From 899169c7295075abad36764f4a932ae16c282617 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Wed, 20 Sep 2023 15:33:02 +0530
Subject: [PATCH 1/3] Repackaging - Iboss (MMA to AMA Migration)

---
 .../iboss/Data Connectors/iboss_cef.json      |   2 +-
 .../Data Connectors/template_ibossAMA.json    | 131 ++++++++++++++++++
 Solutions/iboss/Data/Solution_iboss.json      |   9 +-
 Solutions/iboss/ReleaseNotes.md               |   5 +
 .../WorkbookMetadata/WorkbooksMetadata.json   |   8 +-
 5 files changed, 148 insertions(+), 7 deletions(-)
 create mode 100644 Solutions/iboss/Data Connectors/template_ibossAMA.json
 create mode 100644 Solutions/iboss/ReleaseNotes.md

diff --git a/Solutions/iboss/Data Connectors/iboss_cef.json b/Solutions/iboss/Data Connectors/iboss_cef.json
index 94dfc8a5765..a2e10e7393a 100644
--- a/Solutions/iboss/Data Connectors/iboss_cef.json	
+++ b/Solutions/iboss/Data Connectors/iboss_cef.json	
@@ -1,6 +1,6 @@
 {
   "id": "iboss",
-  "title": "iboss",
+  "title": "[Deprecated] iboss via Legacy Agent",
   "publisher": "iboss",
   "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
   "graphQueries": [
diff --git a/Solutions/iboss/Data Connectors/template_ibossAMA.json b/Solutions/iboss/Data Connectors/template_ibossAMA.json
new file mode 100644
index 00000000000..8c5b7e0da70
--- /dev/null
+++ b/Solutions/iboss/Data Connectors/template_ibossAMA.json	
@@ -0,0 +1,131 @@
+{
+  "id": "ibossAma",
+  "title": "[Recommended] iboss via AMA",
+  "publisher": "iboss",
+  "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
+  "graphQueries": [
+    {
+      "metricName": "Total data received",
+      "legend": "ibossUrlEvent",
+      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+    }
+  ],
+  "sampleQueries": [
+    {
+      "description": "Logs Received from the past week",
+      "query": "ibossUrlEvent | where TimeGenerated > ago(7d)"
+    }
+  ],
+  "dataTypes": [
+    {
+      "name": "ibossUrlEvent",
+      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+    }
+  ],
+  "connectivityCriterias": [
+    {
+      "type": "IsConnectedQuery",
+      "value": [
+        "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+      ]
+    }
+  ],
+  "availability": {
+    "status": 1,
+    "isPreview": false
+  },
+  "permissions": {
+    "resourceProvider": [
+      {
+        "provider": "Microsoft.OperationalInsights/workspaces",
+        "permissionsDisplayText": "read and write permissions are required.",
+        "providerDisplayName": "Workspace",
+        "scope": "Workspace",
+        "requiredPermissions": {
+          "read": true,
+          "write": true,
+          "delete": true
+        }
+      },
+      {
+        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+        "providerDisplayName": "Keys",
+        "scope": "Workspace",
+        "requiredPermissions": {
+          "action": true
+        }
+      }
+    ],
+	"customs": [
+      {
+        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+      },
+      {
+        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+      }	  
+    ]
+  },
+  "instructionSteps": [
+    {
+      "title": "",
+      "description": "",
+      
+         "instructions": [
+			       {
+                    "parameters": {
+                        "title": "1. Kindly follow the steps to configure the data connector",
+                        "instructionSteps": [
+                            {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": [
+                                ]
+                            },
+                            {
+                                "title": "Step B. Forward Common Event Format (CEF) logs",
+                                "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
+                                "instructions": [
+                                ]
+                            },
+							{
+								"title": "Step C. Validate connection",
+								"description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+								"instructions": [
+									{
+										"parameters": {
+										"label": "Run the following command to validate your connectivity:",
+										"value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+										},
+										"type": "CopyableLabel"
+									}
+								]
+							}							
+                        ]
+                    },
+                    "type": "InstructionStepsGroup"
+                }
+            ]    
+        
+      
+    },
+    
+    {
+      "title": "2. Secure your machine ",
+      "description": "Make sure to configure the machine's security according to your organization's security policy (Only applicable if a dedicated proxy Linux machine has been configured).\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+    }
+  ],
+  "metadata": {
+    "id": "f8c448b1-3df4-444d-aded-63e4ad2aec08",
+    "version": "1.0.0",
+    "kind": "dataConnector",
+    "author": {
+      "name": "iboss"
+    },
+    "support": {
+      "tier": "Type of support for content item: microsoft | developer | community",
+      "name": "iboss",
+      "link": "https://www.iboss.com/"
+    }
+  }
+}
\ No newline at end of file
diff --git a/Solutions/iboss/Data/Solution_iboss.json b/Solutions/iboss/Data/Solution_iboss.json
index 26bb9448434..c558a43f60b 100644
--- a/Solutions/iboss/Data/Solution_iboss.json
+++ b/Solutions/iboss/Data/Solution_iboss.json
@@ -2,19 +2,20 @@
   "Name": "iboss",
   "Author": "iboss",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/iboss/Workbooks/Images/Logo/iboss_full-logo_2020_vector_black.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
+  "Description": "The iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.\n\r\n1. **Iboss via AMA** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Iboss via Legacy Agent** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Iboss via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Data Connectors": [
-    "Data Connectors/iboss_cef.json"
+    "Data Connectors/iboss_cef.json",
+	 "Data Connectors/template_ibossAMA.json"
   ],
   "Parsers": [
-    "Parsers/ibossUrlEvent.txt"
+    "Parsers/ibossUrlEvent.yaml"
   ],
   "Workbooks": [
     "Workbooks/ibossMalwareAndC2.json",
     "Workbooks/ibossWebUsage.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\iboss",
-  "Version": "2.0.2",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/iboss/ReleaseNotes.md b/Solutions/iboss/ReleaseNotes.md
new file mode 100644
index 00000000000..d5844af2e3b
--- /dev/null
+++ b/Solutions/iboss/ReleaseNotes.md
@@ -0,0 +1,5 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
+|-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.0       | 20-09-2023                     |	Addition of new Iboss AMA **Data Connector**                    | 	                                                            |  
+         
+                                                                                                                 
diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
index 1b0c48dd74c..53b2ea9ea5c 100644
--- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
+++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
@@ -4696,7 +4696,9 @@
         "logoFileName": "",
         "description": "A workbook providing insights into malware and C2 activity detected by iboss.",
         "dataTypesDependencies": [],
-        "dataConnectorsDependencies": [],
+        "dataConnectorsDependencies": [
+		"ibossAma"
+		],
         "previewImagesFileNames": [],
         "version": "1.0.0",
         "title": "iboss Malware and C2",
@@ -4709,7 +4711,9 @@
         "logoFileName": "",
         "description": "A workbook providing insights into web usage activity detected by iboss.",
         "dataTypesDependencies": [],
-        "dataConnectorsDependencies": [],
+        "dataConnectorsDependencies": [
+		"ibossAma"
+		],
         "previewImagesFileNames": [],
         "version": "1.0.0",
         "title": "iboss Web Usage",

From 4916e0e3479fc17a048ca20d0997a162680abf3d Mon Sep 17 00:00:00 2001
From: Github Bot <noreply@github.com>
Date: Wed, 20 Sep 2023 10:14:02 +0000
Subject: [PATCH 2/3] [skip ci] Github Bot Added package to Pull Request!

---
 .../iboss/Data/system_generated_metadata.json |  31 +
 Solutions/iboss/Package/3.0.0.zip             | Bin 0 -> 12334 bytes
 .../iboss/Package/createUiDefinition.json     |  15 +-
 Solutions/iboss/Package/mainTemplate.json     | 596 ++++++++++++++----
 4 files changed, 521 insertions(+), 121 deletions(-)
 create mode 100644 Solutions/iboss/Data/system_generated_metadata.json
 create mode 100644 Solutions/iboss/Package/3.0.0.zip

diff --git a/Solutions/iboss/Data/system_generated_metadata.json b/Solutions/iboss/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..568c759ad83
--- /dev/null
+++ b/Solutions/iboss/Data/system_generated_metadata.json
@@ -0,0 +1,31 @@
+{
+  "Name": "iboss",
+  "Author": "iboss",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/iboss/Workbooks/Images/Logo/iboss_full-logo_2020_vector_black.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.\n\r\n1. **Iboss via AMA** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Iboss via Legacy Agent** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Iboss via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\iboss",
+  "Version": "3.0.0",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1Pconnector": false,
+  "publisherId": "iboss",
+  "offerId": "iboss-sentinel-connector",
+  "providers": [
+    "iboss"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Network"
+    ]
+  },
+  "firstPublishDate": "2022-02-15",
+  "support": {
+    "name": "iboss",
+    "email": "support@iboss.com",
+    "tier": "Partner",
+    "link": "https://www.iboss.com/contact-us/"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/iboss_cef.json\",\n  \"Data Connectors/template_ibossAMA.json\"\n]",
+  "Parsers": "[\n  \"ibossUrlEvent.yaml\"\n]",
+  "Workbooks": "[\n  \"Workbooks/ibossMalwareAndC2.json\",\n  \"Workbooks/ibossWebUsage.json\"\n]"
+}
diff --git a/Solutions/iboss/Package/3.0.0.zip b/Solutions/iboss/Package/3.0.0.zip
new file mode 100644
index 0000000000000000000000000000000000000000..0a639160dc914018cb47d499fbc2b930894d4d67
GIT binary patch
literal 12334
zcmZ{~V{j&35at_WV%xTDb7GrsY}>Z&WP*up<Bd77ZJYbwdq3Q}Tf2R_s_UHU>d#M~
z=cgnG4uK8=0s;flugtEQIElaZ4g&(RO9%pj_1~+hv$?UWxw@6OIl#)^%GJujp3&OH
z!Tw51*I@&Q;Xhl4T>(jtgKFNzpaU_DS(Ud1Ri7hqX{)pv&O$1+uq1})0iYg{`P%u&
z!$~HkS--Q-Yew>G80pBp@UVY)gES4<S@)z+5%e5~qC0W^aOOpzQ=VY!MXv<v4GUpN
ziZ>`s3h)U;B9@fM*bnPOPd~20Tn~S6QJIjiot4fMH;MARsp5Vuo?mi>ur%o0(JK!k
z|7F9$vwIqpU{mZAA<or@GZhJ+Y1Inb%Ein76~V@Ri$kXs<JOuu`Hn}o;GbB~E>qvS
zI}z>F!g8W9+UkUE6II`k)Ipc^t^G$1@cZ+;iZf;}$C75NDiccsyWYhNmo<8Y<TEeV
zR2d-p+n54|TVSP%xY(WcWPSY%+Rpw&XJ`E^2mQEZQMG5u_y(X%&7u6-%frjf+pZn6
zYURSF$=@4y>Fvc~gqPKhVfKDNbf5652iu|7@&3{E_mXyF=cmhk|L9w=t3wNxOl#t1
zRj+<>L*9XvvW6kFhfqW3PS<l?!H%Z2X85UmXb)vF%n3h#I(^FOSYx44wvJ^oZC8Vt
z40ABlE-83VG^A~+`apKi#8qrig!I_0=B8=$v?cUOo7NK$1tOm#;^tlsH^is`f#43G
z)QsA!ZyKTA3IM@G%SyVV)w{QC(&{&`S7-J8xlWDZuxHj<mAqt_nP(a$p$gpsp&=bm
zzm-*md0r>_HpoH$j2NryBVs|&YJA{}@yVxBGY9nu+cUr;^Jgpt&C9efbL$6xcGBwq
z^S5Od!(%tg8`N#@6VqtqG1!T9e5@-{|5kUvv++0!T*WfRm9D0wrzT_53>g;a#(Er0
zvANfop4DW~Pth&8Oq{tZWUqyS#q9?jZ>EJez;H~<7rXlXjmNa1<IKsI11gNBMO6DN
z-e#*QdX(<f*<VMd6dJRgogd`^7B~&S(eyx`W*zLA_L8^u#uwR>x6Mqzb^nvZDeTi)
znrTuF=G~BrJbYr7&+wON8;}wD&d`rBAHBf4r_}%Mt6}P|bIutxVlt>INUCeA41lO5
zMxbm3AeQ7ND#z26T;623^ILD+snL7+VnKXBL8%Ane-OWLGN=x1#H^&^dbiMpaDd=g
z+6)-~wNbNb`3C}QF$g4_v27}D4_zNfn}c#nf+2s*R5hBqF>2IqFze&PXCv?3Ngy$b
ztQ};Hxm7|Jn6PM2k<{CGJ(Nria{WWlB$00e9*yF2!{8h)P%LIqm?SYS%o?kC+krHj
zsXDAoPbE={EM(wRAScK>MCW0|u#DM$?<o(#TGW_uAZL~`=&lT9_FJVxycoG;fxr$~
z`+jO3d-*j9FBSX8PkP5~{+8<W`bZ)2^3O;f`3+>%Ax=X;gFdZWhxezmJ|!wa0@Q&W
zPRmHQwp1G=rcXN}_SpVd;+@}JuPwgObnh;Mb-YKUz~7HVtLfH(`ywB`9$2qg1upf9
zRV#zLeCKA;YyF~OvSA(cZg4_DxYNm1B0cJ!hLF*Yi}x45AvIa(VYlhf(Qwu9(`r?4
ziWKqJ=R*fpl2A?ZQCqTA6=Fr+R%Tv=@qVmIT1*=}cE~OVYc?%8x)WKoE0wyrG^7CL
zPGDCu8S~Telhm0DHfJ6Uu9^Y+PX>EijTU66q+B|Qk&HIAJMZ5`eKfmkMyxCM#!&}$
zwln$+7)Fa`YyAZseQ8wx-KINH+H-OmB)cFmxZ-oTg)mmOwFmu5-iOYTL|XA0>Fm-Z
z6g2IY#0<HerR*ZqwS}5+hD8J^lu9mKqS#t!hL7*q_{k?Dld{Srg3sIc;xLiNLHnb%
zAf7p9TS?+}pjr2d@Rut15fgt#N+WE5#MbHIu3}2akbrd8#r)k+?*{+0UC~jrLhOv<
zoChZoogh}U!V4)#oEp7`4ux?o_ltrE+`rkjgExpvRO@Ii6`DW5mEM`93_R-kK6ofh
z$k5LEZDf>jMZJOPZ9AIT2+-gmWcZ;T&fOQu`Rw=vZ7=&_13#&e3>{}a*LQUE-yP5a
z38U3I7h#()(BTVFON--`OYm}+mwvs!o_le-yKyh$a0njSMs07bnR{_PW!^n*UWDH}
z5oW3gwq>9YZ0r^l4y5~+-Lfc{WsVG`QBzqi!iS&1Dpc)qESOCx_C<M_Moppj?5f1K
z7XHaBeTfn%;N!;FLwYe|GdjN30dL#3@OY6p>UD`Cu~{m1^%Jzr7twW^6&|8!$fw9r
zJ|Y->4G-a>Zoc*hdDYN%Nas0118>BAB<pzrq@21Sk#Y00O)XE|S_tyR_#3ae$DR4T
z*sxwjGzO8Qjfqi2XT)NsFxJVjgiysIlbA1YbsA|t$>o%Sv{P-58K+KINb^>rxT2Ed
z^aybS2}OJoWP09z0$67(ebw*LW*9!nV;YhH<=4(<&}t%kK%WLqNn5EPaYp7XRW8MI
z-9B+!zov$*M;nr(R~bPTX9i*3EN+1TA^3X4FBZ<4U7A&GGhOaxLfJ*;agjC_U5rw2
ze;~c&-9!a)T_uU3J)RqRJN_R?OcQFO(q}906~x&X#K8CG)4%({+>g~<O=}7l2EU{S
z79PbS{!)RNauI#b4R4hH28w&Cpj^-O1W2M0eF>?5d#IRyb!BV!E^WG%7rXbhHpN^&
zHuKM&$2gPCp^02q`3TmkQ>8r48iwGzczvu#&ETTVe1%Z-YPK6{Y}#b?vS?f(YS77q
zyNhdQY^T8Z)~xj1lSIXyb?48_!NvdDx&YUHkb50&bc%Z^mrblwD{aGkdAkds1Qn8t
zc7wzatfe$Z$W?m3g?;ftvojwaqT0C0t%{!MJh2fAh438x7oL%I?pe+&h^*7){5-ji
zWs(5*mALp-6G1=}nZC!l0mdso7y97NU&c^_6H&Ij1SB5}>lXzea+F+*)Dm^=tn@9^
zDLTmKAFm*p%xvq1-am9Uw+#w0-f%geLH)uiz14g;wokJA-DP=vU;N}+?<bkXZh!!t
z0cTZ>_dS6HA?*H2)J+=8vhHI37w;RV(4=q8`I?{Wl`2Fw;@D-NuuSWT#WsJn_iQeS
z(BNnTUHjpC<SQlsT<L$2OK}dhXPlHEAYekEASnOIB|Bp)do^=AN8A5I)Bh`!1gtzZ
zTGMwv=$Nl_*JmsnFf6QaE%Hsd>ICD^6ffB=6fO^>k`kvZqSa(3;<LT|KQ?2+AY=k#
zx~U$0sM12O_V=&bL3+Q1feQhW&op^ja!kMlD}2QgtS`ZzGOh++8+odw1fONYro`t<
zBhrcDZzH>}lk0U!54)b5xk{|5hHa8Oc>%gVJpocdKL;w%A8p`5;l)Ch*d0L$L)9<K
zw*lRrqNbA#Cip*ez7dAi+P=7<TJr=@%EMI+{*>I}p^(r)Trovls4<}9)G)Ahh%HRo
zv#NB>g&x>kR~vA)bjL=whP!Q^f@P~#=n=I-m_sCHwLj_a2e0VAR#FTJcpCu*pAkpX
zT7PFr;)1m;7X!ivY&#p*Q^fG;1ddLqy`wMZ@_sp{Z$q+VNi3Zu?$J{UmLa-H<0n>P
zNDTj?+Ts=rd6Q&$ThV0^f7xZv^isgeb~jwScF;Io1!e!xOh{BrZTCl4og6Tb@s%C#
zV+_8f&(`6*k|q9;U{uimNNq=PvOLWnN-SZ{tUq^XlU^{A3G^HP_Mu5HT{R@=K4w`(
zRxAiAG^$TKLUNswCMM1Wks+@XWt0)`)JIh&hagAE&4fVrf3AotNav#|s-~a3Kl=CY
zAX?_H3&-rZw7%Q%yG*=<Z(t(I+lG;RtM6paSS`W8`FvuszzSjrHTK9M2>0+)Wdt1V
zyeB8etT8r(#fAQ*N0NkTx8yVZ%^(;E{SL`S2<>v^7?g9dbTI17y*7L;cZ{N|w4fyM
zxxF1&R4i|s=nAg48j5mqv_~GqAmK+FUew4H81$=fH!(RRr9xwzAk|haeL2PC-?6aw
z8}9waWKJ4&v*!bG6S1(YE`nDwkM4_VEWDFn>RPF!kl4egt-14@E12u~a<o+?*i~7Q
zsRDCMN+{(YBGL)^78LSAj8yW=K0;+AXsGFJa15j6PD_fVqRpEmRl+jAgo|Ax7bZbl
zEQ;`EQy5v5jJYOq<y|aHWMc|whf|Hjt?xo;T9Sm9)f;RwbuBs!SzC@2)GumHJu>*%
zcD`IBc~)wda=xpKQG?xA&_cu#D2?+jBZAnP(5zACMwfA>1B+NyPsVWvdp5P*FU_BW
z9B+}hUyG4UU6x&?!opruY}S4G7uP2`Eap?3cZm0D7??k!WBHibt_zc$p7Ju5YL4{}
z3L7ILfL$T1+YD0ju#)%PeC>7Jd=<xAB4XPF{2<!|ONU$d-XJe12x!Jrs~4uHU*3p$
zl)!QIDuXBZe%XtoL7)mV<Dl9X5Ug)MP=};Fo`ODoAPO`)g`PVMO1ow>pbO276Jb&-
z7#y%*+PzfKe;)@2F~4QO;mpm3Cof@n|JsYlz=MEw%r00!8iN7KbgO}xq0KLMuo-Ek
zEfQk0_h$Px^SqnFe(y3pkwrN~qa{$z86Co8W7LPX-;14&(uV1n7V%{HrN{CzwS+@o
z*~nDrr9zt{_)qy&!m};}jxik0C5XI<l<0I$eK(Z9CF5RH`3ZAW`ilRyAnU{SIAp->
zexMMMXft|iF%bz$-B+pp-Bn+0@rcxY?rN@V=6zh%08z%d`;#0i)AW#mUkb;Oai&2j
z<5YI!aCkHMRuQ!#bj=rl#u!>}t*gDr%<VydUCyLLp)Crf#M~_CmX<kVWOthxaXX+_
zbi&vpZ4(`ty#`G~ouA6u<n&xNs{?iZCrP6$Ppo{&qxi)?82R~Oi_bIpll}vqTz`8=
zHHtV6kBDk9xCOM{L^J9k>I@(n!H*whNhuSVpx1t9)j8`llaWwy$G!Y-*x9dxGE2nX
zKZXjYy#1dkd4U=nfyD>#dR-4N!8*TStDKZ_xU(|FmDXJMhag+xB=rtXzI|KYr`mL|
zbOggpgp*nM(pyCG_j*BxAlk@JsUU*>$ANuAbkM7M)!wcjx-z95N5v^-@CMa-q%)z9
z{pB6xPEnvqCcInx8-RqzgW*0sp20_<b+nQxuVBFTv}2xz!B+P8oaVCIBFsX;ap2b5
zQ+C{9`O;J3erIF^GU1$TtmfD&|J^p&jBv^^fUbBMqE~WTZ+Rd&5kEhCDH^sA1Oj;^
zJ3EhfGpEQuvdgy`<@%RS@9z$yJ<HeEJ%*xFUQ{M*DS>;!^F6BI9KI4_2u)}YGJT@a
zY<b~NW}%dB*g@FXzQ(VM9Cg${OH$|unDqu0r;i~(4BJ7etmym66haZv#{D?5oJcB2
z2M<KsT_G<t)CgQGk1+^TQzph9A%K|_6V&>h^(IM7>226~hCv7lG+cta4Lu|<rU3)&
zH>y_BY70ZcfhTUeKRye{7%>Y99#G)cFx+D1h?$g>^ZYEs3twk(@h1zk$7VS0b5WVu
z1_2%_hJ?!iF+?jEs#L}aT7!?;=3KdO-c^?x3uJ*ETL(o#_+*50oiZcaFrkGzl3uSX
zEGbdd*CA<HF!HUOZ%&midK|LM;uz<<GLPU*_cE5S6Kz5qja9%)qS~qceoDLN{L-lh
zQG}X_*`?CYy0#FSx?i|NJl>xp;j>SMJx5-c^?QWsH|O~9dt-9e53R<5rxTfwa1LpH
z6RoCXq!IrMe!B&p77TDu2ZTpu{z_8RVjLFl&V{kn`3by%mPZ~1L)`(iN7xtkEUO+$
z<z$E29izX{zL%rCZp?-f4E$0bWp=sa$a{J231k+EBWemq_l{nrt@eRB>N%|DE;yE+
zsW{s@!&_Z?C<?FWu6X6RI+=a+ISfaoQIJw)*FD5mf8(A7RTlG+fD4R)O$ee5%m;}@
z4oZCxGMQ1CmKBovDcykJun<FE?kztwdtzPEow>$PH@L~rlqQ)Hvnq}|SJ`C@`}e@x
zO694N+Gg>ehT{0zwVOY^by>LY^EA~34}5usVa#gI!el{DGBbsX^4ZX{i{o=}Z@$7_
z=V@rGY>)ZvBoIBG=+$Vfu*_b7NJ)it$md+#=sDK&vOW37+063MpQ~V&<KUjf3`x};
zQMOheP=J>s$`>}gX}xo2CCd%3KJg=CY(pmuk7m*RD9u`9*mOPio>jmKta;C)*alB7
z3o@b!Z%^l56Cc>*^3z!K8z17#fPs+5P`^|(N$zmw4B(iFU;wLmCn!49YDS06hrquH
zCi9%}!MVLbe!KJg5{{bl106pY@!L|B`Y<R=bqYPC;}KY^NIy#k8V^P3ElySe=ZXs}
zmV*@KCgY2eSqWVaQPqSmWX^5kN3O8p?Vv9&{EjKTt36vBI?7Hh^)q(hpL7|<Mne?-
zg2dJWJ}alk(6mF=pB)$wo<y=-*T{(0qr1#^pYW-9s1MQ$8*lH#6~O~G^(}!cmcEBQ
zAUlBNm`S?pdL3@8pFa=@mo>XU|BXXo|7DI1atTia`mTl^qO6hLjLRUVZh=pQ8<0){
zz9mApPfb_i-me3X7&?o^a(9y~udGKujU7v8hBc^*AWjvO5R@G?Q9{rdHi%6{);<OY
zKx|Lo>L5&rDm5DhODrbW3LVsh@lN`u+@)~WG?s=iL5Im8<Cr|+mDH5X0XcFK3~@&h
zY9vdx6YAnPHN-u{2P-B*#u*upNq+PKGzNv;R~`0O@D2%DQ&L>!0`5Kc?hZW>t_?+s
z4wJNEucWA6<R*W4`QpBgs~xGSGzbJc1;c%Y)0{JhVVO;AxJopqC$O9*{e&q{u{m06
z&-R0!<T_%&nNno)3|RZO-;by+sdNBqikX&kC>?s6zhSWNQzli+C#5i-&=!qW@Xvwl
zt4R8eE5}AYnK-iFR$G7c0(OO!kt#ojrdH~R7jple!rJgY9ZLxMD1(0wi|G%BQDB+k
zrd<1&EY3$^2Zi^X<x2Z7H8Xmf_8;4F%b_u4u8o<&|FqHZ6bgZ2rG|gWGpZ~>Q-8dn
z_`gSi5=%ERf3LL2-Mf7?{u-hPmYdRizug#cjaQy(gWo8tkw3=$J`*@@)R06~Dx+Fc
zfKUq?FoTIZg|4)DAy6`f;VKq(^eO=(s}uGjv-gya0=C4HLS(@Y0TH3ZwbLFU2Cfmw
z%m?Hl+M~1sYti?zTp+EQFp4Ug>=nGF$$juioO(c911K3V5UHZ|Cry)e2>W)eA=GO&
z!;^o5hzReR@{jZ%u3INC)BK`)nc?*qvt$9m6;!&!;CZ2fgoi)pRSWIPQf9cF>;&PV
zKMw8h+dGHqI_*u~0pjHn-Q<Q>|2ruChl$m!<u@5rR=mfv>R7!1HN}XXFx}wEz9#`5
z3@YAAUMrM0GIDhOSI*oER2V4lZfp`sjkkJLLW>IJh86@1ZmGD`xCn|&QM%B$ESmA}
zFi8)KKP$B1F%(;l#AwxPfvkWYs|JdbmK((kEX^dFcj0pC7gz7wHi*qD`#{e)a-tGh
zf1&Hvyq=P>O8ggLeLFU<3N#xYLc;u%E`ER|iF~!!asimtO)yHrA-kqK`9yB28a=4F
zEExL--s#C!q`bFK7%boo2Wvld-C~%aOpp@EDKgQ*8p<j1NRsB6>^XA{^?DRulVzjT
z7&Ku(r}3Rli$c*J8`d?b2|U?}v~`FgNnb4-L&X+s?0Y~{?CM2QseCm)X!}t=Ugc(}
z@hVUbpQnZxU$^%IYX_iitpGmTa$<JWgLDjyOCnrSsN%$fNxY`siZ1ni(q?sgrjBdX
zI8(h%e%^#pDs9c-*d3G`_0%+ar{0Fv3|+&@@oI2;+R@W+=i9#RcNxpsiHC=$umaZX
zS|IobFP*KvqUU*&Ii~DkGe}KUpkpX+O@>QdVWxI@<Ht%o)<{@EnI!Fru!~=GqLgbD
zq!>1(ZZMs^kc*N@8dZfn0GuLE6^ZL?k4>kaji?PP_HRL6u-C=J)9g}e%2c{XpI{Vv
zz~oQzSH74b$<M*BHFQ{g4Jx-x*1yS^E2-h6Iu?p#M!2}w__gB1tR@du@JTf5vxl2B
z%o=6(AXD^<M+1a|^W~?dmGUDGsmJlnU(#m{sw4txPD|WYvaSQlb`$wYi9j_;KYK9_
z2PX66+TYraV-nxXkuA<%+7xtd1nHAN-bL_~k*D^)na+19(kA&c3BAK>UE@pD9zaE6
zn6zy=frmwsB)tX<-;wS)EnOxkp*c-VUrvUh2Fu|UMv7JfN8FATswCT3?9(*uxU?0i
z=Y3#ST6ojA^@v24X6sK+ut!Gj<*`=NCo7LEXUQ6j?cS{jBH*{PUdi+Cqgf={FIexc
z_`{>%Xnk_4x9>_dQ-F(?RJPu}gzDelJiwh?#6H#!&9h6oQ|q31#+7Lb*}n~p8W<rO
zFWIiO>q>Q|ll|3|s&Z~;q`Z%fYO-6(q@G_8w|LT@23o$EXgzVsWwZ@GcT<;Dv6q}^
zA2~C_jI;fW+@I5IwKf(yD>L;ot7qCO9LK15inVI}u2eij$FR$j2%O<ov@St%&Ve@)
z*EdeT`P0gmux?%cp}*V6<Z;dZVOL$tEYi!)$`!a%Pmj{00@ucx>CBHk$QfrhARlTs
z5CnwqPgTk9Pr&a-Pwk1;lkJRg)aZBt9CJ{rMI3tMcQ4A@?_+oFPgfh1z10Bs8si%d
zG%jtlrkY)hnzM6XwQMdN0~fUHOqoF&fNjRe8=LWZJ2o34BY<5`tj+<W?=<{+XI4`S
z8^FeVBHawQtpK>>N=C7n3bjiH{rfwrlHK{2oF_q6jk*<@9h6PZz&fD56{lLKp~>jj
zS}g0Ko=q*s{12!2v`2E#I`hL4etvbYT*WcvzF1ee-Q4!#@_+f7-#XCdtGH3vQy!NY
zWmuMN(_UU9EJO30Y#WG_D)fA4wg}q#+zR}qd9q0u!1mBV@mHv7ZhK=H09P^jDSTr`
zms!)EF#TfbLH!ONAbb+oIsHR6S^Z;PA^Z)fS{1S27sQ!Std5f4WD#b|d8N9J^mi)3
z=62DQwDpH8&MZ4~PtVX?L`nS}P*zU2gSBix<T17~wk1_Oh_cX^y+*S}xwCWS{^ClK
zL$#jxoZeGv?lWls*?h&|b7tr>xh*zXNmKaI)owmZOmU@+4xQ5I6C-=dVF5$<r-Q_*
zH=O8I|C;H$0n05>>3Bkeg=y`VT}O=!!Jc;!UBpt_C@tP199atWhiS%QJoZ(esSUQB
zz2B<ohxEq)Bm$B`<%!!uLIHOgMgV9b--d&Sxz{_&uh>o}l*+`R#<h%8gU&R2kcooE
zeCJ_JBWa9k8<c5otr)8}Tx&zu^_H^=xaF~gems9H4IV$r7Cy*aw)jIFrs|~zF}CDK
zbUobw!>@ecx~6y9y;I2FZdP5O=ly(6%vL~eP1qv!HG`RE%RX=QyJaO;5C85e)tU-d
z|Dt{YtF;|FET>sKiNbae#%J*)XM4(R46-=AY;e1{@-Ub5Yx*6medr-)$Rw(hblZks
zTFg{^fqNrMMUe$hYJD7Lt77czH48?kUR2bPFF)KH_F7as%f&4VamH2aRs6z|q!96x
zVSoGP%rmrkm(=t>xnOCsNkBNqs6VncK_kQBoUiwQx0bOg>J0SE!_ZX8U)u}n^!DvI
zr%UEI^r|cxv=tAkCRptognWu3Pwa$o%5=kjN~=ql7yL@IWxPx$GT>(FmKaIUY5Ox-
z4Zk^rK@_&4L00JJ0J_+GVkorMt1gnPcmkwNE@lex%w)-*Vx?jNPH3s25}eD&t^Yc_
z>w&AWmD3rmcYPDOhqz5&7wdR)(`#M7-K<pg*VQs^`2I<dQCu6G+Fd+IXUny7RTh=c
z{91X|Lrfe%mJ~JIb>1<PopG}`yj5@!4gygCxkyw>dC8vPCc(y!-b>iq#dOYfxV$zJ
zL5j0Su9d5)J_&DwjnQ~QO_H;0TAm)XrS{`&M3<y863ZJlW*+j}S|pCF6JX1leDGfj
zToXT1nd>}-(lkto4M@9}CbkTM^BVz4bEB02Sb1q*ER2`&vG7DZ76eXPjn`aFKjS?T
zH+#t9E{l&-*xjV6(YATW{`t4gM?ut|mmG5Qp&;YOOJe2Elt!X{EqR^F9`|pXW^J2B
zyI<a?+|2Y?|5ag}?r6~9E`IzIKYN=c%V9^2@T+ja)Mv~rEn5FDeq6+7?2wfAYhr(w
z_a<}dWow(|jbNLF$MPn#y500Xx?FahkE-uNmHg#tX8a@b#}BElw>!bIv+M!!<pD6`
z(@E^%Y+uwv(u}NY<p5*%|D+#sIS%17LJ`lIiC|n|(ckAsk*!5&xAw;_9&<+*k0p&i
zcb0GElF>5=`G}Uzw1tPU6IXd)mQ6n!mp_~zeIj6&q*61rLS22+=MGKp8`a;Oe}87e
zv=6GkICcA`msb`l8UX6<{!P`Ny1>z&@5WoY#+w|AtsIx5xMKMapD)#Ggr-xtwoHqI
zVGNws9Se8gq3T!2n=S(W%MW{zOwfZ9rcQkarp})H82c1IqT`GkHnRY}wk_xV`Mzac
zrBp8O>6%V|{3<XUs<>b9Y^Sw#pt7}l3hOZNm=VzN>^_>By^*c7Uj>9ZnL|yF(rq+}
za`82t5KgdRPu#mcnYbBYi;cB=(uW{+UcOS@-W5V}tO$qUR_>-gDfoBx3F(=OkE11q
zh$g<^mi=%-{+>R~p*16axEy+?-Kn>yDaCMWo2DJ$EJy#)z3JbUlyNaW;s5?yQidpE
z;XYE}MF@lYJMCY5vb7RD5k32Dq4#dk`yqg<6iC3oIyB!}xzC(~5EMXQplL=NGqJC$
zZa1Jb4l|g`#SYdX^l%7snPE2@UA&bSjmgK}s>ifG{4ag7$g07`{((3GJ1AiO-|#6l
z>o7o8Xq^yA)JF)$RPgv1bmudi2;R-3TsNNV;_4dD`bxW1#m>P7uP;c`q2e256+u&N
z>4(}Zx9ItT2OBmASaX?z`CGYK-a5hrKYN^TajGyVGfPEVNT6bZB#{RVKn=F!Vx7Qx
zBd&>83gZfUPa2&x^u*B`cDSylEiMhMpRywy@}K2J%}xE^@|aTzTMGgQGI73<54Y3W
zzGp+)!Bs1T<iCN-?^OkQ(@+bU(7?*d&^niVk$<EgIEHjN*s9FwW+K06`?2LNlM+Pw
zduJY7J)M|U#O{XzOW;b^k%_X)b`+GioyAvAnGbp>vep73!_9b_&E!EDa}`nM%}{rk
z1zf^>-O7+dA$>wI5P`j{frE1d1%4xNK}-2cd{JBLZ2ls5x%eW>gYV|xZ4$JTyv_4F
zd4r0gT(mt4NJvk^<5c-#oNN-emlXgeK|lX*#+h-S(7Z;usVVi&pLNt_u_UwGDOsbA
zqc2U(tqInOyI=X*A+q(ToY4lKyV`@fNx&_uawosjSGb&U@{K)Uv$6k=oBsGYS}J~`
zZwo(v_N#7Bc*_XzN%HDZIq<w)ti*A&rGRY-66w6ob;wBMi&z8?-!cT;&an^yv3Vef
zliN{sAn3d>P!PKi4(u>~LXGds+d`<tGNEpT+sZX1WZcSd^|f77!M}!&$W_7b$za#d
zWgE)_Dt6|bRKeS)XHcNi;J<$)vR$JgVs4uU6nknS5$Yd?oi##VR3PPegaaju$ih6q
zA4>ENIx!ZQJW8>`Sel80s+H#n1|bJ+vSOt40T;V<@iV(3uf|PMXa9X>C_r{p7X_(*
z$8abb!^2S<^l&myReZhFxZ}*jp--CB32n*s8{P1Iq`2@(mp@5zhAXnMM%T%=L>@tW
za9N#{iaH@f54X;sD)*{fKu;T#{l`4&_79H8yhTN%8aUC)o`uNXErP!kqESu2r!qe5
z>Lh8{#&PDRx9j2150QZP%lGXHRsvyA#I7Vwyamb#yH{-~>~{FTHF5*+#_~7SOPf(`
zK|(o)Bc)lWazurcVENi&5_h|XG%zLNyAytjk;pR59QS@mHWL7ZPSN0MV1^MV6qpze
zBosI&V9*C6MP9SLW`VI@paB2m8TmKsrB@03{!(OWIP(CVg<V*5!^rd?Sl-PN(DAuX
zjqg<CvMujwuopNJ3=m!E6slXZS@LIn^*XqNx+q+xra9eR%MDEz`a`9<B3ME~hsm}o
zOd2T|X=-o_&bRG1OaLxOC6%kYA?8?6YsYUm)F(F|!EZNsao<Ek&HvqxcnHC!&+kvm
z3&i3N=rpEQmYl{y$p7TmVoMd!4(K(e^?ANrQ&o0{S8YgaZ`Y(s?5BjOFfG23s~(W}
zb%UbV0yqVD1o{fQruYTfbBdzR3iJ}It~`*o!qE460yRw#dgXAK{CRa`6<Z)H-#uc^
zg`{d|!Z56!ogk+Hk&&Q4S=LV{S9HQMl)2$FN<+A2_sYr%Qvf!izCVKXUM%mVeClB_
zxR$ZNhF%Xd1*~B81n(IFu{-m_L7F=HjFkXq5lnQF_3eR`V^VIpG);l|^?e%rpQs8s
zGkh=8-+HrUzMu^WhJA(le%PPyBLH&Z_m0sP34hlToL}OEy?binc1js6hTi_)Unv*E
z<<*Ze3NXx;f!L*jro7t;BlL;vO|kHi_+7q*EoWHR2iu8>@v_p$RU*akN0C5eB2Yzu
z9V(vMY;<h_A`dUG4l2cKgX(Fz<{IIx%IC`#=68<L-Y{>;R;2z@v85!Y&WZScM&ih6
zK{bjOY4Y#9Jb3z<9|`m!R>NZ4MfAZ<#w^|?jCe8T45lQ6<g>qe^%@ay<j|j?Ro~3b
zl4L8rHtR$tmL|sQ7E%vTgQ2E?$uE>db5<n-%~aPhxYD-_*ioBk&qzJhM5v92Fc~9#
zRU`Ybq(cu}>;)K?UU8HKlUk9}!Z>bC$B0orrsdBrYIVBSi>vuZa~!vAxkh%_l?c(~
zz(CpwYgrNPv6J{HDyEsaU2!+kA?&WrAt0}GXCQn|Bur^N<-*85)sxmPIV{~{8betv
zJd3NjrgFe3q?ng|f=AXck@x1`?j<T&z|H})g$_nZ9qgY4&+GwhjYTMOg9!)UH^CH~
zBj;=n-otE-BQ}jup~m^F0N*r%ABB?~$>=XgMI30A6WedmRC~@kj=={w8OGjC<2}9e
z4aRG>nV><co)<Cnu!01ymd99YFa3ttF0|O*32n=B*z{Gio5fGjO#JnwFjIe-;tC?_
z&x`y;KRQ8%{RF37rd@UfFT*|{oQ$Z!OQU8!eeRY8Ym(Ry{fzgWB!vleWuXYAg?gYy
zv%TTmE2RsMTlpe76vyv08}snZvKkLQ@AktH((ujCWUgUW{DD7>95l2crJdiH-gb6Z
zV!9H|sdR!zx;gvVHSK}OlT;nnW~+lfp#Qw;8lS+j>fCZTk-K*$81D+VD0=ht_Z3}V
zQJAjZ{oNzs6g>ql2~4hH%yw=O?;r`1aa1n191xMNhmM(<nT_$QM^Dxn_T1&#w@~fd
zLOF`e%@s9el1{MdXoV7gR?WKX^gpTE+R8OH$oU1!K1bWmUi;2Cx4bg^vyP!?wq)W%
zB99y_`qhR;6D~sI?&b;S-wo_Y*@z#y`eD{=FqtE6F6W_mGVIdyUbTw^=vv>Pa-)?m
zGk1D$n+%q5Z03~p*1^R-WE$>>-}b)LhC3VHmhM69<56rdp@W~-G(h@n(pQGYVjFTS
zlyEBu<g1xHpKgQrp0|>0bp5*z;<va_|I$Y9gnmxEm)bf;1t7E%Uzr_6?UwlTN1*in
zs<DqmUjq@W0ji?!((Y<{bq3#!&OK=+9}^rXJe~)4xzz<JG9h=EjdV{UEMp^x$kc3e
zsEVkE{ar2ZmKFbH#05?ZS&)+Kk!%YxOEtciRu-!uLl}w@78}n#eZ+c{eE?crde+d7
zg&Y2HSy}U+flq%*t7t9<;ec>ookq(OvCf$32#?DAx#|`&XF$6WUd^7$?!@F-Q8@W}
z*Kof{Za_5~uJ=r{v315t=K#VRA8>lx$=Y@(uJN)N6|>S_<=bk&bzoIb>D}jY6#7oh
zYWc^Sf;`a&^2^2NTxym~vSyJ+Q!6*2xswl`ahuf1h)Mo_uyX=yc=c_2^Ahrod~v~E
za4gpvUxvd27(Zn#AHUX!wqo=cMKAWxS*@uVQH-6`hTKxUT-%)IeTP^MR+6!hZe`2@
zL6aR#?4~=YTKTW$Z0d?aSpqjo)p5yD|0w3A`@yANBWXp7>(bsSotY*%IL3l|Hf;d9
ztck&kBx@1h<iu#vg&Bn^DRZg9>?CGXR<P$<MLOedVjm(3@B*17gTImuiO6u4-%*GQ
zEZ*tM3|E|3$3WK@Q*7!N&mkiF98Fy;bH(V~o%tEW3T8pUKwCx77YSV8CiXsDc>)}>
z;QWwf+!zT#`C-TO(aX`16Isl!qgN$n9lEKLk<Aup^7$4o5BX{v0L2hBcF5L}dg35a
zfCKG&9qF}Gx5ny@hj9P~58DBqFA{&d_W<IzdJjN!)}D)&*7d#?X4y@)m-Q^^Rv;Wt
z4Y`@o)>~J;w_M>Kcm<%mCi%r;(vTHp8430*{Q~g6EoCRU9RX9QJAprhW(?&vfb;$C
z&Ym4;Ec6cpsX}{T0TzH)-8J11(o3qopwvo?v@q-A$)1yshF=Pp+BzbUKXDmf`*lHW
zy5Fm)h35HzFSt0NU55*d>S98>yPJmzSGX;c7cBqFXB#gCZ#j|2&11vayyZ#ZZ!vg^
zm8rpR`0(x~mpP^7(<WtchbxzDh7F%aZTzjTw^NC_2y<1L{H!LUQ!b#cV!4q|tF08N
zzfy^+k9xOXE_*M`$*rF3ur7SNeOrm@1#glhMzP}O_U;ACl2(!Oj$YXnE--}9RCFS_
z`+2RVriT9Ga2FbNld-7DRKgAac}F)T7;x9f)SHyydVikiwe-q;mzbP^$%Ala$@YZq
zjI*8mQp_gQe!E3&(lJ`M$~D;6d#PJ@OS6Nm=YLmW8GCk$Dn!8gRDrRFH$iqAs?Czu
ze@f;Hf^K-%!as+4ustal_|hok=XN-Rj(8_x0iYd^FP#r@=+ONPv)JRy%CBAN@kAsP
zcoJI?#F%Y3c<ufDCW0+U3`kLV29gQ3Y?9p+8Qh=VNA>{~?y_9(px6@>k*~v(F?_pH
zA%sQ8`Ho-7nFFq}1i~f^jS(dnxf>XWRz!Q5XPlo7%$_ZAi+9FBh9gQFU~<J#cgd<R
z&;AkenBB<ponTfhve2m*5FlbNjA@+4Sga46J-qTQUXDCQf^v`IQyUw(eDHcfaRMUa
zyiM%Dkba&vHGdUdv1-lg$Jk!kl|if=QK7AB(Xf{<<rE_z{SY<9^pAzMSx5s+n_9+u
zr}G3Q3VMaF7U2dB*eQKLxxeSQx{AA`QmFuM4;yDnX*C>rd&V9;>;}QDaD4Nr%(8~^
zNISgOI;Z}9qLO0ArzlZnsf1$D4iX0q%@BnBXg;d!EU2jLvcoT+Clr|ha%1TNCob(h
z6t}MxYtfjxVf3qh3S7~SgF|#Qg*t~Ycl|t2KwdEmnksMS`!o185^M-1aGVZq2~ZHr
zy<yNMg8eXxLe1Bh(Op4V>NbGsy=RY@@RzNtiY1TYEGa6esyDESFr@;_=rkmP5k(#w
zy1*I>z~Sb-`$qEqTnPU$!23$iC%8*oz$#f}qzgQu7Rl8{t=dDql*89?z5??#<EfHs
zU6Qillj;_(--_ac8W#_8#M$8fe1eqhk5WpP9!Iq<t==z8F^V^2uEDG=50lB2vCD}!
zU66yfhvf{^*?lMmTD+e*G*wNyW}Wg;)w^xU=?~uy4lp!e%E?1C%~Od0HLF|S&Rd&1
zl<ybvVr9_Rf5~F{2ndSE7F1UI<BA=kBn#FX^-n5DvdvzYY@R@1TVEaKqRfrYfgjXi
z<s~Gf!))M!X66eF(A^8G6iLeV_ElM|;Q2wRk`Hed_w0RYIB?Idwn|#`Esb;Wy@XZN
zZSyff2u+8k!{TY^o!Z{Eu<BdJ-(exU<gm>X@!K<}3=FcdbW?hcoczM;BUy&GG);V%
zczK|A1RW*_+>SJmErthsoUmL5B9wR*_)PMBI)gRLvYyrojZ6FEI09wDx;ObXFyx&Z
z>6rq=X)Qzs>BpzBnY$&9r;`0qS#wpoaSp6?h0-#lcY(Iaaz^v=7A$>_yAhK_-$Y7s
zpkV0W|92|?Kho^~7ylPV|9>Cyzq4xp-vlPu{{y+EBnJugKU={5JE8y8RHpxV`yZIR
B!|4D3

literal 0
HcmV?d00001

diff --git a/Solutions/iboss/Package/createUiDefinition.json b/Solutions/iboss/Package/createUiDefinition.json
index 8fbae192fd7..11a968ea8ee 100644
--- a/Solutions/iboss/Package/createUiDefinition.json
+++ b/Solutions/iboss/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/iboss/Workbooks/Images/Logo/iboss_full-logo_2020_vector_black.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/iboss/Workbooks/Images/Logo/iboss_full-logo_2020_vector_black.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.\n\r\n1. **Iboss via AMA** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Iboss via Legacy Agent** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Iboss via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for iboss. You can get iboss custom log data in your Microsoft Sentinel workspace. Configure and enable this data connector in the Data Connector gallery after this Solution deploys. This data connector creates custom log table(s) ibossUrlEvent in your Microsoft Sentinel / Azure Log Analytics workspace."
+              "text": "This Solution installs the data connector for iboss. You can get iboss custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {
@@ -79,6 +79,13 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
               }
             }
+          },
+          {
+            "name": "dataconnectors2-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for iboss. You can get iboss custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
           }
         ]
       },
@@ -95,7 +102,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Microsoft Sentinel Solution installs workbooks. Workbooks provide a flexible canvas for data monitoring, analysis, and the creation of rich visual reports within the Azure portal. They allow you to tap into one or many data sources from Microsoft Sentinel and combine them into unified interactive experiences."
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
             }
           },
           {
@@ -145,4 +152,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
\ No newline at end of file
+}
diff --git a/Solutions/iboss/Package/mainTemplate.json b/Solutions/iboss/Package/mainTemplate.json
index 325d102c5e9..746bdfadba1 100644
--- a/Solutions/iboss/Package/mainTemplate.json
+++ b/Solutions/iboss/Package/mainTemplate.json
@@ -48,63 +48,61 @@
   "variables": {
     "solutionId": "iboss.iboss-sentinel-connector",
     "_solutionId": "[variables('solutionId')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "iboss",
+    "_solutionVersion": "3.0.0",
     "uiConfigId1": "iboss",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "iboss",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "ibossUrlEvent-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "uiConfigId2": "ibossAma",
+    "_uiConfigId2": "[variables('uiConfigId2')]",
+    "dataConnectorContentId2": "ibossAma",
+    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
+    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+    "_dataConnectorId2": "[variables('dataConnectorId2')]",
+    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
+    "dataConnectorVersion2": "1.0.0",
+    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "parserName1": "ibossUrlEvent",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]",
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "ibossUrlEvent-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "ibossMalwareAndC2Workbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "workbookVersion2": "1.0.0",
     "workbookContentId2": "ibossWebUsageWorkbook",
     "workbookId2": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId2'))]",
-    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2')))]",
-    "_workbookContentId2": "[variables('workbookContentId2')]"
+    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2'))))]",
+    "_workbookContentId2": "[variables('workbookContentId2')]",
+    "_workbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId2'),'-', variables('workbookVersion2'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "iboss data connector with template",
-        "displayName": "iboss template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "iboss data connector with template version 2.0.2",
+        "description": "iboss data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -120,7 +118,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "iboss",
+                  "title": "[Deprecated] iboss via Legacy Agent",
                   "publisher": "iboss",
                   "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
                   "graphQueries": [
@@ -241,7 +239,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -265,12 +263,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Deprecated] iboss via Legacy Agent",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -305,7 +314,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "iboss",
+          "title": "[Deprecated] iboss via Legacy Agent",
           "publisher": "iboss",
           "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
           "graphQueries": [
@@ -413,33 +422,351 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
-      "name": "[variables('parserTemplateSpecName1')]",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "iboss data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId2')]",
+                  "title": "[Recommended] iboss via AMA (using Azure Functions)",
+                  "publisher": "iboss",
+                  "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "ibossUrlEvent",
+                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Logs Received from the past week",
+                      "query": "ibossUrlEvent | where TimeGenerated > ago(7d)"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "ibossUrlEvent",
+                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "read": true,
+                          "write": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ],
+                    "customs": [
+                      {
+                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+                      },
+                      {
+                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "title": "1. Kindly follow the steps to configure the data connector",
+                            "instructionSteps": [
+                              {
+                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                                "instructions": []
+                              },
+                              {
+                                "title": "Step B. Forward Common Event Format (CEF) logs",
+                                "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
+                                "instructions": []
+                              },
+                              {
+                                "title": "Step C. Validate connection",
+                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                                "instructions": [
+                                  {
+                                    "parameters": {
+                                      "label": "Run the following command to validate your connectivity:",
+                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                                    },
+                                    "type": "CopyableLabel"
+                                  }
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "InstructionStepsGroup"
+                        }
+                      ]
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy (Only applicable if a dedicated proxy Linux machine has been configured).\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "2. Secure your machine "
+                    }
+                  ],
+                  "metadata": {
+                    "id": "f8c448b1-3df4-444d-aded-63e4ad2aec08",
+                    "version": "1.0.0",
+                    "kind": "dataConnector",
+                    "author": {
+                      "name": "iboss"
+                    },
+                    "support": {
+                      "tier": "Type of support for content item: microsoft | developer | community",
+                      "name": "iboss",
+                      "link": "https://www.iboss.com/"
+                    }
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+                "contentId": "[variables('_dataConnectorContentId2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "iboss",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "iboss"
+                },
+                "support": {
+                  "name": "iboss",
+                  "email": "support@iboss.com",
+                  "tier": "Partner",
+                  "link": "https://www.iboss.com/contact-us/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "contentKind": "DataConnector",
+        "displayName": "[Recommended] iboss via AMA (using Azure Functions)",
+        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
+        "id": "[variables('_dataConnectorcontentProductId2')]",
+        "version": "[variables('dataConnectorVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId2')]"
+      ],
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "properties": {
-        "description": "ibossUrlEvent Data Parser with template",
-        "displayName": "ibossUrlEvent Data Parser template"
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
+        "contentId": "[variables('_dataConnectorContentId2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion2')]",
+        "source": {
+          "kind": "Solution",
+          "name": "iboss",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "iboss"
+        },
+        "support": {
+          "name": "iboss",
+          "email": "support@iboss.com",
+          "tier": "Partner",
+          "link": "https://www.iboss.com/contact-us/"
+        }
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "[Recommended] iboss via AMA (using Azure Functions)",
+          "publisher": "iboss",
+          "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "ibossUrlEvent",
+              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "ibossUrlEvent",
+              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "CommonSecurityLog\n |where DeviceVendor =~ 'iboss'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Logs Received from the past week",
+              "query": "ibossUrlEvent | where TimeGenerated > ago(7d)"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "read": true,
+                  "write": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ],
+            "customs": [
+              {
+                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
+              },
+              {
+                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "instructions": [
+                {
+                  "parameters": {
+                    "title": "1. Kindly follow the steps to configure the data connector",
+                    "instructionSteps": [
+                      {
+                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
+                        "instructions": []
+                      },
+                      {
+                        "title": "Step B. Forward Common Event Format (CEF) logs",
+                        "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
+                        "instructions": []
+                      },
+                      {
+                        "title": "Step C. Validate connection",
+                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
+                        "instructions": [
+                          {
+                            "parameters": {
+                              "label": "Run the following command to validate your connectivity:",
+                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
+                            },
+                            "type": "CopyableLabel"
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "type": "InstructionStepsGroup"
+                }
+              ]
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy (Only applicable if a dedicated proxy Linux machine has been configured).\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "2. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId2')]"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ibossUrlEvent Data Parser with template version 2.0.2",
+        "description": "ibossUrlEvent Data Parser with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -448,20 +775,21 @@
           "resources": [
             {
               "name": "[variables('_parserName1')]",
-              "apiVersion": "2020-08-01",
+              "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
                 "displayName": "ibossUrlEvent",
-                "category": "Samples",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ibossUrlEvent",
-                "query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"iboss\" and FlexString2 == \"URL\"\r\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\r\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2)\r\n| project-rename EventVendor=DeviceVendor\r\n                , EventProduct=DeviceProduct\r\n                , EventProductVersion=DeviceVersion\r\n                , EventResult=DeviceEventClassID\r\n                , EventResultDetails=FlexNumber1\r\n                , DvcAction=DeviceAction\r\n                , RuleName=FlexString1\r\n                , SrcPortNumber=SourcePort\r\n                , SrcIpAddr=SourceIP\r\n                , SrcMacAddr=SourceMACAddress\r\n                , SrcUsername=SourceUserName\r\n                , SrcBytes=SentBytes\r\n                , DstPortNumber=DestinationPort\r\n                , DstIpAddr=DestinationIP\r\n                , DstBytes=ReceivedBytes\r\n                , Domain=DestinationHostName\r\n                , Url=RequestURL\r\n                , UrlCategory=DeviceCustomString2\r\n                , HttpRequestMethod=RequestMethod\r\n                , HttpUserAgent=RequestClientApplication\r\n                , FileSHA256=DeviceCustomString3\r\n                , ThreatName=DeviceCustomString1\r\n                , MalwareDetected=DeviceCustomNumber1\r\n                , CNCDetected=DeviceCustomNumber2\r\n| extend NetworkBytes=SrcBytes+DstBytes\r\n        , EventTime=todatetime(DeviceCustomDate1)\r\n| project-away DeviceCustom*\r\n            , FlexNumber*\r\n            , FlexString*\r\n",
-                "version": 1,
+                "query": "CommonSecurityLog\n| where DeviceVendor == \"iboss\" and FlexString2 == \"URL\"\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2)\n| project-rename EventVendor=DeviceVendor\n                , EventProduct=DeviceProduct\n                , EventProductVersion=DeviceVersion\n                , EventResult=DeviceEventClassID\n                , EventResultDetails=FlexNumber1\n                , DvcAction=DeviceAction\n                , RuleName=FlexString1\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , SrcMacAddr=SourceMACAddress\n                , SrcUsername=SourceUserName\n                , SrcBytes=SentBytes\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DstBytes=ReceivedBytes\n                , Domain=DestinationHostName\n                , Url=RequestURL\n                , UrlCategory=DeviceCustomString2\n                , HttpRequestMethod=RequestMethod\n                , HttpUserAgent=RequestClientApplication\n                , FileSHA256=DeviceCustomString3\n                , ThreatName=DeviceCustomString1\n                , MalwareDetected=DeviceCustomNumber1\n                , CNCDetected=DeviceCustomNumber2\n| extend NetworkBytes=SrcBytes+DstBytes\n        , EventTime=todatetime(DeviceCustomDate1)\n| project-away DeviceCustom*\n            , FlexNumber*\n            , FlexString*\n",
+                "functionParameters": "",
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "ibossUrlEvent"
+                    "value": ""
                   }
                 ]
               }
@@ -471,7 +799,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
               "dependsOn": [
-                "[variables('_parserName1')]"
+                "[variables('_parserId1')]"
               ],
               "properties": {
                 "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
@@ -495,21 +823,39 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "ibossUrlEvent",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-      "apiVersion": "2021-06-01",
+      "apiVersion": "2022-10-01",
       "name": "[variables('_parserName1')]",
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
         "displayName": "ibossUrlEvent",
-        "category": "Samples",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "ibossUrlEvent",
-        "query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"iboss\" and FlexString2 == \"URL\"\r\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\r\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2)\r\n| project-rename EventVendor=DeviceVendor\r\n                , EventProduct=DeviceProduct\r\n                , EventProductVersion=DeviceVersion\r\n                , EventResult=DeviceEventClassID\r\n                , EventResultDetails=FlexNumber1\r\n                , DvcAction=DeviceAction\r\n                , RuleName=FlexString1\r\n                , SrcPortNumber=SourcePort\r\n                , SrcIpAddr=SourceIP\r\n                , SrcMacAddr=SourceMACAddress\r\n                , SrcUsername=SourceUserName\r\n                , SrcBytes=SentBytes\r\n                , DstPortNumber=DestinationPort\r\n                , DstIpAddr=DestinationIP\r\n                , DstBytes=ReceivedBytes\r\n                , Domain=DestinationHostName\r\n                , Url=RequestURL\r\n                , UrlCategory=DeviceCustomString2\r\n                , HttpRequestMethod=RequestMethod\r\n                , HttpUserAgent=RequestClientApplication\r\n                , FileSHA256=DeviceCustomString3\r\n                , ThreatName=DeviceCustomString1\r\n                , MalwareDetected=DeviceCustomNumber1\r\n                , CNCDetected=DeviceCustomNumber2\r\n| extend NetworkBytes=SrcBytes+DstBytes\r\n        , EventTime=todatetime(DeviceCustomDate1)\r\n| project-away DeviceCustom*\r\n            , FlexNumber*\r\n            , FlexString*\r\n",
-        "version": 1
+        "query": "CommonSecurityLog\n| where DeviceVendor == \"iboss\" and FlexString2 == \"URL\"\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2)\n| project-rename EventVendor=DeviceVendor\n                , EventProduct=DeviceProduct\n                , EventProductVersion=DeviceVersion\n                , EventResult=DeviceEventClassID\n                , EventResultDetails=FlexNumber1\n                , DvcAction=DeviceAction\n                , RuleName=FlexString1\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , SrcMacAddr=SourceMACAddress\n                , SrcUsername=SourceUserName\n                , SrcBytes=SentBytes\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DstBytes=ReceivedBytes\n                , Domain=DestinationHostName\n                , Url=RequestURL\n                , UrlCategory=DeviceCustomString2\n                , HttpRequestMethod=RequestMethod\n                , HttpUserAgent=RequestClientApplication\n                , FileSHA256=DeviceCustomString3\n                , ThreatName=DeviceCustomString1\n                , MalwareDetected=DeviceCustomNumber1\n                , CNCDetected=DeviceCustomNumber2\n| extend NetworkBytes=SrcBytes+DstBytes\n        , EventTime=todatetime(DeviceCustomDate1)\n| project-away DeviceCustom*\n            , FlexNumber*\n            , FlexString*\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
       }
     },
     {
@@ -542,33 +888,15 @@
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "iboss Workbook with template",
-        "displayName": "iboss workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ibossMalwareAndC2Workbook Workbook with template version 2.0.2",
+        "description": "ibossMalwareAndC2Workbook Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -586,7 +914,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## iboss Malware and C2 Detections\\n\\n**NOTE:** This workbook uses a parser based on a Kusto Function to normalize fields. [Follow these steps](https://aka.ms/sentinel-iboss-parser) to create the Kusto function alias **ibossUrlEvent**.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7cf056ef-64cd-41a5-85e0-90c0ec529434\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range_picker\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Time Range Picker\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where EventResult == 'Blocked' and MalwareDetected == 1\\r\\n| where isnotempty(ThreatName)\\r\\n| summarize count() by ThreatName\",\"size\":2,\"showAnalytics\":true,\"title\":\"Top Malware Detection Families\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - malware variants\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where MalwareDetected == 1 or CNCDetected == 1\\r\\n| extend EventType = case(MalwareDetected == 1, \\\"Malware\\\", CNCDetected == 1, \\\"C2\\\", \\\"NA\\\")\\r\\n| make-series Detections = count() default = 0 on EventTime from {time_range_picker:start} to {time_range_picker:end} step {time_range_picker:grain} by EventType\",\"size\":0,\"showAnalytics\":true,\"title\":\"Malware & C2 Traffic\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"50\",\"name\":\"query - malware and c2 detections\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where MalwareDetected == 1\\r\\n| project EventTime\\r\\n        , SrcUsername\\r\\n        , SrcIpAddr\\r\\n        , SrcPortNumber\\r\\n        , DstIpAddr\\r\\n        , DstPortNumber\\r\\n        , FileName\\r\\n        , FileSHA256\\r\\n        , ThreatName\\r\\n| order by EventTime desc\\r\\n\\r\\n\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Malware Detections\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - malware detections\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where CNCDetected == 1\\r\\n| project EventTime\\r\\n        , SrcUsername\\r\\n        , SrcIpAddr\\r\\n        , SrcPortNumber\\r\\n        , DstIpAddr\\r\\n        , DstPortNumber\\r\\n        , Url\\r\\n| order by EventTime desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"C2 Detections\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - c2 detections\"}],\"fromTemplateId\":\"sentinel-ibossMalwareAndC2Workbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## iboss Malware and C2 Detections\\n\\n**NOTE:** This workbook uses a parser based on a Kusto Function to normalize fields. [Follow these steps](https://aka.ms/sentinel-iboss-parser) to create the Kusto function alias **ibossUrlEvent**.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7cf056ef-64cd-41a5-85e0-90c0ec529434\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range_picker\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Time Range Picker\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where EventResult == 'Blocked' and MalwareDetected == 1\\r\\n| where isnotempty(ThreatName)\\r\\n| summarize count() by ThreatName\",\"size\":2,\"showAnalytics\":true,\"title\":\"Top Malware Detection Families\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"query - malware variants\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where MalwareDetected == 1 or CNCDetected == 1\\r\\n| extend EventType = case(MalwareDetected == 1, \\\"Malware\\\", CNCDetected == 1, \\\"C2\\\", \\\"NA\\\")\\r\\n| make-series Detections = count() default = 0 on EventTime from {time_range_picker:start} to {time_range_picker:end} step {time_range_picker:grain} by EventType\",\"size\":0,\"showAnalytics\":true,\"title\":\"Malware & C2 Traffic\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"50\",\"name\":\"query - malware and c2 detections\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where MalwareDetected == 1\\r\\n| project EventTime\\r\\n        , SrcUsername\\r\\n        , SrcIpAddr\\r\\n        , SrcPortNumber\\r\\n        , DstIpAddr\\r\\n        , DstPortNumber\\r\\n        , FileName\\r\\n        , FileSHA256\\r\\n        , ThreatName\\r\\n| order by EventTime desc\\r\\n\\r\\n\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Malware Detections\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - malware detections\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where CNCDetected == 1\\r\\n| project EventTime\\r\\n        , SrcUsername\\r\\n        , SrcIpAddr\\r\\n        , SrcPortNumber\\r\\n        , DstIpAddr\\r\\n        , DstPortNumber\\r\\n        , Url\\r\\n| order by EventTime desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"C2 Detections\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - c2 detections\"}],\"fromTemplateId\":\"sentinel-ibossMalwareAndC2Workbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -615,41 +943,43 @@
                   "email": "support@iboss.com",
                   "tier": "Partner",
                   "link": "https://www.iboss.com/contact-us/"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "ibossAma",
+                      "kind": "DataConnector"
+                    }
+                  ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
       }
     },
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('workbookTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "iboss Workbook with template",
-        "displayName": "iboss workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('workbookTemplateSpecName2'),'/',variables('workbookVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName2'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ibossWebUsageWorkbook Workbook with template version 2.0.2",
+        "description": "ibossWebUsageWorkbook Workbook with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -667,7 +997,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## iboss Web Usage\\r\\n\\r\\n**NOTE:** This workbook uses a parser based on a Kusto Function to normalize fields. [Follow these steps](https://aka.ms/sentinel-iboss-parser) to create the Kusto function alias **ibossUrlEvent**.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7cf056ef-64cd-41a5-85e0-90c0ec529434\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range_picker\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Time Range Picker\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(UrlCategory) and UrlCategory != \\\"-\\\"\\r\\n| extend UrlCategory = split(UrlCategory, \\\", \\\")\\r\\n| mv-expand UrlCategory\\r\\n| summarize count() by tostring(UrlCategory)\",\"size\":3,\"showAnalytics\":true,\"title\":\"URL Categories\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"UrlCategory\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - categories query\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| sort by EventTime\\r\\n| summarize sum(DstBytes), sum(SrcBytes) by bin(EventTime,{time_range_picker:grain})\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth ({time_range_picker:grain} interval)\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"sum_DstBytes\",\"label\":\"Received Bytes\"},{\"seriesName\":\"sum_SrcBytes\",\"label\":\"Sent Bytes\"}],\"showDataPoints\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":2,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"50\",\"name\":\"query - bandwidth\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(Domain)\\r\\n| summarize count() by Domain\\r\\n| sort by count_ desc\\r\\n| project Domain = Domain, count = count_\\r\\n| limit 20\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top 20 Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Domain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"rowLimit\":20,\"sortCriteriaField\":\"count\",\"size\":\"auto\"}},\"name\":\"query - top 20 domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by Domain\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by Domain\\r\\n    ) on Domain\\r\\n| project Domain, Requests, Trend\\r\\n| order by Requests desc\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\",\"compositeBarSettings\":{\"labelText\":\"\"}},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"DeviceCustomDate1\",\"formatter\":5,\"formatOptions\":{\"aggregation\":\"Count\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Users\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked users\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| summarize sum(DstBytes), sum(SrcBytes), sum(NetworkBytes) by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | make-series Trend = sum(NetworkBytes) default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| order by sum_NetworkBytes desc\\r\\n| project Username=SrcUsername\\r\\n, Received=sum_DstBytes\\r\\n, Sent=sum_SrcBytes\\r\\n, Total=sum_NetworkBytes\\r\\n, Trend\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth By User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Received\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Sent\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Total\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - bandwidth by user\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Connections by User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - connections by user\"}],\"fromTemplateId\":\"sentinel-ibossWebUsageWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## iboss Web Usage\\r\\n\\r\\n**NOTE:** This workbook uses a parser based on a Kusto Function to normalize fields. [Follow these steps](https://aka.ms/sentinel-iboss-parser) to create the Kusto function alias **ibossUrlEvent**.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7cf056ef-64cd-41a5-85e0-90c0ec529434\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range_picker\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Time Range Picker\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(UrlCategory) and UrlCategory != \\\"-\\\"\\r\\n| extend UrlCategory = split(UrlCategory, \\\", \\\")\\r\\n| mv-expand UrlCategory\\r\\n| summarize count() by tostring(UrlCategory)\",\"size\":3,\"showAnalytics\":true,\"title\":\"URL Categories\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"UrlCategory\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - categories query\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| sort by EventTime\\r\\n| summarize sum(DstBytes), sum(SrcBytes) by bin(EventTime,{time_range_picker:grain})\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth ({time_range_picker:grain} interval)\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"sum_DstBytes\",\"label\":\"Received Bytes\"},{\"seriesName\":\"sum_SrcBytes\",\"label\":\"Sent Bytes\"}],\"showDataPoints\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":2,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"50\",\"name\":\"query - bandwidth\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(Domain)\\r\\n| summarize count() by Domain\\r\\n| sort by count_ desc\\r\\n| project Domain = Domain, count = count_\\r\\n| limit 20\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top 20 Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Domain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"rowLimit\":20,\"sortCriteriaField\":\"count\",\"size\":\"auto\"}},\"name\":\"query - top 20 domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by Domain\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by Domain\\r\\n    ) on Domain\\r\\n| project Domain, Requests, Trend\\r\\n| order by Requests desc\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\",\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[]}},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"DeviceCustomDate1\",\"formatter\":5,\"formatOptions\":{\"aggregation\":\"Count\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Users\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked users\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| summarize sum(DstBytes), sum(SrcBytes), sum(NetworkBytes) by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | make-series Trend = sum(NetworkBytes) default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| order by sum_NetworkBytes desc\\r\\n| project Username=SrcUsername\\r\\n, Received=sum_DstBytes\\r\\n, Sent=sum_SrcBytes\\r\\n, Total=sum_NetworkBytes\\r\\n, Trend\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth By User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Received\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Sent\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Total\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - bandwidth by user\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Connections by User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - connections by user\"}],\"fromTemplateId\":\"sentinel-ibossWebUsageWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -696,21 +1026,48 @@
                   "email": "support@iboss.com",
                   "tier": "Partner",
                   "link": "https://www.iboss.com/contact-us/"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "ibossAma",
+                      "kind": "DataConnector"
+                    }
+                  ]
                 }
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId2')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook2-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId2')]",
+        "id": "[variables('_workbookcontentProductId2')]",
+        "version": "[variables('workbookVersion2')]"
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.2",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "iboss",
+        "publisherDisplayName": "iboss",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.</p>\n<ol>\n<li><p><strong>Iboss via AMA</strong> - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent <a href=\"https://learn.microsoft.com/azure/sentinel/connect-cef-ama\">here</a>. <strong>Microsoft recommends using this Data Connector</strong>.</p>\n</li>\n<li><p><strong>Iboss via Legacy Agent</strong> - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the legacy Log Analytics agent.</p>\n</li>\n</ol>\n<p><strong>NOTE:</strong> Microsoft recommends installation of Iboss via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/iboss/Workbooks/Images/Logo/iboss_full-logo_2020_vector_black.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -735,6 +1092,11 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId2')]",
+              "version": "[variables('dataConnectorVersion2')]"
+            },
             {
               "kind": "Parser",
               "contentId": "[variables('_parserContentId1')]",

From e7e23743a6428700fe643eceaab260b846ac9c7d Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Thu, 21 Sep 2023 10:47:05 +0530
Subject: [PATCH 3/3] update createUiDefinition and mainTemplate

---
 .../iboss/Data Connectors/iboss_cef.json      |   2 +-
 Solutions/iboss/Package/3.0.0.zip             | Bin 12334 -> 12920 bytes
 .../iboss/Package/createUiDefinition.json     |  14 +++------
 Solutions/iboss/Package/mainTemplate.json     |  28 +++++++++---------
 4 files changed, 19 insertions(+), 25 deletions(-)

diff --git a/Solutions/iboss/Data Connectors/iboss_cef.json b/Solutions/iboss/Data Connectors/iboss_cef.json
index a2e10e7393a..a6fd6f3884b 100644
--- a/Solutions/iboss/Data Connectors/iboss_cef.json	
+++ b/Solutions/iboss/Data Connectors/iboss_cef.json	
@@ -92,7 +92,7 @@
     },
     {
       "title": "2. Forward Common Event Format (CEF) logs",
-      "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection"
+      "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Microsoft Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection"
     },
     {
       "title": "3. Validate connection",
diff --git a/Solutions/iboss/Package/3.0.0.zip b/Solutions/iboss/Package/3.0.0.zip
index 0a639160dc914018cb47d499fbc2b930894d4d67..292ad8562a38970a3abf3d8f946e48255687cc18 100644
GIT binary patch
literal 12920
zcmZ|0W2`Vd)ULU0+qP}nwr$(C`E1*^ZQHhO?>+A~lgvzV&gn{er%k*5wY}2ZOF<eK
z1O)&900ID2kyZWGV56=S5&*y-9{>RTzgc4^Q$rV1RZ9_5GfO*57fX9PIxA;;yBUou
zJM0eBU;X?$fpSn9%*Amx?PiEf+HI09?0&nT;f?(I*nrFelGW@3nu)~2V!%%t-)26^
zKIhZhMBJ_{5ZEA*p{Wl2-l6!u-&BO6y-$xCB~C9Au`2|pKMOv3^+FXhrxK;qPzgVZ
z>?orwHE%yZ1Y9xkrtOMYwXF~2G7|;+Tz*yQoQr&0v>Y_D^Ss4#{9Us?OxcVzEwf0)
zIFFpmbxr#;LN2pST&R_USSP%YbBB1%mK<qvWmE?Ua=t|*G~+DVmrC9Kq*wbF@Czgw
zx{?R0&1;(CwT3&qQKLeiYZpAKS^w1wDGzl1UW@9ZV>YdedOEaFbvPVg%?O*J%#^=b
zJ!3`l$!S9x2u^=nSwWE>9s26Gr?ypH+UlOir!&gx>oamU)2SZ!sloJ&fw!)r;G$r6
zY*g^8UD}wKI-)*J-I!rDazogR-}mruUcNP{y48Y@-&>-t@z=LMvtY00K6*VY(jFu^
z+EnC$sCqRc%h(3(oSI=F+8Sjcb3O@Ui_lkJ(pzH3gJDs!-={kNXmy+4-Bu3&5~<7K
zY5h2B;#9EC9jXCJ*DOn_BpF7jWJ&6Q4K2ZC6+K}qN59k!Te9Xi(X^&+q2tevI*yej
zFFswo+z6cx0>p}9T1*jdMQKLVk9oa|c^O1ZOdv?K&JH>!b9O965+zb*`8Px&OdX0^
z+k<={&`uAa$ZEyr9h0E)8sY>pAyc`rt4Ac~86(iXaMzLhnJVN0wst}UN<Jidhd4jT
zi}4=2=yY|++935zp?Y(lcke5udwhP+*B=p$<8%+-8^?IhB<m>@s%#V6?9YyQI2WUg
z#DxQebaDg0tbzqTcBTOHNuW)ld$dL2^^ydWq_?$1j%0PIaTDUEfQT~M#hS)AQ{}qi
zDFP%WhI0+9#PNVDHS>X{0BVldYQclJKgXe}_WlcN2a+K#r|7P6IO2xBziiVj3(7e8
z_(TY14g6fQLfWksrVex&bWaQlvdL&0S+hYofuN`(nM~`5Q_z#TIa3*{Rmo&RZjRZJ
z3Q<&$n<LZ}Fvr6DGzrRp<DluK#?Nb8M>)a0(KbRY#my9XDMq?E+3`8*9kT|lSraO9
zlW4Zd>_JqOmtpp4!;~_U6!I3u*Eeczyq6n~LN%sdI?yjLFjms8U%?5s8maB*CUccT
zH!JlME6nkTRy~g9PO%oX8n6hRIiTx(npW#c>2lppq)h^Pq|jRwX{neIRv9;)>ft-M
zG9b|JH)RM7GxdW|aW9NXydlx*B*e8=oh=EbgjpMe-f`zE0Y)VIb)vF$VlEdjEYD{C
z<v|bFJZG=bB&IkgPD-cXZ^My}f8FqMtGE4HHoS*XM~sRTA)|Y^`czq{zh)_fjb;^k
z1q$VoCvkoVo{!TDD61ZnxLTzC_>1mK-|rwhy!gfA^)zr+JkTmr%!q#|!c?;M9bZmM
zq)6EEVoPv%_alYS5L^m?Sp)$BaVt}er_3mvcex0<`A<N);l79R*e0y@9PS;vZi<;_
zrZ-PdwmEcuxog{JNc&XXR56{=TJa#>2XR9Z0Ju*Rr1wGiuJC%T_<5aV%&jmzfgJ#A
zBr8!_*dZ{kNfcr_{Ffm?J!DL%+N5ewq|6Z|O_rMI?fNU08|j7QJ7u{_MX|45hAOc@
z_J}=h=kT*=9|C@o=@%Q`Gpw*(1E{(}FLRgTvh5=ovKB6Y=3y*kJq1S-j>;h3j2N}f
zD`V5L8scMgytAxMbR5>7ZPl#inavoEsd`qz78#ey*gOp6^8rLT<wnVl`l@UQHXtk-
z!8U4=@oZA2h1M}Xy++r!qhh92^>}YF9JwOJ2PR$&9XKztKg{_W>!>8w(iXnYLrqP7
zCO}W&tj-|*A!F@X*#^bQ7kcE_w^;)Ii5<DBOQXg@+fBjzGjMQk1ow1zY(zJYhp)MC
zG>n?h%NyU64wiS#iO{C!@3$5Jt5GYPnZ-E8dQJWTjdq5<#85~MG7#+cEsTQ+dmZSk
zZQO_l_!vldx?%a7x5J7P@{9c^*ZnG|M@$4`rd}~`pOE$Jk!&tLRF%%i5AWPo3n5!S
z9P7vmE-QFE{25VRw&vfm4hGf1QW<h`u$DTa3%g^{i>K&C;^;*^75T<K)>N-_VoTA8
z(v9A4OL!9cyAexRtnk(%Yeu$`mw1&xH;uJ;7>SQ_Xz-Plus#o6MHgbux445g8Rg8l
z8kyYkgD=Z%U^%yDf_t<Z2Q&cDFrPCuAC6&5{-V_FSUL@!8?4|pA>)YgT>DuA)j?XM
z^<99Pj9n?oG9<rt&|=El&KQiNq3{+wFxBT+NkI=+aRW6Ig%Q_d&MB3poE`a&_TW0T
zPSy4<GF$?ow_4+-`IOCNko~0%YYDFCpK%=+Z^dxK-Z2enFP=v-oKU+3W8Ik|pYLre
zcFS!aWw+*i54-eqX4wh1*y7=vh&YYau(dS76c!m}1FbQcNP@uC>W=l^UUL@1Y@fih
zw4R$};uQx@s3_;-R0+w(SJ_r$sUq}g7?ArEOaW)4MpG2!JI5`J`w!N_htFbxE=<sF
zVSfxJ;07KxUZl$PPvx%;zRVnDC(V#MrAE35aPI|87_uqBCc?r)mAGUIdd}-=kodxY
zWwdRP1-QLF2^cxLxV|^{1Y})ooh2>|W-3BR4mY1iWX7dHRq<T$HR&ARKck+7JXMr?
zB;OT%^XzVKML#?HZ*#(#1L^bNltZ=zP05!c_)rEiU@-HNyo52ET#}e>Q!-4Gj18}M
zye*pO_itR*eK|M(?h9h86R)w+DOKKaS<N)su|9|vD0KM63M*-032<8oo?By|w;woE
zx-RCJQ`h`9d%=|0E1;12#DSVo7V{zIw?fX|dMg7{afAPr97KhminhmR!tfVOcGF}y
zWCOgZn63R>j-=lFJ5x9w3Bu!gXZ$yTlA&kicOdeRBEd)HeHZxLGAVEaoszeDqJz@g
zIEAm~(JNyK3EH8Tsfh~83<RQMfv0AGXEHnVrTxf?s+t8$#{x!)xLLuXtw~rzJ_P5e
zUAdH}dx{6q&3y84K4ctFw}S{yx<U05pVeHel))wQ@~g{RQp&pnN)FWWA_9uHXt7IQ
zaMND`Tn2|m*OdqV^azag!rSw$Mmvm6uO7VqHv-4^>F;)rW`$n-s{Ug8wJ;d;D9#)S
zbbc)A-)X<cZI+|nxA39FjX(N#ln^h0_ZKASA9bLOrN6f?*<;pc%em))xL?t`TEM;#
z@0GcNf3%zUdJ{T(y|2bk+93M?|ND!s@c*J+jw-9V9KYV$GC2Uig%BVB;(usoYiMbw
zVruJP^B>^--%xkMYwf%xmbBMq^*5C5)RN>wLb}j+#PQGGlybM+XoE{S?rKuWGQ2-w
z5DEkXAZ1$CrSGTn3=k#&lc(I=gorNmxZBIC)BC>w@B4e9525)nzs_!8)b*15H=AUF
z)Tg73-1j`nl26QLCb(Gimn&9%7GkW4R`;^T?sr~m@3zLis>Aj$gt^LXbQCF%y!xe%
z1GY!&`VJt6L89<V9c@Gp<B%P@%k@h>HAYiFCyNlY_W=GLDVN;DFj%=u5M!*E=*~K7
zXhg#a^J58wn<N4!6=o<R;#=)U>XkPiF$lrXzS@V+#e&#Bp0__{!e+Scm@T5mpkz!G
zpm!e!T67E}#om~w%T}z+|B?Esyn8D>eCUA1d5y2gkyBm$x=catrC%~J*=t1pNQP8e
z@@6Ph%IM5(!XPWrpFX9N6k;NDls<2<Et}+=?w+0C-<url0zWrcapzWG`38ISD?_{n
zS+K$H9pYm)41E})i0(}~fl2(=4O8^wA%wfCYVez^lj}K)`CxR|INlXN7_P{1y0T}R
z+&qvJ^d;rfu2iLb+lc8G9bpq&OD|x=us``I&UT1`h$NUyq9#(fN=CLr7m29^ssuAD
z4+zcwH9a6dl@nv7_D}WW@$ypgXWLo1Ha#O}6HE4^2`e51fP(zT{UE{yd^wLa7kNml
zF(T1-E^?3qhwK>PeH1!9ehRzEgsUQZk^p9oy>tD=M|ylC;ad4G2?&M7VM4Aiw<uHg
zrzevEsT8QyjqS&J?vxojL7q`!xGM+ZSAMb)8q3pVpIJAB5^B#`S;G6<p8X&7F6b>p
zK)ql-RdM#Iwyz|&p60C7KXv&@*j;E6v|}f&YRHeWjEHb7WqWd%uw9F}9R?Qql*@Yy
zQ7(aq9bDEr+=ij_uiEm8c;gB)TxHjRULo1+Cvi%{*X>k_ul8&wgS(*+QJn+@e|W8!
z*(48IRO|<*@N*$@T7ZfrLM{66=?pPFCh4wm!O$Ix<VM-tXeQ>cO9kan<dz?Nx%A+W
z#sX;bscWt&Yt&@z+vS$qPC54uX4vk%QW=IvDQ1xBO*2Bvbl|>3;zJ*Mr8>?CA@|E-
z64C?NbIvKi!Y9?U4KAVHZB4fv)8D`dNSr9halYyq&m~=4v<2y+$mj=~sVXvk0fo`f
zpOleSK}!|~hrQW>A1}C87k$N!+{l}uO1j?|ne950L#t(#gW~bwpYX}yA26A1`>ElM
z4L$|3TXvH}q9A}D#%QI1>5gmV<3AU`9<y`G<x2ezoN=wIlgD)_iP<4-YevxI<AenW
znt3R>se%!(SxdZJrRYIAa=-4h8(Sn*$1ngJapb!&)HZvIkyFyfbG&;j(e4xNl!Y>2
z6(O(0lhX}$@`Y_0ax<0F7N%oTvZ<n`0PB+et%e#ajC)$zlAHdW3xBnL0u8#XZ^s&7
zRp_mWkLOcl_jjS=^x&!@b|E}tGiK9%6&b#Mk2sk&fAof4I+SHf-rZ8*3<5sL(+-^J
zS(qp_sT%_!^+>`fmc5yzFj<b4DKdY+&RN=9sMqs-l5XehM&aBGVOovCj(P0M<)-1;
zd=@3Mp3OyF1#-!9DkObGnacqqnzM`(>v`TulkvK_CKYsysgoNM69?PHZ4|DagFd|x
zoN2!Lu`P9yD0&`rF)d^ZB^<=AEdq5ehn9Hxzg~Y897F)LVY(jIN>x-nj&9f`&4`vL
zQciT=CG=uymu7L=Jq1%_G!94bf?;UCUq9G^QE(N`a87j=pqI<}oQ3j@83Raw29af7
z;3p~0e&PqSA|}Y<hFLmZ6Pj)*PK0WS$Jrj;b&M}SEi4~~<2QMvCBTv@mcwQxMK<<a
zlrBj%NOH$i`sr@w6wD6)y!__;S0H=juGQ_axF}ifFD(I5(w&OBewW8nER(Gz!n?_b
z=HI$wvfLbQL3Kp_f<b8>v*o?RxY*PrsEb4XB)!U}U-C=Uof5BZt%xJKbq`5<HQsf>
z(!($r-$b(Ilc3|1+-*d1FgNflSKSMuCtUWuA26x&LeQwJV0z_?oY}jN&w06wkD=||
z8w=kb9v_vm;R(QN(MkZI-*F~rvJWY>rq3~YM}K8j29hFhaztauK<WXMA`NAS1d($;
z>j?&lMRy_M2`u*+2(3Vf_<ViDF|aa+;l&-}eFD7RBljB?7-IS<28-nB0~$t+5hS*$
zNbQF#V2<jpzn|SwLkOzJ4`{;Nd}MfJ9p67?KqrzSe%M}!&c_M>F%2jq(DJ#`_6-SD
z(EIb-0~yC~`W-UwiFg=b!$Xh=D(af>IDtX~6yAcsAR$<220KhKKy+d(KvE<PM3LqS
zdix(po`XnE0pbKgh}aUM_y2I_g7*G<A8fXps-GwdlbilBfHtyB;=N*AV&HS72fWIe
zvx^uM=K+10cpg~er?x&}C|J2osJP-_Xu(*_Ag-&o$G1->pPwQzQ5i>AyTRz7vJSb6
zJL8dHHwNB9Mj<;)uDgwL`!LTWeiO{=#dp&kHA9gCy2)HnYJKi%cLCrWF5(1K=2-n(
z=vj4T@fiYdr9z3HCh@@i6Fj)^f}6kF(z!N>j6YpT!$Vc8$?A_r1S71(nT}NLfM}C2
zd!YBraSf;m5V_E!mf70Tr*LIwHsea5J<V(|qt_@2V$LzV!8O2?WFQy9coM|^gdD2_
z!Ca$jKpS{<+mx{P??2y5(U+et`kw&zT5VA{*$O65)(nS&dP(W|5~wDmnTq|UWnOBh
z1^V6iUyYWXXteq2N?6)}E9z8gQc~$c{0cVN)sn7NlEMAgq7BJ2aRYgScEmASgSSRW
zlb9B$9%YqoZ2!>;yV4(|`c~l*ylAPi#pO6G7Ip@m=TAfx+fvxkO0t-u>I#d-g^020
zhG}<KTh&>Txab+&{FXu*)A9wUy7(J5SuaG$VU{c3%S~`TXF@X}DhhKh66(WcKtMYS
zn@5eN&1dDK=LIqej}nSKz$lPUcJ}8o_aJGF_DqXMo#L`T5AV^P+u@aqTT6{;6_vla
z(F>-*(;wXp3Ia(fvNHqnv_Z4%g)*w06<%wZ>;ft(i&LRLDdl(cQ#8;jA-djLOdfE^
ztee#8*5^~)zzUMT1|^nq#1BHxKht+pz$AD?<g@j5IFDq&9za|D3MeR5oYi!c!uKfx
zN%fA=k`$OFyX!IhKxyYWgO!Sa`@3MEK#`ANhSd+)c$v@>EWb%c6a_lrH(^`?O^hmu
zq6-`8Ch3HshJZu_?X-Z2zN^%ESUuT3vmN847zQ2ZvP)N<&jh$N=lU3`R@i~eML7-w
zFlduM|12vsY0DzjGHSS=+Z_H_Su?X?yY?LIb9l(^h8t|`pQ~U<Zinr2F$ZBhP)uW}
zLH7o9paLI36T@9aQAq1dr#w)36ak6HrWL~PJEw$Lq%c0)FYtu6Xh(JKg6P4ZF^WTA
zrLdq`R26#l>i~s`6QD7*AS^|w=`ajoWOJ*aFYdyck{br_<u%M!;WoxTVv-YgjKi1F
zVdS@UlgURCS%`or6c=iPkj$TZ)uJwb%{nyGzY?VAZeJxGlE%L=g_m4GeHDN&k|+=a
z9makm&-8c4C*i=C#DK=W6Oef+;LH<?lhTaKGyZYjz=E9$^KPw^h;xG{;j??0;Qt^s
z1f)CNlAAvVB?fCcp@Chftf(*{@`X4KN`HqfyfB2OnGkKdl%Q+GEZimjh02X7GemgK
z^@E}Zd9aQclje3FSUI+5t}MA#U_C_3lg1tx$9&Y;Fo2AHUq4XnW)7GJt5~jAIb<Ab
z;fUa+doa&SQ)x)^nh8_?1qkvP@F{(bSsLg`7W2w)v7eh9&P~F+HBO)?O}Rm;r|ZON
z2zBB|426|BL7=^mF&91$MCiSW1uR||WRCbav?M^|JhWA57}~=8qmEv6dQf=43g}S7
zIk5LX0+7I>js5%jME&qRszjSmRg&SU_~=8HGdoA~9YfUHnXa5ZFm7mhXlQLp4x*Er
zkfW-%N}<g1A7PR)Zn;m;^c`XZ-lV?7K3@bS!hy;Wfs|~(v~)_0W_?B|C`(nB)QrEr
zajN{6EgI0$9&}DwkvkPWo>?>g!)=dXT0!^0616M^JRe-4WCW5;5m_-8+BS)Y$PInl
zf7va~3J3yN5zp`yB;C1!cMyb%cE{UuFIFxAfW^mjjhgXpkA-ng>z46c<eZ~@nC1>x
zs5uK6=uhoNa9#MN<x6bu=vU~B_Mj%eq_!pWZ1iG_{x3=tJ%9H>DvP1Zfu)iALvbh#
z7UGlWBgtdHBr_$=T2`OxG8}+#?Y!iaP}eno75=Im!z~|!1zW(oQ@INlKvA%=*^b!d
zV}@7lD(FM?yjVW60SPEB$DH>u!>e54UU6WQz_>i6e){;dgH4DYJsht4;0fi8ZAU;b
z7GQ|)8rB@tR;((L7{}=jOG_tQ8N4OwU^x#zxtuTNg2vus0B%39G(LoN367UaHbX`N
zFp)~DS)0@Xara-yCqtm*X$N-NNet)NFt!<3g+r_ayj3YVWd6zo%`0(y>qpQnDULoQ
zKki{%(yx~kw6X?eL5vv%a23Syu}1C?b<&hgAs7ZI*sm&0<nDuQfxI$<aFbs*j=33>
zYqr8T0c#5b)<XYR8^`*Jm7LI?vzf_>FhD1y6@@@m{l;O^v|wkI4`*C3{T<WT%GI>A
z=$xfJPThm5iG-u<eRt$^6zn6_Gi<g>`qQwJ>hQzUeP~n1hf)24?<E|2S5{V*T^f*G
z=UiT+?By$^^Q!)OX`@SG&aXYn5vLRC%7oV~%$^pv?4qs5=yDQ+;9T~;ohqlmA*4EW
z+D$&;IGfI=R8De#Et8+5(i+JJaQS7>2L=H^o}y|ln1_>LS;#lb^@|TZ$C%e>(`yUc
zv(bCQv+_YW5uUU}mz;{YRC&onTf~P{*0zE~j7^SwVLt;WPo++zVA8Si9TX)4Hjy_W
zI!Za9CbkfeLX$u!^se{42H$O|B3L4+K}7L^>dCc&xBO{bipWMyGDT;C75*gY7s7cf
zWDE)hs-xxUG1+!+N;FcN=tT|&$1cf@6^UgH3hS#TF)#KEQZshEH-?G1zkFy$Ng&b~
zIExgJ*#?)@Fv%jGYtk(Xo8+_>Wx4;#wJolAe+SRtV;Yo~f-4PT*va`8va+=+mZ?ot
z=s&lXkdn5<X|M4XMQxx~J!iXCHQaBdu@z~%UzS=^h-@r!{6yQ(HjOTjR>F`vU2xmb
zWGk)q7=n}Gteq%rn*n&QtCnyxb$3&kuw3@(WjxWJ_t&p0=#b5y9@eXK+nF!V89u$1
zrk1@n=dUo&yw=;fj@Exa?MR!YU-mD(+-rVWw?%4*Zo)~$hzlne&7M48uERFDea(Dl
zXf&vfS8fGI6bLqsmunHsb+PpN!>RnY?T?urkB#7laqkbOjz=>`BTrI(fhHBKWSu;D
zVT|){C|^3PvXU6CjI(a!3cfPVsx(hS5r%x0adnw4flRrzId~4tmVm0xm2q9IW7_It
znrA(bD~>C%hZV8CO`L-!Qxvno?!k^r&Lh(7FqF2)Qd-#Py7=(A=-|3;<td#V6`<9T
z&b8W8_EfzcwmMI?2>P<$PC3+c<T=nvC46)pYDD~%9LJmQ#!pZ?0^JX7xaKxaIctSp
zyB>$4IE?<MgC8@)(Da8Pe=&}Out&kMEFtno9{Zz?{WC}YStCDcBVW6U*>}c~cP(Qt
ztx;#J;twneL6g#+#EzXW3%Jo9+oC+TM0oCq@z!cDb@<_1T0lP&N4DCd8?9n<ZAkK4
zY;moVN1FcV%4$8oAWv9j!LvWxfopSl6tli49qqvKHk+Z!lVg71dVL56icGOkdY$}x
zxE{XF64ue_fz1=F#lf_01UKG#qq5u{67Kt{6;!rqBV;}%aQ^OTS@3e}yL+uHHPNyX
z)O1EDc&;%*owNRjU3XHIG<fOJ%KN%uY9n>?-23)df8$K}2AEU{{O@Mhg&n!saAsvL
zG81TC&ZS5D%h-)|df5Qvw-j%)bB5XX>4&qAk5+6!XeRkDF34}yw6*)*6zcc9B0xik
zjb(-=GQE;T6qql~nyjWHyvx`?_~%}&@Q;M-2q#5&Q#X*dtG<rPhQz9^kJ<ZfM0Sn0
zXA#|!*zC|j5>;&wVe^|bc2w0pI`)VY#zInE5xLDfxCk${J1Q2)d9y5XgN`S<@~Xw!
z^Vso?1}QWGBoM*19H^hJ{I>)X)6LA5ijBCOm)j{Fi)O;u2p2R@?yaRbatw~YW3~B2
zoSXjSE(rFv{@Z6|%HRj2(QtF=ckYexd7wS1{($-1+;^`kp09{d*I8#iOoag!UAR=X
zo^isKag}+GYHl=WhW#wV*p4$B8xb}ydRwd;mjCf9odv}nU>1n3#`$$<+YV%YPE%P#
z{Xt1Bvg-bX&;;%4+vhsl%lgZt86y0<3bWhNIJllBf7vLCyg!*R?C=2QY>AIrqW&(`
z#PFC!T=sQEAa)*%+jXkV75L4Dp%UszYZf?uQ$KFmouIAX#>v=u1->{G*{z+RPoV`;
zINhPaCknhel=!SFqCoN1O)p)$$Gd!&r}=7s86ENWeOR8@kv8(jX{Szf)JdT+Oa_)`
zv<KwfJ*7cf-r>!IGLIcoKsV`je?M{MPEPzLViF!rx>r%y@_`lyS0aKYZex+rK9Jjl
zx5j~T(kj&K)6ued)i(!~V*9SN!!?C7-DLrTG5!7M6641COP_qt2Lm3u3Qv7i$+0EP
zX=s_ggr_2%5b}8Cwy6n#S{S$cB>W`+Acrd!aBaufY{7YmuqTx@2eTYg7H{ETpbA35
zGW{ZeM6oclD>6#7sT!NuimE<#8NVy*wRVEnCi7?3X!u4;a2lo;qEHh=fo90OPZc4H
z>tkW<H{0+|94AtVTXCa}cNV2vXKiGaSAp2LA&71Xy<>qrbM;wik(WprXuiO6X@IMQ
z2}I?LSvC>`+{nY2qXT&0GCRJQE<wa8nb<2!zJ`xh2JXfZ!(vAeUzUsx&p!uq(m**u
zOD@?$hbZzvbHns)kMkykGiz1gQ{n<@!K*?<9qPtmW%~5tB`Q6xKMh>b4daJXb9q_(
z)SIfZ^qftUm<4|THF8ws<{%U9%=&<Zcadl9NJN>lI`Im&2vimMEav=?oGiD&>Mqu}
zHO=jg3}4!QRiRDS!g0K#oU9-FpIKSy03u6&^fcP*+F!ZaX0zz7j_M-X+wEzr|2m!R
z4$mEK_UIV4znrWYA-g)yH8aTVR(IQfTo%+RDoa}uPaZJtwwZ0)9k-j)2inq|>Fn7*
zh<h!Xn`d?O5LRz5tJOtqy4x)qHhaF??zU*-t)jcr|KG*l=C@|nG?Th~)<E;9j_3Y6
zDco!PL>QLQHV!6My}hHF2al-fo@%Vv0u|>5;Ed0n$T#oWk*5=xe0tT|j;KnlxgF8@
zpYoczt5;-YY4wl9md`v<Y@W(*gFWcJi7gkdSBwWUB(4+P6*%q+Gw1%eJz__tXf*V#
zgrBFm27ek5F$=RoqIAx5hkzx|;6eMmZ=3!O5ZxIhy4R0$*MslRrd_&0dxA#$1c~wu
z5ak&p$}6PFJ7fh_`;PV#DH|kG5<nE_Rm|l=MGcoF7S^fu1<M53GXUq)J^IH*{6$gt
zT8I3?9<R5>?$g6+x}>0oRlNB5Qzw4d5<gaTKfSa`n5|qH6V)Qx?{9D3^bnj15TMlE
z%=E3h{g#J~wDf!g6Wf*JJEZVec6o!MP7EGuCrW2o4*0r1rM+HCQwmTcyKYtv3;f)U
zav6-0Xl*(<z--1+`$&}z)pcM}-{iCX1>h>iKxugy@kmjK?62xwwTBG)phPh%25%5a
zY^^(Sz`obE-9#_Ff(8GmAx`AS89b4nY9DJndv_1VR=4qed8O}1Cw>;*FO9j6Nv~_=
zmPVg)f2$n*xbPS(fbpxA3Gl#aQ{vU()Azij|3{p-^sW$CebfWXZ-Va_mDO&|3Smy3
z{<VQ$FTigv?rCnsVKzkF!a%m#TyRedXzwl}x|n}7)Km7ZEu_XJ#1hE;ix96t6?J0!
zeb?_Sac^$cTGx#sUVh!7RW<*H=8fJ45#<m$gWioQBY%~TBWq&(VtDbyW(6@wjizga
z9b@45H7;*uTXoe}wz%t;H_PJGZ2i5#`vPz5D}Es{;M7%C|42e}N?x-tE#S4s>%Nl_
zWgQD;t<nn0GNlQ&rt<@{Gt@SCc+05>6bv!kD1^4(p7B%#qW?Qfi04ShqS*xDS=QGQ
z8!aVG5h-w`Wc)*6RNOn}26OG&9rmqc?Lgax<&}5ucs^Tbl?}1SyIy?U-=1B6*ByY}
zWu<6?<Wm#P+k+CdU(0>Ph`??K;ItiPs6I_ker1J{`pKntnnBoUButXFe<f(VSK3bW
zVRJU5gjmCnJ~|8B;Ifgn#~|oE#ZB4kK1txM!c4#HXpqwaiYLD=`BhZXqm`P=UVAFp
z^NA~82HcD)mC?1lS~h#rum;V}u&q`Ta=zt~1-{MNw@j2O=hUbbltSLebygKpz%A>X
zmK}n`v^~F~JR=d&WL$c5Zzg!uRCQ&Www2k5DazH_Wf4)U+?CtaS;;hXy+TdRB#F!G
zB#n-;Y!=BN<6)RZHBHjXP2*ss&ZZURWpv|~iLhMiY!<NK=t}}qFx%^&)pPGC^(a-T
z0!;5uSgkfR#wuA^Pe58e5U}59H#kJj+{D+t3`I``BaLmYY|Rc#G}+LwV0s+rXtSZA
z&V~m%8XV}S&U7peR2tckV&p=C)b@ug^&HSFsqCsA_HxD*OuyO~KTp&o@Ke(B*QZcL
z>iH9aN5M_Mb%xCAH9x0V?YkC^;v&q}-+H$Z?O{3{JsuD^b_ii-(Gd~au@MQIgKqn`
z&-~IU$<IT^P_YUiu6qNBrgl?^@Ie+)3gw51Sa&zuGD&Xv$Iau&tSSsUuaAQ`U5vHe
zqAe1|TOzVbX3+)|+1;YVXloWRppee${c?E<sA^YIuK!@nh^qV62-fO$C-l2%Y9i!A
zT#K+%a6>HN8Nm*}cKb5AsPF5azZy2x;?wl-=nX3o+?rY!w85wTJRs>sV++oqRYX1m
z<FW6XNIc%b`iRBvSND9$n=oFVA`mZmV-WH2!SC-TlHc&-{JcJnAu%xZvJX75m}9Qd
zvAG7U`QKwHQ@(?sI6bLVEny^J7zRMhg~HC;BfO8L(VlUqV7io+^QDxpofx`|@>TKR
zD48l5(3D_GpWTEO5=C-(CO#5#c`k72bpeSGwtQ|OCF~bTeZM(}R^UZ-F2;XP*!f$a
zUIFGP7n?#;)8BM<_r1;Af3G>Q-SX_Y?A)D$`L23BMpwJ|tGTbHJy-t>pDxJm@)syD
z&kb;L#8@yImLkuxn<CJsFl~qshw)A6u)h19m*YcK2~UqFk2`%q-abB0qg{P!P4KA%
z#g<VoSSUpOM&On~oOOA8>9{G-x;=U=DHp_O(O&X?=JnfBc(*(nEUCYKzwYv;8j;hX
zL=Ta|3PgbN2=e2m`s*SA(J{Nnh`6$gvh<xF5f^0PNIE|t9GRX*f@FC1;y;KS&`%OI
zB3<8Wk9)o^JSe4mpqX>}sjomlt!5~yWt!xzE!f0Ga0K*{j^dAw&N-Y5OIJBQdPJ<%
z!zu@F!thp3*z0+-ncXv@lY)W)scnw4uG|NUf1_1Z$-8!jA<G0C8>4`@s>aAsgc+4!
z{dl11msk>F9z9(eG$tI9qB>PZ6Wd&_Kk$&DBYeM~QBm)T?#t@n$N@LzU~6d~i_qm2
z383H;@`+CSYcnEB&@I36c-c9RO6H)10)&Bw^IutdH^3vaL6gjK69E&6<zbrnKA?<w
zFp!uOAt8x(=2D7qE_9HH4VX6291X5C8DEwN$HvB_8$tNpq;{gHxP29){P*mS_EMn6
zp0izz{X%0~nVs&s38d0sDa-sD<y6qf^SI>AXy*P*v-_F!57^8oLOOIGZst`uq6GYV
zh1ev@>YN9>km(d~?%B65<B7O%yk>ouegSwfotOCL$gZVX<Em)k#Rb$R1TH40JCQ-9
zex^R2U_}R~>?p>+Uq%L(+3hLn+l0)Yy@6pek~=jDAuT!A7@QQvvn|_&LG@6ue`lpv
zGH<=yS#q|jqL)7iCKkzb{%A-bA<B!YTTxQjeQq;6q7GqD<+kNgw2kF8Fg$@LjtdWv
z6XQ^KMKUyq+7h^xl)#5F-KbVnXTxeQsr0bl4+KoHqUe<6MdUS7)&FV8&Y*W2`YA`Q
z$Y&i=IX7)woAQ1O6qMd(X4<o-DAiQ`q>Iqn*|M1S(39L%e|+6lUg@vfOi6X~8|Au`
zx8~L0N3PDS#&Y@ikzB~;b#3oW0gVkQPhlc_wZ9n#C_PL?mbWI8t*fo2Qg^V6-Bo9X
z7UY`5(f*?4;X|TJYLm@P$5%wZ5C`||f^z3iXkz+jWBP-9SrUAHD(dDVMRuz9WR{<N
zBc{d@ZHgtZJquaciHJhDGL@u$sj<~X65C=BYdQW)UbXZED#;bax$q&^ykwkRS@Brq
zGHkGPW}&z3+iU4By_M3;JbJm}WII6K#KV4#Z0`NA@^f}Ie(fTB^F=iGrgm&?ajM0z
zv_^7%!pC0*->W<wiIN?($8NJF%vG%#bG*;?zZ=;$w~7unCq(0K8X)hkmSLP=cRbhe
zL*FFkaAE7)x3vS4<o1{kpG~t7D3$1gKkV-KBbdz!EP*_;+&O9EFjdR#8=-tUO!0J_
ztX5r#i)`ulbv&qk1^$Sq^$S=V;SW6$>e)m?%%!_wcYGxOH6!;&*L`(W!Vp2lf-g&E
zI8{91WN?*dDQs9pj<x4as=;6GU;%IRsE<kLIpFhnpWU-AIBhISjvhDIEQ=(beRhd4
z8ao8r40&rD&<uu6p2XwWl%I<Ix`4-j=c7HyR>0p!!zfrHNok&wM;}h@D#Yt$!Rq?J
zlM?O;X8eg#r^ELu>c{qigH6)4KPGL^QPuorLqdNqGyS3V;hK?W&2c%2JT3z74`)=+
zyNxNC2D`TuJ#h>83D8%a1wV@oM6WKM;a(lOS>c2S*aOJZBXXLE`q{@}VL}@qYw_BX
z0aazKJ<N;JCQ<_E!%?JuPx{xbZUXGVC#!5#-(({%xtC20&54VdS!GJaGS*z*d=WW}
zP8A0Jt!s+eXy!TZnmd^$v3rTGNxgNfbLx>l=qMrZaO6%a<jtw3t%gOB>4CtbvN<K9
zr0v?CT&`>)O!(D|{Cs_^#uC6Q=W`y>Nu_h5qWad;5RSfi>C?IpGRF{6*+=Ky_cjCh
zR<z#8ykake)Umeie{1)}_!Qx~cA;Xg5fmTe?T(_?D}30m*M1!8s!FeWq&XJ4A$=%W
zX38@s2eQ&0W%Zv+wqrG&?C+81-guo)WWTVM^D<Ch9FZy!)~NTAxa|?=hd!YM1Q%mI
z6@A~EP#p$Y_^Ny1cyi^+oXX04QT(*xlF$ycz5%rFjFUgD8{)DU*A?Vb3K083phP0S
zHH#mLl(P<;IAcEh#I$JK`6-DK6~juNeiAJ-Bgtc<I*raCp)V3)JPUzQok*@3B2QzE
z$br8ZD9-uE18I~%Yj>U^p0G9)2ND?TTty0XOJ(&eFLETxBH#?r-E|u)N_u0C6eBOg
zu((KZSPYZ!7DCe3)pb$IT_}<_fu;pvtI279D^J1=JNUI7fPGquQ)Ygv)3h>wnCEv_
zZCqcx{>THm;dg%I)Ae{-rTU&%D#OhV_CdApba2|PjfzU<u@+`kR;rikBJq)z3(W-~
zX4J|}Teg85g=WyZA@#{&T<BTW=EMiRF`#eSr;5WvD-+2Bn=qy0-|jTWxW5x2$-UO$
z6Z(q}TqY>A6^Mer--q)!4BE?2@QCFl;UH^W`@c$SX~`U~rG%ccY*@U2Vn3A2-6Pd~
zx5YN&k@XGYgxsephc+9=-3AVaM`~(Np(2q~BMEeTgT&%O-e{6k&Lox3w%lSRlI<(9
zauz5!@A3{xOB8igt*F6u-Qwc(BWTGg1zT%;_VgqpT;s%~Bv!5BViYP`B_%0+bV^F+
zvSJj|1S{{G6cpo-hRYsbDJjTVG)l^nR@&hvE7xdBN-AF>;09T-$!^7`*W>7Ds>RAp
zZ!LxL3$hQMU>WdU^x&6nZFS`(bU(RKo$0>JZa-9VMT{6d<KoXLb?ZlL&ymr(_;%U2
zIu|^K$Ec*H2-r3z?IHx&+IL1i_`#|EXk)yz?@WK<!>cORPb~d_Yz6xJ;b?Va7+rOa
z%Y?`|ix~S{ydc_{=nV`p{6lFaL1dY7c<+hwH!IkF?-n*sUz~oFxO>)hogpP$N?l4a
zW3dtMhLRUjy%eh2Ed~0bwjN?W2S{k5InHGI`mqP#@JJRcMgp;1CKs)Hbd|Sp@ba|Y
zN-v6C!@2vB$H$qC!6CsALTR=8pIQ<SE~&lmIC@32yYbVy=#yiJa|Fku;R3+gP%m=s
z_$&FvjUutgf7IXz`hBsY24+bJ`YPN5YfG==i2mGd-hzfpxDSO4-tx}liF}2KT-FZe
zAWaMC_GhPe>G7Na#4%|}UL6WkOX??NI1P^SwX)|&`g`6rh?{ufFM~xU-u~Rg?X}}Z
z`^Kj8*^K@{mHgkpqvCzQh&P-`AL~B0kM=Bo)f`&h_U`?3kp7@78}PvJU#Dp?ZxOFp
zdJl__HszbEV72!RU3#aEg0SJ{!X+_{WM$#>;kQaG`})L1gwD?qgGyrYh(m4G#zxvu
z@cWT{W~?iON-R{vb%3+f41aO4<;=*=?OmkzBjq1aDRn}4*Q|o<nGS;@X)p@JPQ@Mw
zIKU=3MNKfOysRHKVahV;f&j1yiBrrd00C%%I1F2WyJ<jQ(4VC3D;4?MxpCu5v2cO5
z7EQ^5)E-_~$r$O2;<+y!BB=nv_=6vj27?^$LEaU9%x&Oc#D(_wllA!3z)R7B<7M{V
zVg>sO$IdAPw=Ax&5Rk8|k>y%l2>K$p?4;Ug`Eq&$dIamY>)3%NMgr~GwmJ{L5OVz$
z3ThG)$X3-gMt#Xfw*h4c7opgihL;tKTV_Y=ucUBoK-dDb51yLGPd^v%UutPrOgnem
z^Ng-_uS9X^fOe_B8YSfGEdrn-4MxDE^^VHo=VW!=4-vzOMFpgVX}kxHBIc#n5y^0A
zsfYIJhUy;}%EQ$Uw$`*yB2Z_OSoMY!lXBt8dv}FX=P2n`KhHtP3m5(1vi0ctF>z@S
z{04yOz5Zcs&w<T@x|Bb^oduot>|{22DN$r*b;E~JuU+j)ymj}RJs>N)flze<8_71U
zm)s>@ZkJOZgv!xNPAAPHWK%DOozwz6FL4iBnQ^2U9V0HEYZ<eFCpS^3Pw6b4fyPg5
zY}3#kJAs>{{tIxQL7{&D`}X2|s(4TjERWH!Jrr_qA)!6gbixVYT>pJfG=1|GbfbzU
zDkjyDdo|H`){qpKAXsXG&{iDb&##-#%h@@7+ANRRXtBHQtN4e4;_FPiL9!H1upqY4
ze!tM)-~9n9NCN_)0Q{fpJO1+l0ssOK{Ez(C{twk2|NkWaJ161)Z2f<dZ2ea{^1t{B
W6{JDI{$~l$e-ZMZ?lS(*=>Gx@so1sv

literal 12334
zcmZ{~V{j&35at_WV%xTDb7GrsY}>Z&WP*up<Bd77ZJYbwdq3Q}Tf2R_s_UHU>d#M~
z=cgnG4uK8=0s;flugtEQIElaZ4g&(RO9%pj_1~+hv$?UWxw@6OIl#)^%GJujp3&OH
z!Tw51*I@&Q;Xhl4T>(jtgKFNzpaU_DS(Ud1Ri7hqX{)pv&O$1+uq1})0iYg{`P%u&
z!$~HkS--Q-Yew>G80pBp@UVY)gES4<S@)z+5%e5~qC0W^aOOpzQ=VY!MXv<v4GUpN
ziZ>`s3h)U;B9@fM*bnPOPd~20Tn~S6QJIjiot4fMH;MARsp5Vuo?mi>ur%o0(JK!k
z|7F9$vwIqpU{mZAA<or@GZhJ+Y1Inb%Ein76~V@Ri$kXs<JOuu`Hn}o;GbB~E>qvS
zI}z>F!g8W9+UkUE6II`k)Ipc^t^G$1@cZ+;iZf;}$C75NDiccsyWYhNmo<8Y<TEeV
zR2d-p+n54|TVSP%xY(WcWPSY%+Rpw&XJ`E^2mQEZQMG5u_y(X%&7u6-%frjf+pZn6
zYURSF$=@4y>Fvc~gqPKhVfKDNbf5652iu|7@&3{E_mXyF=cmhk|L9w=t3wNxOl#t1
zRj+<>L*9XvvW6kFhfqW3PS<l?!H%Z2X85UmXb)vF%n3h#I(^FOSYx44wvJ^oZC8Vt
z40ABlE-83VG^A~+`apKi#8qrig!I_0=B8=$v?cUOo7NK$1tOm#;^tlsH^is`f#43G
z)QsA!ZyKTA3IM@G%SyVV)w{QC(&{&`S7-J8xlWDZuxHj<mAqt_nP(a$p$gpsp&=bm
zzm-*md0r>_HpoH$j2NryBVs|&YJA{}@yVxBGY9nu+cUr;^Jgpt&C9efbL$6xcGBwq
z^S5Od!(%tg8`N#@6VqtqG1!T9e5@-{|5kUvv++0!T*WfRm9D0wrzT_53>g;a#(Er0
zvANfop4DW~Pth&8Oq{tZWUqyS#q9?jZ>EJez;H~<7rXlXjmNa1<IKsI11gNBMO6DN
z-e#*QdX(<f*<VMd6dJRgogd`^7B~&S(eyx`W*zLA_L8^u#uwR>x6Mqzb^nvZDeTi)
znrTuF=G~BrJbYr7&+wON8;}wD&d`rBAHBf4r_}%Mt6}P|bIutxVlt>INUCeA41lO5
zMxbm3AeQ7ND#z26T;623^ILD+snL7+VnKXBL8%Ane-OWLGN=x1#H^&^dbiMpaDd=g
z+6)-~wNbNb`3C}QF$g4_v27}D4_zNfn}c#nf+2s*R5hBqF>2IqFze&PXCv?3Ngy$b
ztQ};Hxm7|Jn6PM2k<{CGJ(Nria{WWlB$00e9*yF2!{8h)P%LIqm?SYS%o?kC+krHj
zsXDAoPbE={EM(wRAScK>MCW0|u#DM$?<o(#TGW_uAZL~`=&lT9_FJVxycoG;fxr$~
z`+jO3d-*j9FBSX8PkP5~{+8<W`bZ)2^3O;f`3+>%Ax=X;gFdZWhxezmJ|!wa0@Q&W
zPRmHQwp1G=rcXN}_SpVd;+@}JuPwgObnh;Mb-YKUz~7HVtLfH(`ywB`9$2qg1upf9
zRV#zLeCKA;YyF~OvSA(cZg4_DxYNm1B0cJ!hLF*Yi}x45AvIa(VYlhf(Qwu9(`r?4
ziWKqJ=R*fpl2A?ZQCqTA6=Fr+R%Tv=@qVmIT1*=}cE~OVYc?%8x)WKoE0wyrG^7CL
zPGDCu8S~Telhm0DHfJ6Uu9^Y+PX>EijTU66q+B|Qk&HIAJMZ5`eKfmkMyxCM#!&}$
zwln$+7)Fa`YyAZseQ8wx-KINH+H-OmB)cFmxZ-oTg)mmOwFmu5-iOYTL|XA0>Fm-Z
z6g2IY#0<HerR*ZqwS}5+hD8J^lu9mKqS#t!hL7*q_{k?Dld{Srg3sIc;xLiNLHnb%
zAf7p9TS?+}pjr2d@Rut15fgt#N+WE5#MbHIu3}2akbrd8#r)k+?*{+0UC~jrLhOv<
zoChZoogh}U!V4)#oEp7`4ux?o_ltrE+`rkjgExpvRO@Ii6`DW5mEM`93_R-kK6ofh
z$k5LEZDf>jMZJOPZ9AIT2+-gmWcZ;T&fOQu`Rw=vZ7=&_13#&e3>{}a*LQUE-yP5a
z38U3I7h#()(BTVFON--`OYm}+mwvs!o_le-yKyh$a0njSMs07bnR{_PW!^n*UWDH}
z5oW3gwq>9YZ0r^l4y5~+-Lfc{WsVG`QBzqi!iS&1Dpc)qESOCx_C<M_Moppj?5f1K
z7XHaBeTfn%;N!;FLwYe|GdjN30dL#3@OY6p>UD`Cu~{m1^%Jzr7twW^6&|8!$fw9r
zJ|Y->4G-a>Zoc*hdDYN%Nas0118>BAB<pzrq@21Sk#Y00O)XE|S_tyR_#3ae$DR4T
z*sxwjGzO8Qjfqi2XT)NsFxJVjgiysIlbA1YbsA|t$>o%Sv{P-58K+KINb^>rxT2Ed
z^aybS2}OJoWP09z0$67(ebw*LW*9!nV;YhH<=4(<&}t%kK%WLqNn5EPaYp7XRW8MI
z-9B+!zov$*M;nr(R~bPTX9i*3EN+1TA^3X4FBZ<4U7A&GGhOaxLfJ*;agjC_U5rw2
ze;~c&-9!a)T_uU3J)RqRJN_R?OcQFO(q}906~x&X#K8CG)4%({+>g~<O=}7l2EU{S
z79PbS{!)RNauI#b4R4hH28w&Cpj^-O1W2M0eF>?5d#IRyb!BV!E^WG%7rXbhHpN^&
zHuKM&$2gPCp^02q`3TmkQ>8r48iwGzczvu#&ETTVe1%Z-YPK6{Y}#b?vS?f(YS77q
zyNhdQY^T8Z)~xj1lSIXyb?48_!NvdDx&YUHkb50&bc%Z^mrblwD{aGkdAkds1Qn8t
zc7wzatfe$Z$W?m3g?;ftvojwaqT0C0t%{!MJh2fAh438x7oL%I?pe+&h^*7){5-ji
zWs(5*mALp-6G1=}nZC!l0mdso7y97NU&c^_6H&Ij1SB5}>lXzea+F+*)Dm^=tn@9^
zDLTmKAFm*p%xvq1-am9Uw+#w0-f%geLH)uiz14g;wokJA-DP=vU;N}+?<bkXZh!!t
z0cTZ>_dS6HA?*H2)J+=8vhHI37w;RV(4=q8`I?{Wl`2Fw;@D-NuuSWT#WsJn_iQeS
z(BNnTUHjpC<SQlsT<L$2OK}dhXPlHEAYekEASnOIB|Bp)do^=AN8A5I)Bh`!1gtzZ
zTGMwv=$Nl_*JmsnFf6QaE%Hsd>ICD^6ffB=6fO^>k`kvZqSa(3;<LT|KQ?2+AY=k#
zx~U$0sM12O_V=&bL3+Q1feQhW&op^ja!kMlD}2QgtS`ZzGOh++8+odw1fONYro`t<
zBhrcDZzH>}lk0U!54)b5xk{|5hHa8Oc>%gVJpocdKL;w%A8p`5;l)Ch*d0L$L)9<K
zw*lRrqNbA#Cip*ez7dAi+P=7<TJr=@%EMI+{*>I}p^(r)Trovls4<}9)G)Ahh%HRo
zv#NB>g&x>kR~vA)bjL=whP!Q^f@P~#=n=I-m_sCHwLj_a2e0VAR#FTJcpCu*pAkpX
zT7PFr;)1m;7X!ivY&#p*Q^fG;1ddLqy`wMZ@_sp{Z$q+VNi3Zu?$J{UmLa-H<0n>P
zNDTj?+Ts=rd6Q&$ThV0^f7xZv^isgeb~jwScF;Io1!e!xOh{BrZTCl4og6Tb@s%C#
zV+_8f&(`6*k|q9;U{uimNNq=PvOLWnN-SZ{tUq^XlU^{A3G^HP_Mu5HT{R@=K4w`(
zRxAiAG^$TKLUNswCMM1Wks+@XWt0)`)JIh&hagAE&4fVrf3AotNav#|s-~a3Kl=CY
zAX?_H3&-rZw7%Q%yG*=<Z(t(I+lG;RtM6paSS`W8`FvuszzSjrHTK9M2>0+)Wdt1V
zyeB8etT8r(#fAQ*N0NkTx8yVZ%^(;E{SL`S2<>v^7?g9dbTI17y*7L;cZ{N|w4fyM
zxxF1&R4i|s=nAg48j5mqv_~GqAmK+FUew4H81$=fH!(RRr9xwzAk|haeL2PC-?6aw
z8}9waWKJ4&v*!bG6S1(YE`nDwkM4_VEWDFn>RPF!kl4egt-14@E12u~a<o+?*i~7Q
zsRDCMN+{(YBGL)^78LSAj8yW=K0;+AXsGFJa15j6PD_fVqRpEmRl+jAgo|Ax7bZbl
zEQ;`EQy5v5jJYOq<y|aHWMc|whf|Hjt?xo;T9Sm9)f;RwbuBs!SzC@2)GumHJu>*%
zcD`IBc~)wda=xpKQG?xA&_cu#D2?+jBZAnP(5zACMwfA>1B+NyPsVWvdp5P*FU_BW
z9B+}hUyG4UU6x&?!opruY}S4G7uP2`Eap?3cZm0D7??k!WBHibt_zc$p7Ju5YL4{}
z3L7ILfL$T1+YD0ju#)%PeC>7Jd=<xAB4XPF{2<!|ONU$d-XJe12x!Jrs~4uHU*3p$
zl)!QIDuXBZe%XtoL7)mV<Dl9X5Ug)MP=};Fo`ODoAPO`)g`PVMO1ow>pbO276Jb&-
z7#y%*+PzfKe;)@2F~4QO;mpm3Cof@n|JsYlz=MEw%r00!8iN7KbgO}xq0KLMuo-Ek
zEfQk0_h$Px^SqnFe(y3pkwrN~qa{$z86Co8W7LPX-;14&(uV1n7V%{HrN{CzwS+@o
z*~nDrr9zt{_)qy&!m};}jxik0C5XI<l<0I$eK(Z9CF5RH`3ZAW`ilRyAnU{SIAp->
zexMMMXft|iF%bz$-B+pp-Bn+0@rcxY?rN@V=6zh%08z%d`;#0i)AW#mUkb;Oai&2j
z<5YI!aCkHMRuQ!#bj=rl#u!>}t*gDr%<VydUCyLLp)Crf#M~_CmX<kVWOthxaXX+_
zbi&vpZ4(`ty#`G~ouA6u<n&xNs{?iZCrP6$Ppo{&qxi)?82R~Oi_bIpll}vqTz`8=
zHHtV6kBDk9xCOM{L^J9k>I@(n!H*whNhuSVpx1t9)j8`llaWwy$G!Y-*x9dxGE2nX
zKZXjYy#1dkd4U=nfyD>#dR-4N!8*TStDKZ_xU(|FmDXJMhag+xB=rtXzI|KYr`mL|
zbOggpgp*nM(pyCG_j*BxAlk@JsUU*>$ANuAbkM7M)!wcjx-z95N5v^-@CMa-q%)z9
z{pB6xPEnvqCcInx8-RqzgW*0sp20_<b+nQxuVBFTv}2xz!B+P8oaVCIBFsX;ap2b5
zQ+C{9`O;J3erIF^GU1$TtmfD&|J^p&jBv^^fUbBMqE~WTZ+Rd&5kEhCDH^sA1Oj;^
zJ3EhfGpEQuvdgy`<@%RS@9z$yJ<HeEJ%*xFUQ{M*DS>;!^F6BI9KI4_2u)}YGJT@a
zY<b~NW}%dB*g@FXzQ(VM9Cg${OH$|unDqu0r;i~(4BJ7etmym66haZv#{D?5oJcB2
z2M<KsT_G<t)CgQGk1+^TQzph9A%K|_6V&>h^(IM7>226~hCv7lG+cta4Lu|<rU3)&
zH>y_BY70ZcfhTUeKRye{7%>Y99#G)cFx+D1h?$g>^ZYEs3twk(@h1zk$7VS0b5WVu
z1_2%_hJ?!iF+?jEs#L}aT7!?;=3KdO-c^?x3uJ*ETL(o#_+*50oiZcaFrkGzl3uSX
zEGbdd*CA<HF!HUOZ%&midK|LM;uz<<GLPU*_cE5S6Kz5qja9%)qS~qceoDLN{L-lh
zQG}X_*`?CYy0#FSx?i|NJl>xp;j>SMJx5-c^?QWsH|O~9dt-9e53R<5rxTfwa1LpH
z6RoCXq!IrMe!B&p77TDu2ZTpu{z_8RVjLFl&V{kn`3by%mPZ~1L)`(iN7xtkEUO+$
z<z$E29izX{zL%rCZp?-f4E$0bWp=sa$a{J231k+EBWemq_l{nrt@eRB>N%|DE;yE+
zsW{s@!&_Z?C<?FWu6X6RI+=a+ISfaoQIJw)*FD5mf8(A7RTlG+fD4R)O$ee5%m;}@
z4oZCxGMQ1CmKBovDcykJun<FE?kztwdtzPEow>$PH@L~rlqQ)Hvnq}|SJ`C@`}e@x
zO694N+Gg>ehT{0zwVOY^by>LY^EA~34}5usVa#gI!el{DGBbsX^4ZX{i{o=}Z@$7_
z=V@rGY>)ZvBoIBG=+$Vfu*_b7NJ)it$md+#=sDK&vOW37+063MpQ~V&<KUjf3`x};
zQMOheP=J>s$`>}gX}xo2CCd%3KJg=CY(pmuk7m*RD9u`9*mOPio>jmKta;C)*alB7
z3o@b!Z%^l56Cc>*^3z!K8z17#fPs+5P`^|(N$zmw4B(iFU;wLmCn!49YDS06hrquH
zCi9%}!MVLbe!KJg5{{bl106pY@!L|B`Y<R=bqYPC;}KY^NIy#k8V^P3ElySe=ZXs}
zmV*@KCgY2eSqWVaQPqSmWX^5kN3O8p?Vv9&{EjKTt36vBI?7Hh^)q(hpL7|<Mne?-
zg2dJWJ}alk(6mF=pB)$wo<y=-*T{(0qr1#^pYW-9s1MQ$8*lH#6~O~G^(}!cmcEBQ
zAUlBNm`S?pdL3@8pFa=@mo>XU|BXXo|7DI1atTia`mTl^qO6hLjLRUVZh=pQ8<0){
zz9mApPfb_i-me3X7&?o^a(9y~udGKujU7v8hBc^*AWjvO5R@G?Q9{rdHi%6{);<OY
zKx|Lo>L5&rDm5DhODrbW3LVsh@lN`u+@)~WG?s=iL5Im8<Cr|+mDH5X0XcFK3~@&h
zY9vdx6YAnPHN-u{2P-B*#u*upNq+PKGzNv;R~`0O@D2%DQ&L>!0`5Kc?hZW>t_?+s
z4wJNEucWA6<R*W4`QpBgs~xGSGzbJc1;c%Y)0{JhVVO;AxJopqC$O9*{e&q{u{m06
z&-R0!<T_%&nNno)3|RZO-;by+sdNBqikX&kC>?s6zhSWNQzli+C#5i-&=!qW@Xvwl
zt4R8eE5}AYnK-iFR$G7c0(OO!kt#ojrdH~R7jple!rJgY9ZLxMD1(0wi|G%BQDB+k
zrd<1&EY3$^2Zi^X<x2Z7H8Xmf_8;4F%b_u4u8o<&|FqHZ6bgZ2rG|gWGpZ~>Q-8dn
z_`gSi5=%ERf3LL2-Mf7?{u-hPmYdRizug#cjaQy(gWo8tkw3=$J`*@@)R06~Dx+Fc
zfKUq?FoTIZg|4)DAy6`f;VKq(^eO=(s}uGjv-gya0=C4HLS(@Y0TH3ZwbLFU2Cfmw
z%m?Hl+M~1sYti?zTp+EQFp4Ug>=nGF$$juioO(c911K3V5UHZ|Cry)e2>W)eA=GO&
z!;^o5hzReR@{jZ%u3INC)BK`)nc?*qvt$9m6;!&!;CZ2fgoi)pRSWIPQf9cF>;&PV
zKMw8h+dGHqI_*u~0pjHn-Q<Q>|2ruChl$m!<u@5rR=mfv>R7!1HN}XXFx}wEz9#`5
z3@YAAUMrM0GIDhOSI*oER2V4lZfp`sjkkJLLW>IJh86@1ZmGD`xCn|&QM%B$ESmA}
zFi8)KKP$B1F%(;l#AwxPfvkWYs|JdbmK((kEX^dFcj0pC7gz7wHi*qD`#{e)a-tGh
zf1&Hvyq=P>O8ggLeLFU<3N#xYLc;u%E`ER|iF~!!asimtO)yHrA-kqK`9yB28a=4F
zEExL--s#C!q`bFK7%boo2Wvld-C~%aOpp@EDKgQ*8p<j1NRsB6>^XA{^?DRulVzjT
z7&Ku(r}3Rli$c*J8`d?b2|U?}v~`FgNnb4-L&X+s?0Y~{?CM2QseCm)X!}t=Ugc(}
z@hVUbpQnZxU$^%IYX_iitpGmTa$<JWgLDjyOCnrSsN%$fNxY`siZ1ni(q?sgrjBdX
zI8(h%e%^#pDs9c-*d3G`_0%+ar{0Fv3|+&@@oI2;+R@W+=i9#RcNxpsiHC=$umaZX
zS|IobFP*KvqUU*&Ii~DkGe}KUpkpX+O@>QdVWxI@<Ht%o)<{@EnI!Fru!~=GqLgbD
zq!>1(ZZMs^kc*N@8dZfn0GuLE6^ZL?k4>kaji?PP_HRL6u-C=J)9g}e%2c{XpI{Vv
zz~oQzSH74b$<M*BHFQ{g4Jx-x*1yS^E2-h6Iu?p#M!2}w__gB1tR@du@JTf5vxl2B
z%o=6(AXD^<M+1a|^W~?dmGUDGsmJlnU(#m{sw4txPD|WYvaSQlb`$wYi9j_;KYK9_
z2PX66+TYraV-nxXkuA<%+7xtd1nHAN-bL_~k*D^)na+19(kA&c3BAK>UE@pD9zaE6
zn6zy=frmwsB)tX<-;wS)EnOxkp*c-VUrvUh2Fu|UMv7JfN8FATswCT3?9(*uxU?0i
z=Y3#ST6ojA^@v24X6sK+ut!Gj<*`=NCo7LEXUQ6j?cS{jBH*{PUdi+Cqgf={FIexc
z_`{>%Xnk_4x9>_dQ-F(?RJPu}gzDelJiwh?#6H#!&9h6oQ|q31#+7Lb*}n~p8W<rO
zFWIiO>q>Q|ll|3|s&Z~;q`Z%fYO-6(q@G_8w|LT@23o$EXgzVsWwZ@GcT<;Dv6q}^
zA2~C_jI;fW+@I5IwKf(yD>L;ot7qCO9LK15inVI}u2eij$FR$j2%O<ov@St%&Ve@)
z*EdeT`P0gmux?%cp}*V6<Z;dZVOL$tEYi!)$`!a%Pmj{00@ucx>CBHk$QfrhARlTs
z5CnwqPgTk9Pr&a-Pwk1;lkJRg)aZBt9CJ{rMI3tMcQ4A@?_+oFPgfh1z10Bs8si%d
zG%jtlrkY)hnzM6XwQMdN0~fUHOqoF&fNjRe8=LWZJ2o34BY<5`tj+<W?=<{+XI4`S
z8^FeVBHawQtpK>>N=C7n3bjiH{rfwrlHK{2oF_q6jk*<@9h6PZz&fD56{lLKp~>jj
zS}g0Ko=q*s{12!2v`2E#I`hL4etvbYT*WcvzF1ee-Q4!#@_+f7-#XCdtGH3vQy!NY
zWmuMN(_UU9EJO30Y#WG_D)fA4wg}q#+zR}qd9q0u!1mBV@mHv7ZhK=H09P^jDSTr`
zms!)EF#TfbLH!ONAbb+oIsHR6S^Z;PA^Z)fS{1S27sQ!Std5f4WD#b|d8N9J^mi)3
z=62DQwDpH8&MZ4~PtVX?L`nS}P*zU2gSBix<T17~wk1_Oh_cX^y+*S}xwCWS{^ClK
zL$#jxoZeGv?lWls*?h&|b7tr>xh*zXNmKaI)owmZOmU@+4xQ5I6C-=dVF5$<r-Q_*
zH=O8I|C;H$0n05>>3Bkeg=y`VT}O=!!Jc;!UBpt_C@tP199atWhiS%QJoZ(esSUQB
zz2B<ohxEq)Bm$B`<%!!uLIHOgMgV9b--d&Sxz{_&uh>o}l*+`R#<h%8gU&R2kcooE
zeCJ_JBWa9k8<c5otr)8}Tx&zu^_H^=xaF~gems9H4IV$r7Cy*aw)jIFrs|~zF}CDK
zbUobw!>@ecx~6y9y;I2FZdP5O=ly(6%vL~eP1qv!HG`RE%RX=QyJaO;5C85e)tU-d
z|Dt{YtF;|FET>sKiNbae#%J*)XM4(R46-=AY;e1{@-Ub5Yx*6medr-)$Rw(hblZks
zTFg{^fqNrMMUe$hYJD7Lt77czH48?kUR2bPFF)KH_F7as%f&4VamH2aRs6z|q!96x
zVSoGP%rmrkm(=t>xnOCsNkBNqs6VncK_kQBoUiwQx0bOg>J0SE!_ZX8U)u}n^!DvI
zr%UEI^r|cxv=tAkCRptognWu3Pwa$o%5=kjN~=ql7yL@IWxPx$GT>(FmKaIUY5Ox-
z4Zk^rK@_&4L00JJ0J_+GVkorMt1gnPcmkwNE@lex%w)-*Vx?jNPH3s25}eD&t^Yc_
z>w&AWmD3rmcYPDOhqz5&7wdR)(`#M7-K<pg*VQs^`2I<dQCu6G+Fd+IXUny7RTh=c
z{91X|Lrfe%mJ~JIb>1<PopG}`yj5@!4gygCxkyw>dC8vPCc(y!-b>iq#dOYfxV$zJ
zL5j0Su9d5)J_&DwjnQ~QO_H;0TAm)XrS{`&M3<y863ZJlW*+j}S|pCF6JX1leDGfj
zToXT1nd>}-(lkto4M@9}CbkTM^BVz4bEB02Sb1q*ER2`&vG7DZ76eXPjn`aFKjS?T
zH+#t9E{l&-*xjV6(YATW{`t4gM?ut|mmG5Qp&;YOOJe2Elt!X{EqR^F9`|pXW^J2B
zyI<a?+|2Y?|5ag}?r6~9E`IzIKYN=c%V9^2@T+ja)Mv~rEn5FDeq6+7?2wfAYhr(w
z_a<}dWow(|jbNLF$MPn#y500Xx?FahkE-uNmHg#tX8a@b#}BElw>!bIv+M!!<pD6`
z(@E^%Y+uwv(u}NY<p5*%|D+#sIS%17LJ`lIiC|n|(ckAsk*!5&xAw;_9&<+*k0p&i
zcb0GElF>5=`G}Uzw1tPU6IXd)mQ6n!mp_~zeIj6&q*61rLS22+=MGKp8`a;Oe}87e
zv=6GkICcA`msb`l8UX6<{!P`Ny1>z&@5WoY#+w|AtsIx5xMKMapD)#Ggr-xtwoHqI
zVGNws9Se8gq3T!2n=S(W%MW{zOwfZ9rcQkarp})H82c1IqT`GkHnRY}wk_xV`Mzac
zrBp8O>6%V|{3<XUs<>b9Y^Sw#pt7}l3hOZNm=VzN>^_>By^*c7Uj>9ZnL|yF(rq+}
za`82t5KgdRPu#mcnYbBYi;cB=(uW{+UcOS@-W5V}tO$qUR_>-gDfoBx3F(=OkE11q
zh$g<^mi=%-{+>R~p*16axEy+?-Kn>yDaCMWo2DJ$EJy#)z3JbUlyNaW;s5?yQidpE
z;XYE}MF@lYJMCY5vb7RD5k32Dq4#dk`yqg<6iC3oIyB!}xzC(~5EMXQplL=NGqJC$
zZa1Jb4l|g`#SYdX^l%7snPE2@UA&bSjmgK}s>ifG{4ag7$g07`{((3GJ1AiO-|#6l
z>o7o8Xq^yA)JF)$RPgv1bmudi2;R-3TsNNV;_4dD`bxW1#m>P7uP;c`q2e256+u&N
z>4(}Zx9ItT2OBmASaX?z`CGYK-a5hrKYN^TajGyVGfPEVNT6bZB#{RVKn=F!Vx7Qx
zBd&>83gZfUPa2&x^u*B`cDSylEiMhMpRywy@}K2J%}xE^@|aTzTMGgQGI73<54Y3W
zzGp+)!Bs1T<iCN-?^OkQ(@+bU(7?*d&^niVk$<EgIEHjN*s9FwW+K06`?2LNlM+Pw
zduJY7J)M|U#O{XzOW;b^k%_X)b`+GioyAvAnGbp>vep73!_9b_&E!EDa}`nM%}{rk
z1zf^>-O7+dA$>wI5P`j{frE1d1%4xNK}-2cd{JBLZ2ls5x%eW>gYV|xZ4$JTyv_4F
zd4r0gT(mt4NJvk^<5c-#oNN-emlXgeK|lX*#+h-S(7Z;usVVi&pLNt_u_UwGDOsbA
zqc2U(tqInOyI=X*A+q(ToY4lKyV`@fNx&_uawosjSGb&U@{K)Uv$6k=oBsGYS}J~`
zZwo(v_N#7Bc*_XzN%HDZIq<w)ti*A&rGRY-66w6ob;wBMi&z8?-!cT;&an^yv3Vef
zliN{sAn3d>P!PKi4(u>~LXGds+d`<tGNEpT+sZX1WZcSd^|f77!M}!&$W_7b$za#d
zWgE)_Dt6|bRKeS)XHcNi;J<$)vR$JgVs4uU6nknS5$Yd?oi##VR3PPegaaju$ih6q
zA4>ENIx!ZQJW8>`Sel80s+H#n1|bJ+vSOt40T;V<@iV(3uf|PMXa9X>C_r{p7X_(*
z$8abb!^2S<^l&myReZhFxZ}*jp--CB32n*s8{P1Iq`2@(mp@5zhAXnMM%T%=L>@tW
za9N#{iaH@f54X;sD)*{fKu;T#{l`4&_79H8yhTN%8aUC)o`uNXErP!kqESu2r!qe5
z>Lh8{#&PDRx9j2150QZP%lGXHRsvyA#I7Vwyamb#yH{-~>~{FTHF5*+#_~7SOPf(`
zK|(o)Bc)lWazurcVENi&5_h|XG%zLNyAytjk;pR59QS@mHWL7ZPSN0MV1^MV6qpze
zBosI&V9*C6MP9SLW`VI@paB2m8TmKsrB@03{!(OWIP(CVg<V*5!^rd?Sl-PN(DAuX
zjqg<CvMujwuopNJ3=m!E6slXZS@LIn^*XqNx+q+xra9eR%MDEz`a`9<B3ME~hsm}o
zOd2T|X=-o_&bRG1OaLxOC6%kYA?8?6YsYUm)F(F|!EZNsao<Ek&HvqxcnHC!&+kvm
z3&i3N=rpEQmYl{y$p7TmVoMd!4(K(e^?ANrQ&o0{S8YgaZ`Y(s?5BjOFfG23s~(W}
zb%UbV0yqVD1o{fQruYTfbBdzR3iJ}It~`*o!qE460yRw#dgXAK{CRa`6<Z)H-#uc^
zg`{d|!Z56!ogk+Hk&&Q4S=LV{S9HQMl)2$FN<+A2_sYr%Qvf!izCVKXUM%mVeClB_
zxR$ZNhF%Xd1*~B81n(IFu{-m_L7F=HjFkXq5lnQF_3eR`V^VIpG);l|^?e%rpQs8s
zGkh=8-+HrUzMu^WhJA(le%PPyBLH&Z_m0sP34hlToL}OEy?binc1js6hTi_)Unv*E
z<<*Ze3NXx;f!L*jro7t;BlL;vO|kHi_+7q*EoWHR2iu8>@v_p$RU*akN0C5eB2Yzu
z9V(vMY;<h_A`dUG4l2cKgX(Fz<{IIx%IC`#=68<L-Y{>;R;2z@v85!Y&WZScM&ih6
zK{bjOY4Y#9Jb3z<9|`m!R>NZ4MfAZ<#w^|?jCe8T45lQ6<g>qe^%@ay<j|j?Ro~3b
zl4L8rHtR$tmL|sQ7E%vTgQ2E?$uE>db5<n-%~aPhxYD-_*ioBk&qzJhM5v92Fc~9#
zRU`Ybq(cu}>;)K?UU8HKlUk9}!Z>bC$B0orrsdBrYIVBSi>vuZa~!vAxkh%_l?c(~
zz(CpwYgrNPv6J{HDyEsaU2!+kA?&WrAt0}GXCQn|Bur^N<-*85)sxmPIV{~{8betv
zJd3NjrgFe3q?ng|f=AXck@x1`?j<T&z|H})g$_nZ9qgY4&+GwhjYTMOg9!)UH^CH~
zBj;=n-otE-BQ}jup~m^F0N*r%ABB?~$>=XgMI30A6WedmRC~@kj=={w8OGjC<2}9e
z4aRG>nV><co)<Cnu!01ymd99YFa3ttF0|O*32n=B*z{Gio5fGjO#JnwFjIe-;tC?_
z&x`y;KRQ8%{RF37rd@UfFT*|{oQ$Z!OQU8!eeRY8Ym(Ry{fzgWB!vleWuXYAg?gYy
zv%TTmE2RsMTlpe76vyv08}snZvKkLQ@AktH((ujCWUgUW{DD7>95l2crJdiH-gb6Z
zV!9H|sdR!zx;gvVHSK}OlT;nnW~+lfp#Qw;8lS+j>fCZTk-K*$81D+VD0=ht_Z3}V
zQJAjZ{oNzs6g>ql2~4hH%yw=O?;r`1aa1n191xMNhmM(<nT_$QM^Dxn_T1&#w@~fd
zLOF`e%@s9el1{MdXoV7gR?WKX^gpTE+R8OH$oU1!K1bWmUi;2Cx4bg^vyP!?wq)W%
zB99y_`qhR;6D~sI?&b;S-wo_Y*@z#y`eD{=FqtE6F6W_mGVIdyUbTw^=vv>Pa-)?m
zGk1D$n+%q5Z03~p*1^R-WE$>>-}b)LhC3VHmhM69<56rdp@W~-G(h@n(pQGYVjFTS
zlyEBu<g1xHpKgQrp0|>0bp5*z;<va_|I$Y9gnmxEm)bf;1t7E%Uzr_6?UwlTN1*in
zs<DqmUjq@W0ji?!((Y<{bq3#!&OK=+9}^rXJe~)4xzz<JG9h=EjdV{UEMp^x$kc3e
zsEVkE{ar2ZmKFbH#05?ZS&)+Kk!%YxOEtciRu-!uLl}w@78}n#eZ+c{eE?crde+d7
zg&Y2HSy}U+flq%*t7t9<;ec>ookq(OvCf$32#?DAx#|`&XF$6WUd^7$?!@F-Q8@W}
z*Kof{Za_5~uJ=r{v315t=K#VRA8>lx$=Y@(uJN)N6|>S_<=bk&bzoIb>D}jY6#7oh
zYWc^Sf;`a&^2^2NTxym~vSyJ+Q!6*2xswl`ahuf1h)Mo_uyX=yc=c_2^Ahrod~v~E
za4gpvUxvd27(Zn#AHUX!wqo=cMKAWxS*@uVQH-6`hTKxUT-%)IeTP^MR+6!hZe`2@
zL6aR#?4~=YTKTW$Z0d?aSpqjo)p5yD|0w3A`@yANBWXp7>(bsSotY*%IL3l|Hf;d9
ztck&kBx@1h<iu#vg&Bn^DRZg9>?CGXR<P$<MLOedVjm(3@B*17gTImuiO6u4-%*GQ
zEZ*tM3|E|3$3WK@Q*7!N&mkiF98Fy;bH(V~o%tEW3T8pUKwCx77YSV8CiXsDc>)}>
z;QWwf+!zT#`C-TO(aX`16Isl!qgN$n9lEKLk<Aup^7$4o5BX{v0L2hBcF5L}dg35a
zfCKG&9qF}Gx5ny@hj9P~58DBqFA{&d_W<IzdJjN!)}D)&*7d#?X4y@)m-Q^^Rv;Wt
z4Y`@o)>~J;w_M>Kcm<%mCi%r;(vTHp8430*{Q~g6EoCRU9RX9QJAprhW(?&vfb;$C
z&Ym4;Ec6cpsX}{T0TzH)-8J11(o3qopwvo?v@q-A$)1yshF=Pp+BzbUKXDmf`*lHW
zy5Fm)h35HzFSt0NU55*d>S98>yPJmzSGX;c7cBqFXB#gCZ#j|2&11vayyZ#ZZ!vg^
zm8rpR`0(x~mpP^7(<WtchbxzDh7F%aZTzjTw^NC_2y<1L{H!LUQ!b#cV!4q|tF08N
zzfy^+k9xOXE_*M`$*rF3ur7SNeOrm@1#glhMzP}O_U;ACl2(!Oj$YXnE--}9RCFS_
z`+2RVriT9Ga2FbNld-7DRKgAac}F)T7;x9f)SHyydVikiwe-q;mzbP^$%Ala$@YZq
zjI*8mQp_gQe!E3&(lJ`M$~D;6d#PJ@OS6Nm=YLmW8GCk$Dn!8gRDrRFH$iqAs?Czu
ze@f;Hf^K-%!as+4ustal_|hok=XN-Rj(8_x0iYd^FP#r@=+ONPv)JRy%CBAN@kAsP
zcoJI?#F%Y3c<ufDCW0+U3`kLV29gQ3Y?9p+8Qh=VNA>{~?y_9(px6@>k*~v(F?_pH
zA%sQ8`Ho-7nFFq}1i~f^jS(dnxf>XWRz!Q5XPlo7%$_ZAi+9FBh9gQFU~<J#cgd<R
z&;AkenBB<ponTfhve2m*5FlbNjA@+4Sga46J-qTQUXDCQf^v`IQyUw(eDHcfaRMUa
zyiM%Dkba&vHGdUdv1-lg$Jk!kl|if=QK7AB(Xf{<<rE_z{SY<9^pAzMSx5s+n_9+u
zr}G3Q3VMaF7U2dB*eQKLxxeSQx{AA`QmFuM4;yDnX*C>rd&V9;>;}QDaD4Nr%(8~^
zNISgOI;Z}9qLO0ArzlZnsf1$D4iX0q%@BnBXg;d!EU2jLvcoT+Clr|ha%1TNCob(h
z6t}MxYtfjxVf3qh3S7~SgF|#Qg*t~Ycl|t2KwdEmnksMS`!o185^M-1aGVZq2~ZHr
zy<yNMg8eXxLe1Bh(Op4V>NbGsy=RY@@RzNtiY1TYEGa6esyDESFr@;_=rkmP5k(#w
zy1*I>z~Sb-`$qEqTnPU$!23$iC%8*oz$#f}qzgQu7Rl8{t=dDql*89?z5??#<EfHs
zU6Qillj;_(--_ac8W#_8#M$8fe1eqhk5WpP9!Iq<t==z8F^V^2uEDG=50lB2vCD}!
zU66yfhvf{^*?lMmTD+e*G*wNyW}Wg;)w^xU=?~uy4lp!e%E?1C%~Od0HLF|S&Rd&1
zl<ybvVr9_Rf5~F{2ndSE7F1UI<BA=kBn#FX^-n5DvdvzYY@R@1TVEaKqRfrYfgjXi
z<s~Gf!))M!X66eF(A^8G6iLeV_ElM|;Q2wRk`Hed_w0RYIB?Idwn|#`Esb;Wy@XZN
zZSyff2u+8k!{TY^o!Z{Eu<BdJ-(exU<gm>X@!K<}3=FcdbW?hcoczM;BUy&GG);V%
zczK|A1RW*_+>SJmErthsoUmL5B9wR*_)PMBI)gRLvYyrojZ6FEI09wDx;ObXFyx&Z
z>6rq=X)Qzs>BpzBnY$&9r;`0qS#wpoaSp6?h0-#lcY(Iaaz^v=7A$>_yAhK_-$Y7s
zpkV0W|92|?Kho^~7ylPV|9>Cyzq4xp-vlPu{{y+EBnJugKU={5JE8y8RHpxV`yZIR
B!|4D3

diff --git a/Solutions/iboss/Package/createUiDefinition.json b/Solutions/iboss/Package/createUiDefinition.json
index 11a968ea8ee..cddec712c27 100644
--- a/Solutions/iboss/Package/createUiDefinition.json
+++ b/Solutions/iboss/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/iboss/Workbooks/Images/Logo/iboss_full-logo_2020_vector_black.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.\n\r\n1. **Iboss via AMA** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Iboss via Legacy Agent** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Iboss via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/iboss/Workbooks/Images/Logo/iboss_full-logo_2020_vector_black.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/iboss/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe iboss Solution provides means to connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.\n\r\n1. **Iboss via AMA** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **Iboss via Legacy Agent** - This data connector helps in ingesting Iboss logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of Iboss via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for iboss. You can get iboss custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for iboss. You can get iboss custom log data in your Microsoft Sentinel workspace. Configure and enable this data connector in the Data Connector gallery after this Solution deploys. This data connector creates custom log table(s) ibossUrlEvent in your Microsoft Sentinel / Azure Log Analytics workspace."
             }
           },
           {
@@ -79,14 +79,8 @@
                 "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
               }
             }
-          },
-          {
-            "name": "dataconnectors2-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for iboss. You can get iboss custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
           }
+          
         ]
       },
       {
@@ -102,7 +96,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+              "text": "This Microsoft Sentinel Solution installs workbooks. Workbooks provide a flexible canvas for data monitoring, analysis, and the creation of rich visual reports within the Azure portal. They allow you to tap into one or many data sources from Microsoft Sentinel and combine them into unified interactive experiences."
             }
           },
           {
diff --git a/Solutions/iboss/Package/mainTemplate.json b/Solutions/iboss/Package/mainTemplate.json
index 746bdfadba1..73f409c5bf3 100644
--- a/Solutions/iboss/Package/mainTemplate.json
+++ b/Solutions/iboss/Package/mainTemplate.json
@@ -209,7 +209,7 @@
                       "title": "1. Configure a dedicated proxy Linux machine"
                     },
                     {
-                      "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
+                      "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Microsoft Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
                       "title": "2. Forward Common Event Format (CEF) logs"
                     },
                     {
@@ -405,7 +405,7 @@
               "title": "1. Configure a dedicated proxy Linux machine"
             },
             {
-              "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
+              "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Microsoft Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
               "title": "2. Forward Common Event Format (CEF) logs"
             },
             {
@@ -446,7 +446,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId2')]",
-                  "title": "[Recommended] iboss via AMA (using Azure Functions)",
+                  "title": "[Recommended] iboss via AMA",
                   "publisher": "iboss",
                   "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
                   "graphQueries": [
@@ -521,13 +521,13 @@
                             "instructionSteps": [
                               {
                                 "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
-                                "instructions": []
+                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                                
                               },
                               {
                                 "title": "Step B. Forward Common Event Format (CEF) logs",
-                                "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
-                                "instructions": []
+                                "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Microsoft Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection"
+                              
                               },
                               {
                                 "title": "Step C. Validate connection",
@@ -603,7 +603,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_dataConnectorContentId2')]",
         "contentKind": "DataConnector",
-        "displayName": "[Recommended] iboss via AMA (using Azure Functions)",
+        "displayName": "[Recommended] iboss via AMA",
         "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
         "id": "[variables('_dataConnectorcontentProductId2')]",
         "version": "[variables('dataConnectorVersion2')]"
@@ -646,7 +646,7 @@
       "kind": "GenericUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "[Recommended] iboss via AMA (using Azure Functions)",
+          "title": "[Recommended] iboss via AMA",
           "publisher": "iboss",
           "descriptionMarkdown": "The [iboss](https://www.iboss.com) data connector enables you to seamlessly connect your Threat Console to Microsoft Sentinel and enrich your instance with iboss URL event logs. Our logs are forwarded in Common Event Format (CEF) over Syslog and the configuration required can be completed on the iboss platform without the use of a proxy. Take advantage of our connector to garner critical data points and gain insight into security threats.",
           "graphQueries": [
@@ -721,13 +721,13 @@
                     "instructionSteps": [
                       {
                         "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine",
-                        "instructions": []
+                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
+                        
                       },
                       {
                         "title": "Step B. Forward Common Event Format (CEF) logs",
-                        "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection",
-                        "instructions": []
+                        "description": "Set your Threat Console to send Syslog messages in CEF format to your Azure workspace. Make note of your Workspace ID and Primary Key within your Log Analytics Workspace (Select the workspace from the Log Analytics workspaces menu in the Azure portal. Then select Agents management in the Settings section). \n\n>1. Navigate to Reporting & Analytics inside your iboss Console\n\n>2. Select Log Forwarding -> Forward From Reporter\n\n>3. Select Actions -> Add Service\n\n>4. Toggle to Microsoft Sentinel as a Service Type and input your Workspace ID/Primary Key along with other criteria. If a dedicated proxy Linux machine has been configured, toggle to Syslog as a Service Type and configure the settings to point to your dedicated proxy Linux machine\n\n>5. Wait one to two minutes for the setup to complete\n\n>6. Select your Microsoft Sentinel Service and verify the Microsoft Sentinel Setup Status is Successful. If a dedicated proxy Linux machine has been configured, you may proceed with validating your connection"
+                        
                       },
                       {
                         "title": "Step C. Validate connection",
@@ -997,7 +997,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## iboss Web Usage\\r\\n\\r\\n**NOTE:** This workbook uses a parser based on a Kusto Function to normalize fields. [Follow these steps](https://aka.ms/sentinel-iboss-parser) to create the Kusto function alias **ibossUrlEvent**.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7cf056ef-64cd-41a5-85e0-90c0ec529434\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range_picker\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Time Range Picker\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(UrlCategory) and UrlCategory != \\\"-\\\"\\r\\n| extend UrlCategory = split(UrlCategory, \\\", \\\")\\r\\n| mv-expand UrlCategory\\r\\n| summarize count() by tostring(UrlCategory)\",\"size\":3,\"showAnalytics\":true,\"title\":\"URL Categories\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"UrlCategory\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - categories query\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| sort by EventTime\\r\\n| summarize sum(DstBytes), sum(SrcBytes) by bin(EventTime,{time_range_picker:grain})\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth ({time_range_picker:grain} interval)\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"sum_DstBytes\",\"label\":\"Received Bytes\"},{\"seriesName\":\"sum_SrcBytes\",\"label\":\"Sent Bytes\"}],\"showDataPoints\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":2,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"50\",\"name\":\"query - bandwidth\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(Domain)\\r\\n| summarize count() by Domain\\r\\n| sort by count_ desc\\r\\n| project Domain = Domain, count = count_\\r\\n| limit 20\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top 20 Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Domain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"rowLimit\":20,\"sortCriteriaField\":\"count\",\"size\":\"auto\"}},\"name\":\"query - top 20 domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by Domain\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by Domain\\r\\n    ) on Domain\\r\\n| project Domain, Requests, Trend\\r\\n| order by Requests desc\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\",\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[]}},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"DeviceCustomDate1\",\"formatter\":5,\"formatOptions\":{\"aggregation\":\"Count\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Users\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked users\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| summarize sum(DstBytes), sum(SrcBytes), sum(NetworkBytes) by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | make-series Trend = sum(NetworkBytes) default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| order by sum_NetworkBytes desc\\r\\n| project Username=SrcUsername\\r\\n, Received=sum_DstBytes\\r\\n, Sent=sum_SrcBytes\\r\\n, Total=sum_NetworkBytes\\r\\n, Trend\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth By User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Received\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Sent\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Total\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - bandwidth by user\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Connections by User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - connections by user\"}],\"fromTemplateId\":\"sentinel-ibossWebUsageWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## iboss Web Usage\\r\\n\\r\\n**NOTE:** This workbook uses a parser based on a Kusto Function to normalize fields. [Follow these steps](https://aka.ms/sentinel-iboss-parser) to create the Kusto function alias **ibossUrlEvent**.\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7cf056ef-64cd-41a5-85e0-90c0ec529434\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range_picker\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":604800000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"label\":\"Time Range Picker\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(UrlCategory) and UrlCategory != \\\"-\\\"\\r\\n| extend UrlCategory = split(UrlCategory, \\\", \\\")\\r\\n| mv-expand UrlCategory\\r\\n| summarize count() by tostring(UrlCategory)\",\"size\":3,\"showAnalytics\":true,\"title\":\"URL Categories\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"UrlCategory\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - categories query\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| sort by EventTime\\r\\n| summarize sum(DstBytes), sum(SrcBytes) by bin(EventTime,{time_range_picker:grain})\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth ({time_range_picker:grain} interval)\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"sum_DstBytes\",\"label\":\"Received Bytes\"},{\"seriesName\":\"sum_SrcBytes\",\"label\":\"Sent Bytes\"}],\"showDataPoints\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":2,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"50\",\"name\":\"query - bandwidth\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| where isnotempty(Domain)\\r\\n| summarize count() by Domain\\r\\n| sort by count_ desc\\r\\n| project Domain = Domain, count = count_\\r\\n| limit 20\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top 20 Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Domain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"rowLimit\":20,\"sortCriteriaField\":\"count\",\"size\":\"auto\"}},\"name\":\"query - top 20 domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by Domain\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by Domain\\r\\n    ) on Domain\\r\\n| project Domain, Requests, Trend\\r\\n| order by Requests desc\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Domains\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\",\"compositeBarSettings\":{\"labelText\":\"\"}},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"DeviceCustomDate1\",\"formatter\":5,\"formatOptions\":{\"aggregation\":\"Count\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked domains\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker} and DvcAction == \\\"Blocked\\\"\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | where DvcAction == \\\"Blocked\\\"\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Top Blocked Users\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"redBright\"}}]}},\"customWidth\":\"50\",\"name\":\"query - top blocked users\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| summarize sum(DstBytes), sum(SrcBytes), sum(NetworkBytes) by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | make-series Trend = sum(NetworkBytes) default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| order by sum_NetworkBytes desc\\r\\n| project Username=SrcUsername\\r\\n, Received=sum_DstBytes\\r\\n, Sent=sum_SrcBytes\\r\\n, Total=sum_NetworkBytes\\r\\n, Trend\",\"size\":0,\"showAnalytics\":true,\"title\":\"Bandwidth By User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Received\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Sent\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Total\",\"formatter\":8,\"formatOptions\":{\"palette\":\"green\"},\"numberFormat\":{\"unit\":2,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - bandwidth by user\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"ibossUrlEvent\\r\\n| where EventTime {time_range_picker}\\r\\n| make-series Trend = count() default = 0 on EventTime step {time_range_picker:grain} by SrcUsername\\r\\n| join kind = inner (ibossUrlEvent\\r\\n    | where EventTime {time_range_picker}\\r\\n    | summarize Requests = count() by SrcUsername\\r\\n    ) on SrcUsername\\r\\n| extend User = SrcUsername\\r\\n| project User, Requests, Trend\\r\\n| order by Requests desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Connections by User\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Requests\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"name\":\"query - connections by user\"}],\"fromTemplateId\":\"sentinel-ibossWebUsageWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"