpo^1LGM()8sHow}mr&$rIsxd)6UmGl0P(3`~$5?zgDDBj?EM`rF_|{6M6K*thOJHOZ!-zEVtH& zu%nJ$!1tW$^&oiH`p|4Tj#5|%E5GNR>++j&RkoP_b7pt2L;Lr=ReMzlP`1b{sB<{J zB194p!(yo1$CEnc1${U{9Awpb_;5^U?Mq~wv1`Z00RLZ<%S==d<~OMJCZ3bv|x1>WczOMInjZzEW$ zuK;WCg7kPqZHsM;0*&gT=|LcVQq~?utT2|21PMrq7cg;f6ZK549YrI-L?AF3tJTHY(62T0na!ouO-cnw*@d;CROB|pRC)$O`A^5xSY zDCejC^+=Tf(~+j;=HfSRj)?F6r$syzTgFv-lJBo9Ugj*)RNDv^wKs4wWI0(4pkm34 zkuPh6F7&iex2`G05(sULXf2NFMZ;CpKn$BI8%14qqt6}`^MV6FgUjjpNfp?gyQ)F@ zE6c3~su<{Y)AI7$LnJo)ctg`yaKKx+zh?&?9Q0M03-t)%%mGr{H+&x!LN{mw`^IBH zyE|9+2rCPUOlL~7)V4Mx*u2xxPP~O`+CV1f+2+bAs{a0J+k6N@YJ zFLqMI&l`_dT_hStJ25G${PO;X+D#>)f`6N7{TH|Lg1E(-o}ej!FBWKDyeM#=aX-W1 zwLy(@qgg;pId$7F0~oX3h&V1Q0u;*`i&dUpjO*eFw8~Sb7 z-|Tq_Gu+zFxVsX>DyTLHu}2<5=B%0QjM$gUN@fiq1-oA{zIkQW4J7IyBjhyAn)z*t z&VO05fuFA?*Q<1S1hPJV0{{fdFb z_W+XxC1MNhHDyKjo_uX8BJd8uZJ}o$ zjMo93SS~QktbJ=S@;qt(A1v2Sv9erjRqg%O3jBoNL)Tr6M76H!8-4K5A!1J-Kc)j( z`xNZ0$zRg6*ZW?@XXj^-z*cjtPB+exSP+}}?HALXa`3@O`7KXJRNhe$2FP2yX`HyE zgm{yhzU5RnA@2){GX{~uv-g9~!YDcWPmb`MgaGypgxih4K-03y2WJSE^c)~o!5Jvc z+=!!PozcC$ZF;) z`rhA}PE!hP&T0Nu?ulIJX$V$quXYW|B}|lqc}{r@Q8vwTldd&0)dEKOpGCC-7Q!Jr zd8n?~n<=DMHGq;Su6{t*=WzaT01XUZAu!3EWjZcyhbv90J4+8}pqaY^l&Tg>ayv7e zl9dE@FqMT$`wvK-`~?@oxigHCJgiSrx^Zk&%1S3ACkVJd+34aVNhcW)n??1^(X5b{x5S-h(#Gv8mLJ89hA z@Fp~}%5EdUm&s{*N?F{h+n3=mZ;F*Z>7s&T^59_Ff`)p=Cq!fBmwWH0e3SLSBV79- zay9vpXiuG0*T7F850{w!v@-Pl(WGOz;6thK5uIuRgqnxQ9XQi2cwJ}|lI_}u$LpAw zcp@f)!^JT{4Kkp8;ccF|>?xy;DfE@tf8{<2WKza>A0J%?b?xWg_P_bO z8iFRB#lH&dfTOn=DvR%metADWFHP`_n#JwgBaRvd`%*P=Juf?N^w|Bkc=B&a#dFrr zWF`NNB>%ZLm4QAG2bKvjub%*yevUiYT1qPn zYTKbLKaUpxBT;luEt57Z<}GL1*^Ttd-XsGcUuMPPL&i11tRp96;($l$<$t)MPx81R zNx9+;k&PmMjvBFtEMGvjpvRi_hO&og&=R2J4xTQ4)UI+DR;0r>l{Luv1sJw4v(5eX za%s=iG#+pVhA$4L1LPjiROi zj_*#&%1Lyt-C#8`2WiXr@(z;PPsru7Ik+gpz8zqwPHOvjeTYLGI4mFK^{w0-h*>xT zQRfT`%RuGtRj%C7I_n6KWnf4fV@N_q*w0==a{k<>EcOGflH^+z z#H^b7NM44uW{pb&T}~&{Ok^4#>6XOn@Ehs_20>(0wQNNH$ghbZNl5xSie@6^GSyt@ z<5*K7?|W2bbsZRjpOm>gvVIL1t}Lwl6yyE%8)qO#op0$RD?vJQano?X12?2DRFqLF zTxX|h0nyw}8crB$fjZ$}a>h&}TeMC?;~oQb5*hfz0M|9W$D>}lPxUIz14@9s4dl-b z$Zt63aH!;G`?@3hczUaYf4M=tcy8~SHhTlOv{ zTPB^l`jISfdaFxGwSdCyvUP{E!zxZ1xA54STj@>lS&2sRKBm0N;m5DIj#q?M?$GbU z=krJU%TIpJ9yR4SF~CV5;T{}hn%4U{f*C1@0FJxX?&^TnaBp%mGa_w!eBti2%+j~_ z4~w{Kliz8{-*LEOAOSt;tH}~|5T8vgGiT4Y0=4Ii>^`}?O}wO|8n8z_;LcMwrn7xN z@Wy}{cHt3siVHTs0WFI*X^@1^%?_Ueqk&3^xm0kSIpxcLbPk+*wdPDC=jwwa{Nzm#!_GEc?RW|g;SVK1D2?7S6C--7aIoX1n3=gs z1D|`h&S)zLGOal~PzAJW9$`o}HZJSc7ZB=n#AxQXQPe6fH}o0Q0L(Yb5D;?iKFEGD zrGJ+bU}ieH`Q{7ASDm{@VQ#s4&=y40ToJ*AL3=_;cK9VHH-J;WMb0S7832cqaDtYJ zL+l^X;rSPBGIaMK26@UOC9&;J>JX1U*M1DAl&%)*n>*mjMTf&y zuWA4hNU;5g)ASHF_vqdoo{Pq%DB7Cnf=UuKMeQBClCfp%aV8m$8g|Jk>OzoU^_}@- zp+}dXulp9Qh3OzO9^pb8S23>G%-|C)%wupbo?e0z2XC^hv_(l*)XOFJhPyG(r*BgT z`(YnWMqWak$tIp5HtXr*I*I(od~IA+af_$9!9(PF{_H$s`T8wd%P#4(%L45>2_$c( zp98k&@sI`N{YABHk>%;B9X9(0)wnHOsx|LoGxe!K^v?DR9@!W<6@ZcukI+R$^%=M5 zM)Q1pe+0=Gn-kENd?dsat#NrzjXxn5)CaezLuS^S{4Zyu8R`9Px!kv!1ku;OaYl(e z`h3WtGsU}4hA`fc0&Pil-mtT&Uo_I=*Y*SrZC{<`VMIJss3yv1v7hNl$MmpxRmu7K zYcVa=1SC*P;@9v_5;D=3veaidMVJk#KS}CN_%1V@hTw{?ovtnQQW5|fFpsQ!_wHR_ zZS5`H2M-=;asrmd)5FKY??)W4C8QO*MyXsFOP@bqb@4rEV-EJZ@YczZ0GkiDD~t5^RsZ%%~pFi-07Ap80ePP4r8RmsjdIYi5)FvO% z-=7$jlaZm4A2EC)VCxZ3`0408#Q?84*YgRZSj)?|(zcxBRlVF9mG#dBk`+Z8&zs~$ z9NuW<*dky|#Uj4D_5rEVA=OK4h z0x(Jbc7E2^ipbFvqW|Zg90W z+GUf(yj!mRkoamEp|AuyUH~L~ z!OjIvxMjX>I5dv7zzpq3yR+KI!-1i0FApPyec)Msm~>t5g=;nHgES}dEY1nPoV2m{ zfxf7~G=Qt2S`7n4(y|>jE5q(0xY=C%O*G>bE7*FB(ms;A<@b<+HH4#1>mu>ZELj_{rDeyws zUzypqTY4gHL3D-Jh3l3d^5!H%1~nn;4vy4?H~Luhvg`EtHdSX+^hRnf-y(f%rOm$P z6<5?xu=!ZdK8`fK-aU-p@OGh;d?Z#+93E!I-C)yTd8FkdJ2`(A?!B?$?iWz+_Z96|8>afEpef9amFp5is5BRGc;8^7_l+9A-Ds`QGXsB!H!^?8}cEy1E-5-}1 zg2hcR*PSm*MPHT*yt{j&nzmqzUt)Q;XvL}i0&I~SAg~PV)U)TozrNb;ZDp&jw=WIJ zrNqHD+HQ=$`qEKyd*!%HJn!kGqhT_r%>jhoYM<+vvSD2d??J(G-a$71)#IETKx!22 zKV~ah82_yHuKc~8pYdVI4h-0=vB!)jVb^}XJX==|gbVv^d&C?DttbcUHlz`pk0?QD zX=Tz<3D#X{&iG6hOBI5B=@6gUPq7HjRuwHHX+`XZnld5qVE4g(Jp>1b^B*hZYg^2| zyZFUGRJ2%7FaLAws_%Q>lhZQM;%&w^S9Qf0l!J*x9uFWd8Dz7Jv#`#3{W?VZVjcWp z^T(x-3iL!UHq^&i`^i@KlcA4OAVn5?3)s>03-j{0D@N*`5 zY&p?vtNF0@k#|4L7uCvqM6a#&xfV1D*c*>jqXq{(x%ORoy$L)Jd__~B;Y}Ecq0b-!>R4xW0h}etl8-hqr8#+;nhL1L(Ls6c$`1@@c{V>v`fJe0ak**XJZW z2O~F^Go9!@`*0$U!(BDsZ}XGK6UrS>Mct36uxPqBq`)LS1}wFvIK91+QiC~Mf`E9} z+wemkh$zD=v<=-<+a1AbJyWx7uAPq)_wLD*n7IuOjnietEnB5j@Y%A%>DFBQ20PT6 z^z@L!TqF!BvvN7l4ODG962U^igDL-*W`~6moiUn zn}+iXPkYHEF-|ciM%4t;v@aC}2JyGzU+=j7w3H{g6iKMvKM*iRd5kx)=isS!cnEH; zZ!mbLYS?*$X7110k)WhS^)eYc!?+MdQ{~L z(FaCZYtB58FXS{%xl)eMmdoX0lbKumIyApS)&c98`^huCpQ*ZizCSl6m$tphK^Re@ z@O(TfKEe04_a-WOL_BXSNy*cD{+hP?>iPv$`L%FXZ<(DqC8i|%CUnEH`YXMrnQ2y$**=l+Mwbb&a=u}Z) zuXt^I)c&hi)Me>EJSoGb#+0|u=*bNY;kvk{o|@xZ_I8zae8Saxmi`g$rk9h8OF_pp zs_GOgt1$EKS(V-Suny6So`c5lGP96b%iYTrOYeR%VmvBJqk5@(4K ze4BCY+hG< z4DXI#1NnfG=ALJ$-XaQLcjD?MFjk5k#o{bmfYPZY=kihV0e^dsEgW0(yyZz*KjUK&hiS zQT%YkV<)N(1egeVkvo82sGLJ02$L!=NS0t6#TCu;3ckF`#;T2}iJ!3pP~HFr4xg~Q zDZU716ITd7E&rV;u%_r}EE^Sp$Z%wt$UeNO7u_=$*}l!k)!0^9&NU$8g#TcL2AW3l!e*Fw?*RE9sR`*L zcQt{q7G`xB^mKPUPlKG)sWb6AHg3Cm?C+`Q;!4w0izNIpK^bw0r|D2s!o46eoya?^ zy1ufG7~d|#DH%m)$egTxb@`Hv1C^y}7{oAmn;POvUOEluJcHo}u;&CP6fAo4jK|l= z9bchL2bjx+63U#CQ)&IXVSdTG^n%wJeAI7@UO;-QxK{7pqjnGrQ;yxuK>XU!kQ)BM zYi!tKoC2d}(sX59w>hPm^0(>&rj!YXStH64bxod5uY~Wbx^&`@u2yljJ#g8t=WuO@ z+ihpapawfrRqP=R#OKzIboCLKZ}jqtVZU4|e?YHaN^x&)kHHub)=_*>MWzTB z(3*^FM}e8L3*l~oViBjR;)vJiZkwy6LqNA<_K%ue%%#5KRIz~3dO(aYZ4Y&g;8-qQ z;a1dfO+2`|-)E3bc-ZN3ywG=8_wC&)X3X`5zDQIkrNdM7-Od|fZz}>7o z5#uV1E%Y{KUa4YCb%7EF_jsELK>>7Iu1N{6N2$ST^ohuLkQSF+rmwvT-i6pmWt}&H z+J`A9opl4s`@ z42K@UZ3QN}ze!`yc9B16&ZioBqLbSXc8_D%JeYOorhUo)YsV%z#)D|t;6jy^%tu2rHs-ciQXY}!w`0+Kpy?g z`y=rLV%1s?FTHlK*XE)0IRkt~HvOFY!lTdc@Oj2G1N{54O^_ddmj+2&uC+NJm$pff z?BI*%UiHm<>@Si%IGnqw`h4^&+LmK47@X9qwDQvO$PE0@$qTgUH^c%3hC-H{P~2lz zyK6Zbvc$ayLyI*A1UMx38ycpewo$FT0$8Ng5U!*p!xkHtC8U+&}Al`zz0T zge7|t@)C48c1LH?79_j)Rmt09kqS93a!p{a?qlKoCs&Cm{vYOrI?69vC0(W}dUs(^ zB9ij57p5?&Bb+mEJMY6;l(^3NA-7kOQyrOrl=D(8c7 zW`pl^A3l7jp{Hl1$tpTo0NN_pT^c{kJ@c_(hl(suN)q^TO6X9$@mCF<*JF|z!G*6Q zvnOv=yByeABSp4MzPI-ruc$Peuqj_g*+|jTCj9U7MHU zdwL%F6`j%(zZ}X|Myir$~dazC$&`ZysVyr!iVtiep@G}>#+x|%I5n6-rgx@#J;`z?gs^w^NRmbIj=Q5tN2~* ze_zf2S||7p|5D|n_1GBenfQFUyll#hu4E@A8T*tpKQ!39o!{%aPSyN(?`$|6t#?z> z&s#4_ZLi4b*n?-wtjp>nw9~}uEqNu5y9@lAU5URh$#q`1sQv8&ih8W%q!1s_Cb^Nkc= zxs#cO1WCN>{Iz)uHS((dI|=ye)`0T#8WpBI-Q!s~b6rMoR4RSXqz08k*TGH0q}cB8 z4##UWC;0IGTi4^C$ks_EE045icFyNZ^U|KLT9e!J$L07wEKjSh9po}?^F7D=krZo=|?HnO_Ilg1WU}khCnXz z2>GkA0Jc?!5frs(7Xnj-tH997JA<)+F$8v}is1SUk1sym8JyZzi{oLGuLhIT6(JR_ zN3dCnZG16J>>9uXe^P?Am8Hxx_zX z$1B$c`0^}6<1!gEOC6BqNb+_vtrdP0Yd@K2T0_S!_$l+x&mF&mHx{o2g_H_0Oj@J%v8@!DOW~*j&&4A`UEOz^(_CV6@GlWXyKll$xDmdJ!U<_5) z4Eo?TJ$s@J$lNu$X3rmbdY1R-f56&y67PeLnRMhNj z2lTBhluyU?o=fznLMX`>YRw3`3AWh7L*9@x;ohzj?=_X2gD;fd-N|Q&jh{>iyA5SG zYww}nV=|4?jD+TOD--&;lDtCN#8ht0Qr=0Gs~Y2e9mePS>3kuF$o)s~XK)=laDyUY1btv|RH2uv*@u-4GBoOZlii zsjS6x2+z9ekzBU5LH2LFh1a(9jZgh#&!Gkijadi;O5KJ0;PKImB8*o$9ZnMP*WWqy_O?DWhle_EEh(Wp4+cz2g%CpS|l z94M3n`S`bMBLbLrriMK&(<)}uIx=0WY-#{A7YBp^Bb~*eYm^4-LtM$X8>~8TYdhYh zLk`pJ=y-mUhYH7m+qnO8#+lXA8m31Bn^@vY^WNZD$Rt$D zskKlc`+I?-JqcuQYE#?W2i4sjiEOO*g6dZv(+d;>$5ANxB@}8yQ-5YKt7!d&I$@Jw z269RGueA28e(-3t^|KumwJdpam2o)J`KSB={XG@&0qrHurqYMC2%z%SK!spY+Q-?P zm;A&E(>14)45lgEl#-0|?!a6*^$*wWnf_33=Q#GQqIg1i<>H;Q-kkfkiN)>ZZqn); z4D|l=G4I9uzaS9_h1y`6L})x)B9~dOjFWs#Yj$OJkvuh#Hrt+<93wKzg`KxNe|Cj3 zS5Q+i7RZR#I~`#{XLQ~&=-iG(8W zm@D7DjKA=nMB1Kn-ZUkS3y@Ej8{~P#!$NDWl%MNrycj8~JXw{&BaCjA z4a-0{AA%``hD83E@X6&dw0U%NwjX`Dc=e3iEvpHxzmkmp0MM3@OPE9#2(+{O-UF8Fo7^@B8aF$!$BN zn<^{Q9Z7B-NSPKgYkD=Z9ZByiBPq>##HQz=IAazw=0US+!`7-F!ejdAV`J-9(&vn( z+mk>ce{evyl0)~^(irh1rAK&-$lF2kBTM7JLcjBa6pN21Ax>nrzkBmv@{lg|?J6C! zP34v8@~;Svr){pR`#Ky|W5)cAoTHGVe!4^NQdO=#lUe_%V9yn+GTrTIzdwQ8$(Z3*1f%8bwCQ?r_`Ag{pvR zual^qT9TJ8@rEdbi(62k96=vG36TT@;_K5~H)?)IegTcQ&te*z zj2l8?=Ne4m`~y8K7qU8QLDPbS;Cz;lOI<*v7*^Xw5%k#ZlS_2rwvfZ;_8`v9b{?fZ zos+F$LOsP9y8>dMG020;fLX3e@I=R$@*h{MSX22oUBfEYqDNAelM`elYBQ)|BSl*; zH#!s~rh$8{j}}?(T|>EuC=DD6$_+9++RZ z8UWy6PF#Tvg=j#zn0gyCec;Kg+teHQ5H&=q5er&P3s9>mcYT`*lH<^#4ngAC_4V<6 z3w5mVr5#fDx-vLKzwya|7BTnS>BAqz?eZzOtA;ocz3epr;O8!x$}dA4L#gUf@Adrb zA*TioM;gE0wGrcM>*=CtD<)n`sqV60caSe*XrpHi&(J86y`4bh-lDX7BTVkzifgb~ zxIArrDO9_~!DC)q9J!X$Xr@-Oeeyfa_O*nH)?+Je{f))sR}P#m*&w;-1R$8hX}4H6 z0mbyIfJ3&c@21xoj6br6PpjrMgo}S@#NGN-CeZ>$xhs8mDnupAekKY%{s+mRztI$o zJghe8OW!qNH3wGqs#T=?ujPxz~+Y#tzlJ7>Kxg-8IQ zXBfJi(5^Kwyjxy|OWSrp#ZEQSZteMu6fPuWi{}A!Up*C#0 zbNh>tyH)APu0o)EfpLH-odBOQxe=m^x>zT z)#J4!oZvohlNx|g|Apr}1K{!9qWNrIKk`mSe0z$#?QQC`^qaKT2 zXhZDpO^YpSg~h`3P%w&G|=>TZ&yW3XHjJw;YemAfRqo z@XS(;TLOvniJ@%!&3-fYEPT<3jS%U52-0llkqJC-CzqH>35f^%ZN0 zLi7a#+Qx|HgLbmzWh;$GKsDXvcqUKShhKkEhr1&)D{?G7gbvh<%@eFW7Ql3zgJ=`X4Y z^zC=O29%s%C(t=4PXEW};lCR-&>D=Oq11n^V)>Ch;X{PL;ojeuHZO#_HUi@wQMcm90x_v&Z?VUe>NM=(Koy^k$>uZww1kS7kVo}ZMeO(RpGI4KIY;8u{ z8b^FXb;B1{GN`rIyn9U5GfBcBP4SJ21jz~kuiC3YCF`% zH&j$n7Z&1TSA9}vrRRm=3uoZp;K&NNWwUdDVy%w@f8>$!@BD_>E*+rI_bW z4yp)N{cOFla#eC|na_V<nGnpSttL}k`4VKN?Xfu=O( zP00yt?nk}giNi8+j)bH#<0WKS+%dHnajHU4c+9|Z-C^87YrR#1`6-_eeX8|#P4nXTOJ+6a$;rtD ztYO1I)r=7mz7sJioRc!aOs!|f5Znr#v<$Gz$sMah;HUm>F}jY|{JQ>KLwuiM>l1gz zk8J;)=Fr22Se5!rWK~sl3tIdfryA2}|KM$>JD4lqh`7tH!ZdyHo*PGxXVU+g=TIkJ zAMdg@n+GRz^FPv2z^!R=&w)O8uZzqbH?zrM~=bf{`M>_8$z(=CuYz8rTl}B9D z;}E!t&C;)SHDxZ|H!QKpF~_zPCB^`y?LpAOcQ=Vu-nx?{+`5%$ShmRAG_v@(ri8ZE z6`K6C*`p!WtMM#p^?O?zyrz89pdxbdwXmoh&C6TFF|GoDOLG!{Q&JzIcWZM=*jS4V zKm>j7{J(`o@t)Zc^M87T4~%wjb%blh%beoFKyV6ty6e%UAv_=^PKsT44<5{{_^p-l zyE>-FP}t2k+W3H8gNv0vqOf+17XKlQ{&k4N!!};50qbJ6izB%$$VGn zxiZy#R$L2tL7NiQYP7LXqs`)>DhMZeh^z-uJdWsMDVE9=X3O;P<9-Qyw(fr3X$ge@XFiqv#C0DMtRR{oZ_^}*6ev*qpi51nvkl6P4+oy z^$nFv?;}i2H6AGcXcDaX2z#7Ht6K6W4Q*0LzR6jVDk4>ct~W0MNCN<)xbC}SmU8PM z`%}13k*l$R?$My8>ArkM`RSgz(T;UI(_p5$_D!!S-UD^tqH{YyZXVP@sUCCLdEK3s z;*S)aq3Ib>PWP~V5bR+QIe5oUGXVkguQsi@ zXr=AF<+6%}XANh%+I*gA^8y5Y-Kzfiux>P3L_hRwU?+N0{^`Cp^{shpc)x{iSy8J5 z0U{|3wetxUweH(Tjpp6zRB0oKx>fsc<$dPERGQO>oUVdNT%MZIt+}>yHQsHFNLoee zM$|zWL0rT#+kEk&Y+%}LYBraK0|9Hl=%79A*P7~L)v@sbE*)`~koCZ!g-1X{T2^H; z_y^{|74QSP5gvlgaBOVEe?paUQYKHgJVV|%crHtpM`;8q)$Yzkgitu#lBmYtY<7E z?@S!9EpOP7>>nU|3Pc)95IDVe)(N`*E@}YqnBsB~wSRIlc6A28vWp&jZY>3X-t4wL zFoTWgLkU?!g)G?bv;i*Dw=f2K>|!C$vP0uEsI4LV`A^TAZ~c2oj8H2S!9mo915H%1 zeN~)J@Haa&|?-kTr(lNv>jZe-lEPMu24C>O3GTMgmr9+HKOPh_N~W z-BCUs68zA_wGAK$i^V4RUlXr{6w2~IiLFRFhb9Pu%r94^TN{21kO@}fYSfIP@o#Yt z)`yd6Q051|tWcm&uZq9XL?srUBqJP% z!pnYOYM#DW{;ynuJ`pyL&L8eof6)wO&t%)rQ)99*Zqi6jE9z$5bUeOK&}L!q=E7_8 z8WwdT;3Y@0tvhkBycP7r0Fl;zGMo~jytAd7eL2HK!vI&PBb}m)`I;;9Y~`aY1V9(} z?73jX6ty_LBuYFwc0eG2cx6DH))qrc?BN^hykNkJcrrHbZrVYbuY$v=b1AHI2%KO~ z`3JBuJ2OEW%xIVxTI7vSF9b{+1sBiP9fDX1?m4ZAE`HXAj1-%c5kR>!25^Kf&N-D( zqs&Bl3GDB9mnvN6tQr704n|F$ zYNmgN&FTVlc$iK#%=2<7kGVN+eE6Lkf0bYrl4}-_1YD`Bn(8=awbNF3q+RVgjBz7r zTqLRCzz{?t$UC#iSMdtqbo1aI`2Ax1@wL@F{<j!7TL3N&vbi3Yv5eM4 z+^xROiz+@PHc%w*(a_QD<*pTT95&+1RgDqTX;=r1`$2zmp*y(%SQs$CucWD=x`>Kd z@j$`*tK$;QRqovt%x>{dFtqiV<)KD>Yf*^k>bD+HO@8(DAc(IGfA?j7~O%zzv>giBT0 zu{8}IUg8d3^+;Nqm+Zsw9vLG)2GDaq_76HpMjWg`QW%fZZ42dG?w(E5XTvo_3HOX@ z#KCSu8j`cy>o1hEN_pb&&Eo`e8R3+)*!R$NCQa$2goLwwS)Fd7(mo~8TBQN44pu-c z5G%|%HyG{~4yFqY;Bj&5%4e4#s{OCh+|cHeE_W4-gsGtWpDl46 zxj|2Ft?Tax6heFR(4F9yG_LjcsiaCASIgBtDuLEBbM06#CqvukcJAmrF3;q7@4m;% zdeQM3&_jN<%Ia9y{*#$;=dw(#l%5lJ8>Hl^?QOB^MP@N&R6o?x(n>~;a@k)1^OLZE z<%A~4Q3A_EI^49|7K;i+*RB5>z2G~g#`eL;{k^g{)8rMFIjp^*DDRHH23{ZcO?s-K z&3Q5O%EQld-rjQZ*pQ`$EAy7qJKsSLmypFJl0Dd)q_$6%_p*fTS*a#D8V7nE&bMdz z1Yu41_!gOMW_WvbDu1PwYYt)_a3s^T8|rUb#)m}*v}5fF-ESD?zdD`=OWHN7Kw+q( z2lkX?Fn?)7=Vc!~drxyniIyRgpx+DjIlW}`W8oA&(k+A4>a{Mqgj$1gmm-Cu2kB}o z%U3Z{ux*A(SH5Q5`?Awjb*I7s+#~A5Z|eO(_ia^AyWX5AemN~6ea;;Fn9fd%Jcw=Y zcfZyW|LgxZj98AI6oFc&@RrajvAS>|@k#^cs95C*ZUFKF&hiw*TZ@$K>wa zySE=dPUHhltNeyoSFr6B?R$OiQj>3qy`}-~svguw1IODRfq}TawzK?U-3t0ch^ePX#*I z|HJc?D*d8iIFr;f$9!!tm|T6xjG0q4cV}j>XmDi*(TYv=>bfN9u)Rrf4>6-r3Q)zE z&egcJLn}1v4qUp~LfLk&0S$kf7R-tAGuc-f_S9nb9tbAB<(gBw@mMa{pSl@=qRubW2Uj$K3fytV86-)A@71MC zTEJM{v%1F4v)=tXB&VgPX*4Uk6rjZI9L3t;4|$FM$qT3ywGXWOF?w3^lbAPMIdeZP zt=PGaA?WKC3i!=uDGg1`HhPrgESngzp6r{RCGq{Qhyj4W4R*C()brkxdzskRDjsDc zUe+k#d48S>o+t-c^8$o#x`A9^BICG&g3#>p$_mucw;SOR&9fPq$+*;Uong2qL;7iR zZr<7BBVos@FUKmgL_iV~YKlESLQtynJE=@X8K1RGPjYQ#HT4>1gt1sp>X6b zi=6Kn>J$Stj#A*%IS2Eu)+zE8ulVZa>8{oCjW%`i6;5{r$4+)E^sZd)K~(A(MWuM>~@gOGK=u;*V2{A8=WAxdLbuEBpy zPWYz;-{87QyhQ!J-f;Ex8uuDNa-Cz2pKaiPSF+2@+1L)sUbOlsh~ANg+wF|c8Nqr| z_CFcP&qcZ2SD1+dNI*|(vOjts8Ly+`?5du%xZWZ68!h;xHBSBcMHX!C=$HGpH6+rN zg5Usm#=5lzvy1g1^hB7ryemH|nP1s~Es3~Hy?NBe!8d3%&njwQTf6~cyk0T|2psy8 zM0To`l4v5b=S?v5K7jh$k@<|LI}Uo-+r}@hk=|c6G%N4iUUST&y9HCXP#eeq&g43! zTtKcmcpa6tsU|H%KL@9S>O6iV@zyWahBN@~-v9+8NQs{Bu{XwaH2U#sp}$ott+|rv{JJ_iQ{ZL#IwUovW4Ow5 zHh4^SqTR${XB*MyWQ=n!(Ur}*OPf9I#;dpyvVY$+LuaI*;ZzEQw+{x7-lK*GpEBex7yu8? zqOVU?#6;smt$aNdtS)83X0ihQz3 zH?IGG)V+B;)O-K`->Oa}X;H>OrIk?GiWrimRI+ECO4-Je7~5cyB8h23)Y!&8nCy(L zR212bv5hrZhOxz9w(sk$I@h_*bzPs&b-usf?~mX7ac-S%-I&+gc)gyl=kxKnKP>o~ z zSh7LuLi^T^6t*JhP&$&oD#3QXW(IMT=w;o7@9h&GJrVb~KvB6qesQ!deH^CJLGd2> z5_=0fpcjv+lT;{u#kI|6HextKz%c8=SO%jxDl~kMoHPIUO-*=nOi27(dR`(l&1Zyu zAFMRUxMHINs<>4hGdtIci-e=wE*)w);tPL2_-?~gk?9B5K%Ydztv-*_r8m@nGqOxT z-73rKFr7kHr(=%U8R)++hka*H`7a4>uZ>bvls$669yTiLyNJpWJ_1w-%|6;c6bSyS zo`-j~_lbZ*x&(R>FM#R*_52X~y|{oYyf`!7ym1#<+gEurg5*JcFXERZ3okDL9+2Kv z6(EXGG{&Rcoh#!+*Bi!h*c%LcTk||#Yw|phP>kWt8Ew^Ah>Z*Bw>@O1xBjr1-n3YF zzJ*);ZS>=Y0MLjO-asNUCFZj3Ojmg~`IB6nXspNbwOcr71=RRXW&>DvTTRXLM@u`! zw2r#Y;Y&xYAVE$J%28HC9%}1PMIk|6p~r*#A^`7tZ4O#cV8lqHy7a zN@rUB_s!@mLMH6qY>z){;se>{RW;XA35Q z#AM=wXCmy+rWff~b%(oWt3ADIK9TPXGuymamp=1G8%ve2PK!^u@4tCik^hYm5PYR@ zQ#*Fzgn_eD%J*=Fp1{nV0*gj$Ns|iQu$sOXJx}b1pVh_T zXD=T<>oKUn|0JiKh?tTp{T@Z{@b`l%Cn@c$qh(luED6aAHClaGojFJxU|zOpU@qO4 z|C#E_%u06>RzS8h3q|JNu4Sb3wz>k1*GA*et+ClIUxVcv(t5 z&>iE<#|cQ85Zda;{#Zl5Kw%DCwF<>D@u;OV5MFD9Qccvcf)F(U}O5lb0$Ayb*>S5hl%yD*c{;961420zX zkW}+0eV9{2gK_)1qYYWdEXTrCNJOC%HK)p5Dv2_zz$*N1pTeolnoDCwmK)}e!Fd`hYGU-wIsl80O zu>>51xyzx0{vqwWDlzaz;da{bZj-9O;KA|pC^F8_WMkiZAdaABSs9tpe5jvWc0T1;mQ`4Q z>eAAZ0MX^V1@#&b9b}KJ-q7U(+aM`J+yZ#!Wm)2zIUuEr?%Az6Hr zKRVBPd!W4G^-MOi_o-IrpSvIr{la_&Wk+R;uD#QuuSorj(a_=Ab-gl=z4Hhm$Exi~ zCD1f>2m(>q7tbglAQ8p~d4-LKr1%|28#~-@sJC`5FkLqvt>ls|1n1#IgT&!cYHFa{hq`0eUNx4=ew!j!W#TDa$Ul3>6Xjs>KTa zNIpt(58*anAa72bPa=(9-tI{+ob3A8ew`)uWF;k_WJPTx_mVJR!8=N^km+eLGvWCZ z=TB-{;}q6QF*KLs&;)T^y1evFx92Mqcl)N^b-77V+0?7#KHC4y|5Q!yD;ad*qUQCso_@i&trg%; z91!ZWa~3{0E~_{49yD_LtKrMHf!8BzcFtPV6}n8ukB#Z6!{URHl9QT^C6ODH8{2GEMaf72gIcT;5$-I&oEA3Si9yyOiQMwy;Ew1}R? z?Hl)9oY8G?3&bqUwLRt)rlp>T?&KXMZC)61Q=P$yaz*~{%yo~tX`$2zfh?hkN(9yn zwTJs^qw9PU@Iq81k)CA}d_EOWSk*QzHUE$baEkh%UF5UG(WB`{jvaGfzka>^KMWC* z{3p%vE5HN0uMOuufAvu*ybad^hr}ay{K!F!7z4C^}SQ$<@*Gdmh3Y!4l>J$f>Vl_uHH z=pqhrJ2rXDsCytEqAV=5&ZKUIy}Yn_YKMyP)Po`o%A=Hz&|D*(*+L3$mP1XFWZmI7 z6Xqj$wM%fFw!KOt_-3C}28xYya&EkH+#c?v{IOW2VWDcq)q*7&)!tSW7g4!Ev@UoE zgV-=*Kj5Ql8Ru%jftk60&xG9;@O!uL)7bdT3_e&|4*42SE8nZzKwYb=*x4fDfAbz_ zx#Q4t^`GgFB#3tmQZ9P}>96DJ@3X^oJ*8X2M2Rgaq4n zbAwyI)w7QqdD>lQR@Am1tA)+qU$Hxy0dHnpDp6@vhHOiaC1VT^>A5bI0@Is$W)b-M zvY@x8jjVXe26Oz}NuUTX4&1sN4r-52`oJ@4`Bi=X=2nVAWi66NKcKWXLBZx3pFQ2Z*D%h9XGO| zL@(sOOd2U3Yt$BfydCV!VF?``i*Necy&hjGd>HB^bXLZF7sKIp_zl~S^BFsmHX}AH zff+|8o&T_$S6Z&sUjJ3k##NgI>!9mCNAJA&W;hZkM6Q`bg7V>1q2RSPa{ZOe2KUX6 zyv^OA%p1Kr83}3aP_2KkJvaP=IMJ_{S@H3FMXI-Dy+<+#l+~dKJ>-9 z?zZ}_!&pQdN@~#x`~CWe(Sr{gM*J7v0=0n)jwiOoxfGQt_Z10^;j-O_YYlB{K%;yB z0!}Q z(mVB9Y??ZddA_t-`;%L++0q2Z%PHEGoAn+T|73+%=n$J~uy05sv99uo2(>q{ycr|@ zbmk=6aoPE$xZb8OyS$K(@-zo`@0xTlc(6-W;-&F%`k1f77Y1$%jGTP*ql2%B*~#eq zk;rkY>c{1ByPBB&7L;k3ec@n6MEkv|9BNxyyplH>Y2H8ls&4Y>ImOGNDYpn~)$sSv z$sAj8R`%rCl)GT1^aXnW%YgQ2qsjK6+EE}gxXAt%D6Sg{xBLp6R^og(lMyYS^Qn4w zKx^LZNTgBOxOL~n-MhOp27GlgY6t2JPuuYjZ+r)UnpB&^5-Q>C!ZBy_w}R>J4fwE5 z4hgd}gGV?F@`r+_5C%s&a0zA#Df+j*O5`|Od+H9k?o*!yKYYfFPM z*k}Au+4RMYY}GvaeAQ-*ed9s$3653e8~{(9-BIDc=o53j8Tc;?CzqPF%(B4@3J}PO zPwJ06u(2O~txhca0x1&=gat3zcjoFVczlrr=&5#KNlz(>RbD6>o~b!(?0u7TO4j!kNpc~D{7oO?y& zg>>@L841g&;JHlqxD>ZE3!0)a(cf|ykBUgB)$eZpC~9D0N^_f`kePsdUMO2Wh2@Q_ znVKRBRy5v@QBfBj>7%%sxra}mxDZ;ZAjwgVsDZ#7N^#)~Z$6+)zX{{M6#5t)6GHp( zBa%Ph@(8tSPJF?rpvi|lquR;(iadpFD+X1V|{L}mx&6iJt4%nbu9LEeuO zpNMaQQNNJ-NR##3AglRTxR&b?NB^ES;$OU~9j93v6(yft65beAAXZleSE4kwgluX| z`r&4f@%H@ocsKYh2d{~%pt}(WP!9h$U?>?-D7_5%@rA&D3m^XHNl%g-H!yE`wF&zP za45!L6M(-9KzB%TiTj+v8S9%~13DizzW-s~<`&wb* z28IS3MC)~b$AB^yOf)JI2WPi}@3>bv%{gB2-XMy+{(#xYMv8R)BI#^C{R(1&xWaRx zgy_sAGWPznb;0TA?SBF^0h!_i0MUPgMxSN3kx7X(YRkW*?Z;@wMejRa-L$~6B zf(e4=vvB74Dda936RI;rG0w^5a!xVAb3dvHPrilhbRdbCERI5WzXx_M7v7>vBgvZq37xiVHKW;M4GfCMA&nPtgZ1RRr|3E1ob1m4AcfhWwG}c z(H=0+?owubTBjs$;rS90SKPqNtc^K`+6?e+BlYa2@%66ui46~@mCu}*aV;f|&KrvA zmupj6{Qxh3f@*&XHW&|Rvh)kXWC83F77RMGI7~=^1fAl$ia~k(6N=EUzBOm)%=#`S zy_AR(1Bpf+*}8ERfDQnp3a+5wnOYX1ma5_Xl0cE+kqx03^fNx-5R9fAgVbw;n7EvH z+L@)VeLY#2JwyH;9BfYzuTZAje(^F)V*I5ENK3ZLLxudCp~5sEEtm@5&`Ct?J1Qx8 ziHr^(Z>^C8g@6s8ou1`+ragun?d~h<^!Zt1=GFv2llbCXI!WIi@`Ji?_CHb=G6FCS z6MXssnVQszmK;3lNLr4c$1pmPUv5*12GgN?!#h{jL?9%Xs7aSm6?1}W1o=B!xNWwt zy(5#4rnQd>3*#>bAuLfPAo2P+5RF?xJd9lH^68~rPavO%(#S+B6%?2D_O&%&@X)yg zDRDqpbRLylDQts}*qJ2ZGJbs8JB(i0$6->spr5g-&ma7S4D~cA*CAdCB~9sm`VLiB z|3AwoBmf{8s6#u!{*sjsxDHo^2WiC0J3`Ms?=7eWiZ!HV<15AaON5#<6;PSn*#W6$ z9JWy&3f6BarZse1GU$D|Z;iy9+KvEa6voc!->c6akJ}hgdaj|Vw zNN$m!ey!~jKONK@scUXvGBp?N?pG=b1X=h#6;|-=aFKjTS(5#@2nr$(h^U~rDSu1p zf`jMm(LjAlXe^=|=+^#Rjk_xddg*84a<9p{BsouGl` zon4z;)m1cg1zGL-6UbmGrdX`omx--e6uABQK=#q zy8lAsfq5Lv$0%6StNp=;A1hI|Yr@*>U0i)7V+W*_SO;k(?qk2z=P_g@%=0{4VlJ;* zrA9q}PR;OX=%Yvar~uQCALV#<7XZ-<5E^8NrCkOTMnFV7n%0mQV6yB~0L&o9v_E+n zl2^5JMFQ?w$@LSSvVi>4EJk4cFihBOJU&3)`kgMn0C!8%sZG7$vf`~&-FSH#UXkfk z@7Ppmb9%H{{lZ-3^M1^8prve-!=0Y9^km(gN?l-16#z*i(D}ssJdW$k)R^A}?^ZO!{ALgXn=QZ&vLP+b z{BMZeO?MCQUeou}4(+A*cOh!V0GVM?F*uvBTnDs_Za_0AidI&>cRugXixgx=!!YD{ z{S%%6&u0cwGh!56=;Gqy7FJePZ#G{!_zQdRODQ;zhdfogN$|*vv9&+#BTH%kT{U*=- z)2EHoeO)vhDrUAJESJl-AQ5TPQ*!eXfMXE!714~n z?6ErI!1LjEU4=&_EhF;)!hP&}C=*l$1_;yUs}Xf8~R@yK3#D%_S6sQWHSVHfd){*lZ{Y{j6ho~F-ZL7-S6-G15n+})-ogRsM zudiOHjgVNeF^Wz8b)aEpuM;Vi6Hh{^1)y)TtUV^q!%rP7c5sp~$-K>gPhSbMeh(Ig z{sZA)zIZjAFk?RA3q%|DBu7AJXSBNaj(Ir)Xa6F~sb2T|`4B(b?|$Cn>6HfFU}$YR z22BalBnkQQV)44_2FcIqa@ITihy zg0tTSZq22ID6TW?1nJOuPNCvTuDF~8(sEo=L@=|X9pWNazT z19Fa0@58aWS-}#IIaXCQc1nLzUHD^?;ELhk@Ud9NScFZmu|nIDP9cBM8;V&Fg=2YM zNnYDEC&%9c7oV;{;|ER*`70OfO9dv!Hv!g^UUV-J!Oal9k;cLMTxpA(r8F&rP4;c% zieJCFr^F5J4luWYZSEE*0mq&VMWY22jy#eImPEoG=t=sMq6f5*Wl;cafJw4dX(UNjS>nIXsEz8%<7$fAmb$ zDH$EoAfRXVdXUlQRQ8;EBp(_E3K%a5P-s<7R!17ee^ zhrV?V&x=L1ZJl4)3|kWD-5iwzwZV{> zLR45b*>7leWW$%VV}{_6S=GH3Duf1(mibsb)g&`7Jah3fesb)BNqnZ}P2tpLWj&Z> z_FK!EhG^w(ST5TgAtx(w4Pj(9zCiVaD+Mcx0r9BuZFlla;x!93w3neTNKfhkoa3%S z#jUdABYiHF!&{YD8a@bGZbcQcDHX!xI97_$hgjJ@lHT=#}45RnF?A(=>=IDv<<>- z@56*VO~$))je3Kv-c!0;?xnc4UcystL!(MOd!xrVKrUU{(jpDHv$iX}+5q;u#NsO_ zG9muN&3ec4KQtTXto?X1LkK%2whZ{3>-pl)d~J8VxH0Hfyh$R3&5Au5D!|5lCajio zU7G9Tjd%czm{9xDkr#Av_}i{z>&?TC(uF?EXH=i~PbT-V}i>t;HV-4Z{t3T|f=z3OE+Ky8{Mk@NtVPY}J{v@y+wYy0;SCv}llv&>X-C zld`6@UoodjYc$Dm0Cw$YY5)9?GE!z$+Yw?lD%oByKHIM#E=6Xl8O0|QfvJv$yHl*@ zgu1oV7C6j#?XX(C()wudZR;03tFduKg_Zq4)z*mTbd`;Dz0#SSEs}R_k zrJrLXw{B0!i~2hWKCHzUusxBseNWb@#UP9%G^P_F?C4F+Mn|5A*d>iKF>F@#X?nOc zoyb40jGmavE*`AChD}LsX2P0@G@43-;@m|rf31QsJRB?i-}Qps+}5Csu&1$x)U4%X zBM#TOx&o%K5mPwe;&238z5K`zkGhA`yWH$^A9FFC2ezd6kY|lOu!-ek$5lna*l&Dy z*TQ^k8X!ed;@VaZiH3p_>`m4zU41gO?~!*HB z8jf9Jh;b@di9_!x(<7Tl4%Wt*gtp5>h+dBis|#;2q=0wzc45HU@8e=cIDgm@yAa{) zx8IEWkbv-VMMW3ON@w@-ms|ZZiu~fBjRNNe64+3Y0N_VROS|pu?fp(lHR2Cecwx76 zyTlU?15gS5*~{jtN~qdb^wbgdF|Q)=Q&s?C08yUS9W@$UFls78M@d1VGw4@vqCuH) zm=0~!kUbPw9j6Wf=>$YIDaC$k)WOZAr*i1wN^~zJ4%r0ZVH>-oZXPvVumoYiST^1a`}JX3n45 zw(k7*EHp#tp}MfBW3=5(9oeGOe1jx~u6*047eXs6BpqMZhxtR&*Jwh$b4NHOM6r4d1rCwJ3p{LWRnIQfqa zLt5WmGA$Om2&Fi;K0k&Vz%@jc{?w#qZAt9Ql`T&NV&!Z&J-eFWk-h@2OS-^w zwrpIxH6JB9jo$R7vY=6AVVsySA1_49mt|oWSxk|J}FI<*_jBG#K3ai ztL5KV;ABosdl46hkobnhSF>-k)j@l~h~S@~7!rBg(gsq54&m*A6FZ0WF@sE)6mdtu zJ{dmIzH0W}CnI!`5-rn<>QkCM(hVFsCBYDUWc?e6@dZ`7K$B4Kw>)Zz;hJtp6N}R?iCY{ifvF8?joe?ML)`g%%Okb{r)0jC15}cQ$WaS})XT1=bP_@6 zrx9s1y?`hT~vJWB~?$m|;k7%&2$qZ&ikxTPZF*h(h=Da?P>dNz&^_ND3I< zETr*!pyDvs3Ygt487PNTDPqxHPJh}Pui`4aIl2ryi<>c^Jo*UZkZ+5IEe%~g{C0(Q zc`HHfe5}pEG^<3?#g1?FuaLxDz&wwy?vLa&{MRQ2@jyVm{v940V4)zu73{TqI z_7a1Zpo6B6yhzkzUNFFy-$SAfJpNs-Y6X3zr{eI$iHmn6D(>g{F6571?dLo2w4LlRMwdrkv@ERBS6+k z%o76SOw*Ca!NqPxPLyopn8iNTD}JC0^;HU*yR>a1@_5UAK>+Qaj=@l+=A^`>u!R_Z z!dvv>H0{P(^Yxz;HF*~pJxnd7%kR)2;9){A;iT9yZ$yCdP{O z!d^{kY7S1w_RO3)a57g^%dy(5lgG-BpdRL*KQQ5)Zg%tA7r}yB=q;<-G~t6}?arfq z3kh9Ph@fyLPm>SJ-mPuCZ;XpKxFvir+kan{dBKJH469uCkb0kRNVbu;vn?TE_2rCz zK|dt#^#sWgZF?RN$0}kL2(rqJd6|yo$~L3lTm7%ub3E6wG6P8|8{(4y^g%`rcCw_2#U(1zc=u4J8r z-uDwhL(gIW_DCn)Q{+!PfpHJYJ#vY6sY@#_89UypQ0PB^*`Wpz9DcY-P%xC)C@DkT z5?$}o1CI8P@>r2~Nv1n4w8~-J>89z?U;?(c=$EU6bZ-B^ziW$RDxbAM0wzLTCnB@a z{r@j&4S)xL;2$7^wa3WNu(+(O?Aq@53xBv}-oc>f32xmNje#%ps*cM)Pc0Prn{IdK z?bv6)DULs+QW}K+Tj~@WeZaM}dwu)x8m!D8&XX0W!%ev`*^ZVUf49Q!RE-Qp$~GoL znlJD&hq^@CJ6w7DyRCoL0fqmA?M533ZbFY&e4vfery7AdssYNQNOh97D(kSCuV_gG zgohwu;t%)wTd}rq31f~GPcM5lS-~#^I0%fo1y||>Ae>*FZ{vqqj2=K5Bc;^ zEk1qB-(3_%MgJb5;Wym8ZMnyY#|ON}PnwVTb%kY{ZisxugoPBH44B35xeCH5x;3mV zoR}|NkVCV=E3p)R^eXCWmM#$fXjV{|V39v=NdJs_pw}xL{(*^pkG*(X=ox}U)9M}V z#hs`-xIF|G@i;BuFwT)VRt!7=X6i^;K8dgBC^MDJ%gT5&c;c9VOp&HyxCm_Qr z1?VlD2S3!Lp8@eS zG;w7zMz61Sho&L`fa2MmWlaSW3~RjW0-YmS#OS34mJ=2?J<#ksa>`{3eE%ox*X9xd zsbj9t$h2ipv(N=#Z|Ij8X=t)?a4Q5+XxZ7sC}qlfPg$e1Vd3 zNr(Z)0qGX89@3THZ)Dkj0Fe>7XoF=y8Y+6Kaba_JnRj0Ok*19Ya0p6sVy#{u9$gC5 z?dftm&W@PBxfTGb&chpy8j0nyF0Spno?yCN0lO4f+CQ?pvjD|Q5%zpL+$m5;*dK$K-VMO8Y~Y(K=bb5;Vi5gvE+6DA;vXLUjTAb_VZyPK`8r1_GSJ z-Y_QG>(|hVW#Q)ii>v#Jc)USN>y!9i*ugd@VmTlfkY$A3zj%-Ec?{7>@9BE7NL8`W zsQ7#Yg1#62JLqw@qI!7H0FK@*RFh2)#NVG3G)~xW?tls zi^0VU@&cvwBrrnnm6K5&`}{R3o!NBk5wFm*blX@Fw~KH_$9*j-5V%|yhJhy6R}t0_ zyKsul$NIc5Lt(Ue$GeTIpoAmT_4M?@(A4OvB`qfo`W3is9tH2%+<2GCA>_xR=nFH& zao1fNm4_ypal9e>h6a(m#Ua(hO4dz5FggH7Zcqlkjf!vx8~F+hVC7{_X0QDSkNiYY z_Vq;|IEDh8o{HFOO*ehP+cT&7-rF2VYwm44XV+bbQ&!RLUbejNU$am&_h4y`HNg_?EZCJq*zvaU za?|NjBPq_AE)#sv3bwb;?BO>_i_=#|KJ>raO+v8lJOu5e0Qy*JY`(SZnxhs8EhzSB zl(3QEi^#22!)a(OCx6Y&!(c84JL^guJwZsZ-f-2NyT4Pwy3#MZu{+vr@>6_4K|<3%ZTMma^%&9yB|LKrpvmx9`$yy26D|i z68>kE1oDMDKvn%jLUfA6;rugCJ$IaB_#^AYTWb%u$_-EOaTbjJOG+ZJ&?-4eg&F*e zxPk@>Hx*Dj+X}!>7QEv9!Pr9;mT(=-jK}}@t7}Zqs8)TxNr7%tl`Hds8jQGNU?KPu z81Z&N4NxI&J}KszBSkt!ZT1F5KX`R?La|lHc1;?7D*Rb5C;@-&zZL<&KLH)?4504d zF_!~Y$t_BSDvEIpgt=e_^=HI{2PY_l=7XYQdgP#r0art$ovJ*dO!tq-o&=E-7jbn6 znKIB(2T2R5dn|K&{7#hhErb%4&e67Ks9Px9C{9kV*d}0N@=#}PoS?P%Pc+7VBWd`( zEYEM$SCQC2q%Ep0J=?dt&kqYu9YAJYE)&}E*AY~DJ66rBV66NbLR^9K^OxPCpN5PYBse2HG>4CW-vg7 zx3oma-B<)Xif=1vLX1~6tapQpfIxArMiW}o?=#fiLSmZO+tBu1hQtt^9RL(RzmaP4 z-3L8Ir7A0pt%v*(P;8YfsKcSmy)H1#iJ$@D;~S%cXO=bJWshjlgSBdW!3LN9RAFFM zHVA}~&T-?ZQWV!}eKbU{l73pzSfwGDnX?ch$ZqGK38XqJdtFD!b=Jol>%L1*j?=$N$(j!XR;el~ZM=BuM5pN07|mV?iX>m98Me^Ovp^;o zmjGEt&UYY`bPn)%(F+};VV{~eCW79tGj7$UPpERJqJvOL3t?8ecyDm1U7LDf&wZ{d zXegL@_}&XIQegvruN95d_lC+x7BZ0QgkAS$a7c&63{H1BE)_UA~VC4YI%7-M1TYvpeywg&OIe zWxd_i%8KRa_?V**Jc$Yscl@w)CuWgL-#e@KZC>2L&D>l+Nd2c^yRZQ$A1{ETVa7v5 zt{tF|6Di2P>_BC+BaSnvaa~CDl-0zmIX#+dm)tb9j`_{K>T_RzLYTioT>~e=^>uzW z3|#}>HVj}YRk4yScayrEg^__+h{EVPLmEHSOgi^NyYPr0k?+`<+aSp2LDyDJ1QW1= z?8E+7wqsAM0av^gfH25@G$X`c4al|;&Vvq!dpM#B9|nog0`%t!h*DwHGu;Z zbv#W!UXTy%K?D4kB@IZok+pUZaF;qq#ki-Ejtu9i2akt`t%wsZkD5Vz@i3{D8B&U( z;fuq>4Ayqz6&zzsERT{s&pmF|$&aHk{PBCJHDf5$ez5OoXlSI9nlc9m+xo>r+IPvm zIxTg{ooc6i;g`xY|RmR$`QLaor^0!d=Y)NVnsJoT)6@29P_4cKXt;)_a`- zVH4@5Ykr(mzv~wdz`wxXx3$jre>-P%@PvL)m_2Yr;@k`_P1E#49r@0_zLG!; zbH47|?B~L=8Oz=iz^S*SA}4||xTBsDp(BL}kAA`U=a2`Pe`G73`Ag0sSQzyB=VXTe z@NY7Iz3=~J&M%Pp^WOXEriKOxb@(0$!J6zI{$xR>fRv{qWhMUYA%!4HjR$IPyL!bas0^BmC_9Q-u)~>dl~j zF$@hwd>W>Zf# zdl*!6!Jf?oJKE#9E+ny7E$}i5Y63$l03D>|m3|RH?#pD5ZD?>T>x5Lv_sWTmpQ3{v zkVsLyFUsPZmDhk#(ao`EIFY-AmgDv*;pkDs^Ny?5UipKwAKLMR&za+1KZ~j^=}d zjN4tTB~kL|3p?>&0*dhp**Er3IuqpN6hhZIf!dfuuN9v%niu@DsNs)<30>4$VZ3`e znA5+3?D_fMw7x>UT_^2BmflUr{pYxkvrh~jy8Qj>6qE<>eOc4VDf40`*S+4%ui?M*N{`)sBY`uRxcM*v{ZzF^5#_AGq`5ZG*3pefXESKm8JW;> zcXL&qWDP0`jGIA1LH#qCnhTs7;FEqW_jrY3QC9+tuOu{`ji*tjIzTifwY1Iu@!3-; zU@*;=RB?6y9?e)PF?IPOFm4`m0%H|RwfzI);;qbi8lpgb3%KqBN!`kI|6>H`KE7>- z!ZUPsZG=DL0I-v%gpP?>Q&zJQke4?r$@IOl{{!g^Kpe%^8Z{oHO$pTxMb>u%y+yWW zAPe;HJs=|>j0(uc`ra1lkVa*aqzK{w_zKu(5S`8QvSO+-YgtF)2e`^r_3Yc>mO2!} zn0u_RK}o`?{Rn%&e|X%B!PwlccJPmTzZG6pDEEGE_Lg%LC@IP4zzZUPK3s*oRJmFf ztQg6id~r~+gy{y}>#itcXM&L8;@EA7CPX0H<=27hLScZZNs$)5C{PVx1y^47eO)sf$XCdhBH z-=dA|?Qu0CAaOVg1Wj+sMy(9YuO9vY5%Q^+K4s(Io z_rf33n(~YrNoQ0*k=(6|+dIBxCZIAddU~874Y^Hw!{-KTRlz`1f2q~(V3^saSITJP zFgH+F?w$Mak=XfmM6Byt@3xrrnVLQkpI>+8Ic!*PKwE!VO^Z(fl{b#Ywhv}5j;DEYOaD|E43SCw{PF30l5Jmms;^JJe zhxC(G)$%p_(oRqf@MW+O^KV6&sLau;lVUL3jubyRCDnlPHJ+EAwrgYLI(8dLxsCW= z#Sc(7%=;MIFZv{IdLr)bgQ(Qo3sXxH{0$Im3vM>Ww>rWlS5}!lr6hP6KDnX&^EAkY zC=l)^qY3Di%ts(&V_+*h5kyrFY~`Q$JvkYX1XO8vt2fmUJ5>V%SX(xK zEC)X23Qd;f?ufuaYsA(V@61yqASp=i{1}rwAv)9fqU|=3$B$d;^oYDGPXh61#K==G z#=p`L8eb?~Vf7zIXz86HDysh=D!{&e#h715`YQpkxGHpk&|j5hd*4C+Ets+8%cAzb zcKyajg{+jY_FYdxMJ@5)L8`|Nbf!W|?#V31QqPX}0_Ag5D0|0b1f6#=pWBKnQR#kdzgJ zSy<_#N1LLeqIOTLF+BeZ9F;lCtUj`M@x{gLzCl~c6Va@&@G?egqfuv_0Pj)4n~R*B zzUqb~?cg%{<4(~q_T`&0|Mf8#`sn0P4Qofpcxv>ux z{wTl0KdOf({@_;r#$d7UMN?ur?UNH2^+Bf_^tyzt5lndJ^_u^sP3PZZa%m0!ie32e zm43JxlCtJ$lx{wHq)XS%B*Wj}Itbc)^9(p>=pe$l`AI&}mzneeOXw z{m^r?Lr_8_>IF31&))uz;XXuxybQR95O`<8blE4{|98>jQNFY1pXfhdGdjci=b!bYGI}}#Q1>k~-Sa&$b!gU0T?_1O4sz}*o zVzGk3Po^z`&q={N$pXSP<@}6uDuKqQfO8~Xxq_}t3W<;~E@p~)rD;<4ndzPagMG;$ zhzUd(>2aG9o$R>M$X3Vk`WVPDJrs4X)1MLBBb3!ny`% z3w;(w$F{Hkt$QnW%_b9pGdOcKZar6~Yat|D7Mc+?efJSvQYO6e0?31c@!wn%Q9De_ z9U^GnZvzT@K`xQ=QtmAQ2J$zG9>{gXK-@r0e{X zBeZoLZ@`!!7u<2LWyRRotmG>k`A5FO@~6L|4>Fw-mqFX$(@lq8!Oun&5BCp0(|NJJbUq&=z`;E}LJl zj|D>m_Xam$t9NCXR1n!o;GW%n4SuI>qbF!dn0{34Zl0s5;76WCBuhB8VMP%0MVmgmyR|aGp)KDwe6=-{2qF?ag>(lu5l5;YLyNX;~Xq#H%0Erw5;OcM;-5^@lSH4`UBQLSv z*(RX&V97pHZ&3|^G_${zz?L2Vgn%wf;QkwMF(#lN(2lZW<9)PWz?S9Kn$J|&94Cl0 zr{~fKY%Lq3m6hi0#O$dVMh=DfB5oO`4Zur8%czL=2^{CkF!;B53vHD)zu6VusvWJn{ws!wF4HC&U4dFpjCx8ceVT3e^b-A z6{C2nZJOxL?hUxd8C~K#H63p@vYnf$AHwnKl=eUI0q5P`xe)l7!y;A086~($yfv|{ zhNd#L=a^$Y7ZpH{eU*n4hyc;jn}Bj7n|;oDRp+G2euO6S@u2%gv9Y7&Br9Thwx`qM zeF6l^r)+g-r$8fa2iddDK7p3e+fOrerL>B@ltrGkC)q5z=Kh_DJb_g~-umJx=l@yQ z!f&x%&3k@A7yl|r0}F&+f7`L}XR_k|o9+c7n2-N>*0-^YK3dhwng1~zohPUJNfL+}H@Z5{*Ws+|+fUO;u`4(d(+R}Bfw7Qct|F@SHj zWu%!nDeR&K*CwZ@ZvmtCH|+&RDdOhk(gV3O%yBtZwEQmWE0w$;UzIKfiT}M*XXMo9 zg(Ng(#Bz6eCB71)SX6rxZK)oI>G6!ucAx6?q?DLkkY8us9oI0~7{}@(QY8&2U9^Ql z@ui5;@g;IMNDA_dXl^Ib$udEegS!aJlkbC>Qj z`1(@m=f97)=1)PH7s{;Yb9EWfc}hb~**eq5>z$_!lIhRR6MCN5nk2W&)gr`Z<({iD9rOY#BBu)% zX2cla{-=1j;yN+UI1(IX^+nBdummElK#+ajLAE@+wNL;k?gFyW?T9FoitJqGVy|da zl4gG}BdjGyv7vIxR-DBe)7NPwH4I?M<+RwU8vD36#mqSwi7FbW_eEv$E$;5$Ef4x| zfE7a>2uR%Cis?vR8fh)bUpyHW`R5NkZ~3?aJpsdGj8F0oeQ{zJ@DqNfED+MH-?sr^Bo7au!y62zT*BFaSBGCx&Pi+}9fA?CwS! z{TALyC@{BLz&Nv_HRu&;I4V2U<8oG?t9~ksslsTbQg^sjFoA8<}9l#(}s{=Gw%)*9=6pgcOX4g;=Z9&|uH>}Z$7jP=(>US2G z<7gl*U2##PhHACMiMuRuhf?;v1V@Vs-c8~YuQRW@1xaf`PYT#>?d~|7GF+Povlivn zts%1$DOE-6}madm~Z!521BhoV9Yi7r@2;bTX`tG z)WfRXtR@(C{Ueqh1ynRS6g*a?TG2ca2jbF*34>T7MqaH0h)W7J9fnN}8yt#FOw$us zz{q?7wbffiS0_per7l(RNzqnzyA_3Z#ImZ}hg=AaV?8PdRz81c!$$i!3q`ca57X{0 z9OmBT%S$XKbIV-Z^I7l3fxZHy13R=4PQ)K0z`Kj5wDKL#$TiVoNgk81B*Sj~=!abJ z0SiB!f`C3?C=WY<0J=KP5tU9;L{VS0WbUxJ9)kKdwrpkD*SDOeXO7*|MYImxo9yi0 zmndJK#m{*h>(rA*sZ5h|K=97hapxjvy$R#59at)|-$#Yz9wK-8CEkkdX1}V>ddium z&Q121g;`xdqTk=RsS)p?_67yd1 z_qOzSMn#VWKf1g{nk&7)NqiPTnb7a(nN1l+qw}}+rf*l~*4EC6l-rV3#0f6n6!Nw{ zT`Mt#=+fWjF(QE7a_5rqf2q9?YNLFAPHMoZywKS)Z^odCLDb_Wx+%{T**dmWw9tks`4XqDSkHt+`8;st2o}Xgn z2NA-&u5AMe{H&o+f`6+Tj`wrDkqn=^Wb;r&EY~Ygu9s#NaTwkO7pHR~xg*?+2GbHd z%U-M8W<{xd#CKQC<~aghJ#X*1TQhO9L`$_RHmHza$HwJ0R`XYu3`OpwIq%~E({)xw zpWfJ%>SA4!P3CR z%ijfdTUj0I7v{Qb`|@5%|E=)zP1pDRyJuZ7b-`A@i&!9MG9t-f3Hm5w!VJfzWFy7nA}aTi2nU*hQZzaX)}N~TEu;|P`1Cc4|qkq)R))4 zKE^!_?UxFQd?^LI93tZR^WCb2sgnP49`BQnP6nM(J}Y^|L^d}r{Tlr-&ZHBd+b-4v-9`Yz_)kGcW)`W|8~~CDp5Q1>QweibGCawN|LjdIaRP75&T}C_Wb%*lW51q zKd*LP+*=#!-tuY5o*(yhK5WVV^6y*Lb(>OotMw(T&McPmU$SN1W3k;wU$1)S`#eb9 z`^z7D>m>$XrMZ6n?bPnO^XYy|!A2kw}0L93OZz2?ZP84&F5Hu*IAXU zE!X&WzuNhxH`BsB?c)2aEm?P~R$H@AxOc^Jf%~f!6ZhD?GP&^L|NU<(XUQ5RhRrms z`hDLyVDZj0lZ<5!!53}+o}Zn4=RNzIpk$W%*q1N0q9BdaCA(dk8Vh;@!@|D0w1TgQ zRrsB`WwX5I`isw{TK(9a$}YcQuo74x$^Ovo-Df^MpHhV-!lh}z>wwZkQ%)^zTm-8@ zE-SXn9P(i?i7^AMTLOa#)iXLTSO9MwG@#(zJhU_Sc)#`Le*kS&27w8Y8Q1TaO_7sY zzek0tI{0fVYIXDGS{ gyo9yc^!dN~*~&*c7GKo_UFXi=>FVdQ&MBb@0RGai2mk;8 literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/deployment.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..425f0317c9bb733a072c12780298d110dabd1f52 GIT binary patch literal 18105 zcmd42cT^MI+cp{%3pT_;5g|Sg0!o)E9UDjqy$A@AE`%aoYV24jBApOGflxw`E`$(K zAyNWTLLfi@AwUQTy{2%&^So=F-@CqZ*7?5goIlPVS+iy`vu9@Sec$`KuKSv|W+wWl zj$b?u002%I+`D4|035Ue01h}GJHk0qk5ww=Yz_oj=-&cV^jxBFcDOumf^Gr;Rf#8< z&WAbs+>h_s1pxqjV*9@X1{PPA0RTM{gF82^o;cCQPeom_M(?f2JvnjA;+>|I?lI6? z5Pr4jn)Y%E-wV~_+_iTbm5OQPs&}<-zk`tCNz15?@L%xUj?29#PYc*3s_kuind_2NDRZ*D*xF2&k$b5IE;#{^G3bsR2t3e%Y zyL5{SsZ=!2$1q{wd&MB$aN>7;+>k{y8Qby>71V zvm}eI-Z72%GT^az8ycBsqH4p;_h1V35tr+33#CQd+Jba!Rm-al0DzNbnTJY+al1rM zOvNn!me)^iv0Xh^7<(=$HW=FF&0497-2hKW_htO>A!)B~zssdQ+f1*e3d5c{&mUG+ zWm_crlL{MrIHPsQy8Y>b++G089vr4Xj=mXI#%z(5(Xw$Ot~*<+)XEKOKGtXxQD}m;;95m2~H|x zK+KaO>PLDXGSG=5PBXWxrZ=)8Hm@|qB|=vv@jA?Ets5^?H8!Y1MJ3y=2)coK(YoaL zidB|#tro0qHSKtG=Me8uk9AOUP)3b+Vv`MNcsyqfF%r5t3!ybP0^uEvl!qI51n7#qWwH%5=7Qo{jPaooi{>!Fnf4tf+AT zzUh9{&Re*T#I#H?HN2~}!(XQlO5`v~Dw>%ZO${t-;pp9+tU&gTI_oPuf<8hh$Zw}U z@I);O$Wc+IJH;rdVV?ngv#aM-D6tGU&jSmiF7srQ7h%Q8wU)5GWntX*I?mfDK{vE+ zVHV2HQBPDeD$0$@ICn;?NT(ZPuL@nW$36IJfX&{x4i6n{C9ZANHLbN@EGIfAp1^;C z!U7sw7_m4anJe>^Cum3z8|>AwxL1T3z7!CdW5IGyUl`reE{9&tUd;KSKOv_DA@20* z;Dc0POL#J2LGgqLf%hC-0Uk;puN(22o7=!!XFhLEhd*6B%L;OQud<|l3wWc8Qlyw2 zL!?|{z`H`GWXk_(o|V@Y@r)Y=#^)R zaIEu7f~sni^#qgXzDtZ=nm;sWGRQ5uspdHH*?(f$fBdGs$y~FM?*uchlps=`_?1lS ztH5n7KnSBzOLBn;d&MT<4KO?G`H0@+pc9F!XF2ovQ8z*SrT5;=vZz0TRiCSYKZ(8; z;xAIomxH{r2kyVsjb6ALl^gQ zd{_C}N@JG9UWL=>NEgp6SGlj(He;V`_+#tY-l2<^8Y<+lOvSApwfhY#K0Yg+#x2*X z{P#wTR(fmZpF6nlV5SN)6>`f^KaowZhQz&pVW~x5uQlg!sWV7w0tWN!>=tSy5xqeIh|!pDLPq% z&MoF*1*?Lxu{t@5P9&YSnBC`~6EmO)!vg^MNw=13^1Z^XDgj7#)lvX?P~NwXGxE!OIuf@qlQzE<>vcHdZWHF9v^Dt2a6UT zUpxx9EJQg}dX7}&io-bU>GO#9n%@m*kKYXld26EWR+Q7Sb#&KdM@@b1BP?X1{$yWV zm1m`p?)=xjz)JK1(RQdVy+0K>~rZO4b ztljc(=>`&#fqO7Md?I+NL;SYxy}gV2H=>7Vju8aZVyP4%Nc+1c*MSZ)4ag6Us`8%e zZE)z%s-rGujRn^L0Z)Ajc#8F$3QkC5j`tR?)LVD{Nu!xnVp_T?cJ!|LFKpGVnnDM) z-un-E>OA>MilRH=Q0k9$OvL4UjV`?kTpU@(1TKNK>Cx4$W~|u_xPhuYZMcL$^Zwkh zo)bXMQi+b}T&>y~l^)XQxa}$oC;G6pwjE9U-Rq+r4E-Pd*oz1Y0%{PK;**u9s||Wy zu;T2q-*{8ed$je9)~sN=S2aa)?$932@+c;VVCpS=EES~x>ZS7F=M}-tmNbn+{A?`^ zJew+H9foPhgqEU}{O=bj$JD3WdQqY)iKlvpir9bq%P+{o*ZYh%Hgdc1nI4L65s)Q~ zXC3W-TpCv#^@)V(*vAA z6pP=Ue8Bn|QJtXvB-bf&=4g}4s{Y2xn)as?hKTv>ns*^>VfM8hF;`-KN@!0V)`Ws9 zsB&e$H^68M%dVD6jId&7*F$vZgsQd5j*H_4zH%Pf6NoR|E5&B7zv#W;;2CN6r?qQn zkNJ^JiSW#vSiHlPi?^-pAsjrPzsiJpA$<3&)6Y{oZ3^SwU6@!u1)rW7Cv2=eAyqnoKbe~36pBGCu)7H{EGI|G zX6CiEzwz2LF+1rVr0tQ~1Al(?k_wQk`WcUGm2+EkZ67QR29VpbR$t{JArr^Qy`@8Q zFUGG2mdftEJhvXqw7@8=465Z?EdPi$Cr9*XbrHN=n~UZ|Psj#zqAXOUd%RC_dX6RQ zs_TxJ(=#n6_(RtYIYw@lTnry>CDu?cpjSIhD8IH!mOod{d+QtzJecDE-98Ko*73&N zOw?wo3P<9h^I&nHv*HtztLmmefsN{%sL2E6p=lCfm!?xJ^TFfVqA|&d>2pD55*GwCKsOYx|T~K{rF)&gj@)=I!(ZE&?428iz*Hkh-#nddm7QskKeM~Cc zCG|qq-&!XAMv zCs9aJNasjXsCn{5470U>@|_MFz=gd}wN6>T0nbRj)Z6GOYPDGo#ov_xB3^7YPp;#R zpfx}103QMX5lffX%ym!+tnR3)qMfq?L9>+upA}%kiJO|6zK+4PKvwi(i2Y92NOaWR zc>v&tEsv;`fV$IA<(_LHo31$nl!h6~9|q_G|IWL(pdM2oRKfgMu{~21JUYz?eoT@c z*Q_b3jN#CO#>;sZS4mccX&z)W_Am8~bIQB;an-BS<#qtTWzVtO913xUSCm6J0KB|r z2LOOOcXam;neRUJrk!;R!YQw~ci6*nWahTB69dW|T^1ZZJ6(F`w5bLFyb+&1hJVXX zSitJAt7--pUQVq4UEDchuT@WW!LzsRFN~x-^DIwWH_%_VRvRHsY;e}WsDize38Gl( zhy{YUdJavSgVnm>t~gSCVCDrt*2tBZJ7A^OL_xukz~}X2L5Vqpw@qK`ZO9IAB}XLW zeU7aqD4rfp>IEZYl##&}<=k1>@1t;hsrWPv{Y**UMhW$scrm&8&^1wL&!!mtdaFXV z>-gpkm~9(txOQwJhf_taLR%r5&*~xGuFM}jiXg9MAi?V!lp&K;2SCpjJF7I zXk|r<#4I8!1lG%}A?GZlFvW3;itZ$lGSPbR(8w>BP$D+3M{|(=VF}Bds1RZZD(i3e zTyR=%z1r6na?YqLH%Q6%Eam|K*6lY{3;m;Ss!v5n z#B}j#K~3Ys{8LqbPVN2@3!N#NH;(=ZTFLm)lkJ9mNeX+u{@n(CgJSH}wH6VBJE7h> z!T;x{qC}(n>s06L;DAhx>cBq+5)@I-2v=zjtv-91s;y`EC$|j(Ai&XnN56{_Y3T+H z8d!o-xTyAlJ|bSmala#)w0nbl^qO`70No`wK{GY}d0=>JY-GUR=f=uT2j;a_9UYIQ zUOPrc{f%eoy*~vL%d7Z9gi_RaQ%#;Yr`n(&KaY6h`QVeg8)XN94ZcvSQ!&S&i6o7iB3$%D}@J0a?8*ByHNO@4>aTh1v{Udou9nT*%nxY8WAnEm8q zuxUJDXr?dgWgzaDRbQrhN6wmSX!qQXI23cP;A`ImBlvq7uyNh+MKAU@Q;aT$2=Q_rFM1_#gvH_9xs$;D)^&M0|2}Fn_FfZf@|CjkabbVTb$Sg zyyl9zB*=-f&xho1adzcv&-_P#@gBIq>BT!-|3l>c|N0N~iDF`@a>=95jvkM^(m_1< z(kzj+mlRq+OEK0{3Kp?x>+swd&UT%Vxq$Z4wS6I(?Fu0-ZpNfWoJK=puNB!JojJdY zd-lZS0HD7^D^G!cxYGn@S7ibj%5u;2m>r20cz7HIEZPkWk!E_)Z{8(IE30D(e4{j$ z?8+q@>rHX_tTJNVTF5s}1M)K)ft{7QuD4zke|vKagajF-$(qWubh0-L%PmlRpc6uN zl>YwXFoK=M7OeVv0uOSu0A~im#XYg}Rh|k@lckAdo&a9shShR$!VA2o1 zVvSGihYZ?$tj4Vi$6TK0Cto<#!}}L@J^jzw)DdgbKwyOLTOAcdxt|bin&02Sdjf{l zT&d!oQ6;-Y#AUOz60^k!6#SI-(wNF?^7SM1pyPluXQ;1mr_!5wBg4#^;gfsK zV}{oI%=f{-Wi9VSE)&9T*6hU4c&(L}HJ08T{w~E+)$(;(o@gisU|Qbfy`)C8&Mq zy#~-#M_>HZ32QWl3=J8j_GnCfLs8Sjy;2RNvP$pLXvBF;K!Q;^wt(NeCpCHef!*80 zl#H+iI5EY-w%V8`WkpHRocq~c{LQXc^~Vi*#FsH$##quvr4SE%h0kuO99L0SLFu<* zBZ7thogPS$gun5#L95Kr;Cx6(jr#Gqh0bqdcBa@nbMfCZ>P;qYI6y9Xw&{<2-<9__ zENKt%3(QG&Bo2B330#5+5bpr}KSXBcg*G6YR|OGe5%QZ_1{15*TTFYdpt2Y zSv+?haM}2!=}soY!p1v+Zy{kjSby?h&SneDXLbGCgNJ-`kVXf+=zb+L@o2L!akV;R z?&!zvQwK-!&BVq|by_y*K^C#+&yJtN!VK5Fp2M0*p>L5v#wN^|z#IrX)qotk?o8T| zw63vf(3)goto{o4Ac_lkC4N8PV6w^FR~O43y^xSXIc%isREjycqB^3oto@$q`Pa3O z%Q{5>KmhN-Qnw;W%x|YJ1BU4mFxTYsaVvU~MEgIY(wQ5d6S&5)p)!tT)~~!|hwSR4 zyd5H1eG^sx{zEcN{RD5TGkIzy8zO${)z^G;n#q^5{foiab+{((fxInz1=c^X;hfWc zz82!zrB}kya4wxI(D8dGn3C0SA5IVOKv~L!6-Y_&k7$wvS5FS^cT`1K?rKmGaB=X~ zO?0%xqT_PyVvWrW58tp%55-l{r zU2qRM%HqhJx8pKifcAG|zPo=l_ zJO3i`y3uT3-j}(sY9-pm$NSSZ<3)G8Rj9C6rm3ln4f}Y@-v~t3zZUYsO^J0Zx%$c5p{F?4Jp1=F1atp{ zzw`cYuKb_+R8N~*74U9m@@d=)$i&o}VK*hVhqrs)3UAc}6v6?kl=78pv^UUQlIhFYxR%Y*j&8pjwgxE`;3%fwbsxGXK zkQk3kbNAuk65WY~Sl`xbcZK0Y|lBy$@AX zuq4&&!p9fT!L$YHCL$T66+OUr&I}&0P!h3$xAo;b zxKs|Q-2ULV_rg1RD`tdm|!PIICVcZ$dZzgjij6b;dU%Yrx2{I&&ItqCD ztOQ)d?3B2KsOAA)1Z&F^PrM5R^>)6mr1-^K*%`{?lWjvrS+VNR24l|$>DTK~HV;cs z>{TD_emHfkU_xf}^M=XOGm1MEkDtf4`$iDQU7O1{u(@UT@m2k--bZ9EiNurA* zh#eEDYs;OFsgDod5PFcYO6HQSI_zrQKr7r%vAcynm#zED==8k_(wEh02z9hHBA~!_ z?t;E|hokdAYHUe$e~N!vveFcrAFkP0FP6%AjWf#bo#(?~503-n1=b`g$7E{)iy~D={szylv6ZQtzJ3$C zT{?1Ax7h+IuX{ig@vHZa1y+;eYlB7hJ_fZey%)mPOmh9rzi>q(es)bSq?s28eJAs- zMON-DH-fHX1rL2G8I+eE?SL?WdlR1e(OXGuvI`n^nbjq({ce7uQjr-GrS zDbyjXvcWVoh&fL(mb+NFpdK_G^*#EI6XOpVD^?g=tMQ;|wHhD2I3Oces6*(BT~J!{ zZx6led*Zdm-uIZnsiVj`)+tqAo0WTYBO&WryHR@rA={|MEQxTT7e*K^t4LSIdQVIA z?u75s6=^woRFN&^`W(h5gORK*v1oRa2{{+~C_56^>s;FWZR~{G06|Lrvx{Fw{eXFX zVvTBK(|N(AZ4}AEvF(vu#;>GI4hM%f{q}c7a|7U;)=##S!fBiO zoge$p5rtF6NWo-x>KV|J6}7G5=Zp(66&{kyZ)N_Xb)seR_2S=6WYFcrPc6$W1{vvl zZKzJjt?^z|lGDUou42|6>cYW$I@6iz}imGYzr^q49ryX~F z$`39p2KRvrr<;TMLlq4zCYZ7(XcmM_4V z=368Z_3*8w#h`--X+9mmi6fSNx@68ZJvxBb2V@r+!048}O!JcK*04X|^oQG2ad>5s zK=v-#+Qsh*bd>w$rh1Z@N|%TPKyfEoRI;YGV9E96ae-9@$6*|H!`3F}=PPt#-`vsH zl+mVMVg9`)t{-4kN|aXH%gd`(lShRR?fiwjMN8J zqNLf20a?KcKR$gk!w z7{n5*dG^N1(=3Hs)&YbQ5$hwW8}Fq|zFb4sFyF%MTi7AvR z>AQGuMVNA^QkUOR{jZW~p_%7HWZ=$gTzY6@wNOl-jpA*(hs92-D`f0=HS(N*pN;=; z`L$`DFgf|zgF5BxaM?vxoc6??i4OV9*47zZ^-iIdpAPJDDLV*@V)?O^M~g%>zK<`> zDPx@<&*xslpd&ZhH6r1<_ma{YaD$&Ldq~oUB;_7n&$nE&_8EAtuD(|Hu)L<1JBDwr za*$IWsP(wpVxRpG!9h>Q7vR1U<$Wi8)xr_}*)(!Mn!0uSq5R-KWQ}M2&9fFV4cMWq zb~j52`IF_O<=5Q}z1C{{>l0-og&;Zl)OS)ZCvJPkj#`Jc1(arn#;Fhz4I*pyO0cXK zsEHZHokpnl@_hQ!1ss}DJ9^}nIo}$$j%5OOMYZ_@$n#`}!tn9@TQ{c-d(*?cLwy&l zu-{8akNRp~+1CZsta^}2nQi0w`r@W`9d27U@;QJU4pT_{yRA$0S^uIPy-5zH{%q>e z+NM^7J3*V3Yk3;~uJhdZdv5+s_FYb>A`*+@me}7RHLSNwY#e+@aqkH5P;w&H?J*@i zvKS#fQZ@uaE!qV0JP0a9%mAGmB0Tg;?F|=yedsmr@NMc8=2jR8SPO=17k|injdG2< zXk@QcQg{dAjn0#F^2n)y=G5l(aT%AFUb8P_Ug%P)L8788ZI|zhBGnJ=8~}Wq?2{9< ziuN5u)okw`KKFB&kyL7xD_|^kUG#P#F0}TSUH2m!W=@gU3G0V?h<9_Sfv9Wlv+zm_ znZaOH^j*oVPU8>3W!H3&>YTRn203lPz$4Sr(Oc%d5A-)Q<3rM!`u_F;+ z{dEd=>;ipbytQY58g}nog2mgt;q_a-FnCuC(GFKu-|dNqMj6pmqBrxRG57o+icwB zIZ&f%X47Fgn;DFZd?{7X8@(x@XhEhmyr*roE;EHyy0xqTAKJ=?a9at*MWUnj?uL$kp)kF_@S$|@?PHXUFM8d`kR z<~=An@HyGeW1@}=4{jn>4nIwToXezHVkyDfX)XS_s+j&Zp&pBGq$6=VQ zi(Y9uk~yJrWLJ#xz_RDs@X>_rsspXqpEy`>9OII}m)?n~cn(`^d~0fOp?LKPh2rZ^ zA#&$0_LyfyG&$m)U7Ma_vAL^d9Mg zPU3WJUkCW*FslbM$sRNnDJtL6UFc$;qQRE6)ga%^)p3qS1D;x%d|DgsO{^GnQEGPC z$`&l*DB<3F9hxVCA^sC6VY)e&vJ+0k#hs-89u#!aI<&f@5yuhi-~4<~oL;t76iu?i zs-Uv+Yh(o=hqyhf_~XiM@LzytErn6T)cF~71}Mib+@R^ZRL$D+<%v7g5H!P}fPIPr z%h|mG(>5w9YUys?lee}}r&z}>jJ}|>NQDuX?vB^9%|NU#p!Y`V5)uN|QSX+m%cH(K zc2xI*CPEA`k;7lV;!bW`pu)xBuF_ytn z{~-#zM`NdJXf%x26F3g`%_&>_&A%AHfq>&8UyB=Ce>sv`wl(&&kqx=))_YAB4Dnji zgAv5s1i^R%O4p@b^_WDn@y(Q^oM*l%hy+rJ7$+lfsq1yBWwL*VUicdQ<#u&`{K)#w zQkoWr2>2sQd%8U7ZwGXv*r#2icrH9`?HXGj4J>B=)L64xKlKItU%c(#+QgZ0u~C+by^ft)P#xW9|Tv+?DQ zMamFcZxiR_Qg3_Th_qFYl0LPT`e8qw;1}g+4q3&#yFpGbx>oqgVop3HGYR(Yh)g+m zoPC}3QN8MeqBlG8HCv-vC#5s!DJ*1GiT$8#d8u)yCufc1?F9#5^osSE+C8f`}Y>-^oPz-d0}PIGLh-9^vvd`ms&n5_uePL{cdzt>{o zryQS!NB@cvAFVl}M7GUJRD-nQANS{9MEw0Y^2BY6pVu(!W4xa?Up4*UQ6R=}w9;3S z@Q(t&p5$wmSVH_FB5OV#sqHuHSxPVrM|x534b_#@MDA9X7h-uO!2#vxtWt}B8yu18 zwgcv{6LREywFQnZS4Q-rIHH`3JZ+5`=V(PwERi6P-BPMIXb;F z=PUijbf>Ufw4}K?v&Py3v22{fw{hdvg=X%S(x3{y$LBajhadenug5x0K)WUA-Jn0M zlv^CB<7VleUh%DwO2OjA!R*6amYm^zbVL51(7638Mr2oaCbnGt7-2F9aWSK971-Z(Rh5`yDS@2AJ1+vv!YP3T6^ok>S=vnWyO@Bt#xcr zZy&P$}F%Qvn>9dU$q4}AiWVXR{ECi{VUEC zSZ(e1G~2$(W-G1Cg)p#Lz3i6o&3@FUpKr7Zm^0HLi(3phm!(I1O~x*3b(}x&wnezX z-1$dFU%Cz0z^A_zo?9@k)@J9uRKPWcg`@*}mr|(dQ(Iod`j;~yT)^ZkU7%-F*`-#N zj0*0aS_QU+n|dOsq7^&ph0>BObEFW@@<)x~JnjqmvIK#1!Mz;?tCl%o;zoQSpaUJPYi5Q4GfaJo`%w1_(-Q|!Gq zEs=12SGP=6Wlvhgb>9@WfG34gWvT>E!O$U|;5xglf$y7{)1FLe4@)g^oSfX%48I`> zCy}*xqn98V&V(Ne$A-rqhnF?s{RCQ>2}9lvCbxD-0pj4!6>)GN1FrC%sf1xFksB!; z(VhuB*-*%apc9569uuy-z+gm)xb zn_$IivB=S-uDIxnSEYtYDXZracxuId%^1XtopR7?jsoAx?D4nJkhPPtu*cimgqMj#?t(tnnjW^1Di+ieZ+>FR4ELd~BoI=hE z-x?`L)=kPP*Md>^IX3Z4!?jNn=fL2Vpg=V;7csNZ6yi3MGt5TUh4F!Kb28Q@mFUj5N zQG>^kxpv%VclelzQ(2|t&SNG5GVhTV>OqmOBBsF6Co;dxfLMi zxr`D=HMHLCmm5Kdxy0iux5(2Y>vjmusc2wSRNxLu&`qz$!ODV~nn{mBZP2I!(W3oD%rSnqIdQF}vP2k4 zAqI@U$S7DATT;Z9dvgQ5Y30TnFbP7po<#KB7CzY2U~^OlI`3k+w^yL8X3x%c?}mz} zeyhM1IqPwh35`ca&N?tNbJe5YmK-eOD2_wq40IX@$P__lCwBeD zP#7-N71HCycwe4Jt`zH4f9fx$CdkJ~y~MYhIrg^U+CWghq4p5L5`ME$vtlG0dLP!G zF{7#G;b^{jDz_zM zWHV%U?zO}~xMzhZDrmkWMs!PaoYqa=z~i_q!RdV6iF+~%3UGfgCZSI?BE+&uNEudG zZ5hPZ-EY@}deQG81kx~CPQEk?zunpLXQwndbKrCV8D81nLl38a4W=CU6vFj$t{8p~ z^X<+8!Z=ecIvLZpbI4h-DNDIG&DF0(b?LiB0uKagUqXJBV`-7O(mZl3jlVD(uyyx7 zB{gaJ^wm3$NPmz@Sl?uWy{3T^IXNQ8vBVP;F!*)LFWAS**-j5~DKTAobIuML+`=*;jZ)4-`f6Acx~?t2%YO$?M*$w(e!QU1ztEw z$0^5`AG_!);e7IDA`M*VdB!3!rEQ`?Izy<`(?6I9?z>F>P4F6Bq>?A%hCNKW zO98L7=M`R=MtMDaIG<18fhO)6=&+)HKLyLUncPX=l^}CHA4X z*`t3Q?dPGsPQM__N}OrOT#8=hF%4c2b3l-WE8)ajYw)Gbkj^$*P^ zUmmu=hZscG*|{6Zy+*2-zsQKnU$#buW*-nFv+yi6lrGLmH2bMrm0OH|SBdLx`$#=K zgswX4!JGx_>wC8Fy^Jbx(9|jzr!Pg0=cq!^o^$6Qume=)Fv6OA#Ah)YeK{sd84JA0aa!0>(w|DE1N~0oM!SH& zx(l7atBEsuyS#%+--+;5*BtW&kor(cE(q=ci!9-El;0WVdR%5Z6${Mqnbzk3Y+WUe znsvc$a^Mkb>qj#4o-6<`FT}jTfrh$w4h8Lx;KMV2{Zk421z(NanK_8!<_sE?#CR}? z`tbV9e-7?d_fG%f(`^R;PY=1?_$e6ozia_nY0J?)QjP@v&QD|}jvoYY2?s3(T+|3H z6E{_xK)e(>9dP8pg%7R16ApQ>7L{JV1Ave2YhfS#4LN93H}St?w$eo33HC>I;^;V( z!y=Y-byM4=goqo%VSaTET9NfgBb}WUTEu+o(K-l0cAPM_=m!hlH?C|*=6NGCIaN!N zMU~R+Z@>Qwv_(1^dAe0dTuyJMWaxTNznhqE(+3V@Eyb9QitN;kpX-U!QzmVkuzs)- z4uY#V-c1%)qvi%RfYkG?Z(Ae17pdPIB`*&0PX$%--1L~kkk*)^J2~V^l8%FGTRQ;5ttxB7=HHw% z9qgONj%ZDFKN`&LloXEHo}z~`UZ0|4JVpy(EP>C*=e!%EWd<)u4>tee)ko6hP19$O zR-bVJxkwmv*?Zz(^5H_1{<$0UvYZTrBYA|W0Iubcdp${pN&&vaRNYSDD783Hl)q?Fs65z91~{C2;n zVtsCz8Ks@!2@RQ#N@H5y!3TfOLE8!5PX`jL$s1l1*)P*hJ^U?+*>;I8ER|F$R%lJ( z{`$dA?qI2%_k*O$wh{JUzJVk^xndRCWHESD?`!sn_U76CZ4H)vkn-c; z;8{qk{nDQ^=@z7tQpfAI)7d&~$n$Xc3G8}&&3KeYiKY8i?Y-u>)U14ua+9XKOIj^v zmh9*x6U>wmr+if!5x702KdjulNgJhIe4SjMCLZ6VgSQJhc!|;Mu%DfL|4liYZ-?rF ztCTdNxJt?kEekDIQ&bDB;4&nt6nWz;Vp|eNDGSz594D9}=Ae8{Dj~$6>rIF5?BPsO zst=shoNkXFh*up?Icv4kI>@uI;B&m6!huub#ewV(vc2H3ATw)i4Q0RqV@da3qX9uM-8#it_TSlh&dU-ouxUTC%QJ3>elg~5WB1oHJX&dUGJFx}ExH-kl* zre+?|+!}MakO1`Ga*)9Lr5w!!zpI@H-m2=NB=APU0B4lM_59_q#nq2F7 z%}qvjH$m`>@quq2l)fI63{uqOzj9K2Q>1vtwCo_@^+~FZWy4c>@Qpr4-S%|FT;_JD*81cNVjU!%4)F`+tN;MOF@B0=3`=IM=otKIsY`N&Pj;cE>eqi2d=7Dc zEp$&f`1eiX=C54kT~}aVfqxW^&h4p}A5-o2cGk*_=Q#n4kasHDG$t=5KAXXXev|r6nDimXjhJmZ%uR zH@aA9+AKD-P=R$R$9w*KC!W=Y@MYWiyhcUq`RKg}`#Jl%%U8s+#EFJzv-f|yq-u|p zOKgORqltDt;jOMn-@IWit zZL2UDH__25=sDx@c;Ys`g~Q9QVfa$Z;FT`PLpJ4YJ5qHXH1%@3q{_5H#|8WGvgZ+= zqXrPA+xJa!C_TI?|9!Uw@wEOz^N|&XP&VPIz~4wnj*LSc@TEE57*K zJ&OnZRfs6LJfkwjn=95?0~Fv|i1O$R7uwshW>#!2G4IRcW|4?5sFk^#upGx^n3Iy% zM-B=+X&v)#c7=BGpxw2T1isE88#rdN0IYzrc>L?T?k#`+CAVY+52A;!FiPm0M41y^ zZ)6J&f}^yu_e11Yoas*Z>tDz408dV#=A%+cu|;X3fboXtIVE`1>NW3Xs)^^$E1`$* zKts}(lL!Fd7oVt=?hy`t)%A!o3+M0?g&Q6j(Mi_;Gw(3TBKs-L-c~11AGiZV9R?gz zXdN7`a#arR+))u5d;CUmABXBk{wNW8?*byOs&wFVxxzDxUjc`)uvK`pTnpk< zkB-n-ltwLk+bN;o03cA0b0f3I%)jh0GR&Nk8u3eo1KH4A(q@`S%buYBV6h)6t@+Vv zSfbg5vAuej&Q)f{l_FqK=QOU;J*eUBmL`}#R&r~v1=(}rbXDV7F<^3e%5;K`VY*kWU*w8e zsxUO89ZR5bm`aR3=g|V0k60z%1@wwFJy`cg<~7WKp~;Xtl~$Zo^I*$X!gu|XePDWn zFz}PYvtE@YkNm=5+!DNy_G>VSvPsUpw)f&a6=0sI#IPp{>_v*0Qj z!J!yW+227F&Kbw<{`2)ok_Oq6z*%*EpZH(rOaJ*5%m0%pj|1KvPnBNH`c&u`ssVAd zx4&+#>>IkK8!!qk@5cSAF88xj0o#xda%S8c-qNd_`bq#z9nUxF%OOS5cmMUmf4*r1 z;goEWYHm*zT5-5aK8>T zu`iVtN7Nad9OkH}Q*)r9XrCqpbVPE3s+VHSY|5fn`RQvqlp77c=ltI`!n_iDIj=GD zta>qGd*=}6MI?7qz*7$#DJJ3YQs(zi-^Gus?dR`-QoZ!!qQ*t_Q|;Xc9{lAVTJC3~ zuQ@)AsFNEE)(Eu1UkULuymZ=7TXx@n9gegUUNRaTIx~{PvDFG(+?^9C{j+0V6AI^; zqc518IU5la=1_-FP4{k0_TR7KjLc-G5>O#K|Ijy4qmfIw5QiEyD5o3U)~O&0$G~i6 zE~33KP*-9pDIlsE{g? zS+m3b2P+q{k%#HUra6cdzIOlho_#;3hkf@9#M~xdyKBzyJtCakq*^FZ^lBVHpDB^@ zPn^qasJg68PPg!2Za?xprL+GaR>E$61=Uo}B%FU017GEsZ3RyMclP{`aPvRT;QwYL z-bMspezC`3_%@Y?p!V5%^y78srs8F-U4m(R{k0$b`&|9zT23tl@HE)vgti;uwcJ6; z%ZGIG{v;j-yi|lr>f!)E(!Uc~N%~MJZ4_*wABkefaYD)Jg?e6u`)!m6qo+I+ z>De0^LXpsEapck3&I_dx3mI9kao=Rl_b9&|(8vB0lX+G`C?~C@x`Hcm^;r@JA}j+?!d58q1k zeetChatjBaN=NP0kM3g(RBCB{{*Q{k;My6hQojWl4QPgNa2>I^;AQQ_z47{>faM8i zSfAvcV^~ye7kX0Zk=H9wL3Q3hkB)1O%GJthDVKT3bIdbANvA+~dD$ILa06 zgz`9Ax3<`g7IgupByrC^8`B?o6#X|?M*N}S6I;i>l^gZLf;LSjZfLM8P#gfZQYo-6 z#U-~`1Pzwq4S4Z=(5L%QPs7hLzP64_H$ z;5{n|@o&ul_4UTmH(TGaMMP?@D>q1hf0qXAS^cdH?fkW9Z9H>AK`pRfI0mo~grh4E$5X^_Ee{ zVgDDl*J7i~{)Ie@z|jAbon9`jD10xbaj|Y+Z^sRA1bbYZy!-K&tL?>?pP0JXzTi_0 zF)d+qQ`^Jml0q+D0z^m&Sn(Q@#s6qo^}KSax3ccL+}N5b{3(zxY@uRbFjz0T(^8Q# z+VXzi@Wa0D5%EQZs`gfbyNfC2r(a$F zdYeP!f;_NXQZQ!HI$tNVkcmwmSR|e3X*dOHxO`anD;>B}!2GQkgTg__OYHsjKK@~S zTR9Jh%hzmFHz`5^~vv3jI6Y5w!8f^LI=?1{it)_E-X&u{pbr+=2!12bT;#Ng@b K=d#Wzp$Pzm|1xs` literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/for_each.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/for_each.png new file mode 100644 index 0000000000000000000000000000000000000000..20188117a3bda9a645e3c9d8d78927c8674adfa1 GIT binary patch literal 11975 zcmb_?1yEaYmv03rP@q6*aSF7BQrw*a!HP8y+?_&k_flG1in|64F2NzitvJD@#oYrG z2)x_xn{W5+zTJKEW*##cCb`MIe>wm2lXF5pD9hsGQsCaZcMo4)4y1bT-u)BcMe^tY z@QLIuNjC8BzO$;V zF-H7GHawzi-@gx2;$*=gpb`EUyR)^nzP?x`0Rp+3+1PmZ1}$N8TefkTeBIfK7nwp8 zv)Z!2gX*4M@evW>_!=na>h3g4E(eW=x!S(Lt*e^k4+)WjzJfnn$u-i|wJxRFy_)P% zjY~@_(Rppb9U3Ax!UE?-!qnARNorC$Qme|%UHqKVhKA&9bG)GL`cO0!RbvY zUQ_)+mjJVAF46h5^(4ckYV+_yPnXHK4P8hhfUQiuft8K*NP~3-vdAX5aSh2 z!I~M{<(1R><3))pJ=bHixni}#jo}n-;~Pqk7W9;Ev-{z|@UTXSLJDLT231QBVfTbb zwWfjJhJ-LTmX?;n4SgI@0|_xunW0os?C9c&0zqM6cAYb@lT&OeWB^jRQ$*@+vaLkc zxf;C)*Q+z)G^|H`RKftoix*;kj0^p+l*>ov$lh zcQp(R4dKHS4)>SgHc5LoIl(llP>uDit;;3v!-VnS&^|>yy}d|Eej1<3jGN9Z!;y^n zdiRRb6X5UsSj_b#&qYDK{fOoDF0hutcemGv!H>zS9e#H-G&F=iXP1$dUSC^F7xi|V zD%H;NyW0MWLt3zaQ9IF!YN&$u-7OlQg2&^aanr1gJpPBOmBN1XAlCWok`E>d0i~kiGxhdarA_#s zzNmF9anNoCvJr?nt;wb1uyF`{EsZVb^BhhWOpcIBi<$tzyh}Us@$?nr3ZGk~rMa$S zg!D;*pF@3od|;XtZ2Frz!*&M;<5=Q|Yc?5uNQSCLwORd!5*ase9=+ESGL>f>ULE1=Ec4D)L8J+s+rb7Ny;rrPU^Lxj&CC%7cGbDjM% zoAcyo)^7|N?>$bll7*%AzTphvz`#I9mr^HpcUc+#%iqCF^;NjRKbZFhmX~RhL~Tz( zh!`ABEQizEnW^w(yUHsC%R{ah@6Y(0ZHb9!<&$UW_sXN3j+tD52?`db z^5V5BuvFL7!0Q*9L_sD8LwX`FDNpAw4-33xb2fVf3f0B0CDO4((6ZLAoy<3 z^C6SreS71{GM3o9W1Yd)zH|C5HTxS7~#}4*Uu;0JvcbH zSa2rXF`tYj6ghfVVbEGLL$kEBf#x6gbpj;?jMoi5EeMrUd@UR@e%Y2=!u*Z>6BmS2b8Lk0e(wFuQ4wdIzUA475`w1LY zF1u4o2c|EY4ZZhyBaDJWCW#ni`Zk>SX&I6kbW_@0r4P!aa@ftf>KY`o+hm@sHYyky zWh?S|!vdh678;0FJ!rVy_GTp6$xhUbf*VZ!TwX5xW4w<_mRi01QOE-4&EZ@NS%;io zogR{s9Ruobz3+-ZBlD!I1iX`#1raci7DJ*GPMahTtZD#$k zjF}#i3f2J;Qs(-h2MWJ*FOGX@5ohBH?&`NB;O%z%_4;K$=c~!$jUiufT2D{U%Uuhh!p(Axh9Kou=Xwu$fkI+n<|pKlsY_{-dSk zCIPijpU%4{2p+2^%V!)bOX8DEHx%}?L#QWfD`ar{24A;k&t4S-IZQu@{lJ93G z>NfoTorvR&02a8+R7~S{K>4SJ^KkaeTW@>CDQnLfw9UxN+PHS+S+nJ(*17UZT#`}N zNJ~l(s2glomFfHP=WP{YBfns?hjAbzDJhAkt6X1Lw)Ix%@ALU0_pT1VV4`oXZeC>jz#!e)7<;u-Kq?Tvu0DxdHikFX@p; zBwRkOpa8{3E$sGbu?e1*rpvmi6DluXqEY@XWnmeyoWgBMOhSBsxVxWX@tT_fnpwzr z9(ewcP%QcT_s=p2zuTy&s0QNX0;Vf8^zHgxZLylUZJ~08S)8npyUat)5P&iLb4cVV zG9XCLz^O`s7qI>jBD8Pn)j)cmN+-LugajA=1U0xB`mGg#i$4}KDpP5`#eIY)Ovi5> zMJv2*{DruaE`EDa zaA!ICV%u)6wn{cS)7pTjrL|Rb$E&ZdfzRkR;34*C;{198a|_wgNKyE6&YGx_w`})R z#Eu1~Oh{;HX=gk4c`uGh^@MHl+sjpZ1UiVP*F7*rIjC2QU+m>&$2UC7q110)_tj7NmwmY1 z4;I=3u^F~UyN#CHeDfm(O?#t|#I)Sg6^7ApwF1R>p80SG-)g3#qYDTC zR)^pQp!$_K%ES(JT5mTaQf8vJ-}W7*4u2^kHZ7%`sx7t|Q`r)MM@L5)!tS}gN53Q#6_k|ladF3|Yk+v@(8$cp1SpL}S>y?=v^xX> zv9PdkaXBjjL%$>1+uP-AF}A+pJ?Fs3S3EsEjq~^>=6lsgG%-Fd3}baibZp5>haCu(f5#nbt4 zsnzmlazMpO0QO`!^n7oY+obCe6{bS1Ij9X|n^@gC!nHFtjiWP|P!>Sh^NU4y+LO82 zS?#F@PTV{^wKmh`qTc5so+oA+8qc_<_oDD)2^daPaGy+UnQ)yv)d%>u9@)aeLX*q( z7g7F?<7=^@ddeSOFusQQ$7IXP$yv?Uu~N)b0xCh^z8=S!KYZ%-y&>-+fcN~&52H>hF5Bo zJ>MxV%$#fStZ|#yiCp>u2Nt+v4$vdecN$Qkxvy{33bJ#1xgV#~{1VxnEQY=&?dk58 zzJq&sdk@wL;AWaNG&d7c2^?KIqEyHqJb3UWFp!g^FpOc~MU3$gW>f;r3eGFoUtn?3 zL=-Y*UOteer&s;Ypmd~CkU%4zn_9H8DhnYYQrGu+^_YkV9q^$8t(a$Y6m7 zV6jU>lq&(PSVTUk%r8qPAu=Cw#gw=?l*aFVpeI5Z5*ixANTS+kN&wrgGVL9pt4tU3 z^#Z6=y0wRg!1)_)^ZFTanYDMx_fB3)Av(o-5i;{JSHKhJ2B)z5VDF2lL`@W@Ei(b2o@NGw%S z?NAD;S$7}<@OD0pDjLv*Td%LLe>;Rx@J2qrYQLL79xOJmGh}kgB1Ql%4g!IUsJ{6F zS!C=7-1uiQ=W0)6nvm-bkc(s@$N~z9v<_x#ux%XaaBy*BrHuYe>DvGH#IkmFQOOYc zR!F@+Uq7w1R~UweKq3HSjyVOG^e=8-wdbZ! zSWY~v=$mtYhfjwYMXeyO+~$RXxyVM-IA8XSfh!PgKpH3K3~abNPqXidAos3Usd9F5 z`i|H43l&? z`Z0tEgTD!g0ZdcsX2}S8=dm8;v+MXf>KWsS0wwqn(x^H*nvgf*xDkU z?5P=~7sq7SR^>l0Sa8l;hCgHdFvxE`DQB_s+nSD-H*sz(oG|UzlZJ7sR@9~%&-ZHq z7a;H=etpDFY$#7&G^dB*4zNzuM1P$XKc8-yJX^Q~k+;X$R9G04&DVxDk$nRtO8jVu zQ=>!Ngp2=Kiy6+y59?Ax`Jr#XbIb0_zM-L^TDfc3mX?+&rS3PE$BC@E^iyL!HLj2f zK*{-?^fLk)^)*SvPd!QRFw``ZX4j+M?y{w^gj?FD&t_`V0wbtpS*!S{#GQ5|VNJXm6Lm z3WbH>o@p2sl_s%XQ{kJn2eebfXJ}WWt88Pw7 z;i0{a&D#lPytU`J>d0b_53ivfv?3mrJ4tjm;;k;*#O3@j70CSsqAQp)UL8!m#?8d0woS7R~(+F$&4BteidvLjQT5AFytYe;VtwWI9^Da^0I!G8mM zc^Toj+5?0QCEuraZJOg+n}rNS>OMCvdDWk}qaz|(fa4DkUtsm&&HEtG`rr$HE>`bL zzD4iDR)F95{tCcO-UgYGsq_EUS)u=qJpT_`>VNnuWKl&H_JWIh{1_iXT^*5;kr8Nm zD;xK`*4AdL3MvZ;W;r!#K38!)%n^d%Ugo$b%t!8aU)`#4B4PWvI{tju=#*7PWmW3x z$B2~tNLnvh5Xj%?zgBr(35f{_u73uQr_cSuyZoQC8z3B|%9w)E)6)l&D!Le77KxG4 zv9llc#V`O^eGTHdXoA1(L> z;JlGh678As=|0;h=B3>L=`CAZ=6{k`P{5{Jw-?F3^ytx}BH(xfiRlK7uFz{dSqW#) z_3%F%lO?1U0z&(C&ZYtr6B97O`hnb+bpI0|WuB0ch1lGq5^#6{SR#f9znL|preS1w zcw7bvX;_tkYmQC@7>e~kA7x(!hku-_l}GI$0a&5rwVr7JL(}*6*5c#m;OS|eyePX3 za~qqq%*=oXv}w&##S?jst6#gi78cTGU~QJI0NbE+cjoS$DNhCbF`{K2UNh6xjg9ku z#;m-&JjGO=kASzUt*uSg^%WqVKhyXR!`a(@@H+tT21GCs5fQKhWxDkQ1O%BvuGUUY zT;&)g8fCHQCx3^Tuuf-v=E#svm9b|%`A!H*hVbIO8bFpX?bOsbb1Ct!K>ZN$K!7Es zl~|C89tX64C<$Xhe!ejQR?IZ; zNMIXO-oNiixJP>RBjBOq{U0!eBsOX>9}mDToiSSJ;EqVg%Z;1?kb9#E( z_VzZ+@N;WxYqUGJC$Q0x4aMtw5!Q?C?FK`m637ZAH~w!#0fmKy85xU!i4R#e+aAxC zI|3w;+gPr&brFY0N1hHJpO~1~?sNqqZ;F_&5TEAT5L|#F>9fIYjLF?uZ?90hkKBvN zdEL&>iw5HCTg^Y*&fi;~g;ap4k*~s($T6OtXwf%vadWFqjGKMuVX8OuIqn9aV` zPLTs{5h>oCAo0Jk@2Ln^kvAV$>FKLKzj7R~{%a|flI)gFgoc!sn~hn+tuy)oOG^3` zf%+0)LcttZLMLK-g`%uw%3jdZhZh?m!EX=pURD`wEpalj#{xDL9-VUddmSWmYQ98- z=~glL@14UYbtkQkwVv)eaR@S3>M+t*;}%b00u`YGVyvoLqtDz={;hV@@UPm@kE(TB zt4Z9yKYs~(wwtZ-RI1-ppZdKfj2p<{rIK9wMMbP`)ys>Nr@3^8L*e z1=}DH#ObX@X_2uBZ0?k9>eWh>M>w!j-313%kY)8^`^lX_?{=)%g!w^C0sLK&Ssb z0YWZC(b3TqfJ1PVt2;+LRnVljIK+qN@~rRoAN_3Cebz$U0K6XJ|yk%@#EJ z7JcY{eRTz+%XP}dtd%j*$8#T*F)Qcvt&p0plT`k z$5rjKZ-3Z-%gAUAgqjZNz|(DzJv#drUyC9>%9q7F;m>cf{%1MTrblS2lR`lW9Kfak zJeRiRthUysit|#sND~ndu0Wk9*aPG~)!4XIlicG#?dh5}wV~9x3S6*uEUk!b@mQf? z^3YR_C|3>zTX1D$ewzfu;z%tiHr+*VCpSsOdE^Rzax1I52PCU6usl~E7ZFon&%`FD+c188znNK1BvG~?rA{=;3~WA=7z0k>(_Tdh|nF91k#&#uNhyN zXiv62=jKx412?~5e#^{+7yf=C+VXdbA7!G(F2&RaL_)6EPi#d~li$5Yiyfwe{d7-0 z6lX|xfdQd!9bcrkcq>~~3v*SvP3Q)pLI(&ckW^(&U0?8l2pZ&vb4t@TtrksKTLM9|1OQ?zde$2wT+baZaoLDBV&2V||J%gFq z^CJkax2{d}9(ftZmwdlb9??5mCS#J1B!4Xrt`{Pa zt}agR<>fWdCUWx1J+BkR?_M#x16L>}hU9ghYfd*LTk%33Cr2om>GFagf}B(RpPvks z+Z{AEdRBESxB(W^rw&ENheoAwV=q!mQkKRhYm7UK@HXS(Vkg7sjUE&jSD*JxS!06N z0TupGl7|7RueUR4KY0oGLGaX88Q%Gplrq%aGn^8R`x6}6OY=HqFJQG~yJqiHE2oRV zor_RA686Kbw@E5A;z1ZAeR3n*{cB-4GqMsidtI8}aOsZFL z%iOQczNmJx_0d@hXTz%6xjsawC@c5)^azmyDfF=okcfdI7Eqh7`OD1$9}-h3K-R4u zxd2QA0q8N{L~=~@a{zsV^uYe2+2**cL0e=OB&Bo3UTg5!hN0f(Pqg7JFV(7#N^ z_EX-VBBPW^XCq$|{Cu~_ z?>?|wWw!>pfal-$AfIMe1!3s_+Y~`rE=^g)YCI2nY>J0Cz9V zDLpK6_itX33e+Dfn(y$t!CAicnvQh@P#|nP5=9YJCz#?1Gc{cuuk1kt0(y zYA#0MPkVV;=@`g~A2-&$Cb=oAcL}%23a%9$-0-6HZ!_wi%TNB?Kj*jR`Pq$P=HWTi z6^?Ud3x9|?lwmUGcq_ldNJ6BY`_yz1+K9d@{dj`h9fR4M#yRnBUPx_Yi>aI$&TyDH z{j76eEzj)xuAbHlBGel1Tbx&JlK$hiyMYjy6l4=|Mq4g7HG8pKoAleTM@#Z=l@Zo` z{p7>%aGnM&Oc(aZR|}Rk6QfuzTdcA=s1}?EWYM2ann@ zZ0E0a>#r|sFl(0nu+Kfbx;?c%OX$k`ib|XA(?F~oBjOL)X<(d%$3Ob_26)^j@wmM AbEc^P}5@az~WTsB)D3v8VYQ~6%_V$;6w*j^+&Ds#(^?+ z6p2~}A_w$>h2zsgkm45e!9lIO47)V$=7E8hJ!ja%asMMyt;h6wLUX0#!^!)!(~?tzASKXT_1BG?w{IVI?Q_)O|f%lV68i} zVWHtzq0`sS*yN(3GQw_;*J`ZF1i8|6|Jvv4Jp10C{N1+$WCJ+`Q;*t&U7t}7hb?*o zIfr(SUt_9=PmH>AV#~U?kK7@c78XU=WDO;UqTE1hf|Dq&s6pg7W=TbNuY6KSQP+F^ zDU`CWGg=f8QZ}*jWEqUe8?k-v`N_9xiA0MKRl0zFcT#t5BkZ{Vd084^lmLa2Fx#QC z6mz~EwkDtU=rW}8e40ZaFKLDMi_Cj?9GD8wYQ%)nT5jer4zj=8UlzGX;-`~qa3%!;B{DU819TXI^`G79e^g?-uPSsk z|EAG53I_Fd>spMkKIKf2Kj-uIDrtOWN@;x7Aw}cN_5M+S^=bb9-A?%5ioyS(;QRP3 zAD`P`A}dU-7Laj_FJBfB`~zY-Q@JgNtIY@b>=ufyzG(wp3}K{iH%785u0RR2f8h_X z*nr-JM+X&%TOEA#?8*8d(G{S6DMh_%Dd=H0e{rvG7bp|b&k`+T#_40h1p&fyVpvgF>H(>~KqFF_4m?%Vn{OAm^L%{#Q)ElotM+zN zMkUpZTwf070&5~7uskWZy&*ZLq^k=+2Iu_*bA%GLug0)p(jZ7esczfP{~5xnLr|E` zfd*7FcYM*9&K5<*Adp##YP2hG7DM_@OQ!4^h8R|EFnQB}o;9_ds?4OM>5lqFZBM&% ztFZ;yA-2p4K3nVYh8Ph78j%LG{*}HyIe0l)CC+)akkCy3kw2k=qT`izY2ed~?M*iUUK|#gn@l2Jsy%)gj zpi7S+YT@@kdT{Qn0Ge{`cvOn8nDp5x3Z;KJM$gY*Us+ihEG*jMI`0-ycy7Nxtx4a8fQ9i91Uxh@JKwvHzdt(Ot@G*2P*rIBX7zqU zmFdy9J{`1Kq@Ug$k4aDSVQ%;-NOPVts=;niDE-vgHw#INxoYhWf|x_9wZt87JOBsd zLpiKX-rCxF0WJVJXm&fCrJxAg(`|I>ep}HJ7V~kUz<%cFm6OBlX4bb1k#8|$(B3|c zJ|zgcM6*J|la1j4=~YB_3auYmsbM~KF3{uzFg82_gOECe|J|XKWM!5i!3{ByCk?|0 zY8UA02>-ARjqJ2tZo?1m+4$Q$^ICwXZvSwZ)}}YgdvzdTP+nf1lHcw-NoSoC%MT5} zQ0#s|1E_i9Jl*<2w}Tm=EOB`P-+VGdc^)drv~+hI?f)wsF?R!}lBP^b0YTW@4(CFH zYXL6&1f=y|6EV=ltX=wiV0N}qCChTuYN4U3zTRC`mEPp6O13#$uNxTJ)+k+9u2@^W z?R=OBs}}0Hv~bt@V3JhZb-8WY)QsSJQ$4ct{rPa8q__A3Yg=1e<sY<>eaBY00xbf5o4EOQw4Umj>zfnpmfakD^j&WC~uz~-nvQ0TU{w=C3Hh)qxT5qUkx;mhJ>H#6o zsH?NPzvtFlt!Mun&t?aMH_C&!pN6CI?l`W{>}ad1GNuCGvuRq5-!9L>+`Ru6HQaXo z8D>S|XKbasGDjDe4yVm1>hW*av>ry+=eA6V>a^?5cbnLEhl7}dYr;VDow)CYi!Six1TcR?d&a^WlJJm_AH?eZmlcTApi}#6ma9vW##wp?)EvP4 zZoeW3aXcF)Iz6&;f)tNferLEBtYljxG1=;&LW>5N!nOQ=|JgJ#F#)GRkM@@9RTK8JTT;l}XC$s$Kp)z}+b=NX$jua!_nq{u`g>f(@{F#-oDcD0k{?yg3!<}6lV`>-Z| zmf}CP4kGD9;tBU=`{`K_12rZ9Iim{6=nTui)Nz=!tlbk)F`YrcDXnN@FPdWYLAcVx zQZM}g96SpKSbs~42xR4|_d?hIF%Ej{(}$tg^z?&&4V(Y7NvYd6fPsie9k=w~`5>2d literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/logo.png b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5a489fefce7d956a3b7629eb96e3164c8bcc8d67 GIT binary patch literal 2863 zcmeH}|2GqCAIJ4Pp1zPfQqg>?c=DyRi71Bjg?srPDm2nElD5Xp44b=Tp4(!D7RHp+ zB%2~>7CR=Cnbjk-G`mZ-){Gctw%NV@f#-+k=leS6x~_As>s;saIiJt_ysq~jVIcuV z1^@#+Jv}4Hug6a6cG1tdeywipPEj)T^bD3D$NVC*s$~M_-^NAO{d3wGhIorpLm0s6 zS-4?hWHPbot)DaJi2Jv@Te9o7%l)@h>@qVr{^aQXjYU1|z2@atp~`_J+vrU7eEPhm zdNRG^6|ktZdEs^TSIrOINY<-YCkYMp&Y2|ql@bZ z3Oa23_tpQdhKp_RFc!#;YtVeUzJXBpI*x_A+#J{0BE+dK3kj{R7pp#wwv82S< z=#a!{5y`eFEX_{_rdKYrCcmw^?;t?SV%5B-Gb2Wp$pa9TL6uV8^sN( zvl$&7*(MhBqxK%>G6r3po_AvsG2dZc{!CPhFm$;siw&`}cI= zG%0?@)2K&Jf=?#I#m574xeBaG+RRFs-JUi%mlZ*1L-%~XvV!Ev_m;p)OluE4f(ZSCFt(pGSwiwz#c;K8kUaZM) zl(&?r`ZSO5}wJXE44zIf+jFk}ePmfg10~ zPB@M*nI&RO9?YCTg3RB?`19n}Ou@|Pn5@G?c`tRutBrgGjZQ*NyhP0?MTybyS|4l` zqglF)b^}BW^}U&OFEXsypkOy6EkJx_9? zK!TZIk9A>HaHO!SO)gJozIgG(4sxQ9ER9)I$Dv^1?skm^ozpo3J&y?lLZxi|J!1Fxp%O!{xGaNO6WF^6_yZ*NnIqQzGy2ETE%^cp|l&Ls~$eM z$0*^IilEU=;xe=`HuO>a15 zB&XKmVpcp2a)r%pPxo}$NvTfr!dufCDhp#XH4pccM7_7#T#)eM$4Z8xLN&nzuXCc_c0Zotz%0q#Rw%W40Zp^A z9W{!;m=iPymqF<&pASI7WAnN_CxnVkt6A&Gid6O|QWXAII;{7L%LD0h8XuIos^ZDc z7$B}Qj`3fu9b@***|*%mIUAD>EwYlAC74=p!mr}7nNdqT&^k-gs4myqqL zfC;s6=l8~v%Z>=}ce)rm%ip9qf_Vh0o#*T&2Zf23Y0DedJkCYN8S9HwtAk@Lds{zW z`3CNcNCN1NTyw-wu9tI!;(jawiKJ>N@%Hc;lm6XS*%c?Lf%BULT!RJyZmQvkRTz|96x;VDjJPm(qZT0EK3_FeM$zg ze!1_^SZ#8kG6?RTOowdHQF6s~guer5;W)@MC)6cNRs;%vdQoHrZuR(GN9}&14NW);ys@Ki^6Bw#H@Wh~zJP!L*D~-vAdtpS z_4F-Dtl^0T3~an{%*$x5;T7p89edQPnw+VBbx0==2!vB!Nr#zfa|=QQ{0>!&N*6~v z!dAY1y&x0jOV3NlWU{@+l5Y55U4C~NC0&@OZ81BcV^c9Wlqq=5(ylU>l-*HuuEoZ+ zfeJP~uueo4y&WrG1iXt(_g>VkIJ(sN%`I9Bs^Sh z?pYPOGVkNvMw``kYN?AgQMR&@?Kwgpl3Z0+Jey9(6#YaKsOiS!hif~YI21YASK8Rv zj9CK$!Y}lEeyeNw`1p7M?9Y}ZnRhddMz(`I?7!k?9N9IRQ{hvls a^H0cBeT54LbXjMF^&rPXj?s^tyY?5GMNi}a literal 0 HcmV?d00001 diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/readme.md b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/readme.md new file mode 100644 index 00000000000..2ddeceffdb3 --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Domain-Breach-Data-Playbook/readme.md @@ -0,0 +1,50 @@ +# SpyCloud Enterprise Domain Breach Data Playbook + +![SpyCloud Enterprise](images/logo.png) + +## Table of Contents + +1. [Overview](#overview) +2. [Prerequisites](#prerequisites) +3. [Deployment](#deployment) +4. [Post Deployment Steps](#postdeployment) + + + +## Overview +The SpyCloud Enterprise API provides breach data for a domain or set of domains associated with an incident. When a new Azure Sentinel Incident is created, this playbook gets triggered and performs the following actions: + +- It fetches all the DNS entities from the incident. +- Iterates through the domain objects and fetches the breach data from SpyCloud Enterprise for each domain. +- All the breach data from SpyCloud Enterprise will be added as incident comments in a tabular format. + +![Incident Comments](images/comments.png) + + + +## Prerequisites +- A SpyCloud Enterprise API Key. +- SpyCloud Enterprise custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found on the connector doc page. + + + +## Deployment Instructions +- Deploy the playbooks by clicking on the "Deploy to Azure" button. This will take you to the Deploy an ARM Template wizard. +- Fill in the required parameters for deploying the playbook. + ![deployment](images/deployment.png) +- Click "Review + create". Once the validation is successful, click on "Create". + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Domain-Breach-Data-Playbook%2Fazuredeploy.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FSpyCloud%20Enterprise%20Protection%2FPlaybooks%2FSpyCloud-Get-Domain-Breach-Data-Playbook%2Fazuredeploy.json) + + +## Post-Deployment Instructions +### Authorize connections +Once deployment is complete, you will need to authorize each connection: +- As a best practice, we have used the Sentinel connection in Logic Apps that use "ManagedSecurityIdentity" permissions. Please refer to [this document](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204) and provide permissions to the Logic App accordingly. +- Provide connection details for the SpyCloud Enterprise Custom Connector. +![for_each](images/for_each.png) +- Save the Logic App. If the Logic App prompts any missing connections, please update the connections similarly. +### Configurations in Sentinel: +- In Azure Sentinel, analytical rules should be configured to trigger an incident with a DNS entity. +- Configure the automation rules to trigger this playbook. diff --git a/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/azuredeploy.json b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/azuredeploy.json new file mode 100644 index 00000000000..181778e3adb --- /dev/null +++ b/Solutions/SpyCloud Enterprise Protection/Playbooks/SpyCloud-Get-Email-Breach-Data-Playbook/azuredeploy.json @@ -0,0 +1,536 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "title": "Email Address Breach Data - SpyCloud Enterprise", + "description": "The SpyCloud Enterprise API is able to provide breach data for a Email address or set of Email addresses associated with an incident.", + "prerequisites": "SpyCloud Enterprise API Key.", + "postDeployment": [ + "Testing Description " + ], + "lastUpdateTime": "2022-09-05T00:00:00.000Z", + "entities": ["ACCOUNT"], + "tags": ["Enrichment"], + "support": { + "tier": "community" + }, + "author": { + "name": "SpyCloud Integrations" + } + }, + "parameters": { + "PlaybookName": { + "defaultValue": "SpyCloud-Get-Email-Breach-Data-Playbook", + "type": "string", + "metadata": { + "description": "Name of the Logic App/Playbook" + } + }, + "SpyCloudConnectorName":{ + "defaultValue": "SpyCloud-Enterprise-Protection", + "type": "String", + "metadata": { + "description": "SpyCloud Enterprise custom connector name" + } + } + }, + "variables": { + "SpyCloudEnterpriseConnectionName": "[concat('spycloudconnector-', parameters('PlaybookName'))]", + "AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('AzureSentinelConnectionName')]", + "location": "[resourceGroup().location]", + "kind": "V1", + "properties": { + "displayName": "[variables('AzureSentinelConnectionName')]", + "customParameterValues": {}, + "parameterValueType": "Alternative", + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SpyCloudEnterpriseConnectionName')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[variables('SpyCloudEnterpriseConnectionName')]", + "customParameterValues": {}, + "api": { + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]" + } + } + }, + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]" + ], + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_incident_2": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Asterisk_Variable": { + "runAfter": { + "Email_Address_Variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "asterisk", + "type": "string", + "value": "@" + } + ] + } + }, + "Email_Address_Variable": { + "runAfter": { + "more_records_desplay_text": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "email_address", + "type": "string" + } + ] + } + }, + "Entities_-_Get_Accounts": { + "runAfter": { + "ip_address": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/entities/account" + } + }, + "For_Each_Incident_Emails": { + "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']", + "actions": { + "Check_if_records_exists": { + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Check_number_of_Records": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "