From 9d17d72f0020cccfa449c131f34c4431b0ba112e Mon Sep 17 00:00:00 2001
From: loginsoft-integrations
 <81212299+loginsoft-integrations@users.noreply.github.com>
Date: Thu, 5 Oct 2023 10:52:22 +0530
Subject: [PATCH 1/2] Delete Solutions/SpyCloud Enterprise Protection/Package
 directory

---
 .../Package/3.0.0.zip                         |  Bin 32699 -> 0 bytes
 .../Package/createUiDefinition.json           |  145 -
 .../Package/mainTemplate.json                 | 7400 -----------------
 3 files changed, 7545 deletions(-)
 delete mode 100644 Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip
 delete mode 100644 Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json
 delete mode 100644 Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json

diff --git a/Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip b/Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip
deleted file mode 100644
index 8898454a4e1c4ddbffafcf826e3fe591296dce24..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 32699
zcmV)zK#{*tO9KQH000080DyonS5|3OU-kz80E-#`02crN0Aq4xVRU6xX+&jaX>MtB
zX>V>WYIARH?O5Ax8^;;GFVJ@wY*UC7$fZmmNFdY+Xvs|k$h9D`@r5V|!`&fws@a+C
z%&chI6_D4+Z67U9(r;$Z<Vv>V7$}MwhQOWu=Rbb`Y2W|x4}=6?nJ8f?4US2WSeu#S
z$)q?5Q!442rA*q8zRNWWBbAo#%;YG17EZ^RX7`+JCMTLv%l>|L%2r%*%asgY<-+ox
z((oTf$v*`nFDs!k7EC)?uXv=DQ7aqHJnt5VlK7r!14fRxBdmO#QB6~3K?I8T?g)pG
zk}JM$4sgWH8~%>!7>6q=3>(#Nmelabw25&TGZSf^*;4Xfc)BJ=N6#0vcQoCEYi^T#
znH#1d(K-(~-*_(-f5!%gTrx3P3bmZTW6*SRuGY#-uCnckP<ed&5?6JmxnZ{#T3Hr(
z$C>-}A|M+c+XPa-`5F%i<Lks$Pv0%%LLMIe4L6Pt56OjK)G(siifLjMu?Zt9C4|~=
zxh6}tQkoGijio}k6ZhUIkvn0>WTDAIl3#!RH@WoQ?Yt(}m#pCKgqfQ`<%7b0Z?q3z
z@ppXHXY^IctTFu0)1$_8JT%5nN_k#fn8w3Ky?Mf5M@qLaiCo`FwULAyleg8PcR;O~
zRKBmwFrK;~9+He{OMz173g<0uNTuS4Wc$uc_k9?;2%Kz}2*2hjm%tTqK;SZG?iQE{
z{tkY$N-&96I#U|(CXr^bQ_fwW#`{|4Dfkd2ag#-f<p0cF{4}9aq;hGArFTpr8OUHZ
ze?1JznFNp{JMy>x`r?c*V|fbhF;1v0EYi#%|8T@*>%CCMFo;#K!`YuYvv5h0ucqNQ
zWXWM2qK-S$qv<pxRlop1ks0C=5Zdo+hO{P{N~6*Z1xIQvjqVItZVC71uC`7Zdz&c(
zE!s}dOca_cLgA-0qjLM}&%YQFs}w;pBXV{@XdJ^Hr@0e^^23D*0SK+~byC>Nfu}WG
z?1Q*OEr}9OoKoRcim9b!rB&M46v1pjNhlh7KS6~GzhRMKGX!>Pc|<OA!Hmnb>4+R2
zp5%yYN<8EVQW^xa4DLBmQUb<Gd(vl)^g__>QmH$C@~z`~ea@(sh3Dx~<(AZyuok}u
zXkSt)R1e9&$Uc`k%bvbmr$nrxVK8bHK9euom9JG3@e&MFt|Nv_y+=rW&Ao0@kak6X
zjTG~tFt6$sGN~oEr9O6%iZf|k%`=mY(sw4K5i^sll0Kp6BGyOc32q%0J_=6|`#5^a
z6)L9*+JraF!$aF;LPfOKUFb{HA#V4DYk@ol_+4xHk;g78DkdYcVPwrL;kE#(OK+jp
zfN_CBLuyxaw0r0n72I>fmx5L8?h)0ifc}6S%J%f9u6w+E%TYL_>!w!cZAR74@<+wE
zX{a?c+MQLRT|2vB<N54OZAx1!yUkd4IH+MA&U8A<IC9KtCAzni5_9gX2<EO9thjJv
zfh#`^c#7J{oK3F2Ip<!MJ|Nx+#Gv&=s6`##sOmAVhJov~A5!!HMSX3PLC1-MVdyLz
zj*f;mLD$u&=*ISeBvEcG34VAv?;;b!jZM5n$Ok+I?c{_Y9*+)M+3>Lm^gYe^xE!mV
zqrxAJkG>rrJv)HHebKE|>Wkv$BLjG%(iB6@saDx3nsA3&&?OU&ydMpjz)7M+Tuh8t
zK0as@kBHtuK@5qp8xl6?YDBoWD=Au#Xd%LUA|#B}XinDb#ndMbi+`d5A@>1HX*MVT
zIVjR&aL`SFgJF2@$Va548<OYW`Dw!SzkyZf;Hb-Yi2M+ZzdY;3-w*@?ZdvO2U`jS@
zP@?GI{i5*sA~;?I2P5Lh{H+l=SOlX*;5F%g`)~l(H#<0W*yd>G`!%BNv8E)oiAtc|
zRMi8+V)nt}Q5VC0AkBJTBYVzEif*_t&>&PiuBv!&;`fK#PeqLM3Uk+#vE6&87~k4C
z)Rw*!7%=ACdIvnBA#moJ<X&6d?H+q>7+dz%?zOc?({K*z7w9;5dskFeH0QmJ<=8nH
zRbJJ*K{*baorR-PjcBxIjI?RyCOph*vlRgR*dj7=Q=yxX{e&ke;L_#fQ?wW-8Wr5a
z5(Zs;AKH)I-uPi}La%+-{LbF=GJ0OLaomh|yR1E3u6fYf*D=dsS*o>bR?&J1wK>L8
z4BX?GxlL<q6X$I+j{GS5{hN81Mz=hEexa}%iE(Y|tsio4+spZ`IuG50&v5^<kN5ml
zu`cdis2x~O`OTt9UKDG=DYK8<ek=>!zrJwo8PJ=Jp7hf(<gYz}qk?TaGyPCp=8;>K
zkTH?pzsM%R7K(#v8`2CbDRv%oN$-qePjvZM`)xyQl=!ac2ibk;54%S@2RH4<PXogA
z3j^U*>4q<dgz5j0(ERHnp?Rp!pPn?cYKQJ``4_#fe{0L{6-GX<<@am&sV%?O?7yYu
zS7tRm-hIV!Uy2CFfwzuqF`yD8DLR(jlGi#)m>ZspmOn#RO8sx&_Az{C(1(%1)$7^i
zkf{1I!Uu;3JmH?7^p^}!&V<?m%DKeu&?q{u6)iE|Qox7I&lr23W89}EwynMwMHOD+
z@&l6_N#bT@@0(E^-;?4)G5IlH{thEcgNFb4kwtr0#P!Tlnf~Rbmc9~I{HT`|mD?=u
zE`ZHSJZ^m$3a(dN8$0-odmtb-_>5g}g#C;PQ{C{(TqS<fNZwf*{o+^I&{_I|j%C%u
zphMEE=Z>aFTJ^QT`xJlh|36Sm0|XQR000O8u&6^<T2=-?$94b!kh%o`5dZ)HZDDC{
zRAp^&Y+-a|E^2dcZtPpxZsW>!eGia-Ae;d11}#&Z$&)9|GbL-58V5cciXtUW;v|U|
z4dgfSd-;+SHPR9_w9`4)4{<lT<*L1Rt-ZNcsfsNA<6r*;L7x8IlQm$9Pk$g!n(sT_
z9~ic4c{N2#oB<P9{;L=TE_jt~bKmD-L>A{WSt^soF$Fk=y@~Dmz;q1J2d{I_w*Kwu
zWjlauTR!X?0@u@RD;@`b&BlNB{U-25Mf76?|A-r4lNk7#?Z&1(XHzijK-t-DqnYtY
z-nP>=0w2ai{QbCyYP-n61u4OCUB}fufOK5j2Xbut6vz3w8`%+E5snUlCB`;vS@d^6
z_f4?T-#8#1(eqv1njOHz;B~7BteLODUi{Ro096bOe<&Kk*6)W4JUeh@P;u?R`S$(w
zFv_3FSQmxZ$MR%XclMZ`1lvaf4=68)6!?e*fC3c6w-HD5JVbQOjPEaCK|CM%tGOQ}
z)6?w0P%_XplLwiq=qj=e-Trz-kP$$1%kzP##8DAn1IS-1+g*5$D1*!a=3mH4(`60O
zJwySn9>O72*EYB2%^Y%ccsk(zx%=?*aM><HK33oJLjH2Oen9%c0lz(W!E8$v8`<#{
z@eb@cTpJI`WDpO;tca-;=XU@Ln~fcRo?lL^`SyJ1fBydc&-=N5Ncl!)*V*<^%A>=0
zhy{UeHPN(ZNX`<Cjjzidyq3TPNK2Pp+p|?4=|Ms17BJ$=>j6J-E>cN|CKO#=lnjv6
z%=@910vs?Y+bbG;IrmFU4&-TSfEEXXnzAj3vytPlx+UWbm!&9<#yO78?&hbAx6dPU
z@X8z<z!Apf*t^g_j(L51KJ`3*KMM4z5O_YMM8UQ!n8t2;x@bE_PqR*rao(RC=`f9!
zOvm5kTvyy|z2iys+w+e<lcvyaBiZ(1UqF06y<YSec9U>T!EeJ(w@(7Uv`E8qNTKHd
zIVJ_3)M8RWM{zuVe|g4^oP6y8IdFA<Q?opMruiQB{BqAbW5}83m%!4O0oY0BTLO1V
zYEZS`6WEWzy88)X&kXnY>$hj~2(aw{cdLETIAT01&wGABuHZ}zc!ae7ii8SL0{K|<
zeZIc903Q-b(({GR#+g6AJR9=!_5-pjKyO!oeT=K_TUR(c=yJ|+yd5u2oZNQbtKn|c
z6owo)c~)l05Uqu`uPn5c!MA4#M%ew6B-3FQ$>d!i%37wg51gD~F8Yqez2%)G^fkL1
zG9&KFjCc%Vy5CK?5ox#%j!CMXw6wjxSj<7yuvcFC)k+TVfS`%LL(q=#OM)iOn08fP
zAHYATFUR<_zK)E#uP5TZp3bv8vaAC9Owl$)-8vAi2-gbfs<~%-siJ!x*Hm@K?}p0A
zyDB3;ms5J2o2nzzRY(3d)sYXWj{JhEBOg^A`DIl{-dEjumLFJGf}}GZ6WtBdbj{t4
zeN}ST-EJt3x~n+qQwgPqxhXg*U2xQI6CCxB;HWPsIO<WsQD0VY)P2F7XZeA2wa#N|
zyJnXzwHr~d>g<Zo4Uy4zMMnR69_cY|DvVB782#H6Mn9x5`U@(IepF%fmsJ>jUt#B2
zeqdZj^gLKY<uRSzwoX^u-4U*8?xyDr<uP}a$9y)k^hh`L$E53z`EB}R9?~E41@*@~
zsz2t->W{gvzw<0V@NVD%H@<!QnEq~Cr|a+T2v_xY)ANS@*t_~;Kbu*4q?`I<)Ah&x
zHvO>=>5u(_`ePr}ANytX$KKc9d6q}swM1hjx*%O{7oC^tO7l+@)4Aad?QnOs!#xNy
z-SMVWxOAy-zfCIKLsH?spj5a=rNVt#sc`qDa-QXhX11mKwwoD=zN{I#=Wi$Ik4#KA
zNs-OfSn1+PHNPPt{;q`hUjm-)ep5(%x{&zaCM5nLA@N^ONc^Kh;=inr`1?XS&r;k!
zl<x)xID3YhAZpS|K8&`tlO+nziVB@!0Iy^yg5@$2&yX1$kfKUtX@%iVVcxIDNwPNG
z>iG)lLx6PlUJxf|0N0QG4xBt=^tHjSjQ&q~&MdmOn0+;a5A05{`d>Z%72QuW{CF@V
z#&SvXYx!JIJ&nuv=}tUI_pKc(iF8)wL55IyDnl`Zlo4r4%5V%tNSvIdaFxD8_lqa2
z=~mb2e(Oo=@1Z;KFx~%_r?8)(`^A&kTXg@-)7Zb6?rD!@)3|(|_F?q%ls}QN_xZ1|
z-oE8B*$Z1Ft#_Z@S#tK_08H(0bL_nU*GGmud#@Ga1TPzpb-C-C6zEOkq)vB=+^*ra
zpWbWAyO+EehwhJuz2eqnn4&EQ@fp+i-E~U*`aU~FJ2hVbPI$y|V~_pex#Lko=<;J1
z>GBZdNv&yTjE>s$Fvqn+U4a(|+w<!<$sAzD(}$xcPS+7xg4`Y3%{VRyb+Ag9#`jsS
zEnzRdXcHAfKAf6;`jI-7WKL%#la2~-fTehC>r|0#`wy^&8O5+qr?I}JPrA3O^nCp!
z)(diL>ON>zlo#UceBS<`obRWzpMRb*gI5Ov^Y!FO$$iQnj%%JD#zPJ(PGqI~+Uaa_
zxVwtThXaz^fbo%s!}a+%7V>|8zWX@PzFrBkrSa&rF!=M#KkYR3vGcGgJ636b()7#@
zxja{U+|HG(!x_-b<x$i`fP)NoGwjpH{-4QTe|}8hm~9IF>vP!UOnHv!)^xco^JA0c
zMa6H=;k%PGDf9Tg;}<|CVm*j;@9`kycw7FyJ%^Bhn`nFl>c<%OV4kdh1!Ar9o>LS!
ziFxNZ6Fm=u{TS^b#3z?ufqi%cb`JX3{xIZZq=x_>9DW7v;fcXH+++L0aFdZ9f_rfI
z6}ZQ{OXqk`9S;Nk5bGhtM~{1u3$_`*Ve(#tiw5|u`rh1+lG=U~@U=)+@uoTaD%``J
z#MJg*f_uCt`6%48yOKBI<{Zb+cgv(p%$J=H0Z)y27yX6TqbXce`eC3CW4i|Da;=%s
zEkn0<0^V<xp0B-&1s8bF)}Lu{FK+bRe2L=1?Qlcq$~}V-kT7{0E9dCv%hl9%PxAIa
zO7h1k>&m+KhVR*%51)PYA#wda!uqgQj(^UUP$~PP!_VbP?{dHNv6LxmyYtNu&SbLi
zFP>t0n)n~M9v3A=&bCB9QcH41)ATsk_7O(|d4~nY>D*XC?~P#v-WOnVtv^v#FWwM=
z^LNnBj03$0RNd0|iC&2b4Heys^>BDWEZ3<a4G7~(T;yVx)YkyAciO(u=4-l#z+`Sj
z@NL`hbtm@j>~_k?2C@seKQ^o=%o{F1{i}uCTl%6@vlOs~X2jKaaYO@%ZXfPxp`j`o
z9=K)ff@Pq)V5>pj4Zzbi+n?zjsm&>kKT|+FNpQalcjP_b#$R7odF1W-2kv&geArpS
z3-api-?@9$Z48|DTp^K?Mk<1oD}Rt(`ul{4eB3*WM*NTr5oI`sc=5}g2hach&;RnS
zctbwCBJn7vFpyieI}<HE0tzC+?+HuUzUz7iN6ai(JI9Wh^NQ4aZ6OZj0zYsq7)jd1
z0JmmPSq@|w@Lmwzl8yMC#u*&Kh5@(Re&D*c>%FFt^ju4youObP9i}{R^*D+Gzf}Lw
zO>qV=$C~|zBzl0MUi4wU-CboHm6@G`KSFPyl?F5TsXc-J6wN|z`+r^xO%{G=@C&2#
zHtbSXn^c<PzC>$ml~b`G0P>)*)ZQxkGCO$ljbTOaxI#YPl>LGb=(BQlxu~c@rCgus
z<&{(RO07+?<`!4_YGTyN3M#uq4L1m^Q;)cikSVgwtP5ykvBa{Qs=L6{;)?6!?OdbJ
zO?j@FtK_<qw??6mZ@qQvdal;0mGb$LS*y)fxk05=c$?|{Qts{lZT`77t)3uc$!xeX
z7#mYIrNSi8H)RG>O(Gn-#D*kUR#MQW7YUB(yOK{}J}&xWK46sq`bBnxv6h!N7G`hV
ziqP@I>~F+=R$bzw4Hva4Hc_c|vkE)vPkG%C23)X_3LSUaUx5)lHAcA6o(|0sF`8wG
zP|@2ZvjPd<X4QyO8>1l~S`m$!*eWVyRhJK=(KM=10VxosNO<G2HpIc$pQ2G`%>>et
z0a{6N7cEPm`#jpI%vE*1q6UWK>D@ZpfiY`B6Qb{y1(Q`!exzG<u+Y05Fkcg0V%Z7g
z1!lG7tdI{nYmT0WQLfc|i;5!;?G{OVU1{_S^G3tws{x=lS;bsXW{EfE+ES&sVBGAN
zdqUT1qiTpR-?~Ll7R^<ESl7k|uQtg@;9)@-2F1jHo62wqP;Ns!YLOZj8HvN9W{sZD
zwYJ(8jd|1z*nk>^)|3IRwlT~;A%(KBXgS8T$>V{s(bQaHu^LZVsm%ngsi7jx$QajL
z*NdYeIZ<h0(QeXVzbiBciylo{`Kc>7lkO~F8{~##)@5bFRL3K%f>$j$48aH;S2%{v
z&C9D^-XAXgjZtoLKv8LoC@#bHX2Dsdh5qJPa<-qZmGQPiHgHG=jRMs!J(A2GDZ5K1
z5JFp=bm#3(6AMuaBY8}2j!9MNw0O3fTU891x285Kbj^+<&)>xPWL#CGP|;xFP>h(O
z#Cjg83KIe=(unc|^sx>{i-CjIBT~WCCYI%gP25!Na1PocO+hQt<W?1-D|S6Bs=A@V
z`qG${Y!VgA9^MadlgyI}p@gKnUbCTPPKSmG*~Oc#88Vng3VCN3c~YH?Ivsu(H7!#a
zM;_K;)s7Wy0!5BFE<kOtSlJmmTsT10jz1LFden4UnA5Yz4p7(v&eA+eOhb63aSjur
zfYm9l(5?4uAThX$V`X|h!AnHFVK+jsW;b5j)v2Iq!g-n>+oLsGRbauS71u6y`YUdf
zkE((;Yq>(%?zcG-YKjQ0s-UXYW(q`%KnY?!E_*^GlP%7tl=09YM>JXIf^2gMc~lW2
zM%~P-6TD&o+2SHxDCPS730EGHQGcT<XnRiaR_IK_e0wsS<AfNAQ`&OnH-%opJzs^M
zd+311W@fM7j5ut}s%mH$I5%P)r32bpwjD}lG!2~zB^4>T!H|<Ue_FsGPkoehaRzHo
z`+XM6PTv%fbIK#p$}$VwsjtUsX@lAZn3mVeiY*V<P^Tb@Fs##QH3i(0HEY6HlcCBr
z95$*B+XX;2u-bG%D6Gk}HGAri9_2Kar~+(nQ=&R^W>g#s%Z3p8iU}%j1GHO*3x*!8
zFEuBRt6n8omL~$o097?yraf~wl0k8=7oauNV>&GEaGUn%EkZlZ?%2#Km2O<$aL9Im
zw4s+?*xcZ5)i%aO(yd`Dvo5>SdZaT{ZbQ|Fq}dwr*$IY)+T4woXj4IHtNn<?p)4f<
zdy8gln{7vMPHkrSeucuS*&@;6steR2{E=c5v*LWpX1h3VZPs3C)*nE93^X<z<GfsV
z1Bwa>lq3i*APbbdLWiVZTIrytvn|_%mrlk_k8IfHM3Iz`FdGy-#PivnHmXou$H94e
z&XTUj<u^;q=ugX{uCsG%HPTQ|3Cj4U+Uvyiqbs$LZ+B)Z8S_x0fHs$FU2kMvm0w{f
z$mtSKL<O=w9cl|bm~dmgC5~OR+MKqk5{hz|Kgv0Q)-+0l{8qu)umbmeBeq{2SLF#<
zY2F&eit^ltm6>XtwyK8!GKj~cVxI@nur=VViXZyKN+iS8TL_lRxtVpOd9-u`g=hIi
z2OHGsWxt?up68j_^&5@pKAKzPm*hGeYq=5~hG-;!O|#k2<o1jUhk{ixsJDDkU}>Bb
z+8eyjGlC?UeCWWG#v8?CwQ9Al;fz^sSUs%PA!QPqw0(fnaA^iCZ!vc?+HY^*yw~m*
zv~Ia*T2gr+bRf-fuRez}1w~cYEpk-$DmAGuPRgW0szf~J69I~0IO}>-ZxyZ>_%*VW
zOa0NbUzreMgRU3gb(1kW!j;9Wx%Ql>#Z7dkZZoQ@@L4g?jou^x^${2|fYIGTs}b>1
zKpOOD?1QN=%&w*iM@WJ-p9n10hqRsWSf^U8MiX%^Mtx?mva*s#ytPJ6o!~=hg9`&9
zz(=~TuKP_aPcxmqv0l>w80c%ifur6~pz>40x2p3s>XRrJ&I`o~#g@y1em_E`SpdJ<
zt1Y_4HFYj@|EIloU5?vU8byDvU3K1pHQ!eyyCPYZY}s+XtQ;$n9V@;mmYl4W#5G0D
zP!i)A&V=MhR<c*sevR{b=SemiAV81=hz2h+V+&obL^FeHqi+Bj-Q!8}_K&Y#{`%{K
z<Gm-ld*?rY{nIb;r(gg2DZPI5<ofHs9$bCBeMO|>Prp2R^ki>wHhoC6=A%c?KfS$5
zrjMtuzM7ApJUNS>jQvONkK>PfKb)oy9v;X4UQExXdr7qY?q+fD=>3a}uYWj=qT}=P
z?XPa0-;W;z@$Q@BXJ0*jaOQ7sZ$ElWY=-ZD_8-6b;rjZAlkM|^_~Rnn`}4u0v&9Xm
z^LTIXFnSg(f|SV5pLfU6uQ!v|FV4qbUv0l9E583nviJ7n<IdHahtV`Ry#D2I{?~)O
zug{<V^?1BD+1~y0;LjJ^j~>kTjy}DZZKq#d%^$r@e_8ysn0~+gV|f4Zi#K~=3OeHJ
z>-gxeKX!?cl^ldGUxvZ2FFt*JzVqp!|8D2`$Lp_N{FH<@f59?b{&IYgOcQ@{Gx;j|
zxbx|8bnxr>kKx&0d*9#0za}3~{IeIMXT+?3?Vru3(R{iy-P?W<|NHI7<LUORf4w^X
zBbmQ=FnjUS>Gx0mMdZty2YWw1{}jGI{$>2tU%x#3>eIpful9(#-5tN0Jb3rZ-s@LE
z`s($k^mLZ~^{?^q-u8L=;Mc30i^-dJKRt=3{)114?}M|^udhC(muK@yeDm`B>)q4G
zKmGLM<=NiVpWA;#&vp)e_1_&IJ=yz{+KM~BPCh<3|Kni(_~PMDPkx;L`|_{-2QQBv
z-S}zx>muEKzkT@A*N=X9Jzu>4ap$i;UIx+puk_!~E^o-%FQ$*TlV2|X{9zpZ_$hgO
z@G2&D-uVxIo?m_S;Mbk;=wF|H{AIp33Pzvq|8+Y4>d)!RKd+vAdiL|-i|{%*eY^h?
zu^KO4y*zmH`ls)|zucc49X<O5#_j&a^~F!mo}K*rB0Svxo*2MC9vuAW%B--=_D^qq
z-1ATV{d$yKpZx^e+3$aR_kQnL{PD+&i;I8$Q@KM<uKkOPAl9FQh~Edh#cO$~P#B%h
z>Q3CkbYc-UsZ!q^nA9JbP$YqSf<H=Y4=MSXuNd_a8TAD_>sA~mi+YRVDcF1#r~YJH
z9E5>iMNRF1-#Uj<Z%^ggngc-9=^4P_DnH`}e|P0^pqf$%KIvs#=^#%-*KkO5?9<?P
zgVI@_x&rksQJwCK5)_BZ5r0rO31_tn)@H%sq#8s^a|q_qBlhuP)UpkNhnmyk!S)%w
zcHJKN+;KxshZjLDofc=U!DLp@&+qZJ!D~l*maIcC0~tlj=}_={JtjQ3#<_1QQx%fQ
zf=WC+TV~aS_mrW1QuM#$;2fI%ukEq86G^s9jx8swz52#9=laGUbpio^%y>HWV;V{h
zZqSLm_I_Ff@eP&JY?PkH1F6tX36Z9@v=W&%CSC6i%J*b79z|L<%$hCulGW0yiEQ#k
z&D-3jbFE#&x|L|y>A@mSX7RFnJt4|ge*p#1L#OYflxW0;Oz=VXlkT=mr$tK=d;9Nj
z{2wQ_o!Hhw-(vfRAZ;R{Nww{FK^lj_RarO_1NVGJw%pVhC&u>Cp`EzKN$aAUzOvz-
z1@_V5+DH?)XWbrC_ts?lZ}x{1E8guAE7bS$`<u+od3~fyCLLgSAP(5@ypzC>N0*i&
zr?xFSDT5U=TBq?s>phE_%-6kkvAVaIPQhtw$$dJ5RDvElr86DAo{huvOoW2mSk2s5
zKa3M%y}<jdrT5F95-z=Cf0C}3)j|&{iP1v;?`#(DcG@iT+0)vZEOd0;SS)f=-5M+u
zmAdC+g_e6ZR@j5LB?~rZH%QP!r_OG0c0)tK+mGE4&WX_w&Yi{J-A;?)=y+|-g`;Cn
z^YFURh}l@k8|uMSsC~CxXufBA;plkT(##nP67<liGZvh&&`|95V=T<GkPpOU;D0*9
z!MmM?0}ubPw&nvLU^fR2rPg{dBx>TR6dLc@j1X~PmMra@F(E+@ojPN}850eKa6iVx
zA`8ewj0ygyGbX&-X-x3oTx)Ag@BwyXOq5#d!I-Ftc2;P-XJbM{X<M?ibH;=OJ#^}f
z31>_+6vF)&6W3C7MQ1_WLJL9!%Un+r0>Yv_Bho4kJZ<dILR$tSLe*XmW<*^G(n9M!
z+Yzg9q0A|26}>wPMuHwXbry`XU~2o+|Ja=cGh#t=iC&}Oh@I_nOKcZa)a>=KTe8u4
z+2}k~*ziJqg{`7$qa*tS8FIYPc+cj^>crSB)7MAQc`!<YrQ?~YX<Y9$vQ76>bHza)
zEHXye{yWUZH=Gg!K8%8)dlXIKR_YYGe_LCf0;6lIQ=pBWbP6=RVx7W;&G2=`%*)p<
zE82sumuU_XR+2SD%%*-!1m{rt(n(qGmPy%43YPT~wek>K$=gap9SdDdI-5cdJxktG
z#^2JgmM#L_exd+9bh>_8#_15JL)J})v{4&9Xo@vZ4o)-|p@&XCpQE1cd*_sXi>@4(
zsfblytLHTMv^7n(Mm&h}78$LdX=#m6(JSvPOPojw^-FM;glQ$&siKC+lnkMFzuDft
zzP`R!3|*|5sHSQB7?0!d${*c$^BK`mb@|woLrqj;rN&Nlvpr``Z?UHPo5F#g1{bp!
zlJi*%pXVC?AHGT!q@*@q29omEn+@eu&L>7QLu3P-o&7<G)I3RTnnF=<#6*C}z7lB&
zYZDM=g-a$v)<u0C5p~@tlWMJ+%g~f0P?}7%n4Sfuft4mhJ3vn51(a<#5n}o-CKhw?
zAs)72V1%}(#uhE8EGv$swX8TtkFlgB*=1Eq>y^1s(N6Dq&u6hmKa<viB!!sv?03jS
znPhSRg4<IsZ7&V{sW+aD$Sx~N6VK<Rv(`=_>m|h6k0v*sf8~c0FlD{#%OLWu18?L<
z-Z)H%I7|W>iaD!2CW<ATB%9uhd>LOu5dJXruEWX1yY#OD(#=H>1#vja`aw-w5Zx*L
z!&IYQtpg0WBp=QfXOl3w9FD<FWm)S62@Rk_f?R^okf4oVRIFN#P4WShH2Eo=u~ocD
zfXwsNfwBov5T)i))&W`5fT*b;@#r*1g_X>jWJzp;ntTR@naBwwC<eV_hC$Eh=mUUQ
znj)^2vmoDd;uYU^#!iJcduJ-SHxweodLBv`G1Wt?BG?+kRV<}64{vr}WTq@{2;GNo
zGOUY5ute7hnV;7K&X$I!%pL?B^@X1<a6+~$=ixYr^!b5H6>RLEtV#(pZwLz$Uh*ei
zGMdE!VevU|IoU|lG%z$5O*SSX8<+^D$0$X5vqacIK2cLO1lq#!3ec5FtE0nA(6KfN
zy5cy1+$J>X4@1>3%v2lA$K##TEItI8Srai)Tk+UdB^ge!01&7ni#-h&)8YBVuT7mI
zRcX(SS*IR!YB}rUtm<<Zuc;zp{{HCCMVQe2-Kwpk8clm1#!2eYvBoN!$r6eC`J_8D
zWEKl+E^Lmx_wSDmy{m^F5g@ZM!9kXnDHrcKThgpoli<pyj2C<GTseV)&j~6a%M}&<
zMDS&{$0Q_;Q9I>M#+L;9li)5i1g{~-qy;V-v%X+7mMZ{Ny1;sd%H?4FFo<R#*TVDM
z;3HUp%PS(wfiRij4OwgGIZ;Y>R{Q+RyuvI3d(Thd@4!z&VjVJ(IAi(+(sjjAkiyCk
z)RWG#*5o$MQ=+efPooK0j;laUux7aw#?x8=#8MFXKg=k`az$EcBhWd7nmMf!yL#@&
z2_%c7Iwmvb&*RyY;Fchc{F;WN#l(-f<`#V76P(7hI;pqmMUcQ^k{L*}Il^iSaqZ=$
z{zuZ;#2?vOOZlkZW%x4HMxftMlE8e(k`=Z)7NJ$_jz(ye%-4t|u|rj9#HIih0r~C~
zVU9HRM`HEApQVJSn7SzJsG%%p$B{oz7csBmdmn=vZ!&{KjD(hw)SpZO%BE!N#vN9v
zMBPZT-8zaC03-&aX!732^_Nu~%(MV7@UMmm5fayaj9;-vJPA-nKg->9?(P5V@j(cy
zPr@P-b{(OS^mQU8jH!%7q;O15!zohN0Ca>&Fq5ETkI-j++Ec)lckL%R8fnf-kXxg0
zwnzl}8z7WlBYLNyAqWBoTa4ze-YdcDA`1Up5DFagtz2icC{UOAzj}zx3IGy;Bf?5)
zd@}^&Z|RsjV4Zu=`Tr1=NK6whFSBtqKp1cI0A_@#jKowpANnl7X(K7vP6=@-2=*Q^
z38!$paCGd60l^m7pUf})h;6DpmNM%es48N?AOHN2S{+BnSC6DhAWM_Q9CE=1I9m@u
zqD>J{wp%#~JTp9tXV-~7t8o=NLiP8oU%EqSfD;Jy;$>}gjuRq9h+%v|hynHp!`XGT
z0tB5fRgsUwqvK!*W9HBzSrE+(j16}P6`Kj&a}ldq$M5ov-%<o%8be~47-?rSKOPS!
zesr<$FIK?npicNOJU)#4pbM1C+mpWV{E~P4O3WYA1QNTHh9P}(mc)9wh|S1{_um%^
zDXG5Tlf=|UVvmQKT{`0SM^qbod;krQf{Lce0f~<w%SpamWU!1YJ|d2~4E<t)^3`nl
zqAKI4w<rC}{<kMxA}q5mmyR%Qn>Ms9vg%!8f`^=3Ix2Wbyas4MMbqPe#DmyK&i(Xq
z>Bs<`KbgT*7<3OOu%PCvTkjsvJj6cp7!ZJ|UF(34EMh2NTD%H>F{eQuBI+G;7xUh-
zv&p))>K+W}e$tQ5FfQ=lhr!Wj96HBJP2=1@l0KBEq-U)mT=YpT`h3>8Nty;$nv8Rk
ztQ5!6T2@>*0boj7u2xnB?WG{OCyc|GOqLiu^vIOT<*|1j1{1nv%ebBk0frfz?I`)h
zFi(+g?m8_@XDjZ_s<bwl^J%lXB5jeWDq`;Ei^*h&H+edk|8vqK-sH>YPV2qF7&?e)
zJIB?vbzG&~I2^O2+{;>#EZ2GIW^;p$CF9i%Cc|>%N3+!Py^~jmo8H+X^&nc_O?nAF
z9PGjyR$=4m23fV~*=%BoU&iW)+~fdgwAyWOIzX%lYOX|W1*H-W&w_I}*Y5y{=p7OQ
zjR}v5XotY&8kYxQq<$10ztDg?qM}D79~j(=2qzlmyumfJ9}%R&)`;ri{o^C@`=1LU
zbf`yR5G9K^U_RAi$B_AcfF7SueDI(7l%IUj8<RLl7jcBVFp<OuCblF1VokWaxV<6N
zg03@1G1fvRcG<lr!5?^_rXiv2g!#r4mIIIvl9vkTB&d&oC;AtdJIrQ_GJfg{)IS=x
zGUhV@YP;3!U^iLpxy#MuGdXXz+e^B=<d?jcyv>`Sl~_eh_CQ@)GIkee9Zb5>#aV-^
zB8#~Xg;BFKEWqAxL@eQt!FW@$sU$~puy}=ub%*(o7rp~q4qAY1+}(y)^p3^MP1SAi
znc-(Ss1$R7rl=48EDkTih+Z6U6E!J13$R_W?4L~E{{<mD2?X;vUlM3960eb_esq&J
zd+8^a+d(vnZ|G>~2omqk$&3A+P4D&L-lq59@Y%_x7o?-cD|8A7GSx&Zj;*(F2P?DQ
zUcx!9xrgw(S6v|5-chRqR9ib}HFVBG%-`N8u!H%pi!Y#bcPRM*njMBPcx~#|+W~sJ
zcIQ=Gv0AwD+8_&mb=?t~mVRa3^t##xi+JDsj<C2ipL_-OQ2zJ`><RDGC7)tv9!RX$
z?i`Rx8YAnayQAp_j*#6Ut9u8?61vdNk627$UE8|DQRgmgB@~hNySmtG=@{M}&U$tT
zmrl~ve&C&9)HxX-&e@Iax*KPA<Lqvn5u<61*e~tIc{Oy|;5eZ>%E?ZwmOOL9Ru!7b
z&(1jEpjs{;Fm;ZaWO24^?C>7xaY>K3A{}*zFXyk}{57anaQ+&K3)mI7YZN-}(p%%`
z*tu%Z9-ONNfOFNLWo^hVtKwWWoU4X&)%eD_YKS`RQR!SYP>bVSHOixPt{Os{I9Cnl
zs!^!oTs2VBaIPAaI^AH=xoR}WpL5lytKwWW%vGGLMprm<t{RAAysV0I)u^xAo+zEG
zh8~=&hI7?$t{To&qeu6H&QarBH2@I!a;_TARfB2;=c-Y_M}A1T3V)4i?_D}=@Ea88
zx<Pwzt{VVfu<M4~p(7-#vE5tk0ppxOob$q3Ixo0TqVBZNoff*&LUpC~h;^rht<bj)
zr-ja$lR0yGryY57x-&C(W=3VBJ2O+8>?=4iEBD>yc^TI~?!1il;LghczToq++kDWo
z5(B%5eb}W@>`u3wb?lxx-Gb9X_tdF8+Ol_rd+Ow#I=QD#tcpTixu;ImDhf2Yr%qj9
z(LHr)jz9O*sji9|S?;NmTt$r|_tdGbiW+C`sT1NDFROAJ9I2f1f^%MQ&I|QbIzg;+
zUTB5Bb#PvAPn~q&o;t~Zz?XB|aBdq^D>%0ewU%6g+eW$XF5NbM@zc>Iu?|z`w?TVw
zej5N^u;0c??CU1xVV5?s^IdSh3(j}J`7S6bv|btKyRbA=JKqK8yP&Pv9=*<YL0!f9
zE>!AtgGJ}N&>VlxccHF|^Ib4kalQ*(;mr9iAda%KD$aMIzHWP>biNCEa95>Ta95==
zAn@g`O5If{HEY~eX#pSNN^uo;rIpTGU6vlqra<At!{90$1<CN$$}URX&0<a2^|)CS
z=O|-JEz1-^;#7kXs&`~7gR2dg1&Xl)x7lZa#nhL$+3x~5?yiCHsC3uR1zO!^A7M2a
z+jX1$_1)~dn++`>u;<U`WJo?tYe>C$mWILoyl3wKdbUJGrM?**^#wZI9c5dJ%+N|a
zs%MtDLsAZ)(_IqvEp@x3HoK%H_{E;iJ_Zpx0s?m`vWJR&dVG{##<Rr*kw}Cj!}$c9
z(TF+$TPWMR8MraWKs#sJFL$T7Qs<#Jt9Kr{&F-kT^@Oq$<Tc&0G)LXKZCN@&<7XDT
zu!||XGlX8w5U5y<ZLh$ZWAuRa*Te%htJ=k^os%X98)P{rO&uVx_yryipLBLW?Cu#T
zU@>*8T;^mq*0SGR7a08*+?>t)cs!i=(ZvFG%1c8f$T;4;$Ga~+fqHw=2Tot|PG5;R
zo2nx)>E14tM_cw^>ger~I~Lah0(<Lr-$VE8*=C*LFT4DyUiBPB-qFch@9RhRcW5JY
zIryHVys4$=S5CI;t!-b|KQ2yHzK8D6@6pAn>V!I1LzfLU&fQUtbH3KW?Qp&xcZMz(
zgy5#TAO!mz2O)3~H@c0uksY!Q!P9?fnB*s|(CPnp;~);NxJ1atV~HEy-~r6SR1txd
zhR-jWW8~I9zo;+JqmK;tPFb0cOegL!l2?-Rk#RmU&PS%Uxbu;5J~GR^S9LxzjZx=(
zWLl%p`N%jQ8CJSIMxBq0^N~?kaXvCq>Gt?@J~GuR&PS#@tT`W<_Na6|GHo&Fd}Nj<
zE}f4|S6FmDG9GHBoR3Vthwkt?-}%UNLY=Fj%LW_g?kLCk$mqcN$Vh-dm-CUiaXvDh
z+B|YTGF@QO`N%jQnIbITM@Eiyvob#!)gWqpWmI3QyCsq`CiWPy@M{i@#13|toy!l8
zYHu3`nN_a5rO?lwnj8aqMz1dfR2s$s^q<CyKwl8cZDpjtm2S#Lv+2|)l4lZ5L$F4w
z_Y;S}ElJ?VghN0ZkFq5z@Lb(?bnt0wnrtNt(h<GHvbY1$x<oN^NA`$9tyX4bNr9<8
z>&4>S!=~j))AH^JBNuA3zwQ=S(q_pr^HRpQ<%%60qE_fLV4vJuf$&CV>~PzY-YJ9L
zfKy7a^}#FT>LHY5M?mG9W$)j!1+hYJJb#kRKv@xOR$S&7RxQ(9j11CCqT0ZS%~;Tf
za}79VvRP4W>_Y7d9vb&dVimJJ$hxoOp<s}FgGNt38uLl*UR8_PXC_w>fmr5LvhH{-
zIHNR2CTk{hrLe{6(J>04;e73}nLD!prA9$YjM0zY!O`J6IMQU|zKCP*IVo5uu*pPA
z<dID?F@#35>{34P$IOCGCS>nxvpBhvi|xt?M?cK^2rtHUUnQ|Cy&(eq8cx_7)4jnH
zQj6I4h|^+$SaGzx?uZpf((MszI9b*r_NPTq?|vn)`X?=ELaC{ggwu0k7xaKsIwSAO
zpDbi$ms>Jq_snjaEHTV5Wr^NX!|`HnzC*$FM=m{n5W7xq5)i8oi1$34z~{{6-aETt
zrx?VLqz8>~Zb4-9WHP%Zwmn@NW-V?IaZSucKMgjr9a#2}Z@xCEsky=TqO4TmPCPFu
z-`By?|FHnG5|Unc{)G=ZffdR23|ZTSO9f4}Y!{N%16?KdAaE^uPLxqbahE=seGo+6
zJf2;J<ABAPh7+3eMKq!c4bE>j0Y&5B+$ZST%uZeaKl~z=Va<X%PwVL?h!#^)>^EHj
z4^9a))a#q^@<V~zLWPUdx`M?E9bLf>mQ2SV6@B5%NACeL(#d#$IhX)r!I|872wo&H
zF^u@9O>Y|bQAi)@%#wf=r=*?{>a|D_1NPVqT!{spdf_>{xX3P?;rNlzF>DLjZ2}$8
z8R{Uh2m0l6tR=V{6`fI=$f|><H-Y8hXGwX9R_@a)EjV_j5+L#TM<F;Ps1@gArc(@L
zsk3|eO>cwMhQEZ=g%9C;<AXu?ZVKruGYiPsoY1XBZJtJ{J<%FAy`K5JffUIveQPE6
zyfczNFupDnq@F!Q{0vCEkLQdP+NpifsKxh57>#g}C7~rh18f&n85ICbq7Va&=o>gX
z2i8r9g+NzfJ`1Ciu8hz8*J3}q2s}Cy?s;G1Y-Y1Y6x(<HO<?Qw>#f7XySB^qK1z{i
zUJF|C%UP}<8ZUXVD6ZQq7G3S(>)DuC1zAFmLxV$Rk=uq-x$d~ufd1?j)QbPEF9Yhb
z>`%x>dwk<%D@!D*<X+0KMZUYkzO16J&S^r;te(7l)cvy!MNpDzND-8wzi5iEVDVMZ
z16{ms>EQ(7D3Xf=UidR#@yxJ4^OHclY~wB~!a)UmS8Nu?;3}eD0rqSg>9>$S@?QQL
zm|}voS_2<Srr~HY@ne3N$tG*H2!@y7`c?2JwT^iC0zkp#<KCA3$<7hHB0-vgzjp)<
zd(8N!dsNspehh9l>1tg1S4{lP=KNAB+hdYd*|`s&cOQDAOP_ka#+%+{NVW_?l*Y69
zjRy$vX5g@S9VVH(U>t0XX3=?gLEiz<68!uGHX&9k3i!5NOlrDtcNN^S(kkWyz_nRm
ztV**oate>1?pZApHB~su+h`<ap;#>*Gfcj~#j~(S3QN~;t6{Z%s;@Pkd`U1`fNDI1
znT3FaI+s3>O)rCbi-aTIpNCM?wBnb<M61<YoRa>vMS9<YCcB&UKzmB2pI?rH!EaZ7
z9D?{x?rfX}(>Xjqdp4b?H~SFMY2)q(o1uPC4>k2KlBRuC`YC-;#!h9@VliKbqj&}{
z8SlNF(*vqm<WG*GglL;I*#_^4WbTiGWINMNak5SL$A?D*)ujc}_?daOL)*LecXzk$
z@4!Ezovy;*T2X~l!Ee72?L`diI}$oX_gheE<L>6hc0S&dY^lXyH#V~tHeSsx!qNVG
zo*d95sRy$tA}ltGw>CDtiJzo*lKCVo^hB_Jb2giOJR0xNZZ_@`_@EfBDX<oJ&=M_8
zElV;dT^EX`J-9K8(!8=%cgQOr@DkcKK86vkuET+{(pA1_sv&1<s_m26j5^^VhIBHU
zET}YAGX$rElljd7eSZ0j%r&0JVBs9cvosjhRAxg^U@plzJsN9RNi`vVkzVT0qbnoD
zHk-LJV%nugS(>@>Xh{R=Jjs|gdCJef?u}+sO+`YsFsZ>YF;60$Y#vO)=pz;2X*y57
z+1`dB`;&Wx_8W*K`D0Ne4unLhAZ7smorK^MGhuj)&^;}s4}kUG&q0}=vUlbnp&o4A
zf3mf+d%E-Zn+Ln!?Cjlpa{uwKm8x+t3COPL4e3nD_%a9W+`F$39O8L{Or2*FKl+#`
z*=i7FeJS+V;0QFjKjF`aD$7y2e<|Qz`XCc25nQ8>{zdSzhFN);pVi_*@LKkJX<oec
z8!quxRo_rSudHWeZn;h-N?FiPX}k~a-7hXr8==eVzO<0JgK?NZ!yF5BRLk2ZL_S`O
z>V{Y@SQ%;9qOOH@;I%R$;{+!7rH$Q@jg#9*QrOd~-9fneq0;Wi?G43Dc+)5IU<B*4
zTfoEs!Z-2V#BcfKwQQ&GBE^d1U`}=w$=j&N&V%2APh>_g>~{fIV0YsD&kZb=h+U%`
z4>4mly^R{1iLX85Fla}|Uee;`(pzf|Ri3J4qI-)yAKN<4Fz$&zSfs*i0mS>rD!an9
zG+(E(Bp&>C!h`$@?Zv*iH}xYjK~N?4{J$1)09q{jE!p0^zw?9<%r;r7$?Rq-(b>H}
zl3Da$MFGtjQzHmVoUvPCD6jsV)qvw96A@Kqlljm53_c2V*j1?^!|u687t^21?>op4
z`MVA({ovWlw&=gyK%Grcw3r40oeBi)!wR0z*Nwp>lbo6Epi9BG5*u`>ldRxYiA!WO
zZz!yNSmdnbt({`K+sWcg-~o0Xp8Um~yZ7XeM`OZ+k{rv~@t5Fin@bGZigNG6OKgP^
zG0k8bM4DstJl>y&$#!9u3S(k0tj<L0N&Zn)TRRfk5=Y5zTyFgk&lYonf~+t&)<hrb
z+Z8fdBgAUz=7N*WOO~F~TIu<VEIn&BouyqviA;Ha3QG;M=>`hO@vn&FT~Td2kGAfU
ze>*CRQP96Mof=+I+noh1_ZyBPRqgOy-_NR{8n@9UE2-6#WO++vX69En*oW(oh)m^5
zd7%opR}aq<235hLDsxh`qH&j08U}`jsNAK-z&RXgVrb~`*8RsO8q$l(KB<Pqe%9TM
zirKUHdHV_B<w)UrS>1i>Y%uYAQFLfIv?wcTDN#WH)uTW&CnPDebOz7Zg_4p|$KsS%
zOR$!<kxE}NN|UUnOcn{^%ZH(|n#545*3%Byd8&OgEsuJY{@=13#hhc;zS*}qbS9=0
zMB1wxoWS9bQ_C=nMwHlxyQt9;O`j7OA<9doeJ84g(R^V_RWLZ4jg8SN1|xqmIV1an
zEDqw}>EGb0dXRnlKAzmU`yZ_%sQ%6gU;v>?%>xkAHWiiR*Hc-1$)vGy_qU>1xbfjP
z$pj)>9o^wRgPN!kwNuT44G*^Yx^In$u}){DtEK76hBSQ>Kk!ThL)~UW6pR<qKE!@A
z(9{tpYx*K}m^H5!x>B{1#b^`+;~F=5tygg!;syI;CuZSa!OxlaZp%FK2BmgxSd#U#
zm7t$%NQqV|?c*9!tRABp($frUun*%1J`M$PJD{ZZ$8Uxwi}UmF)6j%sM?Qpn*b>-M
zj;Z(+KV*2iaw0pp42T*E&xh${kgLxy8B$3ajE848Lw*!8WJe*jbZ8WgwA3@OM~Qhh
z+#3D>VN@8G8iOjU6?Z+lQItaqW}18OG_yUvC!g=!{eOSkU=dF@K9E0i%aVR%VN}O_
zIvdK3QlS%!cBTbwG&HTyyOsv1AxZkPY5HVbmovJ{n*$<D#f5?oG7N8L0=+5U)S45|
zXYmjSeCP`WTThM<ag;H{;3-hgoed3PZvYvI4+bj1@enO}Li!jk=Fu>rGTmGQttmut
z=%S!S4Wc!#h)^FKwBn3|iLfNuKn85qC!!WsI?%$xPb<f`v4?`Vr<uv_Y?KL&k_S=E
zOfxTm4Hb)Ooc}TrY-6_3iZ~S0Glc%Jn-J_4LP29@--IuVtbgm-QkXAA<Qsb{(9hqa
zip!KtjT?726$O}?NPd&P%-04SpX#>r3`|s4_jCO^SddnYWo9HVG-=h6m0>EJoStW@
zS6>*X>IKdClR)o9B<jf;A8#h^L)%^I{r&NHn0fIG(^)==J3l|TYp!lZ5wv(=mk@j+
zwi`|Lltln0yM-`<Sn<PIL`!5bqA)~5o5vCkK$kMfVjDs0SxF_#L7*tiS8zX`vRk)0
z>I%muQWEV>i2(F3=w!d0fA=ksQ?uyeJGPI@{R9%gf0CRpCf{ynMZVphe}`BNGqOGW
zo`)8;-S+@2XYT`G5Yn^=1|@d;AX-K2h4^V;vVFirfN|s|)nYPe1p5n?4?cxSO4(jM
zH^8hIUdqwZVCIP9PfX;tLhVMz2d!zt>Ht+E#2h)U2(k?#nGvGB5p`-Cj)N4Ub__Fl
z0HT4TW#fa{$^ht!h+%E`NU@l*)I0!M8bB!*04oIpU{o>y7#yvd1|f*}5Tb~;BF8u&
z4UK|3{QoNQ<n4p2|8Kt!Ha0iluipnB=wICtrm2W|RV+!6lAn_Kuq0?jen!$mOpsV;
zu=7Fd(19PJ`3cb+0JvJ?I%hBl{#^JI)IKAJ!PBOK63YbugQwAAGC?dI1LFcRFcLDd
zkg+=iy@(r`bHgl6ZAq5G^>{c5qKotrwg(sVG9ey9<me%PmdJlUyBW^n3qK0~G6qr?
z{aCWFg#m*izgx-C_8dCEv)KTFNB|=;0X|>0vE5%A*RC<AKtD8*EZhYyVt9Zzxfv4n
z1^fMqjB*N2-NE|a2RN3=z=%wM&zohCglb&2#@y0M-JyuX@ec|d|1dDMRlBP(E>E*f
zt<{FMx|vmv*4V2jZ)L%Q_D=bVuy_YRcM7Ege1ANq9=QGll0(t2vNwi@Y&07mbnzu}
zFrC8H{oLIJkHX2p$XsaIv!t6H-A^@6XE+Syo|bHRhuQKD-=a4BC_HI#R5N<4EXK%S
z6M^7muFVw~eX5PwcdPgG?CP}@^>w=<MnSBrJ2*PVxCLMd_U$4CnJPPpu7*TEBd^YI
zj`a;#H<w_ecxp{g1?qH^q=t@c6EV}7DbwYWsjK|VpgmQI+Z%czaS9g_*oz!TXH7ku
z)>e8M-^F~6OM~%MZ2V9_6{aWi;vhO8^Osng^~K!NTZ@i22<KxbD;hW;tgV<(D~s+Z
z%4wh`RAui{ux<pV*fX^zDs8=Ekfc$!C7fm3?6Pg!c9(72)m>e-ZQHhO+qSKq>i6Dn
z=Ei)J85vJx#(7Tu$y{fzwfEY4(1=%D*%FZ@QEy1hfg^8}6cva;I`Q?xJLI6%QHiRn
z*jiq6Ft|U;Z((MKaH`BW=FDm^x$ICNz+3>_9MQEPO8{o7HpnF5(-f$%GvKvEL*4>_
zmERC)Lacd&WG<F%qEObS;z)vr)0ZoeNFYJoz%SIc2ifE~8RUUH@RM*xu!m@h#hCe0
z-e$GpLpAZ*9oAxS03vxeMaDWjJ}JbtFhr&TvZydjR|Q+agCkM!;6+S~@q&NId59{F
z!D!`X?t>PXEaSm8dAGoYx5P*{^5&0hqs<M0?puf-J{w<269NV=_Hsoyer9j5(6q~J
zzUYjJAli0!K7^w9>?=)HowJ-)mY?ZZy|QV1j9+q{2=ywS5d(T@*-M9qCteqOAS|QC
zN|@9bBoP|$S!jF!4QNALNxd`J;@TL)ay#PD+t=3V=lk}|Z<c{a{;ykvx1wVOP+ne1
zf6hjC2s=|nh8G1}?vX5QcvP`l{l7aqm+$Pwg@=_5v6PjTpJvWhh3=#(7JY&HN#h$!
z_8TUVO7O##N}7i~aVaycll}HT#mtd{+Le}tChs({931+Pz2}BlaA<j9pFuE!+Rqs_
z_(4yX2xV_4pnhZw+Wu6(f*=LI_k<a@>1mSU#k$%`!YOL6`1Lvf?>-0Ym2eO=p_b{A
z#ck*651B|f_(9l#lpP^%5)VawH%#PbDV%%{bny9u0zTwLE?z6z(0Yk+LZ`&JT)8wU
zcdl^TO)EbaQ6W=}GFTl#s8Sd+-<s=o&X0;yy|u3YEMoyu@$y>d;>8b_auf=KduuQX
zLrhnrL4_K7T0*K{9RZt(vf~$2DOx29wr6|cw$9dEdjpUvPW75Sy#>fbKw)l$SZAs&
z{rG2s{5pg6K^!W9Z4d7SUW-UAog@$$TdK5@LO|R3SzBq9Rh*yMphR@Aot)(;(rIsl
z*tK}f>}LhX(9vkRs{PIS0Mg5jTNq$xp907yb8}<GF{X(Ajp_-jBMfb-H{eImg?DWd
zZ3JPDB=>{pZ7$E1rXj;U9WALL!a%P%dUQNZL1ZX{edT;yc_<S$ZIPKEPevxfc5P@X
zXlO|^5(RF9U!X7^7;_C8OCG-1PDmf7DlPOq=^1y#39jw#e7fY#^fnX(Vq#LjZ?J85
zZiM6PUq3<^@>~4{o|FdVeWDp6hF`|w{UU|JPh7LVXghb79cYcX-pCur_&<s*+zvhE
z|C&bp63~GQqL<U_#xBy&wcGfVCv@IV7y<9iTrEoRoQn6O>ncOGR0*T-6NJ(o456Zq
zt}a9N9s=tNchbZbnztH7UJfF8smS|1lg5^ZAfS--Yo;WM_my_@@PaFXu7jvL2+1zX
zzBu{wbP}C%;}$KfsD2@v0@_Y#6&&PIXcX-XT05!(d%4nv*at|TqhDn}Bm_>yRRg@L
zvTi771`!Q0mxY5M4FuEJA-84{7`4wJfdWDLtxyfRAgYJY*8vO=@ephdQ5!cjgM%w$
zLs`1qlGH>)1bl^fmyROY*+tWb<Q0Z;qSoi#14_h#aKhFMue!IIpoxck8&xXGZv1V%
z9$bm(0u@$p)S|7_l-QpL$0GiS?!`0Z>063P9Ta8=C#1q<RtqNo^COzB^i_&WQ-;7{
zpeV`*iK%B!XeGOUm*?V{LN^(CCw)Z&@eX+$6QDK$q;HG}K!Ib3Vf*D<KEKMRZ>f=_
zAV$V?JM-o6ITkcCkL3j^-Na-KgeU{*8*`5-A~hb>C&)Y&HuT|oaGysTg{w_#WyzHh
ziC)uuTj%8GD8oayUxJHm78v|O3=)k(Rpip9H_ZMK(cM&Hm&`X-WBzoqvTi26eDSA8
z+5Sf!onxTyGm-nk(B|ZOdcg!9`ik<;ldB_mF&Sn|T+w6WaomW`Wn(^L;z-SGhH{pS
zIw{w4k~W?x*Pf9n{r-&toG(A%RatB~#XtL)umw5rLHHs=!0$u7$rxF0GrY`oIOv>z
z@c-^`^FUSkrEK=%v`N;*u|>{n*`Ws3!Z>ob?b#J|><_Mz$eg_XFx-7za_2Bx>=~&i
z^i}5Xf>c7F_EFOGHm41!vz0?PGiuL5*6r`Ae`XZAFxjLr#94jjgEG7xq>&ty)U)})
zvUO*ow$YT{Og;i{I+S3+Ia74&KRpy_(avo}&MvB;xi)1F5i_?odE3~rM^>my1v6;c
zHbdk0sSPNYgj60_YDa=ci_d)RT3@}ut*E4hha*x*5|kTP4mIN0Zh6m^MOAbXKxBt-
zR)l3|KrFxWHVu2F2C*b*QDj+FPMFj6!C!}7-<JoZ6Dt6W>j6!te*iQ@C>XiqsY5+X
z+=u{69jqJ)Jb(t`B5Pd1%yA7Mg)N;lL95p!q4Q;Guqjvo-I6m>bb_Ke;g_=yG=_r+
zBg8!CW>${-oD?Xw1sbCuH<*!S%%N=YaGvqebX_VA<8p*Z<w$+}d~b$?NwvclM}nMN
zc4lKb?Qv7^rAvY7fH+E970tOP$^)`Q>0)AgWDoPK)aLXfMLhxN8Mb1J{@@J2^V4d1
ziy>6skCUW%)o`)xY4N>KI+Eq#cYT4l(#8<P)cGXLl+!Q!K~J+=w{CGeQ{AJg1Kw=f
zyj$J^v-Hq2PIZrFkI9eq4pPq+tU(<$$Y5MAe)j6bVjRN<UMZ(^SsK^-Fajj4?#w4X
z?&rzCi6N2S&`^!{<vzgrj=vcy?NB!Tm$=MhjcBdy4aLxAh|>>fYzbUta4qTvod}(f
zFim9WbW)<H*j`So>v5uu-%qy%S<)i?pRc1%z}!RvrZUMiCt?&kOvf6XOPPSrp=SH~
zL=Za_yJ!Y?8n%pgG{Tt$kVeVU#t=GbJBsOq?K3T9$l9_WT7>8P-VSvx$MV&5+V@zA
z>9V62rr>P%LUFke=+PO8_!uO_lVV(q8@3=E7!c-S?DSpJD#G6&HV<_0*-DXveA=V8
zqWHyhR3BXNE+1kA^V~O(QL{`ql$87lNHet<(rT87GY42A`c4hQ82R{$7h|=PW?_Vg
zDbI<Bqz_vyYU-Qs2Fne0mgaiTjOQc+(2JMPi>zkWk!UDY10#sZSXnkI6GT_)C?p;m
z_oNr&2#78T_AgqrnLXwoY1_4#t+K4d=mRa~Pm%;@W%DyB#d1lkoZdU<*@nj)g&Utp
zoyPT4L&r(+HQxt>5j^F2R3fvpRPlC|In38j7;a;l5R%;?moG3f-6dEJ&>xsX#8``Z
zea!)NQ-lL$3oDnN<#F-ok*cly+2jx^AIFv&)l-iXgKIZ;>&;x9!3TJ<6o!C8F2xIw
zva^C0(cS&vK3~PsOr~MfRlPz3v0?$$$RiDC6oi}oLS}kpG@k7Fl=tBmeD3A@k!?u<
z;#y;j(5!5ddPT_FM|CbZeq@Ur#MW#MUOhcM4B^@lYfxf;OToCf*aAjl;<pyH(cCk`
zT~$p-%DjW<IS38yR#e5rrN}4Ia#Tfh3+=Sxh_Z+kA`_KDI=K=4m_Tna>x>!D?FPm&
zacOz1#~NR#WF{&c4?5EH!ic<CSX;ZHl3>!WJI_hXLh&Xk4K#Y-GO&v~lHL%VK8n)c
z$qZ#1iPD&&<a@|siv$Ct5spy#eI^I54p8|jW?E#4-{~gLnHb64M`?*l^TOGgb=pp8
z%th-=oxYMII>^IcV`g@kY~S}F+S1@J#fs*sCo@3b122<CPzhyDOKz$xvl=Y?0(Ns6
z9hU3dI{h=j5Z->OEAQ@}EyAw_|JhRqU1U_Dbo)`Ms(iLYtSelUMtB;U&$`+=j1JwS
zgzv)jqMd!kL(SK<{v*;fyaYd3JuhyHxiT#*W;)LS^uTdjHMi7p7{XfNpz9v1Rx=%l
zOShz}r3kq>3+q5VcPzp!qws`S`!;vVZphqgMu~1$r<G4E%zj1+1>VJYyhp7q#1oT}
z7}}@_JI`J|_g5SIgYasZXvU9Ig4`T$3!+xj$hHdCPiiQ5)-fT}-W<?s9+5=!+F!8w
zY>_J_jq^h9;$gUI>5Er5$xBt*PODU_WF+X7zOdn7zUJ^fY&_@!?}!=zy2?ywZOwLI
z$bl*+O>WagpHPj<6|5|2%U~etB>+Pmgl{M)rbK!>8cE~)41bl@Dy$>t<w6a5!J*^Y
zY0qIpx$&Vr=OqWMwj8(jK3#F<xP^G{VZ*$z+fvlHg&89TAbGwDn64Pl@xP$CCBqe4
zfDLBHacvhMdIlKrE2)Yl3FHd^>uET3T!RvzDXtB{I!v0IK5U>S;qNb2w-U)yJ6Iju
z&5^cvex12TrYK$XX^-sqKj4`>7sY+un&8US5}0L6XQzYmgDqcX9C|m#=z8?1@y<jz
zqDws1re1N-Rso5`@H}OHi}IN5s4^Z8S7zKQzoXZWn#Z?~W?w164TLmQE!w=+f|kJ{
z?+#|7Q~a@n>@iDs^C>}JUUc!1#;B9GXI`@&!scxL%<R`A9vp92zWfJ2s?W*my6l-&
zw8g>aZF>CRtH(=d!@_tQ4fm~qq-9mI{(0=e1yd-&9lqMfIbU)^@Z9+L+M;-6hwGwM
zkPe@CdFD=X;(JZ>hfCQFpj>BV`iQdeakeOB&$FPCn#bE#R)Q|k6keUHZ+oj^-OD@q
zPC;h8kcS4fo~zYWC};3;sBIMVK@3z{itaEMK*P9dqcTQht$|wbrg>XvDT!FS7Zbau
zJ=WiG`j*5k0n^;qvJhB$AmK=fAiLL$5@w5Ct;`5bs*%2ao!Ml>3H&_g7y10(h*ij=
z{hknv;3e;&E(?hJhgirK--vaX`;Az4h|3ky9wlefg*+<Wl`9Y`i;}nDeZvTWK>14e
zOv8m2N{(<$Kk9CcgFTgi2l}1`*F{3w2)ne)d4k^|AndlgIcXIY3gMD>6}~8ZVhZEO
z?bR(d&E*=V>?Kl{Qd}!M{QAdyX_0Z&&h|v!gf$Ax8ir0~YGiRxJR2TBgT26HT0nzW
zN1O;(X?k~OZ!afpTYehSRWDxzVat>^sND8+YxdCP|A1XCWLsEKrfbZVwxJ-~Q^Hvy
z7${_OE`{qiF)nZ_g;O<C|9``X&B`~7SoR-Pfq%nDu<bXDl)@ohQGI(W|G~%_;yv<u
zAsdZQrrm#Fq;a=?Z$2S^U#<gQhmRo{VS?En^oy{A=!ZH-vnh@&M3{=c_%L~+48ibE
zl_MZxZIK@Zy?@WEVj?djrCTrb4&N|Sdj+YvITny8L9{f8&J2vhC?aNuzW?@$ifvJ$
zj?NoI1Yu7u47>742J~LFpSkq_N;)+4=eIw?ky(hM3>3ZRaEgVZFR1+`vc#^XJq<Ho
zxA4J>MZiv}J!7oNm031^u(Qx30>XfhBY-ssJWvAy7w8VtpVA%^U}|513obKYm}5O-
z?3#Qd{F`A?pmGT6Dgc8cxNj%`Q^KnQjRc68g-Cglj|>?cA{l4`)JpIt9Y_kiHh7H`
zJV-K7M1PM7pr8GU$+s0&A5|Nif!EpWvISNj-3iDZtA}cb$(K;v4@WefH*g$K1oRz_
z(ScyXD-^){(uAC0ODdi8{{+aSe{TpFaKsKzQM9G}{N7ops>JLhLM2jSA&kdlt|2N`
z8pr;$yMR>3&QKQ^tFg_f8OfDQv-G_c-vm8iXYRMdHE;5lG(_{};^ZN))!u+9s=Wpw
zuH%KyYKPjCb;#^9MYl~;#Y!cWpNO@N(^~uC#*nstYqGzELwX5zL!96^j+LZ;JfogI
za;1IMXinfyO<t1)P1mC$;7A;kQKbpVb6U`>c#h8XKw<F%8!Ao_A3BZnmHC!66LH#B
z*H$YrZN8_H%yj7$W6jmJ1H5vbooNDIp?DNZM*if+QKZ?Pvw=?B8k@z2Zwq#)MQep@
zprIN>lpJIOM}jVUs_#~SzT~Kh4YDsOS-XvtMgVQNpNbxJmkKQu5iC3tWYqXt0=v$(
zBSfl=8m41CLn5vuomIT#hpW)6tZ?lAjyPOtATV?^aTmLcZC}f&9KOHBD!b95`nf{Z
zt8FKN*gFl(1_#g7X6|XXj%_#1MI&A1^LtHLHQKvx85iX*#g~^{27Q&Kq7RpS>;h{d
z|I#C?vF;Ai(X^;2X%^+ut2>s_AB6~YJdPe|RFybzAxj=<h)^nN<Q8QSOGJ{&->1Ic
z^(ZnAF^inBpV^xFM1CQ;g{MkSfb?8KBu{e8WE{&a`%W{v>U=(OxJPG^W!Ye}ln&bT
zTlx2?|9yn%^pQo%K8liCk4?{WjTAJb<yYS&tR1R2QU+L3BtI83cr%jQ(S4447XH>S
zJo=IRRanMY23Jk@DcxFshmIq>Nk<K{$F<h4D<K`wFi}ARItbJK<f;XGu5)utRN|FK
zJjJFLV^TpG<QO&5`SjaeZR#`Af6*ryTXM)ONHz{3MXRu|g1CVw)685^RY5*5fpW30
zWfow*$p?6Fn*;deA;zjJ4hX?yX^HBqis_*lOj;Y&EN!kY!w&FWl@VPB?YRJL>%z+e
z^W*EF8&zT7L=tIh*2#*f!f+K0(h`^Em15>3#Q~j_VhMOoFH$&CrHxq_*dm;cE^g#6
zGnrb#4bErFUXUAGUV%j-mgjM$Nm-nN6Arw={V-+!1qfXyiCC?{4Ti2{gTpZuZNSBL
z?;f8qC}98ra}q#fj^zd!AE5;dZB6p7hiO9M6UDBq1^3r_D9KV2WUGRFv+<h9k41{J
zp9qE_e@q(a_tO{|l<5AW$A;$UdV!>@)j?g`jJq{rBZ-nroAE~dbk??`PMme(xz;uG
zct#v<mxQ&u=Hu;R7rT9mG3ZFf?el`#ZBIsQYj3XEl!jZ~)M~lH7j~&8ka<QHa;B%{
zajVX4O-4*=FOJ#x4A{4Ak6lVX7ell9!RfzLH@7?4<dv=0&}mADF^jH+QCxYXV|J-g
z=#!z~^(Hj024SYJBMMQ;{l55FAkGqZbdk@UCm}0s$_g@c)y?>BJ71<1z-WchH-Xqy
zk%iYjSnY6MR$dOht<r{7qQyu<ieLY}(qS=T-J_)kCwWAkQF3BQQR*L7W{Re0^E$hb
zrmLJwTvD1}?0{7nnp@Q7i^3w}TKd*w(YCIKC)~mzb*V1!WNb}3%ssPpjwV~G2H8|p
zD^x)yu3}k&tl9;xZaDY)GdT=q{FW;v!gPM;bn41KF+K<8B=M&v-0tpk%Q<?-FxW$x
zNIzqu8&D@|Vdi&5Ca|Z5DEd$wilua$Cblr1+HOerJSZ0(2AOlsSnD(*|BCA=x1KA;
zxGX>|D#s#diOQ<l1PWnsIgDOa+Rr{qylsluu(ee}J?Kb>gr@(eDza;A%@QB-QvMdP
zf$DaonX34U0QwpmS42SJWxr@&AL}`hLFt=QYz?X&bw$bl_=A(s>>@S2aj37-8%1aL
z|B|b%)V8O3&3_O?N223UEp*A3v%|}P#$zh-2q_y&p%qe5{XT`y^XchD7L73S%Ayff
zH(u|af=WEK4H>JK5mg&s)F^5D(aKDW$uJvW6bl(6yG{^QSxceAbkKzUYPrQ{7rP)r
zNxS7V27p4)?(0c*UpI;MTgm~>5$m*qV{|YOFQj20P1BDH>M<2R81~H;6(Wx#T>kV~
z7n7uesf1@b+O0@JQ}M!8Cp7D1OB&aHS&S6iypa~DHO!fxTqgZ;^N_yw8&kFEu<S2~
zp(@V%rxYR^B)(H-_ZqB>h*k@0_js*PyN4PkV|B{y*pHN&j4)Hdx+&(<@*ok4c$Bu9
zj+f<n3--7acR|u5@uz0I=11Q+qJ!T(TuY`DK&&=j?~i7#McjIlW7wI<tA=SM9`eW{
zA;`UaXBc-P)k`=|kMs|*a>!(jUWy#|9zJKyn?hh2L1L#=tRAp)<{{Lu)?u?uBmVNb
z_xy2NkB~};L_i!A2yuC1gx@i@nTXZ-8}-gsEBa*!bJcBGOT<AjQqywDY}jZ@AWP5k
zvBqp~z_VAEDkfQK7G#+t3@5D!A#s~~)wDd)*r4KXp51_7=A!BNn}-bjAwjJCkGm}{
zwcD>>_RHFMv=kx^Z29Jly#D48$Ng>`^fHP+h($Tf3!#F!>P+;hbwqe05|9EJr8H5G
zq#J(7*V~h_GC|`M2Gm)^A>truez<;ZHXFYqdPsUQLw&t+8vybq;%=&UaO{qEKjyDN
z?!2(4^TMwOVr#rt5t6TYE&`q}UDXmk1lL5GKOXExp)mw$uD*&by#AwFR%nNMNxxA%
zR6gbv`=|a6&JkhGB~<mJu+GQkc&H}gSSW#31ocPmI73tofZhe>`<CGDCOI7cMKx8i
zHs9){w6!Momhj0Bx16;YW1O=@!Q7%qXAtwhM1jIzRJ#X`u6SY?y0Jg+f2sv=cV5Wb
zHRWL4K#NK{V2bR@Qg!L)=wj9iOc|SWP~RZlS$eNFMLvM}?!qb~p%AjojD@XipO;40
zBJqiUi4-8f{|l9fe%qU400ju=CIXid*C6O?0|AIX3D*QG3K)|hA(XYAV$UsTrO_1w
z#l>m=&S?Y?qa)2`B{d@*CB<H9pouzr*-mSSH$#}07pqEJWOx~%q`dv`=U)5iu%RQ0
zb@xkoxDS$3--5IODoh@y#s~?pzViZ5g9X+%Mh2juF~mH%Mfx4ivsq(83aATv()B#j
zqzlUeAA=AS@Pa3@&4yUKiZ!4`zJiS$i|U-@3^XLM@;>5ZVCEzP1_8XFl;GybB`;rO
zWHO9QQj9%u#AqNigqn;!$VBKM59p1U`lYeqK%U{curo%WM!skwjNs}*Bu2i4qRikY
zta;z-@~}Z3P**W?vQLHpn;P7$lzww_u0`Ae@iKydPg5A+nrs-~20VkX6;J-YT*C(T
zNo-Jk8yg36M9XqmJX1vA{~^#BMqSeUfAX9FiA5+pf3!{DB_W0Hq#y;LP6M!>APk6{
zg9mybna5Nw`T;CZNezNp3PJ#r*CrN+`o@9|m^V$WS6HYGqo(w_wTb`kURj$lL}Z$v
zCB@&y7kJ*%I9+90tS<w{CP5@n&Pt?6eRpx<T~l5F46upbI1iZ&i6u+0$^Pr7s)Hm+
z|0hLLr*l1o2c>f1Q#+aoMyN(!O3=z+x!d&;E*_FB#mF&TR;?04uk*fjK|=T^yR;|C
z;J1;YV+(hyWBvH<=~Clk^LjQtHQ9sg+vgZ=?u~FdU`k{SuNGyk%lwngE_BLTEHnwN
zk8pUaaMJ2<Aqdka8hG8bIBYYQNMc|~w7AnNick{4cUAX9{y3+}tx@;GlpkUqdfnWP
zVYfh7f1ij>)PY?g#(XgZJ#A?ZnVh0s<`P6dj<N_2gliIkwo>M?AFYIQQNGI3YP)rD
zsw~Mv>Ogy%Y{?6lCpM8iNo?Q<Vqvayow@t%R}g+zC!^i~%V3TwsJmvr&{~f1y60#P
zerP}48at6x$Jmc4L{j{mC>3Y^)7s#I;I!emMo?c(@5{br*mmy|Rc=B1Y67Kqo(}ba
zE)7v%IxO0~6bbSDAZtX3djh!EEa&3Uy^`NEvR%oj78&R|Y=nRc3G-iwl%}ott+NT^
z+i4}*TfAT^bLeStOC;ox;|@vRC*<Ld-PKa0t9BGKBW?12g~G(ySRd3M^kvO+GL)Hi
zEgH&Jk)Oad1IEpdwBa=-ivN{TBo!Q36%tz&B59-2?!rt`;?o7qctS3(yz;eBp_mHt
zwQ1`*grC!>WGJ#TpyG^+f@8cakct6?So=XJM`8{(^|N}FLEi6$3X}^{J*F?ndg)+d
zq|ov_`<wQ9-p&ED{%_iAsr9a66YV9xs5Y4$^G$o_+x`i4s_Eafw+!x^_AVBE(_TyE
z|C{zU-tOP9N-UCP9FG)}<m{#mfOQ>{k6NP&xyvT03`g@^p}laLIK$Mni=wR}JR!hu
zb^UhI%uA8Np`*_DP<$hhCQe4HnroZ&HqS(hf<ZA#Dmv2Gr7~(7f&N(<9={iDLYWnd
zL(baEX;X1DJ6GT5qtg>G4xRiRSjRtU?CQS9TNyrVSCQE3C3B3O(?V%uby6j&@Jv>t
z*GRiO4Y_e{Lz7%Nb|tnua&Di9Xiqg`2ef3^(H(2GM5yS{9jBl9jupiH|MPI)_oY?V
zkH0Q$MCWYCzXrhdi_sn9^kEG4d*(}^o;!9KY%RBE*ol@n;g+VKwH<k*q~_0!6BLg!
zV9o7<8M!A92A(l+>tZb_Rn*FBo@v~^qKf3QctP&sVq47e@Zo32^FtZ#3&Ut)?C(J4
zxQu|5<b&hsonxgf^)j&1uDGdjtw9BOSP0^P7omBY8Tw+274fGR*<oZ0#@0sdRU;@8
zOZ=!8I?8ZKU_I56c}o7nWd9*Ajc$zKHu+SV?%Ed88^O|KF#m&glPwz029!RSqhZnv
z!Z%48*YXer0wtH(oTyqvr($Ezmr2I>g#ICVnd@b`*ZOQaet;Xchm#da(RYl|Eljdl
zrFWBXbK_2F7HG%3UkJm#W(f*6DIbRe(-{<kCGEl)JlIvyN1?uFB1d+OOLJRF0mM1J
z3%-XB*AI3H7&hm#pBRhp+1V8U$ptEa){kf{EV{`uh}R>f+8_%{3%{bSi5oKsyfU=3
zH^VoC9=v3615ls__07{V_8LJG7d_wewW!w!<I$`KDpw_PT8|l%(ugF+PvweUs#PU|
zQ#t{nm_I?{gu}83GO`SqtHG5Z6Hs6UH=A@kolUy~Z%mNCCP-H^)tVO&+BBKX?_9^B
zwW&V^V%Z_{CDV8WRCquE2IT>mZ~6q6OgLt%AT>v<0D~IJ6tL|^>oQi^MhM>>ZUBv~
z&HNP*3wa;-=`&y{3bu0Y7Knwo<7@s7=piW$A*cAk8(<ZihoBE;@dijrC_~VfJbeRr
z%C17xJT&+KI*YDAPB?vj^n@wB0MSrJ{^(Iseg%5Sn)+Tx`3dlpIft0hv*h=^s-zxg
z`3-pTg7Gan{Q|tnze3Dd>jE|lzd%YZ$kqz}f|wg`ejhWDa$tDHz@P$5AQ0ty>hOjN
zP=?{v5%_4oL}Z`&5eME++*4L7mRbWjDkg0qlY_;AijZ>@=~{5tHt!hBd-pT#TV#O?
ziE=mrJ$VdmC2*3gEoFe3&MH8SIew00oRsfSC>4<B!VoMrNd>4tI10GA5>O3A1bz@0
zl;&n8K!3d|_OE%KCHW}!Xid_0(~AuuB|sUbtqV3LW=aqQ4PwX*S-)Y|pFjggePNg%
zR`<Yz0hrckH23RAvTW^9>N$nRY;dNEH!Sbnd@S+M>dfyOe=K{pHq{s83!KU@cEN&>
z0QTeOoWTs*oU4S^f1V(eUi@>(d@(y}Lp)5Am~3*|hX==)s5wm&3_@O4*Q(gqsPi~|
z$*Nc#x9~2%jXyTSA)xRf)~*1t1`tdOgjsmQ*BRIB(n_u|)~bBkWQFv&?Iz=8`Tl%i
z8X%fXNo*>2>O<Q?V{A&y498P0Qhb0P)<n620z=4ydqa={T`CUfc<it@;RM!Q!msln
zV-G;kYub@!|Bs<U+ot8Ze3jbfvb^Dq#A3;6@~xMUVNN^yW&$$f<xlNyWOPH>XW$u%
z>6y9;wJ5BkKilL>tSa}=wdmZU+3XKET|VaPCEd5d^{K=B8w0b4SinAT{_=!-m1LFC
zSD{Jh)4k?;222xsZTVZZp=vj%Bf0ixGTBBr7BL`c=$x1?)V`8yj5TZ`K-Lk8|I&SM
z2m%n8Kq>uzP;&rk9T4IgI$#ms@pi_P0#GCy%gtt{N~6It@7qumi4KaGrr?ebd&*w2
z1szuNqDdEDMMJY}k6RF9<(d*I6_X}9VeQS3P6B}J6R4II?8}*1R7p}T0ZhhFCz??g
z_Yo>Ko(OZKqVDVS-HP|(ef<t)3Fj5)^4<RR!`j-mN3R=!Z>GB~UsM_CUP^rqw~(E5
z*<f@k>>%PGC?%(ItwAyMUz~Z3iBr1N2NDC0j64nrNLmgbGBMUCF*7DKa)T@rJhxKT
zYQ!}v2r(6!lM;|hU*t+-eAbMKMMOB08#E}bp*F;C8KjNmH~r=E6_BOa_frEpNSG}x
z65)s)jrYop_9^r`$;L}ya_g%HV!TQjgk>3Ir|5@C>f1>3uOcaD5K?_!4vn6`hHZhx
z2S^OL%!GFSrBaTvO$R9-aefgG7q6XUr~_Fn#WmXz`8tWvw2=%-+GQ`4@9NwyBkC?c
z596X_L@^#aqAin8Llgy*y0hxxamidY7ivPFH)>-+pM*VwlG2o`9A<S?zZBGr%ea5;
zr%nWpxRzzf9QqMKZ3T|(;C&5u*aNx-hs;WtG5dIVu}qgX1-mDW&l(;DSDv+VO^d6k
z)?k^XtazYKKt3VsfgdfF+#!wv&1c4>X?zd6=ek5NvqeWq(P69s)<e+!nm~M-5;9ks
zvM>%rqD#D1SbyNsLcnv2lgI*v?^K!%<?Zu{IyBWa7A{h0Zmxe%8&s|ZX5jo_g58-V
z<q5MUDrEq+r>HrZqmGzEDG$52>yuiSJL~%Gl3xzu>|6t#9AZOAcDpT8ZpU4vWGR&~
zE@P=6qOt>A4d}rC%oN6v5-O8I{i!IP@2ltPR~m~Z02FtUY?NszSO8L?me_o9%~Q>?
za9F1$+WH16{t5G3Y$RmyRIlF^acdY*$1)ouuT<Q6Tu_E96u7rCPH?L-@5+%UWj^io
zuwk}oHFEz$y9c|RtGoQ~Y@=1o8wPd}mUfVl(4m(0RETwRhMx+}mz+W(RiKH5z~Qb6
zcr3G?4ZiNI7g1%{2&8VN6KDS6)z#7`-V1xQe>p>on#wL$>U<K}<jql#2poB@Inede
zAO|}er^#JHN{oTm9{DMrA!ShDumun8=j@Bs8ci+=satA1Q(SHw+621nvVUBy`(3}~
zCSkRAkF@#vj->aa#g(AX@pvw_VUy+>ALgWm4J2Pc{Hk&8?{&&0br&DC<jgEJx`UV`
z#zf=HGEN~Q%s)wU;}2sJwUcDwoW_Ga4buHamPgn(FRcqp#uq6(i6}PaRLE3?w<J-Y
z9FflJ7eI_~d_tvZBKRv%^&ORhEM<&v;36O~F7Q^mx962oa+)lgC*QUPhU#!_+VjQM
ztX8J#*$*At%q`)&D6(`GU!_cnCm>Z9rH{OuTVaD95W-06aE6?yaImg@w?%O!+hkh#
z-XxQXm`C(CTuq)%Sd?fO{A;cZnU4CNac?UBS~po4K?Eh^TZ+2*3bSAG*RgLJj-y_Q
zQz1<u{`?p*&Ou;aYEV(%_VQ~Jd*w<v!|cGl-P`a~BF{RP-`5XcpLQqRdbw-=s>IU#
zPZ?6=P1zA;j!EE-oYOhonZx~hgB{lepR`p)XZ=6@{hP11Gm=7b=fq4gRnGat_w1cZ
zM^02Mh~UZoWP{q7mZrTM&uuE2EKFJm7hTkc{_v4mz{<(5pa&zqr|lm0qQ#($_5PFb
zE$8MCj=4O<TEplrnPci6nXzU=gT;R8reRdm!kVh820BcfW3k3*lcPwIvsl%!Y(X3b
z4BOCv=suf78Ysw(&^7U;ny)CSjbW3ud3InfMpkOqFb&j*>SXYIX(kP0xj2j=N6Za<
zO%8cr%N)nhs&WaGt#u<bUGb}|b+>Mor$E`g8RJLj=VqZYD9W5wH6#yu2-N10t-kFv
z@1Ue2!E$e#Y$)0po!6?YB}+bW<4P=G-gsYPStYs-gLTEBvtxv7YIRmLJ33|~rLu-M
z|HtKfP`8ywiA9>2r0Z$X1g~A=q3RllxZ~YA7PrE--j<;J36-CISvw=sfubtsB1-p&
z4ep_|M_v8Zq7Z_#NlI~$`HT_&a9o$10X|A)V|+7QUh8-=U8ouqD>T;rz;sjcd4dGu
zs3p<l2of||pCZ5O-V2X1*Q>M{ME-ka5spa36@^>uR?M3TKT$;1p)WHRDlM1=A?c|~
zJ3Qn1G@mjDR*;-}aKhO2Pk-n~ZAeaEqG)QiOt3?O&!8esbIzcrO=3XBL{^zo9}w?6
z*?GOZ@slie6tY00cL(L8SRj&qt%sYR76lun>_NR!=31$wgh8NGafTN6paVNc%*A_6
zW=!lf;}io|>Iqw>zk!RT((+w2c*jN4(6}YM<$tSgXhIEEqFQ?+ua!Kt6%1GpVh_1p
zItE=97nx~ot&xLAq&S-Mn!@K8t20V*rU%sUUD9=-&&4Z~22-KZ7+BDf+D(3L_%@s5
ze_c^U!LX^5?KS@tZe^ic8y*6ACVuA`-jbf=Z6Ky*3a`e;>2-~*T4><P&?1i|3k@oU
z>(U?gu<5<?bDOo^HV<ieS#wY6uDzMs#b`hGE8nAKrK_8%-n5Tnw&}}%YNVvHL#=++
zhKxb~#2WO;Hg%%?rFS-HU%w@DCoSl3m@f%SPHK@Pb)f-@M@=uR-;5~MxSC+yyiDa3
z7~9lvJ7t`d^W=?L7TJs`<pR<LA`VuT|5J18B75I}*O?^GN9&nM$)~vzU)ME8kG;js
zJ^%$G_RBQ}JzQ~+M?xL<qm|&$oZ+tj?RfaXlcwu#x6Hb@3OBcb<FFZU7H_L_iR~5(
z@Xp&g0uJ^sl!?k@y+S%mtm43)h>VY8X?!{`jsS3Ss1HbXmQNlZ=y4d<mum26ZaAN*
zQqk#J&Ia0@{V=%<D#2P3SZh3w@)pr3pr)41HqZn;?tumsbKoazDb`DsD5fl=jNF*(
zmCHl~QwOJY#Ys7$z~V#LC&A-GP{RJTJe!Z*6;Q)+*k~)uE0oAtrs$uO<`nkg6y{E|
z>RmLQwjIxVZ2aQM20z`e&*PoUYwQ88*kBbpWzIFLL}c#jiA9FUq9t^B<Bg6`++jA*
zkFrKorl*NagvFE=ETe)5gp9Gywr%<RV*t@CW|m4x;AcuWCzTc4E9UQ|dqx14D?V*R
zNH&D8AP!#?J}q5vXFR0cJ{|Zjevl}Zd26h{0j1?RPLfc_V%tczi_MG(<3(BgQE;yH
zYeYyO2WFU;Jo7O@BO)zyhK8v(`Z^2;Yfn+WXepI1-HlZ&6*w*Q45eYke18QQYlP%p
zigUgyR|*f>1Qw}o64a6AZ)Lr*uVbPRr0HPuRV4OIXre%$@K`c`k_a(DvHJ@e%sqI}
zL-bv4BZ(=`-c1EafOHnhDmDOO>`6Y@ntyKyP=PAFAQ&hc6#BU5)^IoM<b`t2wEX7m
zlC~B;)W{ybKQ)pQD(h}#p3mgQ@@IscXoEc3^r_H*Knpi$VJ_-VaeLh%b!hP<I8-IM
z8PymHY+5BA_C@+bV@e7$`fSvUa&F=Cu{|lohUzYNS6E9@1xK{-&>tma^S%H(Q%a-9
zX^KGw+wbBKd9#E$hYZTK9!HAcp^UNK5BpA7|Nd2TAh#ghr0Zup9j>Pc`(X_a3A^WA
z{*^zoQ9U-8s}QJ-R$o}ZMNO?UyV&ckc*xC`{7K;Nl?6sj4QGu>O@6@tEo1R_b=rl)
zHDjaelCBBEaUH6@xXCOelvWG4zF3iuv+AQO`Sq<dnCierlk;h7%=K`*Ozo^fl$$PJ
zh9=antzgO9+pK~;ruRqz9hn%&diA|Ox;uy^5UR#=)a~H+_Is$s+nQBy@jn{XJ>qDN
z<R&bd6GhcceHRHneUgUPqw942ejY2T7qzB@5%uM8fYm>f9AM6mN_)!e<n481mcHPw
zNrTJ=se<S)1#3ebG8atIrKs<j+5*KS35W?HYG|Yfx?tyHQcqV0z}emy$H<SLKGnr-
z6j#iNu*YbFrQX8=1Tg_6hM3SqPB1$JfJj*{rBY;=Zh=~heA-nOl8mK-ebyGsQJ}`D
ze+4Io>TR_xjk~^`ox8r)=sj$cxW0#Q3h;{y3yr`%QTjO^<*-hGl1K&+R3yNE^had0
zv#(Hp2k#>}(cq&DQ$P_oL}IyJ8V5ePKJBzFOR+kIR1=pOV^uX2HF6p!*92=o1D&=-
zLbT+>GENa1_ieRb*)Z^|LhHU>-`2T7(x5Ax)rm<b#@rro{8GJQ7YK)z3AEGDUi$Xx
z3?Z}!D02(!heKttTPcsmQ{}vM)u2|JpLAaA7huBt@g}*sq2>~d4seCMd{Z?4g^tlf
zQ4-5BX6Jkyf{WA;*0S_?yvvsQ(-61jbglKutUnS#mt$v>BEk@umS}CmWEIn2ofuJY
z*&ha5YxE?DVr*S+T|20S8^`zkNXQgxW1A>9qI~VWHK6FeP|m)@3j!ys`WB0!>Qc#k
z!}D*bnr9Nc_gvImS_U(H{LylATehXQi-QONq3I9k4Ry4p%VpRyYzx68xcn;JEj+JE
zyK)U!%J9^tEQ0pCC660;ygfGd0=ME>IOG`5cO|T!y`)eD5$4M6=@iW61X9=hg4WM@
z-`>GzS^LdwH@jc2b_aOc^9{x(?Z#F6tetmyYk|K-mU4HD{H=f{6POmV+0s)~!BO|e
z^cT_qm?(4cZVc2dN6AYt%Zbb9aKHaPzx!-meRt}3m+oHG+w1&tw0%r=FYX?|`TV-R
zPxeml_G|w*+&ZAY#s96*{36}jfBg>rx4yf3xXhb-AIbNs(Ia^vtf85q;<@kp*C!94
zy*9Z0`Emu^4Q%4+ko=4(P{|0WBPhd6GNqZa;?$qE;Uq{0Q;#3_a&xH$CXvjQOXkEJ
zHoIy#FZX(tuu5%yQU`A0Vqv7KfWkxmwZ63~ZH7N|t~6h>;?minGTv7DGk(~!dZUj1
z6pcd&KfmSO!;Sy%;O4Z^0f;7BLu+e8?Nf~!zF*mUN2Z(GJt+f!K+-jSTf3U_z#!xD
z9kwmxB}>9)C0C_k=jOR0c4e5=<&!EM4ScZX)xZeLJk$CKx&HXrVNG~&KApK$)vgRH
z27+1Xt^L^JPn=J&uqH_D=M8b(xwV_-Aq~^c7VOIPTb|A-MLVYHk^2;Df%$R$mfzk1
zu55K0@7Ql`tmo17r`R4+uKVN`L`j;58(5|4w$Qe4uj(%bw8Ug_SH(|qjZL%F3NRHq
z+Q-W4BgIJ&0n1aM?Q4O6-Es}HT2;-zJrgWtDc_ysyseGK_&?Jt26BJLZ)g<cv)7+<
z2jn%oetS-FfVHai>>`J8z`OmhLv!`8r042GQz8n5G#XQv#%6PUF6bHAk8W+KHoL#h
zBCw?s=F^bNN4aqs%W`8)9tP(Oa1ZD=+j4|I^HUe+h{yVdkcfU61x?<}ThGSK2Gvsk
z%nP8mZH+mmSP?;KV^#L4d{GJn5kclOhUUDN#x@~yaxk?LDD}>e9@LKC2#{qaq!Np@
z=#W!#4?FT`o0>gN@@NHGUwqf3@yA9?rP7-5D}CIeG$?ExeMdGptS$p(llX**Ou^O;
z+IK*-$rN~6qDTo*S;_c*xsyXmvsTafj`f$q3Yn*S%c@AWiC%{`L<GS32skI&Q?)w%
zmu<V-16Mn+w=oZTSutaPg>!_Ro#c-5Pe7D`C-G2g?I=_N`SvD}2<vV9gB(+KK&kf&
z%d`}3WcG|Hls~1$M8<m}Y+{9elX)9{!pERfh1xm1$03NW(E8ADOdAO7OG08`)!m^2
z9HSPk&5wwq2C7tqU1K(l6MC0HY^UDK!?02AC^L)A$eWxPecd6IIG3^`$jI+bDs$4E
z>eUgb>(+HC-<=+xa=y7ySM2-*>&~^o?&Y`cJA6R-TOA_xH!B)c;#~Wpk)f6NpCP6n
zh?H+gQn#@E49345t7rHe`)Gun5hE?HenW^LebY3;^4g)IB^-;426MIj&sQFU^^Xm?
z`EqAor&>0ijJJO*&5rj!EDiksVrc>)M470sR~R$V4`1W{Tw6)S`lC!@BbqRY@Rgam
zL7~HeQEqs0WcaIQvEcoqlSOVw1)<5h;92&>`Z~RV7F+9Ix3S0KM)cokU5inKPxyjW
zIW)nC&>?cIDkii5Y5W5oMd)X!T%N!>y??r;%?!l#u{{Be2{sw_+33<IFXcQ#=~MLY
z4}Z^QeDM3x3-GPU?1J75{BGE-i9G$A+zr>FOKM|2cYGDsu*9)}5U39lcV_9u2@>VK
zC@KWEu7$IK8R*9J$HE=yU%rR8y5pi!sM<Mlr~WkTAyv3OB(Ce@*nz#{9~GwDgxB@k
z()W9ffk+i)Wh);yo?>9c%cCR{P?L>xk<WshvYt4i)8}0kv-kh(;=*=Po>u3N5j1-=
zTgVt&TEV38k?iuQH|~sOI0miyCOHP-Z5)K}BItEkkq&Rj7jr`;lS8BORE0*fWs2|m
z=U>8wis?A@b22YS2b+e-H%IbEy^u-P#lDe1+cz_02|+b0C}`A7HW?j}VYs|6v@as2
zV8YYQ2yP2n3!XBGt~+rC@ac8f;~CZbMs;&j%{>Nlz{kK!RsqS0N{=JN>@=zLkUPIe
z+<L!2`N*<X(7bL^De52Qr0YfZ?xxEfSv$Uttu)YA{Qt_8sAEb5p}!yDuebYgwTd@a
z>D!xhlm6>&kj2oqh7Z%&&)xbg&J_MtPBF|0Vs%g`<5pLyWS#GRrN;6I{S1G&&4EUl
z0BPE+L74CfrD2*Xj>?WA_Jusx#HFmM*T}D0UspoZ#9^E|Q~(orx|L!l3Nln#GzNMP
zWV98+*G-U3WGEaN!Vs=>{l*ls6JE;SO6H{!t@G$!FvS7L0>o42EhW`thb^UzQ7n~W
zuRa)N9N~epYPAU>_KpE5l@@1}L2@K*jbzpY2?ie4Ucu{r;(ywuP^S_`w=>Cf{QjC>
zU+L@y>PBk#5(MA-)A}ro_{SG!C>=jKgM|khfu4;QT?vejBpsMAaEH9#c|JckEC&<@
z1Ne6+B=g-i(HgAxxW9VOwh|!Zz>U@Pq#@fsP?}B6`D?hCyPf{QBzm+UwYj=WpD3`v
zL(pATC*(qpc{;OSlqMvVYYcOYpPAkaI~W5)a6$#v3Ha+zCpK57%5nFRsvNx}eR4e%
zOZDB=pY=j#!Dit1pT>Wjo5?`hY(o4Ub|082$B`dJ3mv_0+)WEQWAJcex^~>BvoE5>
zcFL4#Rky%rJOdo)@?&VKx=!aaJ3D!;y%>TXjvD#1gJV5|fpglW4H{ojWSCISEDBG8
zllTz)M^_fm1UA3NE$Q!23XUGU8ZzYqi_eo+G7+f_sAT*yi?H;1DDS9K-o~k*ZK7dJ
zlrByrK0k3!bzfr_hoa1tLf_gXfEn-pX}t3=79sPOL}DHm<_v`W?;a66UCGN)yO`xq
zB;MO7@Uj8?>sn>ZykRK%)An&<Gl#+wu~XmjmHxUOJSJi#FL?GCXP3gNhx9HW&MEDx
z8o0o4#(kAGon=5hw)+4}B<mj?FxwfVKo@-715XXNHE60wigMwwUeYel6bvlET<oH?
z_?2R$R4L?$LU?EB?4?w{T(LKIT3wP$d9rEWbKyjr?8UK2;mZ?Vh8D9Q(<4brO{%W0
zi?f0X%Wi}8w%3oTD+v9zQon=Au3Jw`%NKdmOsT88NU7{r-4c#cuPm#W?AOmZ!#9hP
z?eJmDRg)HQ{d3uFHBhdq;J@tzK0nRktnb7}863<WFI&63b*oL@n#d`S;=KmlMR&()
z(2Aec9%)4}s$UN?_O9EMKS(q7x=n*quQ2)7XdQB%2l4lRnn|6v8-4tWzGYU^@^|{^
zWaSyIHU;wCf>C^fIn-a6aUyKtOrQuRIOYunZ0&_NlPkSGU+c!oUvc&7kfZL@x68RJ
zqVUy3E9;$1-vwxop2O*4?Lc^7ez!WN`jtSMIy?E=Q0KMLSG9ALAMKR~uQu-}VdYHd
z^m1gJdOmEvg{(swcxGQzQ818d>{Nkkb9Hqc-t~^MW<e3osi9YT&f3jfVO&d<x>sb$
zGp#mSu&m<5p75tVw<5ujJ)vWaYeV6x>MqFfXX}3dra~D)56^i!v<<h<hJq#c_rey_
zO*j+qtDw3?IFnQ)?#|o_UJ_e3Q4Or-Lo}1ZuEL8wR<Dk{gP#_!3^ukD>02r%^m|oj
zBUN$?S_<@jB@1_6F(#;Rd;L-<Xh0Oy=NP96&^>m?+dk<9w=``p@c0_P?k`=RM&H>|
zez{3i;}?BJx}m#ozipY|X8gT(BV7K7{_3=-%LJv-1UcS6Fk)$s>Lbwr9liFyJ|U0x
z`EXtTI|agnVwACxjPJ9CO@=?bUBq6Dz{fkMh*+QPPkD-m9P4F}fXFFTa6Z^+*F1Xj
z&uaecB~oN>?}R>JY&jpJps@$E*Kdv_;4?=9ihDmYWrHkoP@E!R)bfEF>c9Uz`=fuu
zoRRd>y*^~&V7MRuboG9<H8c6UNCk@!@_Op)^c!9~@<Uc;^PS_Detmt$VvtyH1af2E
zMP}Ev4mwAVRu$ZBhw^5D7OZ2XBIz4KqmU#LU3a@(^FB=pF->D>dwA$eZ;jK}(fN<^
z-1^>)o|F^&H}}{6Ag!lN6#SKj{7b5%9*2JYa$CTzmwZHyg^qv_p3M4yd79ikZR+#n
z=<i?tzj}MM8C4ItLFA78vr#4ZvR59($;Qf#4x>lZrwg*tf%3(HuO^v$v-cq~=?W{x
zN70m7BZ%&hF<yqToSBZRGBzV3c`KW;(aED(_4A1I_&yZZz0$8AKJD6e<kfB&yj2Om
zzqo$<i2^w>VK)O2x~m4}k6MX)GpiRpgL0ra66M_eeV$r2Q?OHUYh7TORgZ8;&$hvJ
zsYYJ;;2DaLr;V5!H=`;pBlHVLj=qBgU(!7E^V|!=z_XRZzo1D&c%j?ZFznMUoY>k+
z>WNRVLpJGGl682cH=TTND^F*#w$2CNO;x{xrzDqmhd7@$cuvVn@pVj5&{oXsrG;f#
zNi%3rr9eKdZ|A8V1LtDVugp-rk}AeixT20mC_TG2t+b0ks0FYO%!z{Xl~4BILfuCL
zfwE!rCj<Vqpm%{Tfu8}d3_to(gdY|nvf>xeozhnJA{$Z%ug*+wg=1`M^9}h3TX?RG
z)ezLUsXgOYUJLN6T$RL!GpEh%8kzTk4>G6EXDyEh?IO9em-iPZskyaJjIs5q?Xkxw
zXl%&t3nq<WgFD`^azD1~#cs@KD^)C;on|@G_Kx$ED(=KLCCT6>wc6s1#QEh%y7OEn
zr(?iLxur0pcbqxm#0a;k5X1@|!&9mBmI>D1lGX#0>ccVZ#@F=_wZgD-wld?J-><1O
zxDWbv%#VwWIV=QRUoe0QuI6(6|EBI2mU9!=Cv#n9<XXg-aDZRLRR6vI`%(QDMnM_~
z7!`o}J>eD-;OooqQ_Vt6?+F3`2*(BhFup(i_W%MA{O1Y)7&)4J&%af*5HT^eu(fcu
ru(SQoEZqOO$^UD3?*G|@8uI@!N>@P|4E)~`;O}R^_m%MXzjyx&Q(S}A

diff --git a/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json b/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json
deleted file mode 100644
index c2b7b93bf43..00000000000
--- a/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json	
+++ /dev/null
@@ -1,145 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
-  "handler": "Microsoft.Azure.CreateUIDef",
-  "version": "0.1.2-preview",
-  "parameters": {
-    "config": {
-      "isWizard": false,
-      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/azure/azure-sentinel/blob/master/Logos/SpyCloud_Enterprise_Protection.svg\" width=\"75\" height=\"75\" >\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SpyCloud%20Enterprise%20Protection/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nCybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.\n\n**Analytic Rules:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
-        "subscription": {
-          "resourceProviders": [
-            "Microsoft.OperationsManagement/solutions",
-            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
-            "Microsoft.Insights/workbooks",
-            "Microsoft.Logic/workflows"
-          ]
-        },
-        "location": {
-          "metadata": {
-            "hidden": "Hiding location, we get it from the log analytics workspace"
-          },
-          "visible": false
-        },
-        "resourceGroup": {
-          "allowExisting": true
-        }
-      }
-    },
-    "basics": [
-      {
-        "name": "getLAWorkspace",
-        "type": "Microsoft.Solutions.ArmApiControl",
-        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
-        "condition": "[greater(length(resourceGroup().name),0)]",
-        "request": {
-          "method": "GET",
-          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
-        }
-      },
-      {
-        "name": "workspace",
-        "type": "Microsoft.Common.DropDown",
-        "label": "Workspace",
-        "placeholder": "Select a workspace",
-        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
-        "constraints": {
-          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
-          "required": true
-        },
-        "visible": true
-      }
-    ],
-    "steps": [
-      {
-        "name": "analytics",
-        "label": "Analytics",
-        "subLabel": {
-          "preValidation": "Configure the analytics",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Analytics",
-        "elements": [
-          {
-            "name": "analytics-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
-            }
-          },
-          {
-            "name": "analytics-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
-              }
-            }
-          },
-          {
-            "name": "analytic1",
-            "type": "Microsoft.Common.Section",
-            "label": "SpyCloud Enterprise Breach Detection",
-            "elements": [
-              {
-                "name": "analytic1-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data"
-                }
-              }
-            ]
-          },
-          {
-            "name": "analytic2",
-            "type": "Microsoft.Common.Section",
-            "label": "SpyCloud Enterprise Malware Detection",
-            "elements": [
-              {
-                "name": "analytic2-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data"
-                }
-              }
-            ]
-          }
-        ]
-      },
-      {
-        "name": "playbooks",
-        "label": "Playbooks",
-        "subLabel": {
-          "preValidation": "Configure the playbooks",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Playbooks",
-        "elements": [
-          {
-            "name": "playbooks-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
-            }
-          },
-          {
-            "name": "playbooks-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
-              }
-            }
-          }
-        ]
-      }
-    ],
-    "outputs": {
-      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
-      "location": "[location()]",
-      "workspace": "[basics('workspace')]"
-    }
-  }
-}
diff --git a/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json b/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json
deleted file mode 100644
index ba12ceb52ac..00000000000
--- a/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json	
+++ /dev/null
@@ -1,7400 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "metadata": {
-    "author": "SpyCloud",
-    "comments": "Solution template for SpyCloud Enterprise Protection"
-  },
-  "parameters": {
-    "location": {
-      "type": "string",
-      "minLength": 1,
-      "defaultValue": "[resourceGroup().location]",
-      "metadata": {
-        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
-      }
-    },
-    "workspace-location": {
-      "type": "string",
-      "defaultValue": "",
-      "metadata": {
-        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
-      }
-    },
-    "workspace": {
-      "defaultValue": "",
-      "type": "string",
-      "metadata": {
-        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
-      }
-    }
-  },
-  "variables": {
-    "_solutionName": "SpyCloud Enterprise Protection",
-    "_solutionVersion": "3.0.0",
-    "solutionId": "spycloudinc1680448518850.azure-sentinel-solution-spycloudenterprise",
-    "_solutionId": "[variables('solutionId')]",
-    "Custom Connector": "Custom Connector",
-    "_Custom Connector": "[variables('Custom Connector')]",
-    "TemplateEmptyArray": "[json('[]')]",
-    "playbookVersion1": "1.0",
-    "playbookContentId1": "Custom Connector",
-    "_playbookContentId1": "[variables('playbookContentId1')]",
-    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId1'))))]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
-    "blanks": "[replace('b', 'b', '')]",
-    "SpyCloud-Breach-Playbook": "SpyCloud-Breach-Playbook",
-    "_SpyCloud-Breach-Playbook": "[variables('SpyCloud-Breach-Playbook')]",
-    "playbookVersion2": "1.0",
-    "playbookContentId2": "SpyCloud-Breach-Playbook",
-    "_playbookContentId2": "[variables('playbookContentId2')]",
-    "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
-    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
-    "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
-    "SpyCloud-Get-Domain-Breach-Data-Playbook": "SpyCloud-Get-Domain-Breach-Data-Playbook",
-    "_SpyCloud-Get-Domain-Breach-Data-Playbook": "[variables('SpyCloud-Get-Domain-Breach-Data-Playbook')]",
-    "playbookVersion3": "1.0",
-    "playbookContentId3": "SpyCloud-Get-Domain-Breach-Data-Playbook",
-    "_playbookContentId3": "[variables('playbookContentId3')]",
-    "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
-    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
-    "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
-    "SpyCloud-Get-Email-Breach-Data-Playbook": "SpyCloud-Get-Email-Breach-Data-Playbook",
-    "_SpyCloud-Get-Email-Breach-Data-Playbook": "[variables('SpyCloud-Get-Email-Breach-Data-Playbook')]",
-    "playbookVersion4": "1.0",
-    "playbookContentId4": "SpyCloud-Get-Email-Breach-Data-Playbook",
-    "_playbookContentId4": "[variables('playbookContentId4')]",
-    "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
-    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
-    "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
-    "SpyCloud-Get-IP-Breach-Data-Playbook": "SpyCloud-Get-IP-Breach-Data-Playbook",
-    "_SpyCloud-Get-IP-Breach-Data-Playbook": "[variables('SpyCloud-Get-IP-Breach-Data-Playbook')]",
-    "playbookVersion5": "1.0",
-    "playbookContentId5": "SpyCloud-Get-IP-Breach-Data-Playbook",
-    "_playbookContentId5": "[variables('playbookContentId5')]",
-    "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
-    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
-    "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
-    "SpyCloud-Get-Password-Breach-Data-Playbook": "SpyCloud-Get-Password-Breach-Data-Playbook",
-    "_SpyCloud-Get-Password-Breach-Data-Playbook": "[variables('SpyCloud-Get-Password-Breach-Data-Playbook')]",
-    "playbookVersion6": "1.0",
-    "playbookContentId6": "SpyCloud-Get-Password-Breach-Data-Playbook",
-    "_playbookContentId6": "[variables('playbookContentId6')]",
-    "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]",
-    "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]",
-    "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]",
-    "SpyCloud-Get-Username-Breach-Data-Playbook": "SpyCloud-Get-Username-Breach-Data-Playbook",
-    "_SpyCloud-Get-Username-Breach-Data-Playbook": "[variables('SpyCloud-Get-Username-Breach-Data-Playbook')]",
-    "playbookVersion7": "1.0",
-    "playbookContentId7": "SpyCloud-Get-Username-Breach-Data-Playbook",
-    "_playbookContentId7": "[variables('playbookContentId7')]",
-    "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]",
-    "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]",
-    "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]",
-    "SpyCloud-Malware-Playbook": "SpyCloud-Malware-Playbook",
-    "_SpyCloud-Malware-Playbook": "[variables('SpyCloud-Malware-Playbook')]",
-    "playbookVersion8": "1.0",
-    "playbookContentId8": "SpyCloud-Malware-Playbook",
-    "_playbookContentId8": "[variables('playbookContentId8')]",
-    "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]",
-    "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]",
-    "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]",
-    "SpyCloud-Monitor-Watchlist-Data": "SpyCloud-Monitor-Watchlist-Data",
-    "_SpyCloud-Monitor-Watchlist-Data": "[variables('SpyCloud-Monitor-Watchlist-Data')]",
-    "playbookVersion9": "1.0",
-    "playbookContentId9": "SpyCloud-Monitor-Watchlist-Data",
-    "_playbookContentId9": "[variables('playbookContentId9')]",
-    "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]",
-    "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]",
-    "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]",
-    "analyticRuleVersion1": "1.0.0",
-    "analyticRulecontentId1": "cb410ad5-6e9d-4278-b963-1e3af205d680",
-    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
-    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
-    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
-    "analyticRuleVersion2": "1.0.0",
-    "analyticRulecontentId2": "7ba50f9e-2f94-462b-a54b-8642b8c041f5",
-    "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
-    "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
-    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
-    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
-    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]",
-    "operationId-Breach_Catalog_ID": "Breach_Catalog_ID",
-    "_operationId-Breach_Catalog_ID": "[variables('operationId-Breach_Catalog_ID')]",
-    "source": "Source_Id_s",
-    "_source": "[variables('source')]",
-    "Document_Id": "Document_Id_g",
-    "_Document_ID": "[variables('Document_Id')]"
-  },
-  "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Custom Connector Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion1')]",
-          "parameters": {
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String"
-            }
-          },
-          "variables": {
-            "operationId-Breach_Catalog": "Breach_Catalog",
-            "_operationId-Breach_Catalog": "[[variables('operationId-Breach_Catalog')]",
-            "operationId-Breach_Catalog_Domain": "Breach_Catalog_Domain",
-            "_operationId-Breach_Catalog_Domain": "[[variables('operationId-Breach_Catalog_Domain')]",
-            "operationId-Breach_Data_Email": "Breach_Data_Email",
-            "_operationId-Breach_Data_Email": "[[variables('operationId-Breach_Data_Email')]",
-            "operationId-Breach_Data_IP_Address": "Breach_Data_IP_Address",
-            "_operationId-Breach_Data_IP_Address": "[[variables('operationId-Breach_Data_IP_Address')]",
-            "operationId-Breach_Data_Password": "Breach_Data_Password",
-            "_operationId-Breach_Data_Password": "[[variables('operationId-Breach_Data_Password')]",
-            "operationId-Breach_Data_Username": "Breach_Data_Username",
-            "_operationId-Breach_Data_Username": "[[variables('operationId-Breach_Data_Username')]",
-            "operationId-Breach_Data_Watchlist": "Breach_Data_Watchlist",
-            "_operationId-Breach_Data_Watchlist": "[[variables('operationId-Breach_Data_Watchlist')]",
-            "operationId-Compass_Devices_List": "Compass_Devices_List",
-            "_operationId-Compass_Devices_List": "[[variables('operationId-Compass_Devices_List')]",
-            "operationId-Compass_Devices_Data": "Compass_Devices_Data",
-            "_operationId-Compass_Devices_Data": "[[variables('operationId-Compass_Devices_Data')]",
-            "operationId-Compass_Applications_Data": "Compass_Applications_Data",
-            "_operationId-Compass_Applications_Data": "[[variables('operationId-Compass_Applications_Data')]",
-            "operationId-Compass_Data": "Compass_Data",
-            "_operationId-Compass_Data": "[[variables('operationId-Compass_Data')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "playbookContentId1": "Custom Connector",
-            "playbookId1": "[[resourceId('Microsoft.Web/customApis', parameters('SpyCloudConnectorName'))]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/customApis",
-              "apiVersion": "2016-06-01",
-              "name": "[[parameters('SpyCloudConnectorName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "connectionParameters": {
-                  "api_key": {
-                    "type": "securestring",
-                    "uiDefinition": {
-                      "displayName": "API Key",
-                      "description": "The API Key for this api",
-                      "tooltip": "Provide your API Key",
-                      "constraints": {
-                        "tabIndex": 2,
-                        "clearText": false,
-                        "required": "true"
-                      }
-                    }
-                  }
-                },
-                "backendService": {
-                  "serviceUrl": "https://api.spycloud.io/enterprise-v2"
-                },
-                "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.",
-                "displayName": "[[parameters('SpyCloudConnectorName')]",
-                "iconUri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOYAAADmCAYAAADBavm7AAAK9klEQVR4nO3dLXTb5h7H8f/uuecUKqhQGiq0UQtlVGiPrNBBLctCNuigFHqkGfNGFJgiFwpFsEMyDIrDwiwYlIFd+cr2I1l2/PJz8v2c43O6xC+Kkq/0yHrk/fDw8PBoAKT8Z98LAGARYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwMSNN030vwl6o/dyECYuiyF6/fm2vXr2y3377bd+LszNpmtrbt2/t1atX9u7du30vzoz/7nsBlkmSxMz+XYmTyaT0fq1Wy8zMGo2GHR0d7WTZ9ilNU8uybCPrZTweW5ZlW1lOZVmW2Wg02vdiOEmGORwO7fz8fKWV9vnz5+m/wzC0fr9vzWZzG4u3N2ma2sXFhV1eXtZ+zPx6ubq6ehEbrkMnN5T9+PGjffjw4UlbsiRJ7Pz8fINLtX9RFNm7d+9WinJekiRPejx2R2qPuck/nOc0NBuPx85jvzAMLQzDWs+RD31xGKTCjKKo9Hue5y0dmk4mE9ljhqf48uXLTFSNRsO+fv1qQRDscamwTVJhXl9fL3zN933766+/au8ZcuPxeFOLtXfD4XD6b8/zLI5jjhOfOaljzLu7u4WvnZ6erhylmT2bvclkMplZL91ulyhfAKkwXZ7bO6urmh+a56c/8LxJDWV3Yf5NkOL5vTRNLUkS53nBZrNpYRgu7K3y86xFdY6HXW/G1HncvveW+XG867AjFwSBtVqtylFL8edf5/2DqvOyk8nEkiQpnc0TBIF1Op3K19u7h4eHR5WbmS3crq6uNvoaYRjOPL/v+4/39/cLX3fdPM97HAwGlc9nZo+NRmPpcjQajYXHdbvdhfv1+/2Z+2xjvfd6venzh2FYeT/P85aup+Jz3d/fL/09VL1mfovjeOa54zh23m8wGNRaRs/zHrvd7tbX7bo3+aFs1Tu1m3B3d2dv3rxx7vnmZVlmnz59mrmv6/h3NBpVzsbJ7zPP9VzLnmdXzs/P7fPnzyudckmSxN6/f7/FpVp8vU+fPtVaxizLpM/pSoXped7C1759+2Zv37618/Nzu7i4sCRJSoeb61r1/F5xY1E2JKoKvex7ysOri4uLmf/u9XoWx7Hd39/bw8ODPTw8WBzHNhgMrNFoTO83Go22vnHNffnyZea/2+22xXFsNzc3M8t4dXVl3W53J8u0LqljzGaz6fyjHY1Glecn8z1NEATTY8FV3zTyfd+Oj49nvpZvBOYVj12azaZ5nrcQd5qmpaG5js+U5/gmSTLz8/X7ffvll18W7pdPeOh0OvbmzZvpY4bD4cK63YZv375N/91ut+3r16/OZTT7/0ZQda8pFWan06k1pJxXfEy+oleZFxqGocVx7Pzezz//PPMLN1schnY6nYVf8Kp7zHVOCe3K/IZk2d7m6OhoZp3s4pKq+deosyE4Pj6WDVNqKNvtdmeGQU+RJEntS5iqhpB1fsGuqFYN86efflr6Ogp836+1sSu+I+s6P71p8yOWQz+PLRXm0dGRxXFsvV7Peby5qsvLy1rHolXD3rI/wmJcrZJzi64Ay4JV3mMW90Y//vhjrceUrZNdOfTz31JDWbN/Qzg7O7OzszNL09TG4/H0D2M8Hk+n2tWdlD0ajZ70R19nyxsEgTUajYUh7vX19cJru44v2+322su3C4cw+V3tEwieSi7Momazac1ms3KomYdbdv2mK45V1B0ShWG48Pp195j73rs8ByqnlTZFaii7jnwWh+sduF1yHSPWDVN5GIv9OPgwc/s+2C+LqxiiK0rf9w/+eAib92zC3JZVhkiuY8XiMaXr+HLZMHb++8/tWApuhLlE2cQG17vGrsiW7TFXHcYewhsx+/DcjtOfTZhPOfivemzZ91zDT9ebVMU9nGtvt2wa3vwQveqqjm0pbjzqrud979kP/UJ5qTCf8sssm0xQ5/it+AkBq3xvXhAE5vv+zNeyLLPhcOg8vVNnGl4QBDN7513NOy1T96Nbbm9vp/+eXydm7hHHJh16mFKnS/IP3c3/YOte15imaenskjph5tOyOp3OTChRFDmnbFUNP1ut1sJjPnz44HxM3WFsGIbTaYF3d3f266+/2u+//17rsZswvw6jKKqcETWZTGY2aK5JCc1mc/oz1dkgLxspzM8Yi6Jo6frd90auilSYueJWeX6e6irCMKz9bu3l5WXteZNV0wZd82bNnjYN7/T0dGY9/PHHHzYajazT6Uwn0bs2QMWLi29vby1NU2u1WitfxTL/B56PTlxx5ueUixtK1+sVN4BZltnHjx+t3+8vjCDG47FFUTTz+bguR0dHM5M8Li8vrdlsOj+KZZ3P5925fV8QWrxZzQtw69w8z3v8/v175QW6695ubm4qf466FxOvsm7mL+pd99br9da6UPrk5GTt34PrYumbm5sn/RyuC6UHg8GTnnPff/+yF0r3er2NPE+73ba///679vnBVa7NGwwGS/fCrkui5q36buyff/755DnEnuetffnV2dnZylMHfd8v/US/IAjs5OSk1vN4nmeDwWDpz358fFz7d5l/2qCqH/63p5IxHo/t+vp6OtWuzumB/Ji07HN5it6/f78wrIzj2IIgsCiKKieZHx8f1x4aR1Fkw+HQsiyz29vbhWPgsmsalyl+nk1x7nCZfJibz5ByrZskSabHcEEQVMabpmnpm1m5/HrYOkPm/LXLPjspH3oHQTB9XbN/N35VFxiUPWd+zW4+xC0+59nZ2dLl3RW5MLetLMxtTotzXdP5/ft3ZvyglNRQ9rma3xDUebcZLxthbplryKf82T7QQJhb5vq/jnE1CZaRPI95qF6/fm1Zlk3fjCp7g4Q9JpYhzA3KI6yattZut2U/DQ86GMpuUJ1zjKenpztYEhy6Fxum7/sWhqGdnJxs7CLrfr9fGqfv+3Z1dcXxJWp5cecx0zTd+qmKqv9xEVDHiwsTOAQvdigLKCNMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQE/QNJ5aSYMcswbQAAAABJRU5ErkJggg==",
-                "swagger": {
-                  "swagger": "2.0",
-                  "info": {
-                    "title": "SpyCloud Enterprise Protection",
-                    "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.",
-                    "contact": {
-                      "name": "SpyCloud Integrations",
-                      "url": "https://portal/spycloud.com/",
-                      "email": "integrations@spycloud.com"
-                    },
-                    "version": "1.0"
-                  },
-                  "host": "api.spycloud.io",
-                  "basePath": "/enterprise-v2",
-                  "schemes": [
-                    "https"
-                  ],
-                  "consumes": "[variables('TemplateEmptyArray')]",
-                  "produces": "[variables('TemplateEmptyArray')]",
-                  "paths": {
-                    "/breach/catalog": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Catalog_Schema"
-                            }
-                          }
-                        },
-                        "summary": "List or Query the Breach Catalog",
-                        "description": "List or Query the Breach Catalog.",
-                        "operationId": "[[variables('_operationId-Breach_Catalog')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Query"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          }
-                        ]
-                      }
-                    },
-                    "/breach/catalog/{id}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Catalog_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Catalog",
-                        "description": "Get/Retrieve Breach Catalog Information by ID.",
-                        "operationId": "[variables('_operationId-Breach_Catalog_ID')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/ID"
-                          }
-                        ]
-                      }
-                    },
-                    "/breach/data/domains/{domain}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Data_By_Domain_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Breach Data by Domain Search",
-                        "description": "Get Breach Data by Domain Search.",
-                        "operationId": "[[variables('_operationId-Breach_Catalog_Domain')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Domain"
-                          },
-                          {
-                            "$ref": "#/parameters/Type"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Severity"
-                          },
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/breach/data/emails/{email}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Data_By_Email_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Breach Data by Email Search",
-                        "description": "Get Breach Data by Email Search.",
-                        "operationId": "[[variables('_operationId-Breach_Data_Email')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Email"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Severity"
-                          },
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/breach/data/ips/{ip}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Data_By_IP_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Breach Data by IP Address",
-                        "description": "Get Breach Data by IP Address.",
-                        "operationId": "[[variables('_operationId-Breach_Data_IP_Address')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/IP"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Severity"
-                          },
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/breach/data/passwords/{password}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Data_By_Password_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Breach Data by Password Search",
-                        "description": "Get Breach Data by Password Search.",
-                        "operationId": "[[variables('_operationId-Breach_Data_Password')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Password"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Severity"
-                          },
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/breach/data/usernames/{username}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Data_By_Username_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Breach Data by Username Search",
-                        "description": "Get Breach Data by Username Search.",
-                        "operationId": "[[variables('_operationId-Breach_Data_Username')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Username"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Severity"
-                          },
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/breach/data/watchlist": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Breach_Data_By_Watchlist_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Breach Data for Entire Watchlist",
-                        "description": "Get Breach Data for Entire Watchlist.",
-                        "operationId": "[[variables('_operationId-Breach_Data_Watchlist')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Type"
-                          },
-                          {
-                            "$ref": "#/parameters/Watchlist_Type"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Modification_Date"
-                          },
-                          {
-                            "$ref": "#/parameters/Severity"
-                          },
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/compass/devices": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Compass_Devices_List_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Compass Devices List",
-                        "description": "Get Compass Devices List.",
-                        "operationId": "[[variables('_operationId-Compass_Devices_List')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Infected"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Infected"
-                          }
-                        ]
-                      }
-                    },
-                    "/compass/data/devices/{infected_machine_id}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Compass_Devices_Data_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Compass Devices Data",
-                        "description": "Get Compass Devices Data.",
-                        "operationId": "[[variables('_operationId-Compass_Devices_Data')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Infected_Machine_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/compass/data/applications/{target_application}": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Compass_Applications_Data_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Compass Applications Data",
-                        "description": "Get Compass Applications Data.",
-                        "operationId": "[[variables('_operationId-Compass_Applications_Data')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Target_Application"
-                          },
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    },
-                    "/compass/data": {
-                      "get": {
-                        "consumes": [
-                          "application/json"
-                        ],
-                        "produces": [
-                          "application/json"
-                        ],
-                        "responses": {
-                          "200": {
-                            "description": "success",
-                            "schema": {
-                              "$ref": "#/definitions/Compass_Applications_Data_Schema"
-                            }
-                          }
-                        },
-                        "summary": "Get Compass Data",
-                        "description": "Get Compass Data.",
-                        "operationId": "[[variables('_operationId-Compass_Data')]",
-                        "parameters": [
-                          {
-                            "$ref": "#/parameters/Source_Id"
-                          },
-                          {
-                            "$ref": "#/parameters/Since"
-                          },
-                          {
-                            "$ref": "#/parameters/Until"
-                          },
-                          {
-                            "$ref": "#/parameters/Since_Infected"
-                          },
-                          {
-                            "$ref": "#/parameters/Until_Infected"
-                          },
-                          {
-                            "$ref": "#/parameters/Compass_Type"
-                          },
-                          {
-                            "$ref": "#/parameters/Cursor"
-                          },
-                          {
-                            "$ref": "#/parameters/Salt"
-                          }
-                        ]
-                      }
-                    }
-                  },
-                  "x-ms-connector-metadata": [
-                    {
-                      "propertyName": "Website",
-                      "propertyValue": "http://www.spycloud.com/"
-                    },
-                    {
-                      "propertyName": "Privacy policy",
-                      "propertyValue": "https://www.spycloud.com/company/privacy-policy/"
-                    },
-                    {
-                      "propertyName": "Categories",
-                      "propertyValue": "Security;Website"
-                    }
-                  ],
-                  "definitions": {
-                    "Breach_Catalog_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "cursor": {
-                          "type": "string",
-                          "description": "cursor",
-                          "title": "Cursor"
-                        },
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "title": {
-                                "type": "string",
-                                "description": "Breach title. For each ingested breach our security research team documents a breach title. This is only available when we can disclose the breach details, otherwise it will have a generic title.",
-                                "title": "Title"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "description": {
-                                "type": "string",
-                                "description": "Breach description. For each ingested breach our security research team documents a breach description. This is only available when we can disclose the breach details, otherwise it will have a generic description.",
-                                "title": "Description"
-                              },
-                              "site_description": {
-                                "type": "string",
-                                "description": "Description of the breached organization, when available.",
-                                "title": "Site Description"
-                              },
-                              "site": {
-                                "type": "string",
-                                "description": "Website of breached organization, when available.",
-                                "title": "Site"
-                              },
-                              "confidence": {
-                                "type": "number",
-                                "description": "Numerical score representing the confidence in the source of the breach.",
-                                "title": "Confidence"
-                              },
-                              "id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This number correlates to source_id data point found in breach records.",
-                                "title": "Id"
-                              },
-                              "premium_flag": {
-                                "type": "string",
-                                "description": "premium flag.",
-                                "title": "Premium Flag"
-                              },
-                              "acquisition_date": {
-                                "type": "string",
-                                "description": "The date on which our security research team first acquired the breached data.",
-                                "title": "Acquisition Date"
-                              },
-                              "uuid": {
-                                "type": "string",
-                                "description": "UUID v4 encoded version of breach ID. This is relevant for users of Firehose, where each deliverable (records file) is named using the breach UUID.",
-                                "title": "UUID"
-                              },
-                              "type": {
-                                "type": "string",
-                                "description": "Denotes if a breach is considered public or private. A public breach is one that is easily found on the internet, while a private breach is often exclusive to SpyCloud.",
-                                "title": "Type"
-                              },
-                              "num_records": {
-                                "type": "number",
-                                "description": "Number of records we parsed and ingested from this particular breach. This is after parsing, normalization and deduplication take place.",
-                                "title": "Number of Records"
-                              },
-                              "assets": {
-                                "type": "object",
-                                "properties": {
-                                  "target_url": {
-                                    "type": "string",
-                                    "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
-                                    "title": "Target Url"
-                                  },
-                                  "av_softwares": {
-                                    "type": "number",
-                                    "description": "List of AV software found installed on the infected user's system.",
-                                    "title": "AV Softwares"
-                                  },
-                                  "infected_time": {
-                                    "type": "number",
-                                    "description": "The time at which the user's system was infected with malicious software.",
-                                    "title": "Infected Time"
-                                  },
-                                  "infected_machine_id": {
-                                    "type": "number",
-                                    "description": "The unique id of the infected user's system.",
-                                    "title": "Infected Machine Id"
-                                  },
-                                  "country_code": {
-                                    "type": "number",
-                                    "description": "Country code; derived from country.",
-                                    "title": "Country Code"
-                                  },
-                                  "ip_addresses": {
-                                    "type": "string",
-                                    "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                    "title": "IP Addresses"
-                                  },
-                                  "user_browser": {
-                                    "type": "string",
-                                    "description": "Browser name.",
-                                    "title": "User Browser"
-                                  },
-                                  "user_sys_registered_owner": {
-                                    "type": "string",
-                                    "description": "System registered owner name. This usually comes from Botnet data.",
-                                    "title": "User System Registered Owner"
-                                  },
-                                  "keyboard_languages": {
-                                    "type": "string",
-                                    "description": "The keyboard language found in the OS. This usually comes from Botnet data.",
-                                    "title": "Keyboard Languages"
-                                  },
-                                  "user_hostname": {
-                                    "type": "string",
-                                    "description": "System hostname. This usually comes from Botnet data.",
-                                    "title": "User Hostname"
-                                  },
-                                  "password": {
-                                    "type": "string",
-                                    "description": "Account password.",
-                                    "title": "Password"
-                                  },
-                                  "email": {
-                                    "type": "string",
-                                    "description": "Email address.",
-                                    "title": "Password"
-                                  },
-                                  "user_os": {
-                                    "type": "string",
-                                    "description": "System OS name. This usually comes from Botnet data.",
-                                    "title": "User OS"
-                                  },
-                                  "country": {
-                                    "type": "string",
-                                    "description": "Country name.",
-                                    "title": "Country"
-                                  },
-                                  "username": {
-                                    "type": "string",
-                                    "description": "Username.",
-                                    "title": "Username"
-                                  },
-                                  "infected_path": {
-                                    "type": "string",
-                                    "description": "The local path to the malicious software installed on the infected user's system.",
-                                    "title": "Infected Path"
-                                  }
-                                }
-                              }
-                            },
-                            "description": "Catalog Breach Results Object"
-                          }
-                        }
-                      },
-                      "description": "Catalog Breach Data Response"
-                    },
-                    "Breach_Data_By_Domain_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "cursor": {
-                          "type": "string",
-                          "description": "cursor",
-                          "title": "Cursor"
-                        },
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "source_id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source ID"
-                              },
-                              "email": {
-                                "type": "string",
-                                "description": "Email address.",
-                                "title": "Email Address."
-                              },
-                              "full_name": {
-                                "type": "string",
-                                "description": "Full name.",
-                                "title": "Full Name"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "email_domain": {
-                                "type": "string",
-                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
-                                "title": "Email Domain"
-                              },
-                              "email_username": {
-                                "type": "string",
-                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
-                                "title": "Email Username"
-                              },
-                              "severity": {
-                                "type": "number",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document ID"
-                              }
-                            }
-                          },
-                          "description": "Domain Breach Results Object"
-                        }
-                      },
-                      "description": "Domain Breach Data Response"
-                    },
-                    "Breach_Data_By_Email_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "cursor": {
-                          "type": "string",
-                          "description": "cursor",
-                          "title": "Cursor"
-                        },
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "email": {
-                                "type": "string",
-                                "description": "Email address.",
-                                "title": "Email Address."
-                              },
-                              "username": {
-                                "type": "string",
-                                "description": "User name.",
-                                "title": "Username"
-                              },
-                              "password": {
-                                "type": "string",
-                                "description": "Account password.",
-                                "title": "Password"
-                              },
-                              "password_plaintext": {
-                                "type": "string",
-                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
-                                "title": "Password Plaintext"
-                              },
-                              "password_type": {
-                                "type": "string",
-                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
-                                "title": "Password Type"
-                              },
-                              "target_url": {
-                                "type": "string",
-                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
-                                "title": "Target URL"
-                              },
-                              "user_browser": {
-                                "type": "string",
-                                "description": "Browser name.",
-                                "title": "User Browser"
-                              },
-                              "ip_addresses": {
-                                "type": "string",
-                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                "title": "IP Addressess"
-                              },
-                              "infected_machine_id": {
-                                "type": "string",
-                                "description": "The unique id of the infected user's system.",
-                                "title": "Infected Machine Id"
-                              },
-                              "infected_path": {
-                                "type": "string",
-                                "description": "The local path to the malicious software installed on the infected user's system.",
-                                "title": "Infected Path"
-                              },
-                              "infected_time": {
-                                "type": "string",
-                                "description": "The time at which the user's system was infected with malicious software.",
-                                "title": "Infected Time"
-                              },
-                              "user_sys_domain": {
-                                "type": "string",
-                                "description": "System domain. This usually comes from Botnet data.",
-                                "title": "User System Domain"
-                              },
-                              "user_hostname": {
-                                "type": "string",
-                                "description": "System hostname. This usually comes from Botnet data.",
-                                "title": "User Hostname"
-                              },
-                              "user_os": {
-                                "type": "string",
-                                "description": "System OS name. This usually comes from Botnet data.",
-                                "title": "User OS Name"
-                              },
-                              "user_sys_registered_owner": {
-                                "type": "string",
-                                "description": "System registered owner name. This usually comes from Botnet data.",
-                                "title": "System Registered Owner Name"
-                              },
-                              "source_id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source ID"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "email_domain": {
-                                "type": "string",
-                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
-                                "title": "Email Domain"
-                              },
-                              "email_username": {
-                                "type": "string",
-                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
-                                "title": "Email Username"
-                              },
-                              "domain": {
-                                "type": "string",
-                                "description": "Domain name.",
-                                "title": "Domain"
-                              },
-                              "target_domain": {
-                                "type": "string",
-                                "description": "SLD extracted from 'target_url' field.",
-                                "title": "Target Domain"
-                              },
-                              "target_subdomain": {
-                                "type": "string",
-                                "description": "Subdomain and SLD extracted from 'target_url' field.",
-                                "title": "Target Sub Domain"
-                              },
-                              "severity": {
-                                "type": "number",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document ID"
-                              }
-                            }
-                          },
-                          "description": "Email Breach Results Object"
-                        }
-                      },
-                      "description": "Email Breach Data Response"
-                    },
-                    "Breach_Data_By_IP_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "cursor": {
-                          "type": "string",
-                          "description": "cursor",
-                          "title": "Cursor"
-                        },
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "email": {
-                                "type": "string",
-                                "description": "Email address.",
-                                "title": "Email Address."
-                              },
-                              "username": {
-                                "type": "string",
-                                "description": "User name.",
-                                "title": "Username"
-                              },
-                              "password": {
-                                "type": "string",
-                                "description": "Account password.",
-                                "title": "Password"
-                              },
-                              "password_plaintext": {
-                                "type": "string",
-                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
-                                "title": "Password Plaintext"
-                              },
-                              "password_type": {
-                                "type": "string",
-                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
-                                "title": "Password Type"
-                              },
-                              "target_url": {
-                                "type": "string",
-                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
-                                "title": "Target URL"
-                              },
-                              "user_browser": {
-                                "type": "string",
-                                "description": "Browser name.",
-                                "title": "User Browser"
-                              },
-                              "ip_addresses": {
-                                "type": "string",
-                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                "title": "IP Addressess"
-                              },
-                              "infected_machine_id": {
-                                "type": "string",
-                                "description": "The unique id of the infected user's system.",
-                                "title": "Infected Machine Id"
-                              },
-                              "infected_path": {
-                                "type": "string",
-                                "description": "The local path to the malicious software installed on the infected user's system.",
-                                "title": "Infected Path"
-                              },
-                              "infected_time": {
-                                "type": "string",
-                                "description": "The time at which the user's system was infected with malicious software.",
-                                "title": "Infected Time"
-                              },
-                              "user_sys_domain": {
-                                "type": "string",
-                                "description": "System domain. This usually comes from Botnet data.",
-                                "title": "User System Domain"
-                              },
-                              "user_hostname": {
-                                "type": "string",
-                                "description": "System hostname. This usually comes from Botnet data.",
-                                "title": "User Hostname"
-                              },
-                              "user_os": {
-                                "type": "string",
-                                "description": "System OS name. This usually comes from Botnet data.",
-                                "title": "User OS Name"
-                              },
-                              "user_sys_registered_owner": {
-                                "type": "string",
-                                "description": "System registered owner name. This usually comes from Botnet data.",
-                                "title": "System Registered Owner Name"
-                              },
-                              "source_id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source ID"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "email_domain": {
-                                "type": "string",
-                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
-                                "title": "Email Domain"
-                              },
-                              "email_username": {
-                                "type": "string",
-                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
-                                "title": "Email Username"
-                              },
-                              "domain": {
-                                "type": "string",
-                                "description": "Domain name.",
-                                "title": "Domain"
-                              },
-                              "target_domain": {
-                                "type": "string",
-                                "description": "SLD extracted from 'target_url' field.",
-                                "title": "Target Domain"
-                              },
-                              "target_subdomain": {
-                                "type": "string",
-                                "description": "Subdomain and SLD extracted from 'target_url' field.",
-                                "title": "Target Sub Domain"
-                              },
-                              "severity": {
-                                "type": "number",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document ID"
-                              }
-                            }
-                          },
-                          "description": "IP Address Breach Results Object"
-                        }
-                      },
-                      "description": "IP Address Breach Data Response"
-                    },
-                    "Breach_Data_By_Password_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "cursor": {
-                          "type": "string",
-                          "description": "cursor",
-                          "title": "Cursor"
-                        },
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "source_id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source ID"
-                              },
-                              "email": {
-                                "type": "string",
-                                "description": "Email address.",
-                                "title": "Email Address."
-                              },
-                              "password": {
-                                "type": "string",
-                                "description": "Account password.",
-                                "title": "Password"
-                              },
-                              "password_type": {
-                                "type": "string",
-                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
-                                "title": "Password Type"
-                              },
-                              "full_name": {
-                                "type": "string",
-                                "description": "Full name.",
-                                "title": "Full Name"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "email_domain": {
-                                "type": "string",
-                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
-                                "title": "Email Domain"
-                              },
-                              "email_username": {
-                                "type": "string",
-                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
-                                "title": "Email Username"
-                              },
-                              "domain": {
-                                "type": "string",
-                                "description": "Domain name.",
-                                "title": "Domain"
-                              },
-                              "password_plaintext": {
-                                "type": "string",
-                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
-                                "title": "Password Plain Text"
-                              },
-                              "severity": {
-                                "type": "number",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document ID"
-                              }
-                            }
-                          },
-                          "description": "Password Breach Results Object"
-                        }
-                      },
-                      "description": "Password Breach Data Response"
-                    },
-                    "Breach_Data_By_Username_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "cursor": {
-                          "type": "string",
-                          "description": "cursor",
-                          "title": "Cursor"
-                        },
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "email": {
-                                "type": "string",
-                                "description": "Email address.",
-                                "title": "Email Address."
-                              },
-                              "username": {
-                                "type": "string",
-                                "description": "User name.",
-                                "title": "Username"
-                              },
-                              "password": {
-                                "type": "string",
-                                "description": "Account password.",
-                                "title": "Password"
-                              },
-                              "password_plaintext": {
-                                "type": "string",
-                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
-                                "title": "Password Plaintext"
-                              },
-                              "password_type": {
-                                "type": "string",
-                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
-                                "title": "Password Type"
-                              },
-                              "target_url": {
-                                "type": "string",
-                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
-                                "title": "Target URL"
-                              },
-                              "user_browser": {
-                                "type": "string",
-                                "description": "Browser name.",
-                                "title": "User Browser"
-                              },
-                              "ip_addresses": {
-                                "type": "string",
-                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                "title": "IP Addressess"
-                              },
-                              "infected_machine_id": {
-                                "type": "string",
-                                "description": "The unique id of the infected user's system.",
-                                "title": "Infected Machine Id"
-                              },
-                              "infected_path": {
-                                "type": "string",
-                                "description": "The local path to the malicious software installed on the infected user's system.",
-                                "title": "Infected Path"
-                              },
-                              "infected_time": {
-                                "type": "string",
-                                "description": "The time at which the user's system was infected with malicious software.",
-                                "title": "Infected Time"
-                              },
-                              "user_sys_domain": {
-                                "type": "string",
-                                "description": "System domain. This usually comes from Botnet data.",
-                                "title": "User System Domain"
-                              },
-                              "user_hostname": {
-                                "type": "string",
-                                "description": "System hostname. This usually comes from Botnet data.",
-                                "title": "User Hostname"
-                              },
-                              "user_os": {
-                                "type": "string",
-                                "description": "System OS name. This usually comes from Botnet data.",
-                                "title": "User OS Name"
-                              },
-                              "user_sys_registered_owner": {
-                                "type": "string",
-                                "description": "System registered owner name. This usually comes from Botnet data.",
-                                "title": "System Registered Owner Name"
-                              },
-                              "source_id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source ID"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "email_domain": {
-                                "type": "string",
-                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
-                                "title": "Email Domain"
-                              },
-                              "email_username": {
-                                "type": "string",
-                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
-                                "title": "Email Username"
-                              },
-                              "domain": {
-                                "type": "string",
-                                "description": "Domain name.",
-                                "title": "Domain"
-                              },
-                              "target_domain": {
-                                "type": "string",
-                                "description": "SLD extracted from 'target_url' field.",
-                                "title": "Target Domain"
-                              },
-                              "target_subdomain": {
-                                "type": "string",
-                                "description": "Subdomain and SLD extracted from 'target_url' field.",
-                                "title": "Target Sub Domain"
-                              },
-                              "severity": {
-                                "type": "number",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document ID"
-                              }
-                            }
-                          },
-                          "description": "Username Breach Results Object"
-                        }
-                      },
-                      "description": "Username Breach Data Response"
-                    },
-                    "Breach_Data_By_Watchlist_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "cursor": {
-                          "type": "string",
-                          "description": "cursor",
-                          "title": "Cursor"
-                        },
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "username": {
-                                "type": "string",
-                                "description": "User name.",
-                                "title": "Username"
-                              },
-                              "password": {
-                                "type": "string",
-                                "description": "Account password.",
-                                "title": "Password"
-                              },
-                              "password_plaintext": {
-                                "type": "string",
-                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
-                                "title": "Password Plaintext"
-                              },
-                              "password_type": {
-                                "type": "string",
-                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
-                                "title": "Password Type"
-                              },
-                              "target_url": {
-                                "type": "string",
-                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
-                                "title": "Target URL"
-                              },
-                              "user_browser": {
-                                "type": "string",
-                                "description": "Browser name.",
-                                "title": "User Browser"
-                              },
-                              "ip_addresses": {
-                                "type": "string",
-                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                "title": "IP Addressess"
-                              },
-                              "infected_machine_id": {
-                                "type": "string",
-                                "description": "The unique id of the infected user's system.",
-                                "title": "Infected Machine Id"
-                              },
-                              "infected_path": {
-                                "type": "string",
-                                "description": "The local path to the malicious software installed on the infected user's system.",
-                                "title": "Infected Path"
-                              },
-                              "infected_time": {
-                                "type": "string",
-                                "description": "The time at which the user's system was infected with malicious software.",
-                                "title": "Infected Time"
-                              },
-                              "user_sys_domain": {
-                                "type": "string",
-                                "description": "System domain. This usually comes from Botnet data.",
-                                "title": "User System Domain"
-                              },
-                              "user_hostname": {
-                                "type": "string",
-                                "description": "System hostname. This usually comes from Botnet data.",
-                                "title": "User Hostname"
-                              },
-                              "user_os": {
-                                "type": "string",
-                                "description": "System OS name. This usually comes from Botnet data.",
-                                "title": "User OS Name"
-                              },
-                              "user_sys_registered_owner": {
-                                "type": "string",
-                                "description": "System registered owner name. This usually comes from Botnet data.",
-                                "title": "System Registered Owner Name"
-                              },
-                              "source_id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source ID"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "target_domain": {
-                                "type": "string",
-                                "description": "SLD extracted from 'target_url' field.",
-                                "title": "Target Domain"
-                              },
-                              "target_subdomain": {
-                                "type": "string",
-                                "description": "Subdomain and SLD extracted from 'target_url' field.",
-                                "title": "Target Sub Domain"
-                              },
-                              "severity": {
-                                "type": "number",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document ID"
-                              }
-                            }
-                          },
-                          "description": "Watchlist Breach Results Object"
-                        }
-                      },
-                      "description": "Watchlist Breach Data Response"
-                    },
-                    "Compass_Devices_List_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "infected_device_id": {
-                                "type": "string",
-                                "description": "Infected Device Id.",
-                                "title": "Infected Device Id"
-                              },
-                              "user_hostname": {
-                                "type": "string",
-                                "description": "System hostname. This usually comes from Botnet data.",
-                                "title": "User Hostname"
-                              },
-                              "user_os": {
-                                "type": "string",
-                                "description": "System OS name. This usually comes from Botnet data.",
-                                "title": "User OS"
-                              },
-                              "ip_addresses": {
-                                "type": "string",
-                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                "title": "IP Addresses"
-                              },
-                              "source_id": {
-                                "type": "number",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source ID"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "infected_time": {
-                                "type": "string",
-                                "description": "The time at which the user's system was infected with malicious software.",
-                                "title": "Infected Time"
-                              },
-                              "application_count": {
-                                "type": "string",
-                                "description": "Application Count.",
-                                "title": "Application Count"
-                              }
-                            }
-                          },
-                          "description": "Compass Devices List Results Object"
-                        }
-                      },
-                      "description": "Compass Devices List Data Response"
-                    },
-                    "Compass_Devices_Data_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "cursor": {
-                          "type": "string",
-                          "description": "Token used for iterating through multiple pages of results.",
-                          "title": "Cursor"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "user_browser": {
-                                "type": "string",
-                                "description": "Browser Name.",
-                                "title": "User Browser"
-                              },
-                              "password": {
-                                "type": "string",
-                                "description": "Account password.",
-                                "title": "Password"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document Id"
-                              },
-                              "source_id": {
-                                "type": "string",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source Id"
-                              },
-                              "email": {
-                                "type": "string",
-                                "description": "Email address.",
-                                "title": "Email"
-                              },
-                              "ip_addresses": {
-                                "type": "string",
-                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                "title": "IP Addresses"
-                              },
-                              "country": {
-                                "type": "string",
-                                "description": "Country name.",
-                                "title": "Country"
-                              },
-                              "infected_machine_id": {
-                                "type": "string",
-                                "description": "The unique id of the infected user's system.",
-                                "title": "Infected Machine Id"
-                              },
-                              "infected_path": {
-                                "type": "string",
-                                "description": "The local path to the malicious software installed on the infected user's system.",
-                                "title": "Infected Path"
-                              },
-                              "user_os": {
-                                "type": "string",
-                                "description": "System OS name. This usually comes from Botnet data.",
-                                "title": "USer OS"
-                              },
-                              "user_hostname": {
-                                "type": "string",
-                                "description": "System hostname. This usually comes from Botnet data.",
-                                "title": "User Hostname"
-                              },
-                              "user_sys_registered_owner": {
-                                "type": "string",
-                                "description": "System registered owner name. This usually comes from Botnet data.",
-                                "title": "User System Registered Owner"
-                              },
-                              "keyboard_languages": {
-                                "type": "string",
-                                "description": "The keyboard language found in the OS. This usually comes from Botnet data.",
-                                "title": "Keyboard Languages"
-                              },
-                              "target_url": {
-                                "type": "string",
-                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
-                                "title": "Target URL"
-                              },
-                              "infected_time": {
-                                "type": "string",
-                                "description": "The time at which the user's system was infected with malicious software.",
-                                "title": "Infected Time"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "email_domain": {
-                                "type": "string",
-                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
-                                "title": "Email Domain"
-                              },
-                              "email_username": {
-                                "type": "string",
-                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
-                                "title": "Email Username"
-                              },
-                              "domain": {
-                                "type": "string",
-                                "description": "Domain name.",
-                                "title": "Domain"
-                              },
-                              "target_domain": {
-                                "type": "string",
-                                "description": "SLD extracted from 'target_url' field.",
-                                "title": "Target Domain"
-                              },
-                              "target_subdomain": {
-                                "type": "string",
-                                "description": "Subdomain and SLD extracted from 'target_url' field.",
-                                "title": "Target Subdomain"
-                              },
-                              "password_type": {
-                                "type": "string",
-                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
-                                "title": "PAssword Type"
-                              },
-                              "password_plaintext": {
-                                "type": "string",
-                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
-                                "title": "Password Plaintext"
-                              },
-                              "country_code": {
-                                "type": "string",
-                                "description": "Country code; derived from country.",
-                                "title": "Country Code"
-                              },
-                              "severity": {
-                                "type": "string",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              }
-                            }
-                          },
-                          "description": "Compass Devices Data Results Object"
-                        }
-                      },
-                      "description": "Compass Devices Data Response"
-                    },
-                    "Compass_Applications_Data_Schema": {
-                      "type": "object",
-                      "properties": {
-                        "hits": {
-                          "type": "number",
-                          "description": "hits",
-                          "title": "Hits"
-                        },
-                        "cursor": {
-                          "type": "string",
-                          "description": "Token used for iterating through multiple pages of results.",
-                          "title": "Cursor"
-                        },
-                        "results": {
-                          "type": "array",
-                          "items": {
-                            "type": "object",
-                            "properties": {
-                              "user_browser": {
-                                "type": "string",
-                                "description": "Browser Name.",
-                                "title": "User Browser"
-                              },
-                              "password": {
-                                "type": "string",
-                                "description": "Account password.",
-                                "title": "Password"
-                              },
-                              "document_id": {
-                                "type": "string",
-                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
-                                "title": "Document Id"
-                              },
-                              "source_id": {
-                                "type": "string",
-                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
-                                "title": "Source Id"
-                              },
-                              "email": {
-                                "type": "string",
-                                "description": "Email address.",
-                                "title": "Email"
-                              },
-                              "ip_addresses": {
-                                "type": "string",
-                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
-                                "title": "IP Addresses"
-                              },
-                              "country": {
-                                "type": "string",
-                                "description": "Country name.",
-                                "title": "Country"
-                              },
-                              "infected_machine_id": {
-                                "type": "string",
-                                "description": "The unique id of the infected user's system.",
-                                "title": "Infected Machine Id"
-                              },
-                              "infected_path": {
-                                "type": "string",
-                                "description": "The local path to the malicious software installed on the infected user's system.",
-                                "title": "Infected Path"
-                              },
-                              "user_os": {
-                                "type": "string",
-                                "description": "System OS name. This usually comes from Botnet data.",
-                                "title": "USer OS"
-                              },
-                              "user_hostname": {
-                                "type": "string",
-                                "description": "System hostname. This usually comes from Botnet data.",
-                                "title": "User Hostname"
-                              },
-                              "user_sys_registered_owner": {
-                                "type": "string",
-                                "description": "System registered owner name. This usually comes from Botnet data.",
-                                "title": "User System Registered Owner"
-                              },
-                              "keyboard_languages": {
-                                "type": "string",
-                                "description": "The keyboard language found in the OS. This usually comes from Botnet data.",
-                                "title": "Keyboard Languages"
-                              },
-                              "target_url": {
-                                "type": "string",
-                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
-                                "title": "Target URL"
-                              },
-                              "infected_time": {
-                                "type": "string",
-                                "description": "The time at which the user's system was infected with malicious software.",
-                                "title": "Infected Time"
-                              },
-                              "spycloud_publish_date": {
-                                "type": "string",
-                                "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.",
-                                "title": "Spycloud Publish Date"
-                              },
-                              "email_domain": {
-                                "type": "string",
-                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
-                                "title": "Email Domain"
-                              },
-                              "email_username": {
-                                "type": "string",
-                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
-                                "title": "Email Username"
-                              },
-                              "domain": {
-                                "type": "string",
-                                "description": "Domain name.",
-                                "title": "Domain"
-                              },
-                              "target_domain": {
-                                "type": "string",
-                                "description": "SLD extracted from 'target_url' field.",
-                                "title": "Target Domain"
-                              },
-                              "target_subdomain": {
-                                "type": "string",
-                                "description": "Subdomain and SLD extracted from 'target_url' field.",
-                                "title": "Target Subdomain"
-                              },
-                              "password_type": {
-                                "type": "string",
-                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
-                                "title": "PAssword Type"
-                              },
-                              "password_plaintext": {
-                                "type": "string",
-                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
-                                "title": "Password Plaintext"
-                              },
-                              "country_code": {
-                                "type": "string",
-                                "description": "Country code; derived from country.",
-                                "title": "Country Code"
-                              },
-                              "severity": {
-                                "type": "string",
-                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
-                                "title": "Severity"
-                              }
-                            }
-                          },
-                          "description": "Compass Application Data Results Object"
-                        }
-                      },
-                      "description": "Compass Application Data Response"
-                    }
-                  },
-                  "parameters": {
-                    "Infected_Machine_Id": {
-                      "name": "infected_machine_id",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "One or more comma delimited Infected Machine ID to search for compass breach records.",
-                      "x-ms-summary": "Infected Machine Id"
-                    },
-                    "Target_Application": {
-                      "name": "target_application",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "One or more comma delimited Compass target application (subdomain or domain) to search for.",
-                      "x-ms-summary": "Target Application"
-                    },
-                    "ID": {
-                      "name": "id",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "Numerical ID of the breach. Both integer and UUIDv4 ID formats are supported. You may also use a comma delimiter to request more than one breach at a time.",
-                      "x-ms-summary": "ID"
-                    },
-                    "Domain": {
-                      "name": "domain",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "Domain or Subdomain name to search for.",
-                      "x-ms-summary": "Domain"
-                    },
-                    "Email": {
-                      "name": "email",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "Email address to search for.",
-                      "x-ms-summary": "Email Address"
-                    },
-                    "IP": {
-                      "name": "ip",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "IP address or network CIDR notation to search for. For CIDR notation, use an underscore instead of a slash.",
-                      "x-ms-summary": "IP Address"
-                    },
-                    "Password": {
-                      "name": "password",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "Password you wish to search for.",
-                      "x-ms-summary": "Password"
-                    },
-                    "Username": {
-                      "name": "username",
-                      "in": "path",
-                      "required": true,
-                      "type": "string",
-                      "description": "Username you wish to search for.",
-                      "x-ms-summary": "Username"
-                    },
-                    "Query": {
-                      "name": "query",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "Query value to search the breach catalog for.",
-                      "x-ms-summary": "Query"
-                    },
-                    "Type": {
-                      "name": "type",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter lets you filter results by several types. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records, email_domain to just match against email domains, and target_domain to just match against target domains or subdomains. If no value has been provided the API function will, by default, return all record types.",
-                      "x-ms-summary": "Type",
-                      "enum": [
-                        "corporate",
-                        "infected",
-                        "email_domain",
-                        "target_domain"
-                      ]
-                    },
-                    "Compass_Type": {
-                      "name": "type",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter will return records that are verified or unverified, meaning those that matched the watchlist or not. By default if type is not used, both types will be returned.",
-                      "x-ms-summary": "Type",
-                      "enum": [
-                        "verified",
-                        "unverified"
-                      ]
-                    },
-                    "Watchlist_Type": {
-                      "name": "watchlist_type",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameters lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'subdomain', 'ip']. If no value has been provided, the API will return all watchlist types.",
-                      "x-ms-summary": "Watchlist Type",
-                      "enum": [
-                        "email",
-                        "domain",
-                        "subdomain",
-                        "ip"
-                      ]
-                    },
-                    "Cursor": {
-                      "name": "cursor",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "Token used for iterating through multiple pages of results.",
-                      "x-ms-summary": "Cursor"
-                    },
-                    "Since": {
-                      "name": "since",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter allows you to define the starting point for a date range query on the spycloud_publish_date field.",
-                      "x-ms-summary": "Since(YYYY-MM-DD)"
-                    },
-                    "Until": {
-                      "name": "until",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter allows you to define the ending point for a date range query on the spycloud_publish_date field.",
-                      "x-ms-summary": "Until(YYYY-MM-DD)"
-                    },
-                    "Since_Modification_Date": {
-                      "name": "since_modification_date",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter allows you to define the starting point for a date range query on the when an already published record was modified (record_modification_date).",
-                      "x-ms-summary": "Since Modification Date(YYYY-MM-DD)"
-                    },
-                    "Until_Modification_Date": {
-                      "name": "until_modification_date",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter allows you to define the ending point for a date range query on the when an already published record was modified (record_modification_date).",
-                      "x-ms-summary": "Until Modification Date(YYYY-MM-DD)"
-                    },
-                    "Severity": {
-                      "name": "severity",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter allows you to filter based on the numeric severity code.",
-                      "x-ms-summary": "Severity"
-                    },
-                    "Source_Id": {
-                      "name": "source_id",
-                      "in": "query",
-                      "required": false,
-                      "type": "number",
-                      "description": "This parameter allows you to filter based on a particular breach source.",
-                      "x-ms-summary": "Source Id"
-                    },
-                    "Salt": {
-                      "name": "salt",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used.",
-                      "x-ms-summary": "Salt"
-                    },
-                    "Since_Infected": {
-                      "name": "since_infected",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter allows you to define the starting point for a date range query on the infected_time..",
-                      "x-ms-summary": "Since Infected(YYYY-MM-DD)"
-                    },
-                    "Until_Infected": {
-                      "name": "until_infected",
-                      "in": "query",
-                      "required": false,
-                      "type": "string",
-                      "description": "This parameter allows you to define the ending point for a date range query on the infected_time field.",
-                      "x-ms-summary": "Until Infected(YYYY-MM-DD)"
-                    }
-                  },
-                  "securityDefinitions": {
-                    "API Key": {
-                      "type": "apiKey",
-                      "in": "header",
-                      "name": "X-API-Key"
-                    }
-                  },
-                  "security": [
-                    {
-                      "API Key": "[variables('TemplateEmptyArray')]"
-                    }
-                  ],
-                  "tags": "[variables('TemplateEmptyArray')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[[concat(variables('workspace-name'),'/Microsoft.SecurityInsights/',concat('LogicAppsCustomConnector-', last(split(variables('playbookId1'),'/'))))]",
-              "properties": {
-                "parentId": "[[variables('playbookId1')]",
-                "contentId": "[variables('_playbookContentId1')]",
-                "kind": "LogicAppsCustomConnector",
-                "version": "[variables('playbookVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "comments": "SpyCloud Enterprise Protection Custom Connector",
-            "lastUpdateTime": "2023-09-12T17:32:15.907Z",
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId1')]",
-        "contentKind": "LogicAppsCustomConnector",
-        "displayName": "Custom Connector",
-        "contentProductId": "[variables('_playbookcontentProductId1')]",
-        "id": "[variables('_playbookcontentProductId1')]",
-        "version": "[variables('playbookVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Breach-Playbook Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion2')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Breach-Playbook",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            }
-          },
-          "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('AzureSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident_2": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Account_Name": {
-                      "runAfter": {
-                        "Incident_Email_Account": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "account_name",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Astriek_Variable": {
-                      "runAfter": {
-                        "UPN_Suffix_": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "astriek",
-                            "type": "string",
-                            "value": "@"
-                          }
-                        ]
-                      }
-                    },
-                    "Check_if_the_incident_is_created_by_SpyCloud_Breach": {
-                      "actions": {
-                        "Entities_-_Get_Accounts": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/entities/account"
-                          }
-                        },
-                        "For_each_account": {
-                          "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
-                          "actions": {
-                            "Set__upn_suffix": {
-                              "runAfter": {
-                                "Set_account_name": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "upn_suffix",
-                                "value": "@items('For_each_account')?['UPNSuffix']"
-                              }
-                            },
-                            "Set_account_name": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "account_name",
-                                "value": "@items('For_each_account')?['Name']"
-                              }
-                            },
-                            "set_email_address": {
-                              "runAfter": {
-                                "Set__upn_suffix": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "incident_email_address",
-                                "value": "@{concat(variables('account_name'),concat(variables('astriek'),variables('upn_suffix')))}"
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "Entities_-_Get_Accounts": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "Foreach"
-                        },
-                        "For_each_incident_alert": {
-                          "foreach": "@triggerBody()?['object']?['properties']?['Alerts']",
-                          "actions": {
-                            "Add_comment_to_incident_(V3)": {
-                              "runAfter": {
-                                "Check_if_the_exposed_password_is_in_use_on_the_network": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p><strong>Breach Playbook successful</strong></p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              }
-                            },
-                            "Check_if_password_exists_in_the_incident": {
-                              "actions": {
-                                "Set_Incident_Password": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "incident_password",
-                                    "value": "@{variables('incident_custom_details_object')?['Password']}"
-                                  }
-                                },
-                                "Set_variable": {
-                                  "runAfter": {
-                                    "Set_Incident_Password": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "incident_plain_text_password",
-                                    "value": "@{replace(replace(variables('incident_password'),'[\"',''),'\"]','')}"
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Set_custom_details_object": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "not": {
-                                      "equals": [
-                                        "@variables('incident_custom_details_object')?['Password']",
-                                        "@null"
-                                      ]
-                                    }
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Check_if_pwd_length_is_greater_than_required_length_by_organization": {
-                              "runAfter": {
-                                "Check_if_password_exists_in_the_incident": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "equals": [
-                                      "",
-                                      ""
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Check_if_the_exposed_password_is_in_use_on_the_network": {
-                              "runAfter": {
-                                "Check_if_the_user_is_currently_an_active_employee": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "equals": [
-                                      "",
-                                      ""
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Check_if_the_user_is_currently_an_active_employee": {
-                              "runAfter": {
-                                "Check_if_pwd_length_is_greater_than_required_length_by_organization": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "equals": [
-                                      "",
-                                      ""
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Set_custom_details_object": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "incident_custom_details_object",
-                                "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])"
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "For_each_account": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "Foreach"
-                        }
-                      },
-                      "runAfter": {
-                        "Incident_Custom_Details_Object": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "equals": [
-                              "@triggerBody()?['object']?['properties']?['title']",
-                              "@variables('incident_name')"
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "IP_address": {
-                      "runAfter": {
-                        "Outputs_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Custom_Details_Object": {
-                      "runAfter": {
-                        "IP_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_custom_details_object",
-                            "type": "object"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Email_Account": {
-                      "runAfter": {
-                        "Incident_Plain_Text_Password": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_email_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Name": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_name",
-                            "type": "string",
-                            "value": "SpyCloud Enterprise Breach Detection"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Password": {
-                      "runAfter": {
-                        "Incident_Name": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_password",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Plain_Text_Password": {
-                      "runAfter": {
-                        "Incident_Password": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_plain_text_password",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Outputs_Variable": {
-                      "runAfter": {
-                        "Astriek_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "password_enrich_data",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "UPN_Suffix_": {
-                      "runAfter": {
-                        "Account_Name": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "upn_suffix",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId2')]",
-                "contentId": "[variables('_playbookContentId2')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "SpyCloud BReach Information - SpyCloud Enterprise",
-            "description": "This Playbook will be triggered when an spycloud breach incident is created.",
-            "prerequisites": "SpyCloud Enterprise API Key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "entities": [
-              "ACCOUNT"
-            ],
-            "tags": [
-              "Enrichment"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId2')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Breach-Playbook",
-        "contentProductId": "[variables('_playbookcontentProductId2')]",
-        "id": "[variables('_playbookcontentProductId2')]",
-        "version": "[variables('playbookVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName3')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Get-Domain-Breach-Data-Playbook Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion3')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Get-Domain-Breach-Data-Playbook",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            },
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom connector name"
-              }
-            }
-          },
-          "variables": {
-            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('AzureSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident_2": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Entities_-_Get_DNS": {
-                      "runAfter": {
-                        "IP_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/dnsresolution"
-                      }
-                    },
-                    "For_Each_Incident_DNS_Domain": {
-                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
-                      "actions": {
-                        "Check_if_records_exists": {
-                          "actions": {
-                            "Add_comment_to_incident_(V3)": {
-                              "runAfter": {
-                                "Check_number_of_Records": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Domain </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_DNS_Domain')?['DomainName']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              }
-                            },
-                            "Check_number_of_Records": {
-                              "actions": {
-                                "set_more_records_display_text": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "more_records_display_text",
-                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Create_HTML_table": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "greater": [
-                                      "@variables('total_records')",
-                                      "@variables('min_records')"
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Create_HTML_table": {
-                              "runAfter": {
-                                "For_each_response": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Table",
-                              "inputs": {
-                                "format": "HTML",
-                                "from": "@variables('domain_breach_data_array')"
-                              }
-                            },
-                            "For_each_response": {
-                              "foreach": "@take(body('Get_Breach_Data_by_Domain_Search')?['results'],variables('min_records'))",
-                              "actions": {
-                                "Append_to_array_variable": {
-                                  "runAfter": {
-                                    "Compose": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "Domain_Breach_Data_Array",
-                                    "value": "@outputs('Compose')"
-                                  }
-                                },
-                                "Compose": {
-                                  "runAfter": {
-                                    "Condition": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "Compose",
-                                  "inputs": {
-                                    "Document Id": "@items('For_each_response')?['document_id']",
-                                    "Domain": "@items('For_each_response')?['domain']",
-                                    "Email": "@items('For_each_response')?['email']",
-                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
-                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
-                                    "Infected Path": "@items('For_each_response')?['infected_path']",
-                                    "Infected Time": "@items('For_each_response')?['infected_time']",
-                                    "Password": "@items('For_each_response')?['password']",
-                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
-                                    "Severity": "@items('For_each_response')?['severity']",
-                                    "Source Id": "@items('For_each_response')?['source_id']",
-                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
-                                    "Target Domain": "@items('For_each_response')?['target_domain']",
-                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
-                                    "Target Url": "@items('For_each_response')?['target_url']",
-                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
-                                    "User OS": "@items('For_each_response')?['user_os']",
-                                    "Username": "@items('For_each_response')?['username']"
-                                  }
-                                },
-                                "Condition": {
-                                  "actions": {
-                                    "For_each_ip": {
-                                      "foreach": "@items('For_each_response')?['ip_addresses']",
-                                      "actions": {
-                                        "Append_to_string_variable": {
-                                          "type": "AppendToStringVariable",
-                                          "inputs": {
-                                            "name": "ip_address",
-                                            "value": "@{items('For_each_ip')},"
-                                          }
-                                        }
-                                      },
-                                      "type": "Foreach"
-                                    }
-                                  },
-                                  "runAfter": {
-                                    "Set_variable": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "not": {
-                                          "equals": [
-                                            "@items('For_each_response')?['ip_addresses']",
-                                            "@null"
-                                          ]
-                                        }
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                },
-                                "Set_variable": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "ip_address",
-                                    "value": " "
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Set_more_records_to_empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Foreach"
-                            },
-                            "Set_array_to_Empty": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "Domain_Breach_Data_Array",
-                                "value": "[variables('TemplateEmptyArray')]"
-                              }
-                            },
-                            "Set_more_records_to_empty": {
-                              "runAfter": {
-                                "Set_array_to_Empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "more_records_display_text",
-                                "value": " "
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "set_total_records": [
-                              "Succeeded"
-                            ]
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "type": "ApiConnection",
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Domain </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_DNS_Domain')?['DomainName']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                }
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "greater": [
-                                  "@variables('total_records')",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Get_Breach_Data_by_Domain_Search": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                              }
-                            },
-                            "method": "get",
-                            "path": "/breach/data/domains/@{encodeURIComponent(items('For_Each_Incident_DNS_Domain')?['DomainName'])}"
-                          }
-                        },
-                        "set_total_records": {
-                          "runAfter": {
-                            "Get_Breach_Data_by_Domain_Search": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "total_records",
-                            "value": "@body('Get_Breach_Data_by_Domain_Search')?['hits']"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Entities_-_Get_DNS": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Foreach",
-                      "runtimeConfiguration": {
-                        "concurrency": {
-                          "repetitions": 1
-                        }
-                      }
-                    },
-                    "IP_address": {
-                      "runAfter": {
-                        "Outputs_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Outputs_Variable": {
-                      "runAfter": {
-                        "more_records_desplay_text": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "domain_breach_data_array",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "minimum_records": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "min_records",
-                            "type": "integer",
-                            "value": 15
-                          }
-                        ]
-                      }
-                    },
-                    "more_records_desplay_text": {
-                      "runAfter": {
-                        "total_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "more_records_display_text",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "total_records": {
-                      "runAfter": {
-                        "minimum_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "total_records",
-                            "type": "integer"
-                          }
-                        ]
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "SpyCloud-Enterprise-Connector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId3')]",
-                "contentId": "[variables('_playbookContentId3')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion3')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_Custom Connector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "Domain Breach Data - SpyCloud Enterprise",
-            "description": "The SpyCloud Enterprise API is able to provide breach data for a domain or set of domains associated with an incident.",
-            "prerequisites": "https://www.spycloud.com/integrations to request a trial key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "entities": [
-              "dnsresolution"
-            ],
-            "tags": [
-              "Enrichment"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId3')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Get-Domain-Breach-Data-Playbook",
-        "contentProductId": "[variables('_playbookcontentProductId3')]",
-        "id": "[variables('_playbookcontentProductId3')]",
-        "version": "[variables('playbookVersion3')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName4')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Get-Email-Breach-Data-Playbook Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion4')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Get-Email-Breach-Data-Playbook",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            },
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom connector name"
-              }
-            }
-          },
-          "variables": {
-            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('AzureSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident_2": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Asterisk_Variable": {
-                      "runAfter": {
-                        "Email_Address_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "asterisk",
-                            "type": "string",
-                            "value": "@"
-                          }
-                        ]
-                      }
-                    },
-                    "Email_Address_Variable": {
-                      "runAfter": {
-                        "more_records_desplay_text": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "email_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Entities_-_Get_Accounts": {
-                      "runAfter": {
-                        "ip_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/account"
-                      }
-                    },
-                    "For_Each_Incident_Emails": {
-                      "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
-                      "actions": {
-                        "Check_if_records_exists": {
-                          "actions": {
-                            "Add_comment_to_incident_(V3)": {
-                              "runAfter": {
-                                "Check_number_of_Records": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Email </strong></span><span style=\"font-size: 14px\"><strong>@{variables('email_address')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              }
-                            },
-                            "Check_number_of_Records": {
-                              "actions": {
-                                "set_more_records_display_text": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "more_records_display_text",
-                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit: https://portal.spycloud.com/"
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Create_HTML_table": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "greater": [
-                                      "@variables('total_records')",
-                                      "@variables('min_records')"
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Create_HTML_table": {
-                              "runAfter": {
-                                "For_each_response": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Table",
-                              "inputs": {
-                                "format": "HTML",
-                                "from": "@variables('email_breach_data_array')"
-                              }
-                            },
-                            "For_each_response": {
-                              "foreach": "@take(body('Get_Breach_Data_by_Email_Search')?['results'],variables('min_records'))",
-                              "actions": {
-                                "Append_to_array_variable": {
-                                  "runAfter": {
-                                    "Compose": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "email_breach_data_array",
-                                    "value": "@outputs('Compose')"
-                                  }
-                                },
-                                "Compose": {
-                                  "runAfter": {
-                                    "Condition": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "Compose",
-                                  "inputs": {
-                                    "Document Id": "@items('For_each_response')?['document_id']",
-                                    "Domain": "@items('For_each_response')?['domain']",
-                                    "Email": "@items('For_each_response')?['email']",
-                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
-                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
-                                    "Infected Path": "@items('For_each_response')?['infected_path']",
-                                    "Infected Time": "@items('For_each_response')?['infected_time']",
-                                    "Password": "@items('For_each_response')?['password']",
-                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
-                                    "Severity": "@items('For_each_response')?['severity']",
-                                    "Source Id": "@items('For_each_response')?['source_id']",
-                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
-                                    "Target Domain": "@items('For_each_response')?['target_domain']",
-                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
-                                    "Target Url": "@items('For_each_response')?['target_url']",
-                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
-                                    "User OS": "@items('For_each_response')?['user_os']",
-                                    "Username": "@items('For_each_response')?['username']"
-                                  }
-                                },
-                                "Condition": {
-                                  "actions": {
-                                    "For_each_ip": {
-                                      "foreach": "@items('For_each_response')?['ip_addresses']",
-                                      "actions": {
-                                        "Append_to_string_variable": {
-                                          "type": "AppendToStringVariable",
-                                          "inputs": {
-                                            "name": "ip_address",
-                                            "value": "@{items('For_each_ip')},"
-                                          }
-                                        }
-                                      },
-                                      "type": "Foreach"
-                                    }
-                                  },
-                                  "runAfter": {
-                                    "Set_variable": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "not": {
-                                          "equals": [
-                                            "@items('For_each_response')?['ip_addresses']",
-                                            "@null"
-                                          ]
-                                        }
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                },
-                                "Set_variable": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "ip_address",
-                                    "value": " "
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Set_more_records_to_empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Foreach"
-                            },
-                            "Set_array_to_empty": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "email_breach_data_array",
-                                "value": "[variables('TemplateEmptyArray')]"
-                              }
-                            },
-                            "Set_more_records_to_empty": {
-                              "runAfter": {
-                                "Set_array_to_empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "more_records_display_text",
-                                "value": " "
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "set_total_records": [
-                              "Succeeded"
-                            ]
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "type": "ApiConnection",
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Email </strong></span><span style=\"font-size: 14px\"><strong>@{variables('email_address')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                }
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "greater": [
-                                  "@variables('total_records')",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Get_Breach_Data_by_Email_Search": {
-                          "runAfter": {
-                            "Set_Email_Address": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                              }
-                            },
-                            "method": "get",
-                            "path": "/breach/data/emails/@{encodeURIComponent(variables('email_address'))}"
-                          }
-                        },
-                        "Set_Email_Address": {
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "email_address",
-                            "value": "@{items('For_Each_Incident_Emails')?['Name']}@{variables('asterisk')}@{items('For_Each_Incident_Emails')?['UPNSuffix']}"
-                          }
-                        },
-                        "set_total_records": {
-                          "runAfter": {
-                            "Get_Breach_Data_by_Email_Search": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "total_records",
-                            "value": "@body('Get_Breach_Data_by_Email_Search')?['hits']"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Entities_-_Get_Accounts": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Foreach",
-                      "runtimeConfiguration": {
-                        "concurrency": {
-                          "repetitions": 1
-                        }
-                      }
-                    },
-                    "Outputs_Variable": {
-                      "runAfter": {
-                        "Asterisk_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "email_breach_data_array",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "ip_address": {
-                      "runAfter": {
-                        "Outputs_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "minimum_records": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "min_records",
-                            "type": "integer",
-                            "value": 15
-                          }
-                        ]
-                      }
-                    },
-                    "more_records_desplay_text": {
-                      "runAfter": {
-                        "total_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "more_records_display_text",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "total_records": {
-                      "runAfter": {
-                        "minimum_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "total_records",
-                            "type": "integer"
-                          }
-                        ]
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "SpyCloud-Enterprise-Connector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId4')]",
-                "contentId": "[variables('_playbookContentId4')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion4')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_Custom Connector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "Email Address Breach Data - SpyCloud Enterprise",
-            "description": "The SpyCloud Enterprise API is able to provide breach data for a Email address or set of Email addresses associated with an incident.",
-            "prerequisites": "SpyCloud Enterprise API Key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "entities": [
-              "ACCOUNT"
-            ],
-            "tags": [
-              "Enrichment"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId4')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Get-Email-Breach-Data-Playbook",
-        "contentProductId": "[variables('_playbookcontentProductId4')]",
-        "id": "[variables('_playbookcontentProductId4')]",
-        "version": "[variables('playbookVersion4')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName5')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Get-IP-Breach-Data-Playbook Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion5')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Get-IP-Breach-Data-Playbook",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            },
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom connector name"
-              }
-            }
-          },
-          "variables": {
-            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('AzureSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident_2": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Entities_-_Get_IPs": {
-                      "runAfter": {
-                        "ip_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/ip"
-                      }
-                    },
-                    "For_Each_Incident_IPS": {
-                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
-                      "actions": {
-                        "Check_if_records_exists": {
-                          "actions": {
-                            "Add_comment_to_incident_(V3)": {
-                              "runAfter": {
-                                "Check_number_of_Records": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for IP </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_IPS')?['Address']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              }
-                            },
-                            "Check_number_of_Records": {
-                              "actions": {
-                                "set_more_records_display_text": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "more_records_display_text",
-                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Create_HTML_table": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "greater": [
-                                      "@variables('total_records')",
-                                      "@variables('min_records')"
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Create_HTML_table": {
-                              "runAfter": {
-                                "For_each_response": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Table",
-                              "inputs": {
-                                "format": "HTML",
-                                "from": "@variables('ip_breach_data_array')"
-                              }
-                            },
-                            "For_each_response": {
-                              "foreach": "@take(body('Get_Breach_Data_by_IP_Address')?['results'],variables('min_records'))",
-                              "actions": {
-                                "Append_to_array_variable": {
-                                  "runAfter": {
-                                    "Compose": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "IP_Breach_Data_Array",
-                                    "value": "@outputs('Compose')"
-                                  }
-                                },
-                                "Compose": {
-                                  "runAfter": {
-                                    "Condition": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "Compose",
-                                  "inputs": {
-                                    "Document Id": "@items('For_each_response')?['document_id']",
-                                    "Domain": "@items('For_each_response')?['domain']",
-                                    "Email": "@items('For_each_response')?['email']",
-                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
-                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
-                                    "Infected Path": "@items('For_each_response')?['infected_path']",
-                                    "Infected Time": "@items('For_each_response')?['infected_time']",
-                                    "Password": "@items('For_each_response')?['password']",
-                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
-                                    "Severity": "@items('For_each_response')?['severity']",
-                                    "Source Id": "@items('For_each_response')?['source_id']",
-                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
-                                    "Target Domain": "@items('For_each_response')?['target_domain']",
-                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
-                                    "Target Url": "@items('For_each_response')?['target_url']",
-                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
-                                    "User OS": "@items('For_each_response')?['user_os']",
-                                    "Username": "@items('For_each_response')?['username']"
-                                  }
-                                },
-                                "Condition": {
-                                  "actions": {
-                                    "For_each_ip": {
-                                      "foreach": "@items('For_each_response')?['ip_addresses']",
-                                      "actions": {
-                                        "Append_to_string_variable": {
-                                          "type": "AppendToStringVariable",
-                                          "inputs": {
-                                            "name": "ip_address",
-                                            "value": "@{items('For_each_ip')},"
-                                          }
-                                        }
-                                      },
-                                      "type": "Foreach"
-                                    }
-                                  },
-                                  "runAfter": {
-                                    "Set_variable": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "not": {
-                                          "equals": [
-                                            "@items('For_each_response')?['ip_addresses']",
-                                            "@null"
-                                          ]
-                                        }
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                },
-                                "Set_variable": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "ip_address",
-                                    "value": " "
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Set_more_records_to_empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Foreach"
-                            },
-                            "Set_array_to_Empty": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "ip_breach_data_array",
-                                "value": "[variables('TemplateEmptyArray')]"
-                              }
-                            },
-                            "Set_more_records_to_empty": {
-                              "runAfter": {
-                                "Set_array_to_Empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "more_records_display_text",
-                                "value": " "
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "set_total_records": [
-                              "Succeeded"
-                            ]
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "type": "ApiConnection",
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for IP </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_IPS')?['Address']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                }
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "greater": [
-                                  "@variables('total_records')",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Get_Breach_Data_by_IP_Address": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                              }
-                            },
-                            "method": "get",
-                            "path": "/breach/data/ips/@{encodeURIComponent(items('For_Each_Incident_IPS')?['Address'])}"
-                          }
-                        },
-                        "set_total_records": {
-                          "runAfter": {
-                            "Get_Breach_Data_by_IP_Address": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "total_records",
-                            "value": "@body('Get_Breach_Data_by_IP_Address')?['hits']"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Entities_-_Get_IPs": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Foreach",
-                      "runtimeConfiguration": {
-                        "concurrency": {
-                          "repetitions": 1
-                        }
-                      }
-                    },
-                    "Outputs_Variable": {
-                      "runAfter": {
-                        "more_records_desplay_text": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_breach_data_array",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "ip_address": {
-                      "runAfter": {
-                        "Outputs_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "minimum_records": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "min_records",
-                            "type": "integer",
-                            "value": 15
-                          }
-                        ]
-                      }
-                    },
-                    "more_records_desplay_text": {
-                      "runAfter": {
-                        "total_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "more_records_display_text",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "total_records": {
-                      "runAfter": {
-                        "minimum_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "total_records",
-                            "type": "integer"
-                          }
-                        ]
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "SpyCloud-Enterprise-Connector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId5')]",
-                "contentId": "[variables('_playbookContentId5')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion5')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_Custom Connector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "IP Address Breach Data - SpyCloud Enterprise",
-            "description": "The SpyCloud Enterprise API is able to provide breach data for a IP address or set of IP addresses associated with an incident.",
-            "prerequisites": "SpyCloud Enterprise API Key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "entities": [
-              "IP"
-            ],
-            "tags": [
-              "Enrichment"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId5')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Get-IP-Breach-Data-Playbook",
-        "contentProductId": "[variables('_playbookcontentProductId5')]",
-        "id": "[variables('_playbookcontentProductId5')]",
-        "version": "[variables('playbookVersion5')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName6')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Get-Password-Breach-Data-Playbook Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion6')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Get-Password-Breach-Data-Playbook",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            },
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom connector name"
-              }
-            }
-          },
-          "variables": {
-            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
-            "_connection-1": "[[variables('connection-1')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "manual": {
-                      "type": "Request",
-                      "kind": "Http",
-                      "inputs": {
-                        "method": "GET"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Check_if_records_exists": {
-                      "actions": {
-                        "Create_HTML_table": {
-                          "runAfter": {
-                            "For_each_response": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "Table",
-                          "inputs": {
-                            "format": "HTML",
-                            "from": "@variables('password_breach_data_array')"
-                          }
-                        },
-                        "For_each_response": {
-                          "foreach": "@body('Get_Breach_Data_by_Password_Search')?['results']",
-                          "actions": {
-                            "Append_to_array_variable": {
-                              "runAfter": {
-                                "Compose": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "AppendToArrayVariable",
-                              "inputs": {
-                                "name": "password_breach_data_array",
-                                "value": "@outputs('Compose')"
-                              }
-                            },
-                            "Check_if_ip_address_exists": {
-                              "actions": {
-                                "For_each_ip": {
-                                  "foreach": "@items('For_each_response')?['ip_addresses']",
-                                  "actions": {
-                                    "Append_to_ip_address_variable": {
-                                      "type": "AppendToStringVariable",
-                                      "inputs": {
-                                        "name": "ip_address",
-                                        "value": "@{items('For_each_ip')},"
-                                      }
-                                    }
-                                  },
-                                  "type": "Foreach"
-                                }
-                              },
-                              "runAfter": {
-                                "Set_ip_address_to_empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "not": {
-                                      "equals": [
-                                        "@items('For_each_response')?['ip_addresses']",
-                                        "@null"
-                                      ]
-                                    }
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Compose": {
-                              "runAfter": {
-                                "Check_if_ip_address_exists": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Compose",
-                              "inputs": {
-                                "Document Id": "@items('For_each_response')?['document_id']",
-                                "Domain": "@items('For_each_response')?['domain']",
-                                "Email": "@items('For_each_response')?['email']",
-                                "IP Addresses": "@substring(variables('ip_address'), 0, sub(length(variables('ip_address')), 1))",
-                                "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
-                                "Infected Path": "@items('For_each_response')?['infected_path']",
-                                "Infected Time": "@items('For_each_response')?['infected_time']",
-                                "Password": "@items('For_each_response')?['password']",
-                                "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
-                                "Severity": "@items('For_each_response')?['severity']",
-                                "Source Id": "@items('For_each_response')?['source_id']",
-                                "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
-                                "Target Domain": "@items('For_each_response')?['target_domain']",
-                                "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
-                                "Target Url": "@items('For_each_response')?['target_url']",
-                                "User Hostname": "@items('For_each_response')?['user_hostname']",
-                                "User OS": "@items('For_each_response')?['user_os']",
-                                "Username": "@items('For_each_response')?['username']"
-                              }
-                            },
-                            "Set_ip_address_to_empty": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "ip_address",
-                                "value": " "
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "Set_array_to_Empty": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "Foreach"
-                        },
-                        "Set_array_to_Empty": {
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "password_breach_data_array",
-                            "value": "[variables('TemplateEmptyArray')]"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "set_total_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "greater": [
-                              "@variables('total_records')",
-                              0
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "Get_Breach_Data_by_Password_Search": {
-                      "runAfter": {
-                        "Provide_Password_to_search": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/breach/data/passwords/@{encodeURIComponent(variables('password_to_search'))}"
-                      }
-                    },
-                    "Outputs_Variable": {
-                      "runAfter": {
-                        "more_records_desplay_text": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "password_breach_data_array",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "Provide_Password_to_search": {
-                      "runAfter": {
-                        "ip_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "password_to_search",
-                            "type": "string",
-                            "value": "welcome@123"
-                          }
-                        ]
-                      }
-                    },
-                    "ip_address": {
-                      "runAfter": {
-                        "Outputs_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "minimum_records": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "min_records",
-                            "type": "integer",
-                            "value": 15
-                          }
-                        ]
-                      }
-                    },
-                    "more_records_desplay_text": {
-                      "runAfter": {
-                        "total_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "more_records_display_text",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "set_total_records": {
-                      "runAfter": {
-                        "Get_Breach_Data_by_Password_Search": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "SetVariable",
-                      "inputs": {
-                        "name": "total_records",
-                        "value": "@body('Get_Breach_Data_by_Password_Search')?['hits']"
-                      }
-                    },
-                    "total_records": {
-                      "runAfter": {
-                        "minimum_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "total_records",
-                            "type": "integer"
-                          }
-                        ]
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "SpyCloud-Enterprise-Connector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId6')]",
-                "contentId": "[variables('_playbookContentId6')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion6')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_Custom Connector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "Password Breach Data - SpyCloud Enterprise",
-            "description": "The SpyCloud Enterprise API is able to provide breach data for a provided password.",
-            "prerequisites": "SpyCloud Enterprise API Key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "tags": [
-              "Enrichment"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId6')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Get-Password-Breach-Data-Playbook",
-        "contentProductId": "[variables('_playbookcontentProductId6')]",
-        "id": "[variables('_playbookcontentProductId6')]",
-        "version": "[variables('playbookVersion6')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName7')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Get-Username-Breach-Data-Playbook Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion7')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Get-Username-Breach-Data-Playbook",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            },
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom connector name"
-              }
-            }
-          },
-          "variables": {
-            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('AzureSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident_2": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Entities_-_Get_Accounts": {
-                      "runAfter": {
-                        "ip_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/account"
-                      }
-                    },
-                    "For_Each_Incident_Emails": {
-                      "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
-                      "actions": {
-                        "Check_if_records_exists": {
-                          "actions": {
-                            "Add_comment_to_incident_(V3)": {
-                              "runAfter": {
-                                "Check_number_of_Records": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for username </strong></span><span style=\"font-size: 14px\"><strong>@{variables('username')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              }
-                            },
-                            "Check_number_of_Records": {
-                              "actions": {
-                                "set_more_records_display_text": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "more_records_display_text",
-                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Create_HTML_table": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "greater": [
-                                      "@variables('total_records')",
-                                      "@variables('min_records')"
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Create_HTML_table": {
-                              "runAfter": {
-                                "For_each_response": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Table",
-                              "inputs": {
-                                "format": "HTML",
-                                "from": "@variables('username_breach_data_array')"
-                              }
-                            },
-                            "For_each_response": {
-                              "foreach": "@take(body('Get_Breach_Data_by_Username_Search')?['results'],variables('min_records'))",
-                              "actions": {
-                                "Append_to_array_variable": {
-                                  "runAfter": {
-                                    "Compose": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "username_breach_data_array",
-                                    "value": "@outputs('Compose')"
-                                  }
-                                },
-                                "Compose": {
-                                  "runAfter": {
-                                    "Condition": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "Compose",
-                                  "inputs": {
-                                    "Document Id": "@items('For_each_response')?['document_id']",
-                                    "Domain": "@items('For_each_response')?['domain']",
-                                    "Email": "@items('For_each_response')?['email']",
-                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
-                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
-                                    "Infected Path": "@items('For_each_response')?['infected_path']",
-                                    "Infected Time": "@items('For_each_response')?['infected_time']",
-                                    "Password": "@items('For_each_response')?['password']",
-                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
-                                    "Severity": "@items('For_each_response')?['severity']",
-                                    "Source Id": "@items('For_each_response')?['source_id']",
-                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
-                                    "Target Domain": "@items('For_each_response')?['target_domain']",
-                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
-                                    "Target Url": "@items('For_each_response')?['target_url']",
-                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
-                                    "User OS": "@items('For_each_response')?['user_os']",
-                                    "Username": "@items('For_each_response')?['username']"
-                                  }
-                                },
-                                "Condition": {
-                                  "actions": {
-                                    "For_each_ip": {
-                                      "foreach": "@items('For_each_response')?['ip_addresses']",
-                                      "actions": {
-                                        "Append_to_string_variable": {
-                                          "type": "AppendToStringVariable",
-                                          "inputs": {
-                                            "name": "ip_address",
-                                            "value": "@{items('For_each_ip')},"
-                                          }
-                                        }
-                                      },
-                                      "type": "Foreach"
-                                    }
-                                  },
-                                  "runAfter": {
-                                    "Set_variable": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "not": {
-                                          "equals": [
-                                            "@items('For_each_response')?['ip_addresses']",
-                                            "@null"
-                                          ]
-                                        }
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                },
-                                "Set_variable": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "ip_address",
-                                    "value": " "
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Set_more_records_to_empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Foreach"
-                            },
-                            "Set_array_to_Empty": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "username_breach_data_array",
-                                "value": "[variables('TemplateEmptyArray')]"
-                              }
-                            },
-                            "Set_more_records_to_empty": {
-                              "runAfter": {
-                                "Set_array_to_Empty": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "more_records_display_text",
-                                "value": " "
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "set_total_records": [
-                              "Succeeded"
-                            ]
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "type": "ApiConnection",
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for username </strong></span><span style=\"font-size: 14px\"><strong>@{variables('username')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                }
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "greater": [
-                                  "@variables('total_records')",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Get_Breach_Data_by_Username_Search": {
-                          "runAfter": {
-                            "Set_Username": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                              }
-                            },
-                            "method": "get",
-                            "path": "/breach/data/usernames/@{encodeURIComponent(variables('username'))}"
-                          }
-                        },
-                        "Set_Username": {
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "username",
-                            "value": "@items('For_Each_Incident_Emails')?['Name']"
-                          }
-                        },
-                        "set_total_records": {
-                          "runAfter": {
-                            "Get_Breach_Data_by_Username_Search": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "total_records",
-                            "value": "@body('Get_Breach_Data_by_Username_Search')?['hits']"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Entities_-_Get_Accounts": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "Foreach",
-                      "runtimeConfiguration": {
-                        "concurrency": {
-                          "repetitions": 1
-                        }
-                      }
-                    },
-                    "Outputs_Variable": {
-                      "runAfter": {
-                        "Usernames_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "username_breach_data_array",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "Usernames_Variable": {
-                      "runAfter": {
-                        "more_records_desplay_text": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "username",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "ip_address": {
-                      "runAfter": {
-                        "Outputs_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "minimum_records": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "min_records",
-                            "type": "integer",
-                            "value": 15
-                          }
-                        ]
-                      }
-                    },
-                    "more_records_desplay_text": {
-                      "runAfter": {
-                        "total_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "more_records_display_text",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "total_records": {
-                      "runAfter": {
-                        "minimum_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "total_records",
-                            "type": "integer"
-                          }
-                        ]
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "SpyCloud-Enterprise-Connector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId7')]",
-                "contentId": "[variables('_playbookContentId7')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion7')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_Custom Connector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "Username Breach Data - SpyCloud Enterprise",
-            "description": "The SpyCloud Enterprise API is able to provide breach data for a username or set of usernames associated with an incident.",
-            "prerequisites": "SpyCloud Enterprise API Key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "entities": [
-              "ACCOUNT"
-            ],
-            "tags": [
-              "Enrichment"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId7')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Get-Username-Breach-Data-Playbook",
-        "contentProductId": "[variables('_playbookcontentProductId7')]",
-        "id": "[variables('_playbookcontentProductId7')]",
-        "version": "[variables('playbookVersion7')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName8')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Malware-Playbook Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion8')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Malware-Playbook",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            },
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom connector name"
-              }
-            }
-          },
-          "variables": {
-            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('AzureSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident_2": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Check_if_the_incident_is_created_by_SpyCloud_Malware_": {
-                      "actions": {
-                        "Entities_-_Get_Hosts": {
-                          "runAfter": {
-                            "For_each_incident_alert": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/entities/host"
-                          }
-                        },
-                        "For_each_host": {
-                          "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
-                          "actions": {
-                            "Check_if_the_records_are_returned": {
-                              "actions": {
-                                "Add_comment_to_incident_(V3)": {
-                                  "runAfter": {
-                                    "Check_number_of_Records": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "ApiConnection",
-                                  "inputs": {
-                                    "body": {
-                                      "incidentArmId": "@triggerBody()?['object']?['id']",
-                                      "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Comapss Devices Data for</strong></span> @{variables('infected_machine_id')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
-                                    },
-                                    "host": {
-                                      "connection": {
-                                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                      }
-                                    },
-                                    "method": "post",
-                                    "path": "/Incidents/Comment"
-                                  }
-                                },
-                                "Check_number_of_Records": {
-                                  "actions": {
-                                    "set_more_records_display_text": {
-                                      "type": "SetVariable",
-                                      "inputs": {
-                                        "name": "more_records_display_text",
-                                        "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
-                                      }
-                                    }
-                                  },
-                                  "runAfter": {
-                                    "Create_HTML_table": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "greater": [
-                                          "@variables('total_records')",
-                                          "@variables('min_records')"
-                                        ]
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                },
-                                "Create_HTML_table": {
-                                  "runAfter": {
-                                    "For_each_response": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "Table",
-                                  "inputs": {
-                                    "format": "HTML",
-                                    "from": "@variables('compass_device_data')"
-                                  }
-                                },
-                                "For_each_response": {
-                                  "foreach": "@take(body('Get_Compass_Devices_Data')?['results'],variables('min_records'))",
-                                  "actions": {
-                                    "Append_to_array_variable": {
-                                      "runAfter": {
-                                        "Compose": [
-                                          "Succeeded"
-                                        ]
-                                      },
-                                      "type": "AppendToArrayVariable",
-                                      "inputs": {
-                                        "name": "compass_device_data",
-                                        "value": "@outputs('Compose')"
-                                      }
-                                    },
-                                    "Compose": {
-                                      "runAfter": {
-                                        "Condition": [
-                                          "Succeeded"
-                                        ]
-                                      },
-                                      "type": "Compose",
-                                      "inputs": {
-                                        "Document Id": "@items('For_each_response')?['document_id']",
-                                        "Domain": "@items('For_each_response')?['domain']",
-                                        "Email": "@items('For_each_response')?['email']",
-                                        "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
-                                        "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
-                                        "Infected Path": "@items('For_each_response')?['infected_path']",
-                                        "Infected Time": "@items('For_each_response')?['infected_time']",
-                                        "Password": "@items('For_each_response')?['password']",
-                                        "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
-                                        "Severity": "@items('For_each_response')?['severity']",
-                                        "Source Id": "@items('For_each_response')?['source_id']",
-                                        "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
-                                        "Target Domain": "@items('For_each_response')?['target_domain']",
-                                        "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
-                                        "Target Url": "@items('For_each_response')?['target_url']",
-                                        "User Hostname": "@items('For_each_response')?['user_hostname']",
-                                        "User OS": "@items('For_each_response')?['user_os']",
-                                        "Username": "@items('For_each_response')?['username']"
-                                      }
-                                    },
-                                    "Condition": {
-                                      "actions": {
-                                        "For_each_ip": {
-                                          "foreach": "@items('For_each_response')?['ip_addresses']",
-                                          "actions": {
-                                            "Append_to_string_variable": {
-                                              "type": "AppendToStringVariable",
-                                              "inputs": {
-                                                "name": "ip_address",
-                                                "value": "@{items('For_each_ip')},"
-                                              }
-                                            }
-                                          },
-                                          "type": "Foreach"
-                                        }
-                                      },
-                                      "runAfter": {
-                                        "Set_IP_Address_to_Empty": [
-                                          "Succeeded"
-                                        ]
-                                      },
-                                      "else": {
-                                        "actions": {
-                                          "Set_variable": {
-                                            "type": "SetVariable",
-                                            "inputs": {
-                                              "name": "ip_address",
-                                              "value": " "
-                                            }
-                                          }
-                                        }
-                                      },
-                                      "expression": {
-                                        "and": [
-                                          {
-                                            "not": {
-                                              "equals": [
-                                                "@items('For_each_response')?['ip_addresses']",
-                                                "@null"
-                                              ]
-                                            }
-                                          }
-                                        ]
-                                      },
-                                      "type": "If"
-                                    },
-                                    "Set_IP_Address_to_Empty": {
-                                      "type": "SetVariable",
-                                      "inputs": {
-                                        "name": "ip_address",
-                                        "value": " "
-                                      }
-                                    }
-                                  },
-                                  "type": "Foreach"
-                                },
-                                "Update_incident": {
-                                  "runAfter": {
-                                    "Add_comment_to_incident_(V3)": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "ApiConnection",
-                                  "inputs": {
-                                    "body": {
-                                      "incidentArmId": "@triggerBody()?['object']?['id']",
-                                      "owner": "someone@someone.com",
-                                      "ownerAction": "Assign",
-                                      "severity": "High"
-                                    },
-                                    "host": {
-                                      "connection": {
-                                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                      }
-                                    },
-                                    "method": "put",
-                                    "path": "/Incidents"
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Get_Compass_Devices_Data": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "greater": [
-                                      "@body('Get_Compass_Devices_Data')?['hits']",
-                                      0
-                                    ]
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Get_Compass_Devices_Data": {
-                              "runAfter": {
-                                "Set_Infected_Machine_ID": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                                  }
-                                },
-                                "method": "get",
-                                "path": "/compass/data/devices/@{encodeURIComponent(variables('infected_machine_id'))}"
-                              }
-                            },
-                            "Set_Infected_Machine_ID": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "infected_machine_id",
-                                "value": "@items('For_each_host')?['HostName']"
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "Entities_-_Get_Hosts": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "Foreach"
-                        },
-                        "For_each_incident_alert": {
-                          "foreach": "@triggerBody()?['object']?['properties']?['Alerts']",
-                          "actions": {
-                            "Check_User_Host_Name_exists": {
-                              "actions": {
-                                "Check_if_Host_is_Managed_host": {
-                                  "runAfter": {
-                                    "Set_variable_2": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "equals": [
-                                          "",
-                                          ""
-                                        ]
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                },
-                                "Set_User_Host_Name": {
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "user_host_name",
-                                    "value": "@{variables('incident_custom_details_object')?['User_Host_Name']}"
-                                  }
-                                },
-                                "Set_variable_2": {
-                                  "runAfter": {
-                                    "Set_User_Host_Name": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "SetVariable",
-                                  "inputs": {
-                                    "name": "user_host_name_trim",
-                                    "value": "@{replace(replace(variables('user_host_name'),'[\"',''),'\"]','')}"
-                                  }
-                                }
-                              },
-                              "runAfter": {
-                                "Set_custom_details_object": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "expression": {
-                                "and": [
-                                  {
-                                    "not": {
-                                      "equals": [
-                                        "@variables('incident_custom_details_object')?['User_Host_Name']",
-                                        "@null"
-                                      ]
-                                    }
-                                  }
-                                ]
-                              },
-                              "type": "If"
-                            },
-                            "Set_custom_details_object": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "incident_custom_details_object",
-                                "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])"
-                              }
-                            }
-                          },
-                          "type": "Foreach"
-                        }
-                      },
-                      "runAfter": {
-                        "Incident_Custom_Details_Object": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "equals": [
-                              "@triggerBody()?['object']?['properties']?['title']",
-                              "@variables('incident_name')"
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "IP_address": {
-                      "runAfter": {
-                        "Outputs_Variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Custom_Details_Array": {
-                      "runAfter": {
-                        "Is_Managed_Host": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_custom_details_array",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Custom_Details_Object": {
-                      "runAfter": {
-                        "Incident_Custom_Details_Array": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_custom_details_object",
-                            "type": "object"
-                          }
-                        ]
-                      }
-                    },
-                    "Incident_Name": {
-                      "runAfter": {
-                        "more_records_display_text": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "incident_name",
-                            "type": "string",
-                            "value": "SpyCloud Enterprise Malware Detection"
-                          }
-                        ]
-                      }
-                    },
-                    "Initialize_variable": {
-                      "runAfter": {
-                        "User_Host_Name": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "user_host_name_trim",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Is_Managed_Host": {
-                      "runAfter": {
-                        "IP_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "is_managed_host",
-                            "type": "boolean",
-                            "value": "@true"
-                          }
-                        ]
-                      }
-                    },
-                    "Machine_ID": {
-                      "runAfter": {
-                        "Initialize_variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "infected_machine_id",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Outputs_Variable": {
-                      "runAfter": {
-                        "Machine_ID": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "compass_device_data",
-                            "type": "array"
-                          }
-                        ]
-                      }
-                    },
-                    "User_Host_Name": {
-                      "runAfter": {
-                        "Incident_Name": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "user_host_name",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "minimum_records": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "min_records",
-                            "type": "integer",
-                            "value": 15
-                          }
-                        ]
-                      }
-                    },
-                    "more_records_display_text": {
-                      "runAfter": {
-                        "total_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "more_records_display_text",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "total_records": {
-                      "runAfter": {
-                        "minimum_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "total_records",
-                            "type": "integer"
-                          }
-                        ]
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "SpyCloud-Enterprise-Connector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId8')]",
-                "contentId": "[variables('_playbookContentId8')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion8')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_Custom Connector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "SpyCloud Malware Information - SpyCloud Enterprise",
-            "description": "This Playbook will be triggered when an spycloud malware incident is created.",
-            "prerequisites": "SpyCloud Enterprise API Key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "entities": [
-              "ACCOUNT"
-            ],
-            "tags": [
-              "Enrichment"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId8')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Malware-Playbook",
-        "contentProductId": "[variables('_playbookcontentProductId8')]",
-        "id": "[variables('_playbookcontentProductId8')]",
-        "version": "[variables('playbookVersion8')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName9')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloud-Monitor-Watchlist-Data Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion9')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "SpyCloud-Monitor-Watchlist-Data",
-              "type": "string",
-              "metadata": {
-                "description": "Name of the Logic App/Playbook"
-              }
-            },
-            "SpyCloudConnectorName": {
-              "defaultValue": "SpyCloud-Enterprise-Protection",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom connector name"
-              }
-            },
-            "SpyCloud_Custom_Log_Table_Name": {
-              "defaultValue": "SpyCloudBreachDataWatchlist",
-              "type": "String",
-              "metadata": {
-                "description": "SpyCloud Enterprise custom log name"
-              }
-            }
-          },
-          "variables": {
-            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
-            "AzureLogAnalyticsDataConnector": "[[concat('azuredataconnector-', parameters('PlaybookName'))]",
-            "SpyCloudCustomTableName": "[[parameters('SpyCloud_Custom_Log_Table_Name')]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azureloganalyticsdatacollector')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureLogAnalyticsDataConnector')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('AzureLogAnalyticsDataConnector')]",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "properties": {
-                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]"
-              ],
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Recurrence": {
-                      "recurrence": {
-                        "frequency": "Day",
-                        "interval": 1,
-                        "startTime": "[variables('blanks')]"
-                      },
-                      "evaluatedRecurrence": {
-                        "frequency": "Day",
-                        "interval": 1,
-                        "startTime": "2023-05-06T00:00:00Z"
-                      },
-                      "type": "Recurrence"
-                    }
-                  },
-                  "actions": {
-                    "Cursor": {
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "cursor",
-                            "type": "string",
-                            "value": "start"
-                          }
-                        ]
-                      }
-                    },
-                    "Custom_Log_Name": {
-                      "runAfter": {
-                        "date_": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "custom_log_name",
-                            "type": "string",
-                            "value": "[[variables('SpyCloudCustomTableName')]"
-                          }
-                        ]
-                      }
-                    },
-                    "IP_address": {
-                      "runAfter": {
-                        "Is_First_Fetch": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "ip_address",
-                            "type": "string"
-                          }
-                        ]
-                      }
-                    },
-                    "Is_First_Fetch": {
-                      "runAfter": {
-                        "Cursor": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "first_fetch",
-                            "type": "boolean",
-                            "value": "@true"
-                          }
-                        ]
-                      }
-                    },
-                    "Until_Modified_Records_Exist": {
-                      "actions": {
-                        "Check_if_this_is_first_fetch_for_modified_records": {
-                          "actions": {
-                            "Set_Cursor_to_null_2": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "cursor",
-                                "value": "@{null}"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@variables('first_fetch')",
-                                  "@true"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Get_Breach_Data_for_Entire_Watchlist_2": {
-                          "runAfter": {
-                            "Set_modified_records_array_to_empty": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                              }
-                            },
-                            "method": "get",
-                            "path": "/breach/data/watchlist",
-                            "queries": {
-                              "cursor": "@variables('cursor')",
-                              "since_modification_date": "@variables('date')"
-                            }
-                          }
-                        },
-                        "Set_false_to_first_fetch": {
-                          "runAfter": {
-                            "check_if_data_exist_for_date": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "first_fetch",
-                            "value": "@false"
-                          }
-                        },
-                        "Set_modified_records_array_to_empty": {
-                          "runAfter": {
-                            "Check_if_this_is_first_fetch_for_modified_records": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "modified_records",
-                            "value": "[variables('TemplateEmptyArray')]"
-                          }
-                        },
-                        "check_if_data_exist_for_date": {
-                          "actions": {
-                            "For_each_response_2": {
-                              "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['results']",
-                              "actions": {
-                                "Append_to_modified_records_variable": {
-                                  "runAfter": {
-                                    "Check_IP_Address_is_Not_empty_2": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "modified_records",
-                                    "value": {
-                                      "Document Id": "@{items('For_each_response_2')?['document_id']}",
-                                      "Domain": "@{items('For_each_response_2')?['domain']}",
-                                      "Email": "@{items('For_each_response_2')?['email']}",
-                                      "IP_Address": "@{variables('ip_address')}",
-                                      "Infected_Machine_Id": "@{items('For_each_response_2')?['infected_machine_id']}",
-                                      "Infected_Path": "@{items('For_each_response_2')?['infected_path']}",
-                                      "Infected_Time": "@{items('For_each_response_2')?['infected_time']}",
-                                      "Password": "@{items('For_each_response_2')?['password']}",
-                                      "Password_Plaintext": "@{items('For_each_response_2')?['password_plaintext']}",
-                                      "Severity": "@{items('For_each_response_2')?['severity']}",
-                                      "Source Id": "@{items('For_each_response_2')?['source_id']}",
-                                      "SpyCloud_Publish_Date": "@{items('For_each_response_2')?['spycloud_publish_date']}",
-                                      "Target_Domain": "@{items('For_each_response_2')?['target_domain']}",
-                                      "Target_SubDomain": "@{items('For_each_response_2')?['target_subdomain']}",
-                                      "Target_URL": "@{items('For_each_response_2')?['target_url']}",
-                                      "User_Hostname": "@{items('For_each_response_2')?['user_hostname']}",
-                                      "User_OS": "@{items('For_each_response_2')?['user_os']}",
-                                      "Username": "@{items('For_each_response_2')?['username']}"
-                                    }
-                                  }
-                                },
-                                "Check_IP_Address_is_Not_empty_2": {
-                                  "actions": {
-                                    "set_ip_variable": {
-                                      "type": "SetVariable",
-                                      "inputs": {
-                                        "name": "ip_address",
-                                        "value": "@{first(items('For_each_response_2')?['ip_addresses'])}"
-                                      }
-                                    }
-                                  },
-                                  "else": {
-                                    "actions": {
-                                      "set_ip_variable_to_null": {
-                                        "type": "SetVariable",
-                                        "inputs": {
-                                          "name": "ip_address",
-                                          "value": "@{null}"
-                                        }
-                                      }
-                                    }
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "not": {
-                                          "equals": [
-                                            "@items('For_each_response_2')?['ip_addresses']",
-                                            "@null"
-                                          ]
-                                        }
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                }
-                              },
-                              "type": "Foreach"
-                            },
-                            "Modified_Records_Compose": {
-                              "runAfter": {
-                                "For_each_response_2": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Compose",
-                              "inputs": "@variables('modified_records')"
-                            },
-                            "Save_Modified_Records_to_Custom_Logs_Table": {
-                              "runAfter": {
-                                "Modified_Records_Compose": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": "@{outputs('Modified_Records_Compose')}",
-                                "headers": {
-                                  "Log-Type": "@variables('custom_log_name')"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/api/logs"
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "Get_Breach_Data_for_Entire_Watchlist_2": [
-                              "Succeeded"
-                            ]
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "greater": [
-                                  "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['hits']",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "set_cursor_value": {
-                          "runAfter": {
-                            "Set_false_to_first_fetch": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "cursor",
-                            "value": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['cursor']"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "reset_first_fetch": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": "@equals(empty(variables('cursor')), true)",
-                      "limit": {
-                        "count": 60,
-                        "timeout": "PT1H"
-                      },
-                      "type": "Until"
-                    },
-                    "Until_New_Records_Exist": {
-                      "actions": {
-                        "Check_if_data_exists": {
-                          "actions": {
-                            "For_each_response": {
-                              "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist')?['results']",
-                              "actions": {
-                                "Append_to_new_records_array": {
-                                  "runAfter": {
-                                    "Check_IP_Address_is_Not_empty": [
-                                      "Succeeded"
-                                    ]
-                                  },
-                                  "type": "AppendToArrayVariable",
-                                  "inputs": {
-                                    "name": "new_records",
-                                    "value": {
-                                      "Document Id": "@{items('For_each_response')?['document_id']}",
-                                      "Domain": "@{items('For_each_response')?['domain']}",
-                                      "Email": "@{items('For_each_response')?['email']}",
-                                      "IP_Address": "@{variables('ip_address')}",
-                                      "Infected_Machine_Id": "@{items('For_each_response')?['infected_machine_id']}",
-                                      "Infected_Path": "@{items('For_each_response')?['infected_path']}",
-                                      "Infected_Time": "@{items('For_each_response')?['infected_time']}",
-                                      "Password": "@{items('For_each_response')?['password']}",
-                                      "Password_Plaintext": "@{items('For_each_response')?['password_plaintext']}",
-                                      "Severity": "@{items('For_each_response')?['severity']}",
-                                      "Source Id": "@{items('For_each_response')?['source_id']}",
-                                      "SpyCloud_Publish_Date": "@{items('For_each_response')?['spycloud_publish_date']}",
-                                      "Target_Domain": "@{items('For_each_response')?['target_domain']}",
-                                      "Target_SubDomain": "@{items('For_each_response')?['target_subdomain']}",
-                                      "Target_URL": "@{items('For_each_response')?['target_url']}",
-                                      "User_Hostname": "@{items('For_each_response')?['user_hostname']}",
-                                      "User_OS": "@{items('For_each_response')?['user_os']}",
-                                      "Username": "@{items('For_each_response')?['username']}"
-                                    }
-                                  }
-                                },
-                                "Check_IP_Address_is_Not_empty": {
-                                  "actions": {
-                                    "Set_Address_to_value": {
-                                      "type": "SetVariable",
-                                      "inputs": {
-                                        "name": "ip_address",
-                                        "value": "@{first(items('For_each_response')?['ip_addresses'])}"
-                                      }
-                                    }
-                                  },
-                                  "else": {
-                                    "actions": {
-                                      "Set_Address_to_null": {
-                                        "type": "SetVariable",
-                                        "inputs": {
-                                          "name": "ip_address",
-                                          "value": "@{null}"
-                                        }
-                                      }
-                                    }
-                                  },
-                                  "expression": {
-                                    "and": [
-                                      {
-                                        "not": {
-                                          "equals": [
-                                            "@items('For_each_response')?['ip_addresses']",
-                                            "@null"
-                                          ]
-                                        }
-                                      }
-                                    ]
-                                  },
-                                  "type": "If"
-                                }
-                              },
-                              "type": "Foreach"
-                            },
-                            "New_Records_Compose": {
-                              "runAfter": {
-                                "For_each_response": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "Compose",
-                              "inputs": "@variables('new_records')"
-                            },
-                            "Save_New_Records_to_Custom_Logs_Table": {
-                              "runAfter": {
-                                "New_Records_Compose": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection",
-                              "inputs": {
-                                "body": "@{outputs('New_Records_Compose')}",
-                                "headers": {
-                                  "Log-Type": "@variables('custom_log_name')"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/api/logs"
-                              }
-                            }
-                          },
-                          "runAfter": {
-                            "Get_Breach_Data_for_Entire_Watchlist": [
-                              "Succeeded"
-                            ]
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "greater": [
-                                  "@body('Get_Breach_Data_for_Entire_Watchlist')?['hits']",
-                                  0
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Check_if_this_is_first_fetch_for_new_records": {
-                          "actions": {
-                            "Set_Cursor_to_null_": {
-                              "type": "SetVariable",
-                              "inputs": {
-                                "name": "cursor",
-                                "value": "@{null}"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@variables('first_fetch')",
-                                  "@true"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Get_Breach_Data_for_Entire_Watchlist": {
-                          "runAfter": {
-                            "Set_new_records_array_to_empty": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
-                              }
-                            },
-                            "method": "get",
-                            "path": "/breach/data/watchlist",
-                            "queries": {
-                              "cursor": "@variables('cursor')",
-                              "since": "@variables('date')"
-                            }
-                          }
-                        },
-                        "Set_First_Fetch_to_False": {
-                          "runAfter": {
-                            "Check_if_data_exists": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "first_fetch",
-                            "value": "@false"
-                          }
-                        },
-                        "Set_cursor_from_the_API_response": {
-                          "runAfter": {
-                            "Set_First_Fetch_to_False": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "cursor",
-                            "value": "@body('Get_Breach_Data_for_Entire_Watchlist')?['cursor']"
-                          }
-                        },
-                        "Set_new_records_array_to_empty": {
-                          "runAfter": {
-                            "Check_if_this_is_first_fetch_for_new_records": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "SetVariable",
-                          "inputs": {
-                            "name": "new_records",
-                            "value": "[variables('TemplateEmptyArray')]"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "modified_records": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": "@equals(empty(variables('cursor')), true)",
-                      "limit": {
-                        "count": 60,
-                        "timeout": "PT1H"
-                      },
-                      "type": "Until"
-                    },
-                    "date_": {
-                      "runAfter": {
-                        "IP_address": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "date",
-                            "type": "string",
-                            "value": "@{addDays(utcNow(), -1, 'yyyy-MM-dd')}"
-                          }
-                        ]
-                      }
-                    },
-                    "modified_records": {
-                      "runAfter": {
-                        "new_records_": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "modified_records",
-                            "type": "array",
-                            "value": "[variables('TemplateEmptyArray')]"
-                          }
-                        ]
-                      }
-                    },
-                    "new_records_": {
-                      "runAfter": {
-                        "Custom_Log_Name": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "InitializeVariable",
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "new_records",
-                            "type": "array",
-                            "value": "[variables('TemplateEmptyArray')]"
-                          }
-                        ]
-                      }
-                    },
-                    "reset_cursor": {
-                      "runAfter": {
-                        "Until_New_Records_Exist": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "SetVariable",
-                      "inputs": {
-                        "name": "cursor",
-                        "value": "start"
-                      }
-                    },
-                    "reset_first_fetch": {
-                      "runAfter": {
-                        "reset_cursor": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "SetVariable",
-                      "inputs": {
-                        "name": "first_fetch",
-                        "value": "@true"
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "SpyCloud-Enterprise-Connector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
-                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
-                      },
-                      "azureloganalyticsdatacollector": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]",
-                        "connectionName": "[[variables('AzureLogAnalyticsDataConnector')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azureloganalyticsdatacollector')]"
-                      }
-                    }
-                  }
-                }
-              },
-              "tags": {
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId9')]",
-                "contentId": "[variables('_playbookContentId9')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion9')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "kind": "LogicAppsCustomConnector",
-                      "contentId": "[variables('_Custom Connector')]",
-                      "version": "[variables('playbookVersion1')]"
-                    }
-                  ]
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "SpyCloud Watachlist data - SpyCloud Enterprise",
-            "description": "This Playbook will run daily, gets the watchlist data from SpyCloud API and saved it into the custom logs.",
-            "prerequisites": "SpyCloud Enterprise API Key.",
-            "lastUpdateTime": "2022-09-05T00:00:00Z",
-			"postDeploymentSteps": ["None"],
-            "tags": [
-              "Feed"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId9')]",
-        "contentKind": "Playbook",
-        "displayName": "SpyCloud-Monitor-Watchlist-Data",
-        "contentProductId": "[variables('_playbookcontentProductId9')]",
-        "id": "[variables('_playbookcontentProductId9')]",
-        "version": "[variables('playbookVersion9')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloudEnterpriseProtectionBreachRule_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId1')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data",
-                "displayName": "SpyCloud Enterprise Breach Detection",
-                "enabled": false,
-                "query": "SpyCloudBreachDataWatchlist_CL\n| where Severity_s == '20'\n| project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, IP_Address_s\n",
-                "queryFrequency": "PT12H",
-                "queryPeriod": "PT12H",
-                "severity": "High",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": "[variables('TemplateEmptyArray')]",
-                "tactics": [
-                  "CredentialAccess"
-                ],
-                "techniques": [
-                  "T1555"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "Account",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "Email_s"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Account",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Name",
-                        "columnName": "Username_s"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Address",
-                        "columnName": "IP_Address_s"
-                      }
-                    ]
-                  }
-                ],
-                "eventGroupingSettings": {
-                  "aggregationKind": "AlertPerResult"
-                },
-                "customDetails": {
-                  "Domain": "Domain_s",
-                  "Source_ID": "[variables('_source')]",
-                  "Document_Id": "[variables('_Document_Id')]",
-                  "Password": "Password_s",
-                  "Password_Plaintext": "Password_Plaintext_s",
-                  "PublishDate": "SpyCloud_Publish_Date_t"
-                },
-                "incidentConfiguration": {
-                  "createIncident": true,
-                  "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
-                    "enabled": true,
-                    "lookbackDuration": "12h"
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
-              "properties": {
-                "description": "SpyCloud Enterprise Protection Analytics Rule 1",
-                "parentId": "[variables('analyticRuleId1')]",
-                "contentId": "[variables('_analyticRulecontentId1')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId1')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "SpyCloud Enterprise Breach Detection",
-        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
-        "id": "[variables('_analyticRulecontentProductId1')]",
-        "version": "[variables('analyticRuleVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SpyCloudEnterpriseProtectionMalwareRule_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId2')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data",
-                "displayName": "SpyCloud Enterprise Malware Detection",
-                "enabled": false,
-                "query": "SpyCloudBreachDataWatchlist_CL\n| where Severity_s == '25'\n| project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, Infected_Machine_Id_g, Infected_Path_s, Infected_Time_t, Target_Domain_s, Target_SubDomain_s, User_Hostname_s, User_OS_s, Target_URL_s,IP_Address_s\n",
-                "queryFrequency": "PT12H",
-                "queryPeriod": "PT12H",
-                "severity": "High",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": "[variables('TemplateEmptyArray')]",
-                "tactics": [
-                  "CredentialAccess"
-                ],
-                "techniques": [
-                  "T1555"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "identifier": "HostName",
-                        "columnName": "Infected_Machine_Id_g"
-                      },
-                      {
-                        "identifier": "DnsDomain",
-                        "columnName": "User_Hostname_s"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Account",
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "Email_s"
-                      },
-                      {
-                        "identifier": "Name",
-                        "columnName": "Username_s"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "DNS",
-                    "fieldMappings": [
-                      {
-                        "identifier": "DomainName",
-                        "columnName": "Target_Domain_s"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "DNS",
-                    "fieldMappings": [
-                      {
-                        "identifier": "DomainName",
-                        "columnName": "Target_SubDomain_s"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "identifier": "Address",
-                        "columnName": "IP_Address_s"
-                      }
-                    ]
-                  }
-                ],
-                "eventGroupingSettings": {
-                  "aggregationKind": "AlertPerResult"
-                },
-                "customDetails": {
-                  "Domain": "Domain_s",
-                  "User_Host_Name": "User_Hostname_s",
-                  "Source_ID": "[variables('_source')]",
-                  "Infected_Time": "Infected_Time_t",
-                  "Infected_Path": "Infected_Path_s",
-                  "Document_Id": "[variables('_Document_Id')]",
-                  "Password": "Password_s",
-                  "Password_Plaintext": "Password_Plaintext_s",
-                  "PublishDate": "SpyCloud_Publish_Date_t"
-                },
-                "incidentConfiguration": {
-                  "createIncident": true,
-                  "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
-                    "enabled": true,
-                    "lookbackDuration": "12h"
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
-              "properties": {
-                "description": "SpyCloud Enterprise Protection Analytics Rule 2",
-                "parentId": "[variables('analyticRuleId2')]",
-                "contentId": "[variables('_analyticRulecontentId2')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SpyCloud Enterprise Protection",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "SpyCloud"
-                },
-                "support": {
-                  "name": "Spycloud",
-                  "email": "integrations@spycloud.com",
-                  "tier": "Partner",
-                  "link": "https://portal.spycloud.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId2')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "SpyCloud Enterprise Malware Detection",
-        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
-        "id": "[variables('_analyticRulecontentProductId2')]",
-        "version": "[variables('analyticRuleVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
-      "apiVersion": "2023-04-01-preview",
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "version": "3.0.0",
-        "kind": "Solution",
-        "contentSchemaVersion": "3.0.0",
-        "displayName": "SpyCloud Enterprise Protection",
-        "publisherDisplayName": "Spycloud",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>Cybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.</p>\n<p><strong>Analytic Rules:</strong> 2, <strong>Custom Azure Logic Apps Connectors:</strong> 1, <strong>Playbooks:</strong> 8</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
-        "contentKind": "Solution",
-        "contentProductId": "[variables('_solutioncontentProductId')]",
-        "id": "[variables('_solutioncontentProductId')]",
-        "icon": "<img src=\"https://raw.githubusercontent.com/azure/azure-sentinel/master/Logos/SpyCloud_Enterprise_Protection.svg\" width=\"75\" height=\"75\" >",
-        "contentId": "[variables('_solutionId')]",
-        "parentId": "[variables('_solutionId')]",
-        "source": {
-          "kind": "Solution",
-          "name": "SpyCloud Enterprise Protection",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "SpyCloud"
-        },
-        "support": {
-          "name": "Spycloud",
-          "email": "integrations@spycloud.com",
-          "tier": "Partner",
-          "link": "https://portal.spycloud.com"
-        },
-        "dependencies": {
-          "operator": "AND",
-          "criteria": [
-            {
-              "kind": "LogicAppsCustomConnector",
-              "contentId": "[variables('_Custom Connector')]",
-              "version": "[variables('playbookVersion1')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Breach-Playbook')]",
-              "version": "[variables('playbookVersion2')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Get-Domain-Breach-Data-Playbook')]",
-              "version": "[variables('playbookVersion3')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Get-Email-Breach-Data-Playbook')]",
-              "version": "[variables('playbookVersion4')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Get-IP-Breach-Data-Playbook')]",
-              "version": "[variables('playbookVersion5')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Get-Password-Breach-Data-Playbook')]",
-              "version": "[variables('playbookVersion6')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Get-Username-Breach-Data-Playbook')]",
-              "version": "[variables('playbookVersion7')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Malware-Playbook')]",
-              "version": "[variables('playbookVersion8')]"
-            },
-            {
-              "kind": "Playbook",
-              "contentId": "[variables('_SpyCloud-Monitor-Watchlist-Data')]",
-              "version": "[variables('playbookVersion9')]"
-            },
-            {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRulecontentId1')]",
-              "version": "[variables('analyticRuleVersion1')]"
-            },
-            {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRulecontentId2')]",
-              "version": "[variables('analyticRuleVersion2')]"
-            }
-          ]
-        },
-        "firstPublishDate": "2023-09-09",
-        "providers": [
-          "Spycloud, Inc"
-        ],
-        "categories": {
-          "domains": [
-            "Security - Automation (SOAR)",
-            "Security - Threat Intelligence"
-          ]
-        }
-      },
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
-    }
-  ],
-  "outputs": {}
-}

From ef788a31cf0a7ffb65188bcdf2bc20cbf0b1910c Mon Sep 17 00:00:00 2001
From: loginsoft-integrations
 <81212299+loginsoft-integrations@users.noreply.github.com>
Date: Thu, 5 Oct 2023 10:53:14 +0530
Subject: [PATCH 2/2] Removed blob keyword from the URL

---
 .../Package/3.0.0.zip                         |  Bin 0 -> 32700 bytes
 .../Package/createUiDefinition.json           |  145 +
 .../Package/mainTemplate.json                 | 7400 +++++++++++++++++
 3 files changed, 7545 insertions(+)
 create mode 100644 Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip
 create mode 100644 Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json
 create mode 100644 Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json

diff --git a/Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip b/Solutions/SpyCloud Enterprise Protection/Package/3.0.0.zip
new file mode 100644
index 0000000000000000000000000000000000000000..720eb8b0c4c3c05f04b661193c05fce13d581acd
GIT binary patch
literal 32700
zcmV)xK$E{vO9KQH000080CQGFSIgLoi1!Bo0EQX>02crN0Aq4xVRU6xX+&jaX>MtB
zX>V>WYIARH?O5Ax8^;;GFVJ@wY*UC7$fZmmNFdY+Xvs|k$h9D`@r5V|!`&fws@a+C
z%&chI6_D4+Z67U9(r;$Z<Vv>V7$}MwhQOWu=Rbb`Y2W|x4}=6?nJ8f?4US2WSeu#S
z$)q?5Q!442rA*q8zRNWWBbAo#%;YG17EZ^RX7`+JCMTLv%l>|L%2r%*%asgY<-+ox
z((oTf$v*`nFDs!k7EC)?uXv=DQ7aqHJnt5VlK7r!14fRxBdmO#QB6~3K?I8T?g)pG
zk}JM$4sgWH8~%>!7>6q=3>(#Nmelabw25&TGZSf^*;4Xfc)BJ=N6#0vcQoCEYi^T#
znH#1d(K-(~-*_(-f5!%gTrx3%v!LYUT&<OvTxHu6q4N0lC2r|VbHi>gw6ZMnJ~Q|0
zML;$@wh07&^EDn4#@C6hp1xbig*-g`8*UsQ9+C^es9{9271P8jViQJIN(i;#a!r<O
zr8Fa48cT(6C+@vbB6q@$$wHHbB)|UrZ*u7!+j&i{FImCe2{Si?%KXA~Z?BJB@ppVx
z*}D{KSs8s*GHVR~^Yo}O9S@E1lTw}+7pC#BQE#3w*pbpLOd{8JQf(yR#^i0a=p6uS
zCY9SOGmNJ$h=(L&+EM`2xx#si8&at_BH6w((|sR?E&?apB_gkR$|WF090s_|nY#sM
zg1>_wtrAS)mClp~vPq;_?38mCsPVp*c?v#6N!(;nBKbda7e7sC6scTVV(A@I$OAH%
z&0h~gawdV{$d3H&zrHvl%vhd+dyErm3yU-}NIe{J*?KROF$`iA>~Qv{&MaJ#<g01;
z4Owznhp6Mu^k_N_Nfj^vP-KR<+=KS}njxc!rqZZ%L&1?+OQSnOmRrKTxvQ;{#@=Si
zK#R5$G!up9ict6|&8Xb|`tvV_#41IQ%!r&_5E{p@$7${aq4IEHLI6Ume4P~ba^PtV
z7yBSCQAVP~6Q@*om11fsS!tCvHbpQSP!fv9-cL}W!f#k)*bIT)S{{+hTrlHuZ8{={
zhbKAWni3Crf|LfqEQ5Pal$3z6(w_90BfSuGyHx7VpM2}MUY|3nW#M_cRJkQ}5v;}U
z0oqrS3e`jMFS5_2&a$U3*C`RJXc&xIHP7VBcF}8<L%ak7mFtKhQ|}Q{Uv9746r^3u
zUn9kQD9o$6drWG{ZK;o4q~c5(SM$tdqx7B0XvEAUtE5jT8i@5#d4gMqg^$7$#6FIm
za)ruif;Qnz^YGAinNSh!br)I^b%@)2;kqA>0e;t2e&n&sii*jIY#3QHOSmn7>e5@N
zHDFwz(2&{{9qk@EMg{lW@TFi?r+Y;8Dxg0ghq68Wsp}pu-*OZV=^Clkd7Dx7v;0vp
zZhC1AjdoL&=+w?`*mypBQ=8J(%5F2(oeOGMhclhdGL9UxT8Zv0rNo>&D}uSJ1uHJx
zMBvI#1D>KbGG~*kZ_c@wr4NXA0x@Vk5o%F~H>!Hft2y9$?dKCcKv7@YWYBTqU>G_J
zhoht6P0)2UD!Q?KAW4*)NP-_;&b!FOTw@b25%K|#K|47ih{vOYRyKTW0)0<2J}xJ!
z=cw>U<D+lKN6!wRa9?z5mHMK%`N#mCs5He;bE;K#iYDBl7IevkBkxB;CUBA{5f{Va
zm5&eF#3Q12P!L06?1qF5x*8EK?n;UlBwC0tp9l$KHJXz(dolHi!{VQ)K*)UnQ<@D5
zKn{xZ7#wsH;9wZuJMs}J>4xO_cYd01{cm8^IXLR_9U?zO<1f#8@izp)fLoS&J{XV<
z8<Z$Ic)uuoz6g#N!NG_)GJk7C4i>>^5qM4d-##3G_00}W9kw~z`F@RPd#ou*ZK4ur
zH&yk(u$X<Yc+|zPA4s#_*T|mplA;?f3^WK8kE<#kocPrt_frugy~5lzWo-A}DaN;U
z4z;B(1qO^cx84DdXb7CSCb`#Ece}@)8^)HswR>&t(KMWc`UN`9-QE?I70r3CV>xzC
zMwM6fZcvWHW@q83R3jSg86$0)xd{*R+H3^?KemXB+*If$WIy3a3b=GR`4lb2iADvt
zu!KQZ--q^Nw>N&+o6u|DHNUery^Nk0Z5%h_-7afSmunuhR&~sBSe9z-nk}^6KW&b&
z6a)7-W^U6O+r)X>j3YnFe*b13rqL~rpI<2KMq*rBdh3VW+xA|*tIk9B;4|F+?BhLu
zRjiA97itIAQ+~5(k{88VaLVi>w;#(w_pdKpdj|AoqbL1z4EbwM;HY5R&P+cPmwDt?
zC1gzG_b;+Zu!Z8F+J-d4N{XEaUD7+F*b`ko)_&Vi8zsJL`ayPI`or$g&cRLl@za1X
z{lY+aRl4EJAz}J|BsBlJNN67F^QR}xtlFXbTmD7w>)+b)dxeqDYx(^eern6FHT!RA
z`IT8sk9S{j+?OK4ap0{ZTMVcKNs5kTx8${s66S{IqUF!fl~VuPw|xxX8T4UfaP@k2
zIV7t7jPSwX0Z+K+C;cS@lry2WfO0OeJ2Z;UYeh?pw-oRp^E1ZY=NR{?iEXRzMNx&9
zxctE6Mv}N$+52V`$M>Z8MofOpm%qcv(xBmgeq_-e7I8hZRHlEqsim((6+h}_Mddcj
zy9;2m5|3LShJx!A*TxQh;~ofz4L)NR9AQ7B!c;f>GFOS;G?I6gM!)z~HguN0pkrC}
zFzApp>$#)pkyd?e@IJ*K{QnP7O9KQH000080I;Y-S6WsEK*x3f0Fb%`01*HH0BvDu
zZd7G$aBN|8WiD!SZ*J^c*>2;?c6|?!e;}Ly?glMWoXL|X%`+uymKp~>9Eu_(PU0kq
z7Y*b$@_YG`6gAQkHMG+?*AH<wy5*|9cdfm-R;h|C{^MW&1wo$v-IFz7icfzaPnz#L
z-X9pYYk4(AOPm1{SpKUR1ul4%ZFAq}VMG?^Gg&H=#W4jqhP{dH`oMGy(Fd<{&$j;U
z>18{BY+F9;8v@tUZ7UuJf6c~!_WdUCMMd;u1pkN|V3Qd5n(fA>J!exe>_FMsZljs;
zNZz*7HUb~UMEw1@h-$mY!38P7ab3sNJ%Dsv+Xr%N`xM9dxf|ILT@j8BfhEQ^Y+3Yo
zK=)0s(cd^A9?|n%-I^W1#Nc(S39Ol~!Cw5-tN>LE41XvZ!Pf7G3p_h;Wl(YL!1?z5
z^)Skx$ygVK*vIl@S9kW9o&?)R0uLxJh!psU1%Lt+#J3Sg^gKj#&5Z9aU_m?|`K!4f
zB-7LEz)&*KHIoOKs^}`R4c-2FMUW9dbj$OBsKikbUjxWrE8AUojwpl70p?%GO4DTx
z(LF=~t{%c6Ro6DR=FJ>(ba*=8{<-_`^KjWNLq1mD^Fsb|xqd+U!2!QLcfo8+6&u;{
z74Z)2Ib0hL$z%`@#H@&^6z6vU3!9A{f1Y1XtoinQ=zsqH{m=Wke@OX8X4l#FP|Bmj
zc!&joZZ*-gXGqQxjg7C%9=w*o1xQPmUE8x&AL&6s=@u~J%j*F@a4u3wh$a+WU6c%v
z)Xe*#mI53wDcdU=d^z_^Ob+B}YJe68gPO7}h_jL7u(~DV440)Sj>b8T&hF-?jJMAt
zbMVR>9KaFA<=DH>KaP2Qdp`9%e?JQJsStQRq(s5CESSb_db(&kMo+U&j&a_f9O*EP
zmQ2Ur<Xl(WY`x=2_1p80Ka-}=ZX?<DVqZXfKfPY`7j~0yO~G%&PPb12zqClhb4a1*
z068WFp44JeK}T^se}8$#j+}h$0XcAWe^awOeWv*y_WW|sJ7dV1=a<0JmjT#G=UW1I
zN@`HG-xJu6!MghiVb2Wr`0KZ4^9Zo*0C%f>(Kuo}D$jd<L9XCT40wdJ|B8ePQ3Cl`
z^nJd*xBwp#Nz(I$&c>NPzdRfA^Y#O>D?o2ofPIXs?ps$lJLq!Gal9QbPMq9!->czn
z)D(ssIC)lP$q=oDx34U;mBF`X2}aoclO)q&7RlsYAj(>%vk#n{VJ`ZP#l7X7B=j}A
z8!{vA%8YmnW4hl>xe;l&4vtBxp0u>RzF5pb)v#Ay`qfGf@PMF+zeCWD@k@dx&X{&p
zUmw6fs4vI(w7!mvy00hVzMjsrJhH3;{7lg{Mcq0Ot_ar(>8iPBd#R#(9@kWL$M1&9
z$h#^dKbKQ_oSUj6(^W_QHr0_2sgC@Dsv{p&9r<NdN8VT6d6pkoSAwK79uwUS({#<<
zj(t^f*WGR?j=HNj>Qf1&hq);@DqV2YZxbB#kl?5<C^+g-!BJmUaMXRlooD%hbhXZ7
zYP)8aF0~s`uj=fI&kd2$cST13dLHR9ZYqpUR~Y@<6h=R!F!~EBjDA#M^p{l_eP3bc
zS$<$#NAx^cL*+4@-L_6w+uaeaYVM}z4dpR+mB)NGv-C(e^~a>^kNIu-V;<5U^9A+C
zJgPtD%j%E0ufOvwKk#ng0XM#V`<VW2Tc_*q?g&@)chmER{@A<vV?Uc&dZe5BW7GA=
z{x<!w59yEng8E}0)gSw1^~c`V-+7it-nB$yCAuJ8ZWo=G>PquZ71O!l4efAuwZlCK
zGu`o~RJe4haKB9|+(S~~zMxdNN2S7jS*dXMrE;F-iDtH?`?i}IiN35Ey60~v=#NZH
zH%XDr)mZ7`Nj1MAA^xs}_+J8^?tW89e7cbM-zFsfAtCW!P)PivLgK%ykofyTI?qzv
zKa}qV1~_|$n;>e^N<NIXwUZ?Z&x#72VF0gWD1zlO63>ts9FU?)WNC%rPGR1!$4Rm_
z-Rk)Y>O+8Z_FfPtX8_la{SKTwWAwGbuZ;drdCn}lx0ro3gAeRZvHD*<{uSL%GyHfk
zB*t<{^K1EBP(6*y_vubNNcXKBD~WVg<w1r}c`8FOgp?6!O3H8yMM#{SrErzLL-&g(
ztm#(Q>3-`;>+hjE@i5*0mZz|vp!>y>*jse}%+uJvneJ(iWz)EPp7vq%^OQf4vG@6}
zu-?AqGT94TB&~O!-C1(>;Q&nSaC7Xv0M|!`J$tVe;{-1ok9E20n-u6x<D^b^irlW@
zwx8Z>%Db1m7>DkUhrQy~WSF8Y2k{xx_uX|${Q5pSMLRWL08V(sabu7D;kn~cL+J8j
z7wPg4<Vme*XN->8^f1S@LtTLv2ix=OILRDf#?yzRCr;N9S%Tah+s!yG2z9VZn8x>6
zt}S6NzGxE_Lq43Eefp6)m1It5C6kT{aDb(FZR=E#ZTk<fh8e}MPp7fIrBAxItMq*R
zB-RUZYwA8|R+Jaw?0nw-pq%fgv!8#SGJ{tK0`v9cNy&Z6AC7CDAI3utD^6sk``YPj
zbGW;T$cF=x+ko+rhr{*xI2Q7Mf4=)T(7s*?vZe9pv@rPd%s=fk_ObJ@DLYnaf70~K
z4!Jy6d)&^Itiu`5%;izkM1X?~cQfqM$NrzmUw?i~;FxU+{_Att<xF{w>DF|)E%RfO
z<weDB&*8h1G%54=zT+1_CSpB^b?@;Y<ak^DzCDMKfSYK11nS2a_h6o^e+6Q#^PW=_
zIEi`ZI1@b&gZ&uoA;c$_Ux9si1a=Pk*#0o&WTb}x9~^!K?%|2SIoxCW!*G+49)f#t
z_!YRvyG!SIPaO{f{t)XS#7B>NkPEgMzhUxTgo_6Ft@_^FkCNJc6Y#Z2SMjDf{3_hT
zoy64kUxItQC;2Gcv%8Wv;pQC2(09wEOU##@4*^e&c^CbK*P|(1RQh3{4`aIq=W?x?
z(Je!_b^_jSm7cG?iv<^W&(@!5aW8K4-F%7S!tHQF=gK{U5s)x>8!PAN=gZa9bx-p4
zKuYq*DeKC*_lED;n-8CT^&xTnKEnF2R*rwpmQX4Cqr=bTO7C*N^s$sFYrFH!5YA+>
z@GqWXdYbqjxE>cJMb5TFKT=C_M$_~-*Y*)d19^u9#_8NxLhp@X1>P56bFDv7RxjQV
zf%A9J&Wr=S2vptD_laJK2@Mt9i}i4LK`hs)Aq@!QN?hb(m(<q)vUl3P(dKKqhrncR
zMDT6f@O3Bl?(BBT$Of_txj#0nD9jr!K>e$Q+*|shRI?PYhGxXocyUAnh;AS5X`!Ji
z8XmZ1?1E*WyI`w9-wnXiHQS%*9jVPJjXzUBJV|iB3wPu_;KpBHS9#>^`UmcIy?oeN
z!VB{1?cce3)ol!%_FN&6l13_mlq-LbUHbckh<w~Ti$?sA3=w5Ghj{VJo(IqW{?GsN
zu6RQ}ydv=^r!bIPwmTCoJpu|M!tV)7*}m&~2S>~-SUbm#ne&R&du<^O<pMu&Ef`7K
z!~nNuP+1OS8Sq{Z-I9&?oyHj)!iE92+kW7>w(Gs7k@Q?kpPiv#Bps$aaP>Hf0>4!M
z&`og$Fvptxha`G{p<eW1zTI7A8<m-zgFixVpp^zQ_^CaC{}jzaZu@^;3{4h(Xz&Z8
z^fv5LR-06s<Gw^|Y?V{7AOP~9vDDrw`Z7Cs^NnFe@3=xf-<17=5a_dVb-AdhLZw`v
z>E)GE_DZcyvE~+6`f6g-$_gsGL=86xtW%G;kdP^|&8!P(W3j}to2t9O)Z&Wk<n3Ie
z&rNx*nXBZwleb2pkZ-+p>w2!%s+IEjl3A<GR=Gi?RCt@|{Zj7j|84%cHm#l@WXWu}
zG8h|EHl@NO&^KiUQ%xcqyTpbhSyocerWXm0>AR9oU_LJTV?JP&0QyCCgt3;FHx_1Z
z-HOoh#O!axepX%LqYW3eDmGE6cC!jQ>Q8yy5C&YZkqRAm+FyYYJvBzS(Vh;?5iy!&
ziBQqoC9?tv-)7Z_QyZfpA6gNOn%F8TWL1|BqtP^~Pys0rrbu|>vNpuQ*q@?NXUzoC
zk^x#tau+R2p!+=9smxV%zM=+(<mufy+kr7_LKC9zmIaelP=2Iab+FL89WY-LU1He@
z<OOE6<*bkoI%|%ehf%K8e2a=B5A7C7d|heu3-d<9=BojqH(AA8P-clY=Gs!FxM1Au
zmwQ6jYolt2FW<UFPZrHpe^}SX2Cp{BNZ?^X83x6~fSby22vBZAJZg~|7a57eqGpYr
z&$YJN7L9q-4A_7gh1Qe-uC_7EJ|Ts&v1mEQw8`UvvC-6AW3d`fS*gtguBo9S&Bz$n
zT-S@EAvsZLVbN~VVZSRh2a6s}TKTCfIFs%yU>oFyW7cJ5!c@m2tb$i9ISj!F9alJp
z&CScJUfv%r{f$v>azIgOj3_R{_GZCZrG@_HSaP<Xua)t(LpE?o28{yME<KXW9x1y^
zCJ;hfoOI{yP7@1J3L|+;ZjMP+>9lyZnp;&2nYX4kDs;_`BhTN&`D9#Gq)^dd;ZTg2
zqQrV0stOYVE7FMa1oW{EM~i`j)+18E)FzhYhfUm6?Qjm-B27Un(&SbZp(}PhEULPp
z!uryfm246f%O2hjaFfiF3ZaCgyI!-QWlo2N3E9P)t{F0zMhban7<p2ijXE8E7&R?Z
z8Al%0VbzWmZ30D(IW9nLuvpm{I$StF)s8<D*Lu`+TA0(b#|}`~0?yJrN=!p|rEv}u
zqJY&Yuh6acY#=eXi(_SaJ;6&vy<s;(ux2-2+tsO{X~KD$AKRlfTUB7eq!rgLcKR!B
zl#i-{Hfy;;+3vSF5^9PFt*W4^)@BMsj6exuJuZ7fB$F-9r<C!~AV)M==Yni=33*fz
zBSziKs}sCp0NLUqTqx!G{Rvkdl2L!7DrkF7@mA<e!+d)(oa2NTiBsBg<u`?1!aZMw
zo_pwk#%5-(-;6kH%&KZ=7&td#9i;=>TDBcZW;6|*2_+RNxxtW=IDcBeAWwaiba4i2
zPy2lq%TC`Ek#ou;(aJIl+^Mg}YH5So2AG!D%Ze=z*HEV*iZHCxX*C7hlQnC?Sd*d3
zH5@jo4%-DlHn7@sK`5-rv^9I`kRIhUmZ$=3Z&RW=b7oW=3d@EN`icoEZv(VjhYN-t
ztuHkvkE>oKSe7RO#{g9|T&6v9IFdneuNR;-)MGj<?r@v-=q*A!&F<LDDwS?r-*Cuw
zfV82PUfA5=Zq+u%MbfQdE3+=U(|V*cRBl7nhospW@!1K6h1%SWmuOQ#X{-H+#Gx!D
z0eg#PY@2OIa87Mz`F@4Ms@WpZ;;IYOBK(nJ6tm)d%4WMbZ*A6IY1SV=eGD`<9OJxP
zcLRzF36vxVFCYt)yh4YhUs~y)r?V~FgqKdnO^<BY=0uT{kT4q*J;d|bo;IpbT*twA
zdd`xr$K^Lm%ji$bqOP-ZYc<kPPYKHSrrPVo^`k4bkZ*TpD;e`pqJTD+Yh7<-U6o&9
zD9Gs&PecW>J{@WcJ(zG~y(NxawA!4usuGHFm_N!nfz~uig#1>)*{}lleIvGC9#`cF
zSZUrG#ftLWhn1OXowlln05XWjqhg;2(y%q)t%@J|#7ZQ?)msRb%ek3#q<OS-1BGY#
zMF$(y>1Ds5a-Qdz+4UQZ={}lU<d@_+9Ba7}9foKmfK9X6(d71w3x|SLF{rnEQDAAD
z6xtiS&ohD~nSAKLl*SvyWVLFwuHlSXZdg66)*)pQo3wp^({O19EN?M)G}>=(;JnxF
z7qo7<Xj)QvAao$jaj!myGX+Ie*DZ2X_9`{0FHXv&LaIbO=Mw>nVL0o0Q*RZn82B}^
zluP~5v|pJJVuP+1;B}KRJHnO4thx4_sKrfmrfxH;tMFMd(2d?C0QC_VGl0?ELaPz+
zQa~E?XzYWjFwCx|3P(tSHJ=D9)`zs6@K~o>tws}ZE=GN3u(Gm}N4&L0O`YIFX@d&`
zBEUzwude$|EKf6?zOi1@0T}3Ozk#FPP@wWt!?&vQHR_Wn7tRaC3dNSogML3krC9*K
z+N&+P#Wi&<bpNNlcU_L#RvJZruU&QCfi>S(CA%V7mTcK^zN{Q8k{v6)DVCh9mBckg
z%}^5K8P0^{NLI2})qaihdgn<t8X!QB1c(MNGh+)~u0%6~Yol)f8r|bb^7fCfUjF*)
zgX6s?yL;z9fBn-h@uy$^`YFAB^yK>MzaCtDy?sTb<4?aldh}#(aW;KOwC1Bn&p*Ar
zN~VveufCd(pFBB>pN#!S?~mh;dq13}4;~)J|6WYbrh7@W{qAOQ@aX-Ei?4q;jiTf8
z^X;#0p5Koj1o7^h<7ZzzesJb*Z*M<(Ol*elfA$~0`QiHdhm-B|gZSej-23yvqqD^g
zsq=Vm?=X56ErOKD&!2b4(XTg?*Dub;Utev%Co8`HN3!?!<m1lOn}^XfIK2MlaQ@eW
zy|2%o|MhshH`(6(^We`H+m9a1_l`cjm~E$DUCkf8O@CSZwU~at{bP9l@ryTmVG26p
z>+AUFuRnH)k(C^TFJFeiuP;7*eZKSQq5p2@`N!+8Ui_4VH-Eu0T>f%=kxUbRax?iV
z`ndDyadhzO`H$h*Uwhx*#J?sVPyDkNqi4jdf9;>mr_p@6Gu_*M5&!$`$K&bttAD*Z
z{v(;ccrbhM)9Lq5{zc@=n+JP8KmQcIKmKL>)nC6n{OZ%e{jc_jy4@YWnml;-%iil(
zLHg?Tr}T7|{`If%@!s}%`ry~An~TYtcRxLer~ZRahwp>4(XX#QrI%;(NqqD2{OjG*
z$3Ok_<K@}j)t}pcM9+2(e)ZoSA3fRoliG?qzfL|rIRE2d{`lhIPfvcF|NHW<{Rc0P
z9^Lq9`s*UyeZPJ9)7OuFcs*ad|8eK9KVAmW{IB%i&n|Ds+ApS$x07Ek|NLPb{rD+)
zeDEqJcHa39f1Y1`_2Ac?@#tTle*9&=Hws3d?*DZ<{_4-^%RjH4e0uit;fwG(IeokT
z6R{dEUcEec^ZKXnzrWm{9UVRU1jg<D#r4Hc&z_z9`yxEt|DG7YKOP+X=*q0H%=S-j
ze%$j<{{4ECT%Y{}+u84beD{9uS^V+Gi;IhY{!_U_POklniy+pYgNWY;yTxmHsZbc5
z&+1Ox!gOL0HmOqI9hlS~m{25vdxAeoYY!>;nXef25gGLbJL^^)CyRQE;wjjC7N`DX
zTO5ReUqwyrfZsZYQg2V?+L{AE)#(|);3_}k27h<uaiE$~2|np%T<IWBL)UOfbnMgM
zcZ1SdpSl9|E>WHCixL!v$`OB1HwkC83)W`A;iMWwOLGY3(IfWpV$`w?f`^*Z;=%SA
zy>{Im`P^|sPlp#lEu9u;t-)kg(9iGjw!v#hdzP$2FasGy%jr<?dp#yRxW>6}DpM7b
z$%0BeJzHkgg!h!8eNyzl<KP^c{;%z^xD!dXOO7oktiAfiH0S!pA9Vr&fXsM0^<x@J
z4sOtiy!L)t1n~`((`=NU#sjI)P6?5wwzLwNHYQ!~4$AjrH6BG;Hq4qW_>$GqtBGv#
zMa|pXrgN=b!@8Ad*y+I{PG<44dp#k_R(}Bn&_k#1qm*dGhD`85_ml3nOs7Rl5_|ja
zaQq)9ww>74Lf>Nhhahbtp-HvvcR?D5!Btr}69e~rMz-A47$?T|(V?BV#!2g<o4&H)
zo(1;N;o3+OxM$rSQ}@<n`)~G#6D!{B5-ZgA^81_2&3S#KOC}v)cpwhg@Vt}2k4Kl5
zBB!=3J1K(|Gg_zdLhC(?n#|X|cCos*m`=fIYsq~&gH(bZI;ArmzMhT4^Gt+-+*r-r
zS3issV!gootflwMpAs&;V}Fvam(@ZKDv8lT|L<%T?{?ZO^x4zenk;m5-B>JgQ{5UY
z6qUN?V}+J`Hdfe!w<QZUXE#XDL#NJeaCSpO!P}4B5YCCw5YC;&;N4D(;plj6&4r_5
zPxJ7)(1_Vs$Q$axRH%KoU1+{%d*SGK+0x7z3lj9usWTRwvCvTL_G2u}vyczOWZ-`~
z!@;|qh64}(v9{&|A7D2J4yD$5FeGZ?sT3OT*^CfzV3sWHoG~Fm51l$=!Wk0{g>XN{
z#3BpGM2rdkr!ywJ+i6Vj;9P5KOz;7AV@#A<>%o|)iFQ_Kyk}!VL}^>Hv~$LU1U+=>
zj0tB<G!(-97!%i0bVX-D+(HXN1j}4c69U4bJtNX84m@q_&_Y`VBSO_)4`xJN2+~69
zJ=+nhaG}g8Y8AaZ3r2z-I&~I|vtVlb)c@F>1v6qnbBSJ~;fS5>a!YI%Rn+YDv0Jjy
zdD-YZRoL)CeTA)}YNI3j1Q~L?(0I@0$?C+|Ez{RW(RnaRgQeq{scBsAHL^|jQ**^Z
zA1pFP*#0}r#y6Z213rv`p?eff;a2Jtx_?_+odTn4t5cwjo^%Q{y<(lhh0XAF#>~st
zE-TuDu9s;J5>}EmM9ijsOa$jp`qD{R@0Ll~N(z?s6SeXXTglr>LmdlUOgfuF4?RoX
zQ^w!Yu$C?Y-F~6~J#@N$TE^)Rr$g3FhqO@}J!pzGP!3Ks7omqvKcAzX?tAByev7Ug
zm#K(VU#sUd__Q@mwnjXN@)jAbpJ{20P|+*zEK8h73iV5HmV{{~*{Pz2$dnABcfZ-*
zzP`S`R}5XOnW&~|{1}hp@X8<Ec=H+2QFZy)ltWEaW2MGUbhABYO>eQL`<udnp9UAR
z7?Sf@44>y3{~x|e7Nn#$Uj~x$*P9LHRL&<xGecwpoSpqah}1kuZJI(+aKuD_$-WY4
z2x}7%W`#>8Le@on9T9ciD3fZfn#<6XBv6`6w3wa+rh%0vLpwlD<pq>&I1ys{E+!Up
z@gW|zVPJ%|r^Xg7s4OdvrM0X$M~|_jCD~<FO6!%mP|;5BdCzCDM?aI+f+U5Q_Uw1a
zM44oA0D{|7FKsUk{HZsdjmR!5N)ylLrL)#fA?qc?+K(nTo`2<s6EJ1H>&qbWt^;r6
zN8UJ0h&W6F8j3lqJtm4JoFtpxjC>hiLlFKj^{&Io#Jlvb0@BSz5Cw5K%KAY~TM*qT
z{liqFUabQRxFjFW7iW_&xg3tcO=Vf@1_=$ILxNm_(2$^wU{tJHj!p6blr;G%ov~HC
zNr24r)q%1JQ4po(Qq}=k(}1X{Ao1ulM}?Klnq*0AgPME>g_+0+Bq#>GV}?P`=;#B0
zSehcPma`z=bK(`>cE(PHHhX6(xi=Id#Cje|7%|mDtRmPN!&NM$G!JifUSy^$ZwTFo
zZ!)ZlMX*HI37MbQ1J0I)r_3G%9QB2tE^tD&Ea%}ki1hh^OBHPFpR7s=Gj9kB6JGKs
zUNV}+0b%hua5>pX(=;$N7fm)MA{&?prpG8ndb32>K|WDaH3Zti@e0tDNvos7Owh45
z3A*AqfZQfD=?_EIFw9gN&Bx=N(=0v&nOPGtQCsoYRwWruu>cULBa1x^7t`VS#IH@A
zB2{V6jajE2bZR;4<E-j)7_X@!V*dW<&qbKf{oSgqq8d$m9>z)P(XqxVo5>Q1`}w3h
zGh`MEYc6b#y!Y>q4!x^~9uXk3F~LEWmnj$TIa|`KSCin%r;HbS@LV~8g3k#mA<GpN
z{Y3C(w#OtSjZr)0PR5r6`;*`<Gz709$D{==8neD&G?ps>Rl2}>hRWq&{V<4TAlJh4
z+~6Zvfy*l*%YiVN;SE`9=s8hJc2@iR%e=xY0(;L-;qSmtLSh{<kvL=e1=4lJQINvQ
z5Y&^-vex7_&QqeVgHNLgS&pkfPOxUV6voq90K`%d`9I7k#&ShkX(P}%gqk_661#ft
z#|b2hqdF!t=Fj8Vl;D;ij{KU2qs7FJx#kvp;uD<4v^uG`=|zyhVv-q1v^m0R3vun`
zrT$0K*~A~&T1)w;-(~nR)kdJ-Pm;iV$dVPdI~Ji;?2blgmCV<OC9y+QX~d=g6#@C~
z6=9Av_D5p%zn`Uqr<l4Z?5LqEXUCC0PZu$-;(H&18*eg$M2v)%lGL9}0?MXj>&6{c
zsYKmKvfVn06aXX!q-gTq$Mu(09L%%;Fz~O22@w+4evDtSMmz~nMnB8lb?)u|?D0Ve
zt53or6LuY;k@R&UCXA_!M5J&`PQxiu*8p^cNidV3V~@~he%e#Om3QqYIT~rsN|0Nl
zaJEPU`WqmWUn6>_p&<wY2V0EhuHGxb>mmyOTo4Kz^Q~NGv?x%Q`M-LI%?bb#fg{37
zX?!yT<8SGhJ7ArA(E0xml}JnzE-$ljH9#0|^Z;grsf@%_I3M~fz-c2X*iH#?DG2r+
zF$t$|yl`~vi2=bD*q_WV{fKR<J(e=-9;hl}!5{zpkXju_$5)S}N+3&<#T;_M1~^*}
zK%z|%P_|n+2|P1Ai)Yt~KC5vRIzsjLtY5lAX@C<5_2Ol1bdD1uMTlX1L5KnN2*cTR
zv;qX3FjbL{!=vM12xI2ZB3Tg442%tT2o;+N-E$GES;z14j^9!QU>ZYWnHXtjGd~^=
zCw_FX@Gn-t>Yz^eFg!kt{Gbbz%iEK_@cfc@{7TFp(*zQ`l!hUFbC$$<xroikhxgwX
z3Mr|+;FHAEMq-bLnq4~L_D573dwc*5kb;V)$pMLvAj?U<Tx76}D?TEQx(xkdg7VdD
z`JyW0sJAEm%l@|~T_P;AE|-olZksl=EwbueVuFX9TskUvNW2DUKt<EzfW(8?NY4HA
za_Ptboj;kuRTy*+C$OOAt6T3L&pgCF^B53-sa@-Uk1S#+U|PHie=(;)9wO=;a~Jd8
zva`v$w(1@X=zh|V&M+?U--p4`XB;}mN=@V3KaxI_sHA7DAzbuHE&6=cxk;J^R+@}+
zldKfS(ppwrI00ZvTdr1C1?{CExhIUnm`s)!J@m+w%H^?l9tIP-Wy`pp3ju~1ob4$2
z#V}8iZtglQOlK?Z&8oCEne%D0x*~0nsVZXb=Znc?h&OpUnE!LqBi`i8=T7Ur!5BJ-
zX*<W&wRK#j+&CPwq}<C|ku2AF>1K0-jV0sN4JN~K<VUmA^SzT-hnwEnBK06z-c5Q5
zJ{;`A8&+ZC=>}P~>Dg>ziC@O*h}`4=XtdgGa5_M&2x_iGZ3U$g4$p#fIM?q0iRc{?
z0*wieiD-ww<{Fm=VWfT(9>36lJEEdTB_9~viwGwg=Dfi*v>y?q!q$lD;r-(y^823)
zB6O%nVGt#YIAA{2V#kpAet;gIPkiv7`IMi0(HoOENEdO0yfBf(2PU>80AfwJySTj}
z)Pk-vM={nyCU)7qC&3?hpr#?A?S%Qp6qW;!50aM(=p?9*fG7GFm^;j7i!y%d3)DXv
zw=(840cyL|>|i%p?77R$<TE*Mw%bd(z2uj?m%PoJpp{rfP4+-tS~7MQXdO(t(ZyMV
zt0IfJ4~0>)G%Ud0Z$vENkHL6TvZ*9TbFg@YiFJqhkQcrKTMk-)ZQR|4SoDs?%uUs8
z@R{LfIj9tKfu^Vr{wxkJ!iZiRa1%8tIt#E}vFx8r-~R<6JP8EzIA0QIFA}ejrhasj
zH+$(Pm)k)!if`y>=m-+;&dH1YolWoc;oheA;PBbWrWd56#w&CR2r|_~ERL<Wa0e^1
z-d@5vuDOTsyH{Nx+TKyC15{f(Xf<@sLd@UZC$NM0uZu6BbayEE0h%3#FnDe1*4qJk
zyLRVQT(MfX^4cH^e|6mvnwEZL-SoQJ28(##{Eo1=G@pD0_E7%#2<!>()Fq!{XC6qb
z*X|sUN*W{UrMsi)29A*3A**`_$P&8H&W~73VO`t0!%^ohZ6y?u_Pe^+Yv~x?9nN}o
z2$xRM)qdceVbnPpAkNv1?YbLhcjN4CoDrjGjo2^k#(6b#+2A;#JIcvUtd=};!d4ZU
z$<NL>;h<VBA24-}nq+adZ0ztJ>2XPqxFQ{Oh%e`_;runIR&f3riVN5kxN8(T?$TT1
z=-9bx&>ozt27q(bpk-~yF00~PHJq!4bJh69xoU_y?NRAmHBgJ=Ts6w0b*>shn>beu
z=c-Yt;#@UQ({QdDl{(#E(Yb0g$Dec6sH@^!HOy6<t43EibFLbQW4x@2bJeJ?+ny+$
ztA-w&tA=ycaIPB8Rij7ugU(UoTr~g?_;Riq&Q*hI1?Q?!z(;;axe9-cYVTb-ZSWfu
z=ej|AaIPBwU$E<j+o2;QtFhf%?E&MQL7el#S~@SdP@?X%(47{#(?WHn_K0<-g{{!H
z4yT3AnUgtldZ!(EbGkD#cV<RqqdPNGo9rt%F)R1o<#`#`KkmGY_TbLT0KVY!vfF&n
zvl0WliGA3mQS45)oOSG;I^BZPLig0EJle8%g?sAco;tawPOOSTUAd=D)hY@!xu;HD
zV9`BwYK}km)TyqD8d>hClUzlOBlpy)u8JCG?x_>v7%!`G8yu;e^MZ3;aLx<$RXRbe
zb6#kLzIAY3a8I3d;GR0kfWVh?+i-3hR4X{Q4YihBf!jv8?=Iaoe(}@MC9w`u=eI$7
zaDE#AU$EcCO6=<<=3$pMvGZMUz6;KG!TByIDzsi1=ew{pR6E}V=ewY-*&e;lcR^jn
z`7TuIbc03byU-ke&Uc}%it}ACS8=`zUE$36E+CGwvMSDZp}uZ=qIA9sdT>{zT5wmT
zG9d8fu1eiiDK%@{RcQeq;!1H9ccqoiTV0kO%%(u$!^7Yz90ken)yghP-OXZ6+4Z<t
z6z3>oN-fJ2LE=<{5vq4&D}$>Im<5Wl1Gm{{fW_38xY_RlIqt53@u+my&;?rEW*=cS
z8QXQ6{q^1KyPFLyAh74p=VVAeOlwHJd6tI3{k&)I0D87WMWwzO9rXn|+#O|Gip<bT
zJgR4wxkFM8pwnFv^(}R~q&B;xCHTdj&OQbaI|2fCDzb-)eR_P9UdFS<1(8UEB*Xax
zoY9Cn0b3~ByBWAK$3Q!0+AnvfxKih#H>-CZy3OvWxAlaw6XZ4BvNT8Cx@}oHLE~o@
zyReHXyEBAd&Jd_rjcu>Mnq%~U_1DA$Hmlmjteul42ODHLCruq7u=oWY5TA5*K<w@r
zC}1&lt6b(}H`cP>To)Mq7~GuA{CGT^_|e4zcFIdbCCE75y~n#RK7o3B(g#jo@=jlg
zIh(2@FzMbdl}B6lU+U=Xk~<dH0s?#McHcwy?Ad0W;V--Vsb2LQMc&cLTkq>f_jhO`
zbUFB*qr9o5=vPj*>#c2H*FP>!RlbMr(C^X3sp^C}S3{Q#HqPBqj&r`&!R>Iq9(RT=
z7lh!ZyC4Mn9S0$B5jVPxxRD*Q4#CrZX_(|Et<dTJc;g@ruee0W#$$;a-rxbu!c-A~
zm4?qRnq%bFKfkCi(4&tG_fA=vk4z`-F_Kr3^O12rGR{Y)wz%_=aXvE3yjOKTGL2E^
zd}Laq(D}$X9~oA<Jw~06jPsFES8+ZvQt9^ib3QWFD$YlyJFGb$nf9o3J~C}F=zL_B
zCoY|jOjlTRJ~AF^rJRpUzK8DcI^X%obV8l0q00sv=k6%S`N-(N`N&9sK$r88xp6)+
zp4vQeJ~CZk()q|ZADJR7-$zD{b+a-*8Py<aePvW%tGgwVGA8yIvG8jSjl>Rin4QZH
zk7{ol2ANf^yrt03o|+s3dPc7=1XLQv0ra27i$Grx%WY+(zm;yvMziVECz59pPD8Lp
zs`nFzz%5DO$Am*b8;`OjEAU+1c69J*Ynp5&3(^t2#Im>p(Yi!2b4T`wLakP2Wl4dl
zKI_He+{32jNz?M~2qPD2v%l^ZSJGz5GV@Z#x8;f*9imp~Ghm<GTY>OKX6$g=lin$V
z-hfj|u=T+!<mw@mWJf^dn`Q6cvjwq2Z#;jJ%s^QYZB|_77*;LQT#O9TOQPDqh|O5g
zhjR@$X0lmPZR|qr3LYBwOkx$YJ;=JR<e^}Ye1k?$KN|B%?Os)j*=HtK5rJ6dRI=`P
zEjXhzM<#0~bEUAw>CrI?q2YY(v6(xw0HsDjN{rEu-oeq~J2=v0;=YJu?>Q-0D6q*y
zOXQJFGckllv+Pnn@W;%8P9|jUYqL1HlZ)-j2uDB6`Uo$^bzdd1E4?8C{Tfc#8`HhP
z6H<%V_lVPCfmm_0yzYn<N7C&PYdBffBKD_6Q15;vu=*!0X+o)~l!ViBVi)v)R5~N?
z%AYJ`WtUqrWcSQ&n=CQRFlC9}Q^WCMZoWgo^+zr}eh|A(ZxRrz4~X|XoWSSI<=#8H
zVW$|xkfaBVaBe|l^kg!-Cbm6Y8)hwT5OGb+ML!KTvK?6Vk#D{>sj0ca_oA#+;Z8g+
zDc{$@(*Lmlvl5bCc>aYCI)N3*_6%9ug-ZoZwQLuX)dO86_8@RAdQOy4Msb%unSBsM
z-aMXNh2wz5nT8XZ^F=hG3JuP0HvvWC;M^zZ+RRQ~06+X9mSN3;I#28ACx{kPQtUTf
z0S`_IGt}#w@$y4~+Cqhk)4GDi3msj-50*^F9~FJ!%t!A5GSbO-fH{}|W5Jo+c?e!4
zF)@tzr%i7f_)$n7>CBRV6{n=05$d%_5d-$v3|xr?oqFLpyST_MoZ<M9&@pTa*=+(H
z&>89=u?PC)bF3w}92K2Wo5-qzr#FG+;b%#CiB|5@D=j#7rV=3W_(vf)Bd8VUWTsOL
zWT~@z`Au(w)rP->)P)b>eB*;b_-+d6D>Dno*__a=MQxr&sXfseHocztynz(SFMVqz
z_q;QbKQO*76r`R#MEnd$ypQLM722tN(Wu4uNf?cAk|m)fKLczRRT&ikOrj72jOZIU
zItSKGh=o8`VLl6^l&*}={MTYXx(GZv6YhCm<7{TLMikq3{!L)(_3N#}!@IW2^*&0G
zXI=|h^2=GSAQ~@uu_&(FEEZku;p^F$SOr-^k3)k)W|7;5Q@QTA)`0%(7SxLWt}g@X
zvg}XDMtgkYWh+Z0s^nhEutmPR!@jJdug+;g&8(iheANB34Mk9rYDf{3p}%N~uwe03
z&;wn(Zt39!;V6=e1YY<vU-8VaKl777ylmqxE5bnqd{=B1$KWcWUjg=P8|k-@Kk{Dw
z8kk~&v|0lnN~YmxG4W%5n8_w<wFrin;QCeYC$)}v`2s+}<>TI#{>jb}ydpuGfxmYI
z4tvb_r+ZY`HGT|kHtA|y`d3W+&F1`4D%)d{RoS@@pLZX6qf4K9zQ&v0Wk|LRL6pX`
z`Hcq%@n+z#c^xL1yI>q_jb_n#ctPI*(GvXp1U4a7D+>6wT}*1aaCa5lveGK%1HiRe
zV5~~BGI9!!pYB;L6E#&h%G+opW}#Ru9y3h7z{Rt$M+!^VaI0apeyXoEo_t9#T7YUi
zgqekaggTc#kWDXxdW(c3-k*n1)U@K4#6+vrT%3~rwMBa0f+oA0^+0<{rk`JqgTZfC
zejI}MPVQ`+2Gcn_KzlZwr#Jf$(rM%F2b-aOP!BcrFOsHxRr)D?QN~VX(qb`Rhog7~
zFB$K>oznxVS>#WSqJ(IhG}#94iDd4Nf@C|>PI0nL_{WDw1l6Sl()gKqwnN*y_jh-<
z?(e`qqMfe7;960IQ^9Y)5$#0`>^l-VME6@zYUA$a#&$m5lWeKQU^h0i7B*hZF2d3N
ze4ZT8B&i3pC?YI2i?=p5y@{Wscar%eEc8UMeseaPeLNcP&~7&F68NAPt|_n<c+e6p
zO)X0@CtVkcraibZi_*NZRCmZLAMg^|Ha><Ct**m?veH$)XsRJ+YpU&&*^D~jA%=7^
zn=Gg_Rx<>rgp>Kr0eyb?jLbEj$6(<c$FnpT)l_CfP+%^}Iz1X|SV=V@f0175&!a0N
z#WtI{GGf}LM_HP=@@Po|>O9GqHhId=zwV7@Q%yxewlJx|F)>dfoopUV!ssIv;AuKf
zzS-V}A^Veih4veWB>7`eBo2f`sUT(m{+)#26Ek6WjL<zTr4NAh-_JprpR#x6AfX;?
z-G8#RvwOPp_?rj2-|Xz&dvgErua&BCFbT-6=?&>j$@nq{?cBSs5FFxpgG`-g6F>Tx
zDA{TdWqm31*x(2>x<BF1h$_obx_>F)Uiu&tDG^+wkN!pQvW8iCnV;3-LhxGldud+0
z_8TtoRaM_mL9eW5WNx`mCQ4b*Piedl?%gjgPaC1j>%O#*xr1?-K*JmhbyUmSCqzD8
zjOvD1E?609*rKk5cHp%#BI5)m_@#~Ak&TnvNK)9-s@*}j`k~V9$n6cqOnB2L^I!z)
zvs=K#0Kzx%-NbMC<+W_5@FK;E<6us970KJE$j*b`f=^^dFzj~$S73MI{Lc+6mWW-W
z91k&LHoc7+n~ASI<1lDP$6nIn=F(eh4ppA2WukkFJs;aT&M@wYKUk!~Yyrgk$SS+S
zwKQL+vLqh-cfy1G3hl+dxi|GAGC@!!_x!&WaR6E@`z_hty}$E>5zIDOs>$qTD$&`!
zKayGWUqu1U8B-$&OPsM=Vkocvoz;NjBoh%;Ws~{O{0u${b=Xy@A;a#uMi<kc%kMkL
z5c#_fD*fQu%eLsh+(4a8P_&o^0-Xv3?ZXP5(ASN@B$J$(?x0J-w-Ot4sgtbWR*6ew
zG;b)ZeOTnI<*l7!yW7d)OyB`_9-jQgoxAtsk4Iy|gOVJ}+3}a)Y@16A+KO`T!%J+1
z5i!kR8$_C8^gQ05hskzfmI`BHFs#l*>Ph}lRa-j}+7d^}Z(MHu5YHBKf`Y6tIMzfT
z>f04EStG=1>gIxz%}bV^(^~2Ii!42BHl3wiLy1gze+o+tv*`v3$nmd;<Xus1JCC;R
zlYcuZi&4<OG@Tk=QQMsbE%zIaB3141UEj~Dp&GZ*B`c}blw^5JWoG7AH`s^kkcdp>
zN_n9QxK|I)69!emqAGJzwW4vCR2l|`hN#@7#=tooX<}&T@z(vvCK}R<%08)v#eUY^
zjf&Z`_<8#Y;pIr-dRg6l>ufObdr@>~IkYG%YAI1c0M(;FGbbb|vvdZ}*oBgkQpe(y
zS4*&#wvkF-F-nuHrc4$I;>(AjvYNzDs@BsE*m<gbGcAvLmHywd9L1bt*S^`eIdmqb
z6hzvq8=S!5kW<Srj7F5$hr6iJ5>1~I7$M3_rF|!=h0%OrN>wm8n~japDh4BeGC3pr
zgDei>;OXDss(O%p`#zrBx%(fjBdGq)319%BO3ech(>4{A<kwSKe95G-ard{PS-A1x
zH^~GdTOHluK7*R5617v!f(;M0`MPh7h_Oy*rK_ds%7!$36F=}w1Vi0sLlle`(LTg}
zGtkr#Cu{m5b(l4;7P?Zklf`Hh1mhYvdaYM+9pVN1WG80fU%}6r_-@NQ@&=`LZdj7_
zvz4HqYe<P!D(&MMQmh`M8q(7YYp@UF2tE!4ayy`;_s4IBCyVp*@YB$QVn;rNeAp7$
zQjV$k6+dKnx^f~rxD1FI3eSh>Wss}SFd0%w8jOc$H$#3DGGs>~wRC6{j<nP>ut$k`
zHryKi0AW-Zml}gAs}*-Wx>1xv3uc;o@HDeMz9*mW-2H!l+h7q-H$IR*bIX!`WMNdt
zd^#J-jZ&c#jCQ64Z8S8k(7Tofs3A%EvuXNdT$eMt%bNotOvQzQ4>AmIX9B$`-_)8D
z&u8%v2z=-Z1zS&!5OI_-#Na7V&z%hoVQ&B#i4O)U!SN6+c|!UaF6PlNp)%cE1Fb1U
zap<C;MGc}guZU0|9JJz$gNd*t*+2$t)+eGCRyxqa!cQy5xUq+VxTl%P?rf9^jgkjZ
z%}g^dfejUlYMlQv5o}|&(TX?}(=&wrv6~R=7D7Q|X5WM_i>!a^*;1G<MdTZME6~s1
zql(LvOpP0NHx&h#nMi(<zRcGK9G~j8^9)Q>SNC)MI#`fajb&yeFEnY@l9gd9oSdF#
zs#jkar|JdG_>(~IMI`FU8Xs>a?nB#M>izxkc$j(d4AWUYi90_(xNEL%MG>@kVV4km
zBDNb%^^`>bCcA|&f>`mxSwu@@F`_U;Lz~AE4nUVO$zmHp>sd)9%t4?i%vW$fp0ZoF
zI_e6?CQ=gZPKf~YFX&{yoqzW&kyEqi;ybpF%l!lrz<-jQFDBn^XGOl<o_~i}4KuPm
z{GNvvw%zvtENAZnU=Y%@2nHo~`yg6H?1lJgV6uI{M1XPRCe>mxXaxHUmJdFKNlMvX
zJ~zOu7+%WJ(qQI@<4;WFwnFVj#s{rw!|DK4Bg7mzt_ZRXBAF4Qy%BY48;*k%qIL{3
zc>tn;qh;fR*~$Ruiilxt_(-vsveY~PS{gtp7XT{-17K7#02mytng$_=_z<Fqw<5<l
zAPtRzJN*AD^5pG<tN(Am4>mS8;IH2YALw7*5vHk#c~vY)kdmL0`LHBtMSe!oLrjoZ
zXt47^>(GH8q4^2X900gl<2q+B2>x976VyH<hr!dPf)dLG0E4H|VlqK29RuS6GB6S{
zvXHSm1igqGnRCM|O>Ie*!u5DK38IVi61E2y^fDnHLgeTnf0oF9Kf4*u;tM|t|1t(r
z7yVeWu!RAGBEMV7(e@lVz_Zx^fk*%&G66ncwz1t`8`rKer$9e6ku2N=E@F6qH@O)S
z_67U>ii~m!PTj%!-Um3A$-szAfX|y{kc4Vnw#MAjO5LG|!|@La9RDydwN<;TF)mND
zO|8|2wz`>BkJi|$CvRoJgZ57Oim-SGKz9nI1AKoxrXINd1d>D1ud+9Whio((A9V30
zaxk63)&1Pv1&_kX!N^=_*|VgZ9o<hgPG>j_<(`&od578Z4&S0S{3twWaa1#UtSrXJ
zU=xAhWv<N?7=5aZ*>|h=^z7=j74>zyB1S>1t2;P4#<&Gw3HI$G1(_;4iLQo3KO?Ws
zaE|p2ST~noqj+jfPX+39l%$4^Y!fllnJLrdlBuiw%%DA0iQ5}`A#n;964;9zM`ukv
zo7Pr(8Q;Zxj!T2_Rc!oFKozDZ^Wq>nAoG`4oAt%q(_4#<HwforCo38_AgryJP%De>
zD9UM|CRAnbQm}3Wrr0xWy<?E1QMV<WW!vnsZQFL2ZQIpdUAAr8wr$(Ct)A-l-f!l{
ze3Ka&Ph`e<PX5VUXRo#Q+PjgAYS4&RT-g$lB~fok%z-0sloS<+K|1mE!#m`l)lrG6
ztJqpzbTGI-%5Pz2hj6OQIOfc1FuCkdAi!Jz+#J!hAWHydsy4_Z;nNhTuruJbL_^*J
zfR*16X+o@dgk&z3ZK6=tr{YM0htroUkw_px-M}x@wg=hdIT_@EJn)lnMzDuyip7}u
zQr>2@;zKp@+8x$nZ~!8CH$}!eJU%JJwJ=1c0<x$uOjiY4!Gj}F@Zd#EjPZhh$a#n=
zjlpQ;X6}O)m@MPLHhH(eg}1~=H}d9>Y@^K$f$m#~A3hsjNfQDFFZOapIDTetu+X&2
zY`*A>i6Gi`cRqxo`0Oi9R-Ln)R+gXXSiQ1oe2iamoe1?Ro)H6jY1vDMhbLYadmt>M
z#!8sf7$gxI@L6bl01aqETuHq%*y7q4!*V;~(c9P7>F4|Q%x{)~NB*x{gtww&1yEjI
zNq^2pcL+OEMTQpzTker8ZFp3%Tm8Q~JD2b5#f68J4Y8D!mY-(MR)y}QDi(c#`$^*)
zOZFQkkxKBxl}eh2J#i^Bt&{!sKgG<Eg4&gqg(mMbu^b%wkiF-ISa4{0VV^-Tg4)j+
zHuynLmk4EVC!l_04BGxwzk(nIzxRY0x9Mq;;>Eh!O2R2>ulV&k0Pj8r?3Hj3G@+L1
zlErQ3>JOPnIQT)>fs`E~ZW0egem6|yXDOU~4|MSPg91L}MJ`?|+R%E5aYCoWxm>w4
zDR-`L+f6G!7f~TojWSprLa0(0GvAu)cFvEAQ@ypW|14txQt|Ry=i<c=mvR&egL`W*
z3PVg+qd|olds;%OUmXFPiL&DtR4G~|3$|x_;kM4!TzdnMDo*v9J-r3UL_lF~g;-~*
zE&cdsg8Vvz^+6mefo%`(1zw9tEuAC~8C$Bfl0rb+`B__Ol~tUd*`P#pu$`RcDAH+f
zgV?or%<N|c$I#Jex~l!n`T)|)j$0UDXP*MdCv$US#WALc{*CGht0N3;syE<A(1mwx
z5^V%wk0kel=xr{~m8K!XJsmBnA;LhfIeK(FO+jQRgMH<ETzM!HHf@oaAWudn!gg(F
zDrjg)G!g}FgI}O99vE{C8cQC&*iJ|vrYbG;J?R;D#0jqL?tHrB&Ga@D1Y%-Rz;Cc^
zcW#8^>|Z}Z81h^F1)h`!<$a<VB8Fea;{76p!cSbYzi2ymmK|t~xZcPc$M`>rE!+-0
z<^P&S{1VWC3!<0P>&7n9&$Zk5lqYoFPZ$C3&0H-?@tlhHqw6X|wp0nD@Dqg69SotO
zj;=04_8tQ33wP4Q7MiyjMP3dfd8x?zJ(I?khajMk^=qaiiuaXv^YDTzg06$8Ita-w
z%f2}I^K=rOa^n^)tf+n=n*!QSX%!sgQD_wH3|c#?1ADpBhS&#4pQB%8KqLfC#Z?2m
zs<Lh<Xa*4tF_(pdAPof5*de!O5*W45Ab|ow`mIn6x*)2D&({GA5b+Rf4pAF7G=qaH
zV?$ZG+>+EpLj-(<c$bbM+1W+YhvXH8a-!Df-2+O*f^fpt46nMknxKh?d>d6N%5I#M
z{V=!^(*-K5;HX7gsVT8P5spRt5#5Vt%G0+LlR7BO5Kc&i%d8em{^v(DUFoY7m!=GX
z!$47#4-!+)oX|>k|1QtPGlgz4@=p4S2I3v^I3_@C0!ZH&5r6{65X1J%w|st;Pv24_
zNkNQ^>2~JJ;d3l#W**B6Qo4!B8VFGa)HmiHQ$%V!s!x!4ENtk*_252_HVRjp*2<DA
zBNDx)`L@o<&ryblZodQ<+bl5ng%~6ng{sJ<O>da}Bci*h#4ed{tj7H5WM$n<eEH%}
zkFx!bJUYif-)AECg`v&K_w<4ZJoFXipC?yG@M1E|n7E?H#^bmVoy*32#>A1D*$m|@
z8Ff;w=Ok@BQ?5NDQ~LcI1vp=Rz^k&@a*BWUF<}dG;Dhi*hJfFPdXq7--e!22>u}IH
z|KR`K;pTy=@=Mw5#c7kQi(`wN*Rn$mtc7vpZrigf>ewG#C6PIK{b9KKy5!Dbw%9XL
zPw1=6-vz0JK<%TX>1|FMP-iQLZf4Y;g{<4(RsYN=bYZedV~Df*%m-z7JxC)tD5+=j
zgJtW^L~Wxfy_tLj-gGFzf^(+m)_-~^(xRQ)ikw|kL33@&9wKILZSuCUV~?y*mkMUk
zv~7mQ?^7F4FbSzVu+)wOj~1W#+O@uVfm=~Y3lB%6kR&KKt{iH_v)%HZEsLt?B!I{c
z;j9SD&VX2c=WQDHN)2L3(xS++s+=&V>w~`zy}mCGNGDbR7}o=uPX7RCh)^(c$y0}V
zn79!EmO5BD5_kX&#6{M)f|=tQKnhzrX@XX-NkZq#)L>Jv0J<e-r04`ibHXoYA7~5*
z5k`o4&dsbG_c<w0Yzs6-L2fW3%a}vi;^92wqv^U-9LD7ck;;+!`1#%p36pAvFOCE`
zx9rTublT&l;7gYR(*bdmwkn!)Pm~8_iPFWy_Q)RQS*gwGM~Zp^&@*hs7X85)faj;x
z@)kp=z8@z^^Qz%u+tcEEp>!n6!|(b6aixtRh^g~Qm?@`U_Jf{gw{G3ycBZ;VRR_G;
zw0XC@1!n1?XPoLD%^s5<>m8(?Em(s(YLLOWUi|FUiN!dE54=)N>9RDg_hAG`THTpX
zeB95IffGX_zoDTT@5_CF^&NjRRNA3z`Y&;r#~RUE+Z&3Z%@C&_(AW~V%HUem4LT7z
zAz_-x(CMT^PqDq6Sl8o38^51!3$mm|`afSsoq)NC1WaX;X->o_c9@PeI+rp5pF_>|
z^@$*MDt6Hf?lf!}?`VWG3m}b>rHvtU(smTn3EO8{%8<2XKePzX`Mn+LT#n_d>9p^$
z64PZzFHFJN?uFuVA<&~U67exeh$qFk7&mM|I4~g0#n|b)rd5Q$L2MrA;Iow?2l=!|
zZ$<Ho>8L)q;$1$(3g)?QAfslPa40GH6Od+VF{ITj5oZptMD(2+hB5N-6)(nWC(XhL
z5mTNM5lJ7mTGZ4x-wl=<>@3aoo*B<c2A~%&pBGuptRvA-ss=_7ld-aFR3?b7)KN%0
zHttC;#t{%*66{~JXfu1vKhm~qGh1a@iO~mI%AX_&&dTOzQi|o0SUJ6S&a(}VISMyE
zkvfg*sfLb|;%mMS2qSpP^Qc5-XQ|@tDsz~xpD^6UG$ACrLoQ!nWV%bR8lXQghlsHj
z_4=9v>ZS+>$`)2GJ<H?b(IZt``LoF(R6dR^HL9l`CkEGU?$(>RI)e}JWGM^*g<Ogk
zAZ2F-FQU8q!F|4prI}2_sH=K~24ckms*y(;&?pEu`-RN(%4j^<^C|DcFZkTc_aobq
z0>rh(7@=9&B=w4rw~y*vaQw&?If$*<9K3pZdKkjBBi5kA{+5Dqaj^xA#>8(eYNNSl
zhP$eoj+A)^(Q^<Q+O4RHiA#}BqUETH=oZ>(#Svu@D?}zLg>-Tw{4s&vV%8ZmpxX_M
zW#ZEESdTTnP{~YGI39GQ>4gz_v#_>yLnXnaUw599n1$j^QW|LVz-3?;cO<<bI(-zS
zzmpltHWH;VMalP&#TE$$NFyAf^7~8<ULBzFRm`-=62H?;o-;9$yN}WmmF9)BGwZaS
z(wK|ZnL2$XM|6;fzsAh$FxkHELA0g8Uy2pYQ%`1qz6V|=ji3_BoR-{FS!Oj@_yz3d
zG&(HTxpn$yf+4*9R9D{JJzIod3;wgG4!X#wLh1ISQdRkEiC9;-D2?zmG@o^~br>DG
zM+x7B>qR^Jiieu7YyC&0X?O{KuzFtH7IS4<Sj=>u1L%R{wrXyv<1mD^!a>(PR;^|_
z5SMOAS4$Cca~9TtdhS?+TSnmtvG#55l--cI*NhU~u1+hTSeX5c6bihH@pz9~TZktn
zB{8&76Ly}xeD1F{_y^(DGSQ45rv$k<-WEiyrjczGuAkIU@T_A(sJ%I$)jT4J=(WFK
z^VuR-Od98f-o?Xk)zTNQaFUm*w4GL|R>?@vD}7<Z!F<i(d)Ro;1>O-g0Cbg^(At{q
zz>ot~PMX}Ni$0+mmn&FV(w4zM)Jp({ItbrTP)v#Rb~KX4`5FEytyNe@&dY@w^nydj
zwbP!%hH~RWd(KM^SZz6O?|r)B%yA3x-ou7@VYj8IaSJm>3_$XH6);^fp5uQ(b4!LR
zwg4N<j^o-cK=ceS;#X1?OA^Qz0M^rR>bM3aKvP^Bf_0cQH+|SZO~T(_tZpTer*^P9
zxSJzw@%%b-k4#az=+hqA@qfTGc`l0kx;4R-t0geYmd;KG<p*27%sBLJjM4SzQRAJ7
za734QtWCY*psfNDiQ#$5{1)Xg+fija9<I!|RendWA2p9}AI-i}f*S~Fs9LmntpzQE
zL*5<CM5p*;3E5+o?&ed1zP#w-BaKlfZ_m7DJ%r8K{F&LWM?5&*uzdLsepH{6*LB%5
zt!Rsb&)f9)!B>x$(1wNaHX80*14+xOWc~Blg$t%of;)V*k8{4{hTysJ@wG+q$`02>
zs~{ad@$$@_<iz)y=nt2&8$h|v%JdOs<Kt{m%ARLIB{h$?t*iuHqA9#OSKszl#k!Yw
z@|}Xrcp(oBYCTu0t5DA1<xtxw=z|!jv=rT8E`Ww{)kbBE$XWxn;7#+k&{7hyb}uG&
zPkXGt<Mb_wTLPxJuVo>y^gzOq5<zya870gXyIPqMnp7iw{W`PBh!gmE&M)%$zY(jD
zNBcb?7{N>4LtPdS_Ybj<Exr-!F!vj=?huzNq&-T`rVDvgyen5AR2C&~!~2F20)g_C
z@R^1SFO(eNn10mV8V7qS0T1*&3$BZVv=Me`m-7U_LqOPVcXQGzDip#c?<#yz_{0>(
zkK3zTY?{k8Oxa7ME~U6uc=+{?`O+fes-5kLya{U*m^BQY%GAi>pm;VsfChVk$+Un5
zuZ}nouF~}G&fZ>5+P3^Oq^n-O2*Q>rZ&11I>DKI_%l`qpT*$VtqD<GAD{VtTwx@)%
zL@-du=3ENbZ(>~FR0^kRrvCqi5u2577_sa>ssjIpkzm_z7%7EAx}y5_R{n#LHN<=5
z^+Glpp-j8~z)0h6{oZ^+{=QrXybd2jGQtG2J?Ix<2hk68j%HIFS%@$deeq%PMj3+P
zpDIT{#M&Z13VQ#ZSH(nLNJ_U}=pDXcruGU_b8{>pQG#e`5S<wqhfze#4t@Xa6&2f}
zLLHqqhzP=-To`uclMLv+YCm)90hDxT>d$X~gd?*MMHwi1&*2mcMPE?+OJs>%OM4n-
zzHZ@z7mI+MQhUZ&lPj}q{9tFHM+AfcAx8jf5O|;l1TN4Wraz@UCcxCb0vB9nz%a*p
z#@IFaM))_wq(J2m)KvfmM{wUz0H%aj2O0?wF$<CMBp(?vI7Bkg1gMqZPdbnkcx~_+
zDR_`%posn+6F@)v6_al(tUjtXI0LV<*<}l?KDrZ-Jys9Z4wEmTxF3#aJa6DQpa|$Y
z9HRrlgjXnl_oWFr!<JM!>Hi6kN&nsuFyM$Co}y?=`T4!GP*sW9NrXzI#6lR4$y`HJ
ztTc}OX?Fpsj-8<{FjixmQ8SV&nP%yGE4~SOz|P!nhil&CFKLM8&Be(>V5_|WQ&f8m
zLR`lSoz)JtDeI8gXNqo{riztHDnAix9jCSS!;K+r{nliE3y1U)?1nhOaU3g2|9D0{
zedJ2}s?nUlpPIZT3!1J+MZl3bCZkFdlIOIbS@9g5>w&`J2R2lkB0h8)=_~UsYbN5f
zt*)(BV%mI9C7J2cE5@3uZ3lSeIy=(@yh8CPl#KkzjiX4jJ!b=*xHUG54c`{*P>a?I
z*+4@zh$uP8295+>_Eg`k0DZ|(6B}e-QnGd%DUATya6c72>Mj*pC?Z&RCdjDqwFGvZ
zZAXYy8#PSFdWJ+?Njj@|$q!edSy|!O{~d9-(m-J7XyPt*8QZ>=Q#pKpi&b``MfG!q
ztXJDk0<m`*m<<k|sm<KeZXMfhnu|ud%IEi*uxhk--!d-BUy3g;xeWR$OGO_p``886
zME<2mR%6{Aq@!t3QPM2RrB`<>qdy7}>UbPI(x@tN;6j!>(h#9k(#S2!B9@3GmA_AY
zzw1$C9%2?bV?VPs^@;pKatlwDo&f2&gh-y`n8`SnTlSr1cGdZO<ZzG9BFnPDW+@%C
z>9_LlQ~&!2)9E9NlzkK>w;r3G=Nc(!NXxIjOISNpaik2eq)2`)X7FYtx1;+U_bmLa
zVR-Z-`Kz#uu?()7?o+z8{tg{Sc$1DAW{+#FUspmppkbnd26Pan`^i-c_FU)Yn5e`n
zk9dkrFUF*TGRQG%r1R;wyV}%ervIW(GPdN9S&(cTLW)*lVFhsmQKp%>qN;*?U;^c0
zU&}1Oe3K9G;5G;F%R`J+R~!(6$<h+lR~6GkGnlkCs#)4xUxppvyDB5P4%%}8+SY}a
z2j<7uK{u+xzKJB#)~u5iQH9|u8l)vI%`3&sNs0qHE5#D<oL;1Gq)HpJFt9~99bMeW
zUuH73gd3dCmc1Z1w!8w1L@dwaN|UlU1t%PMgZp91{tFPgP7<+NgBuK8$p(jGD%yaH
z?cO~;V^G2X0_G%u#vIEHGCo2J7}}cTT@TZQ#3zbfSqtv3^-z+fCdgI=`DWuakspf`
zXFm}PL;jdF(C?=)GAPmgM~@B7(e(mJS*wG(wi$P8#6}V&mp0>#`su7~N1Zt9#B;4{
z=<$p=+%5@gcg@G!#V&UH6l2hljN9i0wcDPI*w)@$vndU?x~bK2g)i(<O(64(EaXg2
z%i~s^+nS7+)LtC3@fomh+a9}=elCV)^@G!Yscvp}vdJr3uc6bF5Mvfy3!}L5NXP6_
zqtGWq!Rt+EUJb%bUq=+8lKXw}vp}3B?&u<)J5NGZ+LRS!=&GCX-FCiAD}d1oqi+JS
zt0D`peX!c$zO1|)dRwIpt3->Dh7`a4eWk-<#JWdI4^HxkJfq~qlA_c<tjrWm(dKn_
zAx&2~m$;-fzt{n*GBmfS%@>75#I^LT$D(ar4^Oy-L+Vmp;K|sUbeMZ)>l{tCR1LDJ
zs8*<gOkBmX1X;BUT-|W)^=EPz%=j%=N`&eB&gs;Ze`0(N%t_);O}O3N=azHyj$yEe
zGLe49L^q&L)WXc~icDZn4N>%=I223iHcf0{Jhk1B@Oe-!It()Bnz7btME(`mQ*J$1
zjB#0jT2zij&=QqZwFwl$;&K?hs<fYdmU!C~v0-bggnH1C4hc>FPgP{s*qS9i<fZ&A
zVguFfNHbOO7XkD&Hm-<(!pnZqzCPA-B7@R5r`Q@)J?e^*|M3SWq1i=hdgD-Er8kPs
z?*AoMTd8eN^_u@6h>k?Zp<3vYFK36B0gcC0<PlOfmO?9}qWXObpXbxli!2&p<dsDu
zs&2gAJq49`Y8x_EFC(fpzNk^s_M?@V7?WW(z$g|nMs}Sbs<M_shv}dR{nc`d&n|XB
zgpzj4X$$~`pxxJ#?7nUi>$j8xoFmq01;^-MAYMqrK$@l>7t~`aelYBtEh<DFN4Wgy
zvo0n{2U7{pbhKNMgr?$!t4?Uv$(A&({jwM-xOpQjP-~boKe<f$<>n!M?Kh@s(_z_P
z4ntL(_fIKAHb{J@%<eT<84;}(*6#6Ip>_{7OvdVz+p!-hH5p;1f^}2Or{zH+6!9o+
zH61U@^%m@LDei)#N#ak<c+HQ#aYP5dd$^WNDS%jQzTO|rT#LB%B*(Bbkyj1VN<8F|
zMM98!`OYxzM5>o?oF3^PV&#y@8od-b?mc|Ynm2{OGJ?cTsaQQ==gdQ>VXebvnMVBO
zb?^D(wjLps5Q%^|C=lZE#t6S-ZZi?9^Ec|9tyc8Q5az1evX+R0Vx*?!lG(7)lt7lA
z<ztQ6-hgMXE>%pj)GWv{M;K085klfN_o``mq_IK8-#ohkzsyC`@iz|{`a^<P`5$*%
zTxz#pzwDQ_@n|VT9N6;B8F~H9A&&dqIOt^*e-Mjum={6?bJdyXQ|pNEMkF8wGD>Np
z9!WR+kgvBVWo3fKDGaEyh(p9d()@7!+H5v{NA!^NWQO{B<u(B1O~l<)@8H-S?|#f*
zgWP#xPv?bS55(4ZuOcL0^IQZxU%IL#d<d?IG=DtUjY4Ax(p-HNTX_9PwXDz%^^$(0
zc&L2LEA~(Q9h@V=oJ*+cM`4|h&GAr8#IaBUtqAIm+;N7e8UVcu%=az9-A!^h{)=j=
zVr{<FOKEFO>@DGwA8t8oF~&G&iGsOBk<K9Ie~AKxzo>Q(99{9mFmz*o-v3k!;O@MT
zw`<D5x`7szcEA+bm8I&^&(X!K6__$M>7c$rytDLPZHjyV^WBA2MnWNEn;8pR**-6g
zu0`S#0TU@efd3aN5&gC|#{dct&P@a^C9Xlx*9HO*e-f?<RunKMK|&~NJ;k0|&`P5#
z28xT*{+-hZAVx=;%}Q!UI!cPY)Ibw;_OhMU5O0PsFE3V=w#e`@KuLM~;m^JH(_uqL
z6zlGn@^Bv{r@jSg15}tiPK^-~V14HWpau)9Z;T8;L1Tz{a*OmkoM*GfgcML0_N421
zq)8W+1wIBLDBuN8WSb4Kcol0vi+lweITqD9$r)%!V&#3r$-vA>1`GmtK`Ft_kxO2_
z$jD?EnWPwd;)u~eXb3eKdyt9HK_1W>G4)Gh!+|`*bzx_WK#hFSL>R%<g-DEi3q_g1
zPgwK5*X3b@JfN;(=477?0X8+bTPgkK=3I-o1>$7{0iUKYz%|)0z72Q=VJn{eeYu7W
z?337_`ZhKW=7^T%uz043!2d&_GmN^V`TyiO0TPQ)c>ZXcz)M03-$_9VK%E9)JwX@{
zIR_8)Kr)Z1Ui1T4ppqH{wG@N^Ca+B_4)u)%9WZa2TCcEB8%9m(b!!v<-Mz9lV~EH!
zK}(9ijW6)LrE$8-v{+vTj!l9{pq!ORk^1i9#Ji@v02p8sy>T8g84^pDV3YmVPgMs=
zlKxMMrcUR22oFl-!l!mL6O2%eyp*7o!E(3jC0sltS&ETkx~y6yhF<4=>w<*vPj+cf
zlEH5yMaLHIR>%7B-P5JU$L95HdTO!<*|*Oz+}s=CbikCz8eT2RT9^4Jn_cLXwOD8p
zS|8!?R^g=8;X)9mPc-nlX>r(QE|J8*l4x<KR}`Tng72#CiTrU+lUt+ihbceAJoLJ`
z9m8&cu>L*~ou~u5LX7!h2zuJm9x^#ayUZnsejH^H90=DW0&S(tV?SC6=c0U-rPX%p
z;#66Zhtz@gG})3DFi&hEdy?3|5yZk=={j@w+pi$}u1-e10hYlWRZw@$exbD-<8{x`
z9Q@FJx;1tpsgAK9Q;4MaIZ-Ok{HL|S1;J^<agCt9n%<Xv%dqX<C#u|n_SFPR?>rsq
z16>-TzI0f$dnpp)`$5)-5cdRduUXE;qkAR4XJosQQ7tmib=U|26%yvZ5GhSt@mpsT
z#<$Z-w6}P{R_4&t;+9CrBgY+*zE8-*9lNWgNLTGBW=7iN{R)MNv#~y?Kj_Pv=VT}|
z?OHUHts*~xYX*#)A8EsDOcehsrAR6`uqq_BDn!yorQL;@q{OESn(>5OUU}tfp+Yeg
z<ZIK`bqGJFQOQtbXF$an7X`<7Ss)by3bFQsP>#eLZ0cwADucY=3l%6Aq<TzWkoD5R
z#7Lp#dG<H$^}L+}X8qr^*HY_U#U|QIeo<{QJLa4A&bR#&>QvLeX>S?aH|<?4`lh{>
z%Kta*ZM@yTVU<`U%Qzk>Cdt`N8vyG%CLgs%6>^tNQW=isxk7v4G;xNhYZpaZMR-Dh
z-|G79q?wl@g+oW3@uB!eAWfW%RyEf)>usKi76pT1lvH%2u}fvtGy?szG(3JU+JrJI
z7Kfa*m(!-=Xm+l?&qt>xU>rL6JFt#_(%98~kGC>>*sdb6*GuLYJEw)x#_FU>RN<Md
zMz4`}c^Y!#+=eE(a_mZMcjVkY5z(G%#tvx7u%kQHYKc(Mp*v1L^BpUQ`~T<RzVAz`
ztRH_}+KA5Ckbez;>ldRt#_7Wt?Dx!<Ks|TtGT2&f&#)6Mal$Q4KWjVkMoG<|8z(3p
zWx$%-1v7F_9t=EV;MT=jQmUwx*F4j>eMJ??W$}XC#l^Om<>AB6j^~Fm+!uz?#Ms|~
z%yAh3Dai-N(>upXTk2(CrCo7T<646X@~{xZ0WU)HG&A(Y7AxXUFS5hP7L2Wp+N(xT
zB$oJ5FLadQlE8YZCG(X0hspj!UK-sP!EN%XG~Kl=q&I@4$zc8m?Iv3^o((8{Fh|3r
z8H8_=G_K_#3Is|nvpG?<h)%`Eo-dP(@d^Dy^fK4Wbg%W<bo>A}Y!4?ZlA`Yzqg$9{
zu}beI;pWDj(k#%9dA|^bea#XSZc;uD2c|P91WVe5GkCD8qK`s-&qR*w8kgp_lmduz
zd>4EVAFdzl5-@DeXFo9(-?OtT0Fnz-0IeU<T3B?GWe~4NO0_{2mKJ_RT@yEE5_n~3
zX>W#a2t9bo;s&5V4eFbxW$ZPACN6ru=W9`~5yqog4^*y7<g^|$CZ!QcjGxLCy;Q48
z1gCTYL@|GY#0iIG5oBZ;Fjs>sK_;NU3T`&(csiSQ2i}+<e@&3CW~wzWAhc;Ro8P&P
zLu*ri3dFKQ=1ZpW2&nLY0u0InFyHhEE}3x5RzYfxSOEq#lqq1_jn-wXvW*bFJKO*o
zTbubSAQtjI@Y83&QWR|E+$|6bamUyE9neEk8bVI-gEzn`HV;7`%;F7@lu(ACFM0X~
z@RVJJsCj7c0dy8!ft+yq{OAc&dI6%LjQr7~r2Go>kTvzaj`9=WDRT}nqi4zQdsRt2
z&hi`Z<OSnfbovE&lYfPnvDO7_7Jh-0T#&65`~@*L-uymhBIUsFih)4|m_Q)P_tfDH
z6`%~mt0VByeu>CF^CJ$tpSY*2RxGs!a#T#(LM8``1r;IZDAKjyu5I2inD_2y+PBC8
z7ZT-g0($Zo+DhOgSzF2gHJw#}8gu*{$v7$Bp-?Iy&xIjaY?2C4fp8RXb0we}iU|B5
zFeuH<Oo0A+RqS8$JWKLX?9rN}@1_?ULP~%#Oj{RhOw5!Z2pYtY8?t`Gu0MeWj{3qd
zKdkP72Lmvz(P-}1k7U`}qttT>joIK#6>nJHyZKn+q1Bn+H~v`mY;CG9$QL-3VeEnh
zApz{i&pCq`v^iG^t^YhhD82aSlKEnG)P{JNCNbIMv=0xCF;R1xCK!aguC7(Fu~Fx7
z`jS<#I&R@zej9&mhC@K%L#$l^Vhtde76`NOhOaZO*`<|SW2{yAw8;wTaobJC%kusC
z!ZbiMnUdI4?$n32g~r&Fm>G_zT%`B_Kdgyz1qFtX2ls{`1-eum(DB$|Z^8+zyM$lo
zLB<|{px3k`&Hf)lg|<!0b@?i_&1HGR8;Qk|)#O_*A;X+@_RR!j#>=1D-N@*Mvd_RX
z6w@<x6>3pfM}M}-msnNqp=;5(MYGu-aJqcV*Gsx@gX>d=`8Nh;53zuK;QZwY_bSOM
zqpw1f(5HLN^$eIM_S*8dYD3j-P)Bm@&t$TVa4cd#($G0EU8sE}*BEQqM1ZU#6#u3B
z;1C2LFo9C~0iosq)H)!<HFUrtzT@qTDFvWNHkO;sOqE81W!|@;C=wkMF-^f8ANG{J
zWD7d1=0%e(zKVus*&eqb#>zD%R4OJ-bi&%3A)N#O*(XpfE7+Gav#64!S^}7ip-wcT
zF76{#Y&;R>NJZV(=erf}#rygl$`Z~i(B-@R>xZ?qZI50z0^dw`TfV3=(!G@W9Bv^y
z>9WD-RM<hpK~PFg<ywPc>c2Si8WX2<sShLu92t2W5|FeUK4fC7Phw_FXygW2CU|b8
ztksBXR1jh+G$$n>mA=T8#`vrm6N`v&CO2qMT0?D!-!e!W$#440<trddvG1n_bdWGx
zS|q{|I~wnm8|_o*can{lz~t6f55#ztG6>5u$WGA@lhn77=3hlp&LE`vyc`-mfeqUN
ziw}?(a+wM3{7a=AWt$FCKH~f$9xh%x$xsKfSc+@5Bl2|;p=l!-l(frUDBsn&Uq;kj
zejdg}$%tY+c0^kypN1$3CUs}k!{d^<YA)1-KyTE>f<6g*1|_8_S2@h;sD3G^8JBVY
z+)ted9C0nnk~#Dvg4zlk*}?l7?yv`R4Gx)=Fk|-d@?x1TZ3=cz8lN>h3a&hB=b9E*
zQ?0==OIh(ioq&8o)&oCUEV)A*1)9%{Nz?cqcF%Q*U}lSslA^;{1FVOj`!#|1G$mxN
zG-Y8Nh(woot+4*UrG<d!7AKJf3g4+T8_L_~6Ln~+Yb;!((%fACo;Ijl3(Uaz!34WA
zOUe^wO;pMNY)?^hGDjUThf*GPan~ocE_c@T+a<po#M!w9IyuCKknDC_rreIZO36|x
zV_e2kK}2N-xEj!b|CuR_BPCQOh5A!bJl|K()vq)bO#mqFB-tp_P_O``LM^fR<eI0N
zW#O<+OSJV3RQwa>x!6d^;;CN0E8^BLppIoWMqa77^|+u6S153AWt`wvW!{w|Ps)7S
z>tVxe(`w}YhjtHkIahc2-`Pg1m^TdUA}sA7BcVer?Wqv!<_td-nlCwpM5;g&3xUI3
z74TSQJsW)8Sudi>un|bzOefC#!>g;MPrMiQX#aAC7B!V!uGIM?vdNpHAQ3q7UUQ)9
zr9lpMHcpefgp?QquRZcpJVVN$z+np>+Rxb+t2LTj6jHa;c&51AIJ60L*=7H@TKBtt
z%T2;+?;dIM^&Ls?M~f>#pX2ddY{MqaH9pKq3mZtjfcRD8+~4bzOX@B@YRQ>dYIFxN
zNsNicnPr?pMwow+=Efh!Bx)zg!a0oxdm5zsjVzC_Z(dp#mW(e_coI=;%&Cy63U5iG
zJ~<+t*Drt=;rN6~(?sxBpz1p+1zE}%;lM>eVqD;@bZ^fqrQ|eOHc!574Gh)c+O+43
zty!&1)w3TuwwYVPcTr^NEWS#a6i+~^E=nJHH@CtDJs^aU)Zq*{QQ=@+`)-TkO18<g
z^1VqW6)}(KZ@8K~ov<j;F!<M888RL9J>%X~{<UthGJ*(7#<vu8^A%>l<ga7jG#p30
z5~o6%Lj3tLVw{7(ywsqgzU}4LCicpeaE94|d%L&csYIT2F2AoIzCP_vy7h9`{#A*k
z`JXbR$eXew${drx9XY3Sx-*CS^#(hx3qEP9iq86f`ujIuZ)YTh<j#qiVyc|;hws@t
zmyVpMSP;RJ{mBNkGc8SfH=f&6G+CIm5H7l?5B=dIvw)S8UqKH>d{5gw>_v+~8SDKg
z<6F+nAslmgh_!~%T{6eiJu+j>h6aoM)J?;vriC?CRSk5QILBg*(<VoeBxkXzW7&c@
z3>dbd0nvRni8N4<8=-6BOEq6nQX9i2YxC^DT#T&Lu3;Le5!K1y`O-`p#&U5OLynjm
z`kEZ_z?M0Vp;hG)C|m1BXu9H8S?g}yEKh;5do#w5(9g|6Wl)qkt7=Fd^bn}cBU^pj
zY2HCeMS|ttHrY_LGdizTSxc6D;>ML&z`XIk#Ij0s9R}-)Lubbb*VO8)Xm)hWMoMK3
zZ~l+V_n>Yoj}nVCF-h0cq6uER#zWOL5OK%5bu4a$ZM`i)`4cKX{jzpOrUOM)&P9~&
z5gXh?X^*=4t3@FMX_J)VAoCd`{^7VTIRku@%EtI+xV+Z!WV%o_C{}2!{ekJG<nsgx
z#8FG4$q^)IvOYzA*S!}WWv*9gGl=~6$|4+*iYp4Y*sYj16MmwItV3UBE>v1D3qsOU
zm3DZ>^=Uq34y+(K_27iD>!1G6kJ^x&zC_W~Y?)w(1fM}goaUTCPn*PmiixZ;r#>Lw
zd9w3*dE+Np>?mY`M(+;FN3lR8{aOz<KP?J2O4);YrOdTbNeP2Msp1SR?m-83j+l%0
zn#`EkX~roAuGAB@On(CxOQq$zXz-4UrlE05c+3A*-Oz*@tVFf;MqVp<YAYD99>gAU
zyL1e?EG{zB+FBzAk4SMe=QV}TF;-`k;!F>y;k%^kLZ6FQCJm-Sr7^IeCAFLU-0*ES
z$^W{dih^NNC);cODcs6Jw>CTk@=W~BGrT1|$=g6o%@kgZkJIZKTeZ-@m7zr*OBNbb
z4A-SU>|xV;=jS$Sy=@-S^0MZh(p`HqwTsby?pMA?%Su-_Q@v>)$86J=|I|oHWrte*
ztPL51{)si{lWpom`%CX^(7t|4=1yAB;V@qkmYmcgN$Nra6pxx-Sic!jtZ_BLx_Oz(
zDKNIF;daV6Dd))>vn;Y1Q_2OT3q%~OEdQtG)<yQd0k1Pjo{!culafz!CBCj}j2?T7
zn|%NZMC_Mq40^cYAdiGP?nf)Zp*h1{|J(8KgC|Yb-ENt6aTRWE1IJ-A;4I!&=Mvj3
z7T}$?a|9ghUnmom$$Eu!mRQAsJrNln$I|$8U>pJ9<WL`w>@1%=KG5SZtS{Bz(cEx8
zQ>CKQwVVyKJNsdB8B~I`B(T<a9_1~fQ9w;Cn{A*8dfWpID(1jX*ix*QDp5>XNEx{?
z*DIHa2&N8B>xz?dM1jSJuup==hoFT0Yk4*wyDOlE<*?CKmRBf|vrN%HC(SAB#VO34
zX4SiBI&C|i_t^NwlMQ~lU!TW2nb+6@T(Q9_bjqA-R*A^m)f0;hkwr`B^2Qq-p}50r
zpdV$8s7y~2nFxz1Em%ec5eOM$oo(Cl`NsgFS<EbzlEBZDa84>KxL3^IOZSWbE?0co
zh>&auUqKwcD12JF;LdnRyL~$FUHl+XEc4b_e*;R(bDSihkj1u<Y!{mu5yp$M_@m%l
z>(_{oKn~0>FL~x;f<{DI=nM^0Z}fE-4%VKce9=-WU%DHsSSoN@=ow1GiuwKuGS&#m
zy%gtsRjw2sv<WOy-6W_Z&ELv;WnafcAxP7~=Br5Tnb1UmKH;%s{v;7%f@1d<G?;tv
zpoi$Y+(r^pp1qq2kO1i{lvQj1#MqO3ur>eQ5TF88dO<KyHYoIQ&#mEZ*vSj!o@x2b
z*(Gf)e5jE<e1B>rCsfwm$~>RRjpfe>Inf4rwCPi!0f827(865QpW^nqL+a4tNpPr2
zax<zi6xg&%JnW0~hsKl?X7t&p8Rgu<=VN<Phz-?U?yj(wqzaB`;h{fD$mV?kcBYg@
zkJA)`3bx<HA@XJka}F7lYdww>!9y8iy&v|Su>Sq4=0I*ix=Gj1b~;>75%$9x9ujuX
zyZkGEW}|v+FjpZ^8?C;uev6t~XLhmITk(*aE%}qc-zy7@m>SL+lbZa1|69i5@9MM*
zhik@0*CkyOhT}R^eQ}dnNGPoqaDA~NA7|A^SMuvyX)x7+jV9;Q)|l(zc$wN+g(x>&
zz6?#MUt7VFx3^gZdra?<0y;7=koD?&e{^>cOCVH@=cwDk@9p<ci?=na;NpKYs(ZxI
z9LY^sG$)FxoBA#ieEK8}uSeJE`u#jsR4-~x2_x#u;Q*_DCON>IAC>l$*~#1M#w>lo
zU6Tfx4N?WsUkcWSIAkuEqDxWVGqnYZNfHnfLe$Vm4|KuK$E2RF4uG@0F^-WRKYgl;
z+bFJ>6Jd|h21~t%1qfmSN(?cfiJV||2mq0?UP`6NFx>*R7WuTREF>9A1^cWmmZLz8
zQ~wH14At9eTN-zLJ3DuMt<ihfCUJca;S}H(7Zw_Ud!qDnJj!96040$OAgD-y|LBj%
zXlGxc{tn(pa-zXU8K!_DaEQcmyEG1ba(&uqU6x{X3aKV8GsdcFC~D+1POb^ofCf5k
zi-c&&iDjH3H16AKzp`QAS%ubpy}qq;gQP)MII9zrPK>!d;P|C_#V!yIEfZ*`p}q9&
z)fqx)4^ZY7*bj%wVz*Krji<_a>#9MmHb3dS*e}3@`QuG;b3@G~7#-jWdHJSj{tF$W
zhoU5wW6aL^I0P4|A*^NT@pzXl^`{|j&FNa}m05ozf-c9-CPjoHFfGyAhRG_XzdA9Z
z;Icmqw$|uL5XIQK-nw>B3pbAM`;m|-*2XqbZbbRoduu?^eW9Fvi5CP;SoJLyL)E2{
z`G)7;P&Lmac<;HWxwH&s`uL;e=C*80Zx;s<07BCr&>QM#O_$5CW!M&iNpSg9x?6Z&
zm3HMCu$1AcO<4r(cS{~O@OXP{>;-Pcvv9~Up6^OnKYK}`3L?yv+tVqS%L$~e`30??
z^S-@<&$9NL*=}~fUhNL>wC5X)P1=pC_E|gc^wt7@i!9~t82MWPO(rlcWV5BGsDh*J
zkLfR@0WeYK;@udiTaJ>KV3re?&*6UmeSY`Zy87<a@h;uHs<+qq<!Jku>|WeGfb;ov
zeV^=|-tE`^akzCre~bTHqxnU;wg37Z{BM1C_i&jv_db&ERij7pKv+XFL&bC7_peVL
zKznU)`}5@rxEt8S(;@j8Q=pO&P)AUPnPf^cWyPsKZNo{B4yGPI?&aoE4NM}LE0@fP
zIc#>-a9-~9Dq)q{{G<-t#Kpo$R{@2G{A+z{RoV=H=v-;OX2qqmLuI_J^k@9AXZ1!M
z{V5uU5Pp8kyN4V9-@(mkqXQ64wuaW$hT5kZHGIFa_l`_Aw|i0s{(z)w{I+&A<$*!Q
z<vVO!$V--l%}TCH!_LifMeNEjtIH=<IvV(3&8vYCmU*W26LS6WvBR41;CwoBtEycY
zRtyBQ(p&qn$DcT#Vqr~?+Rq!}xN~ba%|jZdoh{gv>$g0eQ;K#>(<ApO)&le6`Ype`
z16<kaG~Th_+E~w{>rb&gq+IvOEr^md4>zz%)or0|;a=5W3}}hT;;xFH<Qki1s}*1>
zbhM9^*GGzzAOe=BK-<>>0lVcIX0@uCe|sia%2K{N$$48Fjq!h`R}AF-j^EHI$Y-xV
z=MKngcK!C8;s9$^>)AyP<A8VjVTb1GVM))`ho(dn3TZT^E{)CR`drX6vLD^rP;GX9
zokd_vC(NfImydGeGM44Wnmi278Q>n!Z?@$Kf99ty&JmCG4IvTzG76f!nYW&enGLF?
z{+Sm*Z`&GkOtB(@(#ERnQ~9D42qJ>aX$;MIFO6+N=Hy^%B~a>}Aw8%azY!qIOh_db
zYtbR6<Q{h9(Ka=EoaE68w7&SRN#l==m`bHJ<5&8)MQKpjI{J=ma9CXi$|ms%6Pbdo
z9klO&Xp<@Mv_z2-qOy|l{c<OVlxD4-^BwCig%vVS_m)+WY!kf>ZHNef^AT`Pw5Muy
z`Y+pdw+F6vU~gj{^s-{c01M{`J3Gl8=bwNm15e_i*4k011oG`oA`#Zx_y;+r?0{15
z7nW%$+{o-1Qz(B*jfsr+MA*a%{U-A^{DhA|rwX-mc#lI6U7_`%;g~iM*q4OFz^c1L
z1vo}6TALpcM-5b|2)o8?8YlEFgV;{Jmxp1a+)-v0n~^s;G5WegDse7lN05=<omA$e
zJJqWrP}i;NQocJqKIMFKqpsNb3D%u!gWbz--FNta^0zuf>TgywsKmMUMI%Ei@jpXM
zKM*P3kfd&5`x%UXJ66x|Irh;AJ0nI~Uj2p;LHed?gypqEMN2pq84c!Y`=75o2J0Ui
za`WZRyiT=jJQ;8QSehO0e^?s$|HaY-LWnX^U#~D`q94A-{kgW1iuFgC#6~n>65%T|
zb%R2O1EbvV<jC+>&0@j(M<<KikP1SRb-}ajiS>1Q11+}JziwlX#f|8{(Yh9+2%qo;
zt8!?951~WkT2)MF0n+#fJc`iIP`NyTb$b7FOPd*p>tlNY8WU_X?6c9OPhQG-hSI0#
z-yi;-&G_K=qZi;?li3Bm8Tj3>TN8QuH@O?GMVHjZeD3%vu3?E|10hf!B<{@8ixVWu
zdr?#fZe0s!12fQ#>5qjw(!YEUZ*|8-rBJnV<WBu**h8vteMnr_$FT!@$3H4exe2f9
zx25m*8Uv9k%F0$gZal@nh?hr6CZHx8=^~#6Ib}U@M5oWYDrWEh*~NwJq&%(8A0ue?
zXtt0swzPst<0IMSQE%KC%Ww=@^-XdN!rM3q-$l^tup%AakT2$jN+yR!<*5pdX3G@c
z_0PYA3l-CG>gQx$jt({rk#COVk9r}Ktc!gkfwpgE$P$8TR#4EWnQSsTBExWbUua)M
zOu>Ywn-Sa=v=%&N5?y!V4B*r2u*Wm1`Hkx4rkZ;U=75iZm8=4i6O|rEh}mgU=^=N1
zkGS=If%1`Mt)O|`q*ByB%t_aa?%hq7JF<3s9b0LjulWC!D^bUk2tt29!e4Lq<7yRe
zuF|(R=_dWx-5`shZw()&v7fv3S)3{StDIt(6U6GEP{ysURLMHu{Ys7H5&9YaaGL{-
zG6B-GS%Wa)6H3E0RUDNaMeGZCu8B)oQ?HR<wZ5)|sENZkb*KO)@N_H1P84LQvS<wS
z9>{1bgs+<*o5)Z&GK3*q>H3W+WGB3ozm?2OC0ggvy<mz1kOhdR&Ra^V$qrje8>3h%
z#a?|d%s9dWXVq#GMC=^{QYtOZDud)m+8W8M2@(uEti6KQ{lx#YOQB9BjBaO=>G=IM
zzrNDh4b+X)@FfVo_oww)81auU%uqUhbOs9#HUd2xFS-&KA4xheVc-sVzw>;4ZdeW|
z3<mJ;P)O#xZK5?;?{R<io^2&S$blQH=}AMjf1os*n)BCiF?T!tgGuygL27e#mp)No
zfrp^GtWL;<9`kf&zbH*eD%Tk17(X+;8FnxRhTwz>tP}9ppH6J9PL<>CBUL$iN&4h^
zD3<EGt3T_7&VtRr?>~+II5(4lwAqCCJM2C%Q;s7)iWWM0-?*C=bjIM}#&qqtPiJ35
zi|v#t)2eQP&v*tn(B;R_RCS%sXLfe-T6-}BJsdUiX9vf61_S4`OB*!4qR23zoLLl}
z1Sjz!_>ZnEpb2b#k6Y5;p%ffFcr|3o1s0ztuVf-p8&JvkWfo!S^-$hXr@W0*LEA*b
zm?&MGNPK?cp6b5FE)GSRD}}zbNdPn6{nL2oVJt%CFNwrFEX)}Q``<kxc)F68qjoXN
zpGds7QQ&0*_}8_{n0doc^r!9P#AXhKC1R((<tzPlJ$OvSN?!2nG0rZ9RS)T1K%7(B
zRW)#d;f(t#Z92<<dTjRrmPpn=I$*XlNP#Z+x(A*bZfnp~j}+y?VZEeXo+%hug1Oj5
zYw;_^NU2iD5ry#1(Ai6=ez{_A?zFljm-1xOzURV;Hrb0~k;0cJybLX7Kc+{Ll$ums
zT^DBs6_(uw>20qcQ&$lBZKZw(lU=u-n3gZ{rkPS#cac)rt-2)~rCwQ9G1;%5bB1pg
zCEMY{n5!l&;QHsX-D;p*Rl$GT34DH<#aZ8pk1{xzJzlnUdFxi2yfu+i9>seNx{L0P
z)u0tWt3A?+VpP8#X6#+JDSwb=>~)(4r(R+5uhBZ>JP+dU|1^_2Z#Vk*6@AOBrsePS
z(aFj)Tx|;Ey9J~826L#tFylnn!kIu3OmNH_3fS5UZzflIeZJO>mA~TZ)gedSsc)Ba
zS482fiB{G-nZ66q9zBQC#oB@J!2E7?O!X^)G<A0JwV}>yqpxb`C_maO4_<BFQNqfZ
z(COvKIQ4wkd<$8JH1N#6sG?vX)!3;5*XHW#I=t&0WzB*joKr)u^qjSuxx%=XDs`{O
zl4n|Nv|w4qi9O*@du~O7BYQ%}7}tivRn=XP<ImRp{!N84gdU#rc4!-JpA7{|?(c;y
zrkijk;8#I)i*P2XNZg&d6}%+2ZlW4k&4*|vg<XXgd#qj^c?Ul&UKwm`Dblx8PU!cl
z&PJ-_7_=1V{Yn<@ykbmH;r9BaP|$!VsLwG@6QFzSj<<c%3vOxJUf}UHe%)WXK8?P!
zrTlV}s>Uz+igZJF-+tRN!Oi%4??$-%5&hL^QI`oyqX}}ne_+JY9@R&p0Xll^e|<t8
z?epQf{&xz52gN93B^lpm4Vw&qc)N(b7=e#>P7$#_+n@3j4>{J$AOVq6s^EOE)2?~+
z=AYI4*-NCz-rfm)z}Rv=MnPi_Xs_QKNx)~01{C*xWXc9v<e)f3!l>l~H`IUsd-g~F
zhB+hYrF(tI!ohGq{^{!dYHMclcaaJfA>{Sc*XcLBcI1bw%;r1CFa7%ZjKv_a;0WZ#
zyo=1PYaMis9<3_4+YaT;0xej_N=4E)ghnArB)aZ)yXJkG5@MRh()RGsm);tuucPxH
z<+=5}8$Br}_HXX5{Xtq!nJD-x4f&T;M?DVx`sKEOT`&2F919%*Av~G&0rNDud)n0J
z$<g1x{D1ZKYBQ=Ha)Zbn`)8v{@MW(&ij$3%9UVrGs81JUqXXrO17A%t_h#=yWYQH@
zjE|xzvqlizA!ED@V>vS&S7mHQMDkWPWuucvv+Cy&>G6Fiu6w0lKYZG??Z~U$GI*;J
zet&WO_!9+kV#00)B6L>`%pbK9_hwcvdIse{aU{yQ`};h#Y^GqR;?}yrGOHfpke+RW
z>r#!p^1(9{Ax|4IH*Q8%Tt?^@jvRdl3BIIx=;yf?hJj}*hkrqnhVVkSuVL7yTR5?`
zm(&xVV25nduO#d6N^d&(;8vc_WNn=fzMHCk2Tw^Z?+$T3ZSb6um*VS~qM)sq*-Hz{
zvXW-dph|&!THnr7JqFIjqF<SzdL>nir*K6bjZk`aZCYs;flv!zAD9yb<tv};!G*ey
z1_EWn=uZaxYeDY<T>?J?UKxJ$r3gPPL}bM;pgX0l>_s-D4qly^-U`Rq*5(`X5w`GL
z8>=CxaZ`K7ue=uESGg*Q4`)uB+ch%p1s`NipU+wz586d?XD{zBPEvDgpBQ87Roi2a
zQP9|s-4{$6!v=S}VdZ{o*Nfel(N?NhHapF7r0pH&DOKEwZ%UHEO=`8p8;SGFk96m`
zOissulX6R8M(;Rt#EB7ZQz3{IJcg%I=`9niza^~)Ce?>y+KsR4A!>zT=WJ!hH@{y~
zX>cF(?U)}I8*^9)xV~Tj6<p2b`u|PcFD&OKu21H=%*eHfG2sBeh^hX2|M#Q%FN}gT
z5HKnL^?SlCB)~~c^ym0Wc*rvZ01$)?0APH7`tJb*Ao$M}05Ebi`JR8PY9V4`YGG^P
sY++~npINy7bCdtq@ZA5i2@T}`W0bCfG#L25CBWa$fbT2O?|<+97i3U#EC2ui

literal 0
HcmV?d00001

diff --git a/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json b/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json
new file mode 100644
index 00000000000..c2f3fa5d66e
--- /dev/null
+++ b/Solutions/SpyCloud Enterprise Protection/Package/createUiDefinition.json	
@@ -0,0 +1,145 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/azure/azure-sentinel/master/Logos/SpyCloud_Enterprise_Protection.svg\" width=\"75\" height=\"75\" >\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SpyCloud%20Enterprise%20Protection/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nCybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.\n\n**Analytic Rules:** 2, **Custom Azure Logic Apps Connectors:** 1, **Playbooks:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "analytics",
+        "label": "Analytics",
+        "subLabel": {
+          "preValidation": "Configure the analytics",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Analytics",
+        "elements": [
+          {
+            "name": "analytics-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
+            }
+          },
+          {
+            "name": "analytics-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          },
+          {
+            "name": "analytic1",
+            "type": "Microsoft.Common.Section",
+            "label": "SpyCloud Enterprise Breach Detection",
+            "elements": [
+              {
+                "name": "analytic1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data"
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic2",
+            "type": "Microsoft.Common.Section",
+            "label": "SpyCloud Enterprise Malware Detection",
+            "elements": [
+              {
+                "name": "analytic2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "name": "playbooks",
+        "label": "Playbooks",
+        "subLabel": {
+          "preValidation": "Configure the playbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Playbooks",
+        "elements": [
+          {
+            "name": "playbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+            }
+          },
+          {
+            "name": "playbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
diff --git a/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json b/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json
new file mode 100644
index 00000000000..ba12ceb52ac
--- /dev/null
+++ b/Solutions/SpyCloud Enterprise Protection/Package/mainTemplate.json	
@@ -0,0 +1,7400 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "author": "SpyCloud",
+    "comments": "Solution template for SpyCloud Enterprise Protection"
+  },
+  "parameters": {
+    "location": {
+      "type": "string",
+      "minLength": 1,
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+      }
+    },
+    "workspace-location": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+      }
+    },
+    "workspace": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+      }
+    }
+  },
+  "variables": {
+    "_solutionName": "SpyCloud Enterprise Protection",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "spycloudinc1680448518850.azure-sentinel-solution-spycloudenterprise",
+    "_solutionId": "[variables('solutionId')]",
+    "Custom Connector": "Custom Connector",
+    "_Custom Connector": "[variables('Custom Connector')]",
+    "TemplateEmptyArray": "[json('[]')]",
+    "playbookVersion1": "1.0",
+    "playbookContentId1": "Custom Connector",
+    "_playbookContentId1": "[variables('playbookContentId1')]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-lc-',uniquestring(variables('_playbookContentId1'))))]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','lc','-', uniqueString(concat(variables('_solutionId'),'-','LogicAppsCustomConnector','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
+    "blanks": "[replace('b', 'b', '')]",
+    "SpyCloud-Breach-Playbook": "SpyCloud-Breach-Playbook",
+    "_SpyCloud-Breach-Playbook": "[variables('SpyCloud-Breach-Playbook')]",
+    "playbookVersion2": "1.0",
+    "playbookContentId2": "SpyCloud-Breach-Playbook",
+    "_playbookContentId2": "[variables('playbookContentId2')]",
+    "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
+    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
+    "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
+    "SpyCloud-Get-Domain-Breach-Data-Playbook": "SpyCloud-Get-Domain-Breach-Data-Playbook",
+    "_SpyCloud-Get-Domain-Breach-Data-Playbook": "[variables('SpyCloud-Get-Domain-Breach-Data-Playbook')]",
+    "playbookVersion3": "1.0",
+    "playbookContentId3": "SpyCloud-Get-Domain-Breach-Data-Playbook",
+    "_playbookContentId3": "[variables('playbookContentId3')]",
+    "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
+    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
+    "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
+    "SpyCloud-Get-Email-Breach-Data-Playbook": "SpyCloud-Get-Email-Breach-Data-Playbook",
+    "_SpyCloud-Get-Email-Breach-Data-Playbook": "[variables('SpyCloud-Get-Email-Breach-Data-Playbook')]",
+    "playbookVersion4": "1.0",
+    "playbookContentId4": "SpyCloud-Get-Email-Breach-Data-Playbook",
+    "_playbookContentId4": "[variables('playbookContentId4')]",
+    "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
+    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
+    "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
+    "SpyCloud-Get-IP-Breach-Data-Playbook": "SpyCloud-Get-IP-Breach-Data-Playbook",
+    "_SpyCloud-Get-IP-Breach-Data-Playbook": "[variables('SpyCloud-Get-IP-Breach-Data-Playbook')]",
+    "playbookVersion5": "1.0",
+    "playbookContentId5": "SpyCloud-Get-IP-Breach-Data-Playbook",
+    "_playbookContentId5": "[variables('playbookContentId5')]",
+    "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
+    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
+    "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
+    "SpyCloud-Get-Password-Breach-Data-Playbook": "SpyCloud-Get-Password-Breach-Data-Playbook",
+    "_SpyCloud-Get-Password-Breach-Data-Playbook": "[variables('SpyCloud-Get-Password-Breach-Data-Playbook')]",
+    "playbookVersion6": "1.0",
+    "playbookContentId6": "SpyCloud-Get-Password-Breach-Data-Playbook",
+    "_playbookContentId6": "[variables('playbookContentId6')]",
+    "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]",
+    "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]",
+    "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]",
+    "SpyCloud-Get-Username-Breach-Data-Playbook": "SpyCloud-Get-Username-Breach-Data-Playbook",
+    "_SpyCloud-Get-Username-Breach-Data-Playbook": "[variables('SpyCloud-Get-Username-Breach-Data-Playbook')]",
+    "playbookVersion7": "1.0",
+    "playbookContentId7": "SpyCloud-Get-Username-Breach-Data-Playbook",
+    "_playbookContentId7": "[variables('playbookContentId7')]",
+    "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]",
+    "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]",
+    "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]",
+    "SpyCloud-Malware-Playbook": "SpyCloud-Malware-Playbook",
+    "_SpyCloud-Malware-Playbook": "[variables('SpyCloud-Malware-Playbook')]",
+    "playbookVersion8": "1.0",
+    "playbookContentId8": "SpyCloud-Malware-Playbook",
+    "_playbookContentId8": "[variables('playbookContentId8')]",
+    "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]",
+    "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]",
+    "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]",
+    "SpyCloud-Monitor-Watchlist-Data": "SpyCloud-Monitor-Watchlist-Data",
+    "_SpyCloud-Monitor-Watchlist-Data": "[variables('SpyCloud-Monitor-Watchlist-Data')]",
+    "playbookVersion9": "1.0",
+    "playbookContentId9": "SpyCloud-Monitor-Watchlist-Data",
+    "_playbookContentId9": "[variables('playbookContentId9')]",
+    "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]",
+    "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]",
+    "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]",
+    "analyticRuleVersion1": "1.0.0",
+    "analyticRulecontentId1": "cb410ad5-6e9d-4278-b963-1e3af205d680",
+    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
+    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
+    "analyticRuleVersion2": "1.0.0",
+    "analyticRulecontentId2": "7ba50f9e-2f94-462b-a54b-8642b8c041f5",
+    "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
+    "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
+    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
+    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]",
+    "operationId-Breach_Catalog_ID": "Breach_Catalog_ID",
+    "_operationId-Breach_Catalog_ID": "[variables('operationId-Breach_Catalog_ID')]",
+    "source": "Source_Id_s",
+    "_source": "[variables('source')]",
+    "Document_Id": "Document_Id_g",
+    "_Document_ID": "[variables('Document_Id')]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Custom Connector Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion1')]",
+          "parameters": {
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String"
+            }
+          },
+          "variables": {
+            "operationId-Breach_Catalog": "Breach_Catalog",
+            "_operationId-Breach_Catalog": "[[variables('operationId-Breach_Catalog')]",
+            "operationId-Breach_Catalog_Domain": "Breach_Catalog_Domain",
+            "_operationId-Breach_Catalog_Domain": "[[variables('operationId-Breach_Catalog_Domain')]",
+            "operationId-Breach_Data_Email": "Breach_Data_Email",
+            "_operationId-Breach_Data_Email": "[[variables('operationId-Breach_Data_Email')]",
+            "operationId-Breach_Data_IP_Address": "Breach_Data_IP_Address",
+            "_operationId-Breach_Data_IP_Address": "[[variables('operationId-Breach_Data_IP_Address')]",
+            "operationId-Breach_Data_Password": "Breach_Data_Password",
+            "_operationId-Breach_Data_Password": "[[variables('operationId-Breach_Data_Password')]",
+            "operationId-Breach_Data_Username": "Breach_Data_Username",
+            "_operationId-Breach_Data_Username": "[[variables('operationId-Breach_Data_Username')]",
+            "operationId-Breach_Data_Watchlist": "Breach_Data_Watchlist",
+            "_operationId-Breach_Data_Watchlist": "[[variables('operationId-Breach_Data_Watchlist')]",
+            "operationId-Compass_Devices_List": "Compass_Devices_List",
+            "_operationId-Compass_Devices_List": "[[variables('operationId-Compass_Devices_List')]",
+            "operationId-Compass_Devices_Data": "Compass_Devices_Data",
+            "_operationId-Compass_Devices_Data": "[[variables('operationId-Compass_Devices_Data')]",
+            "operationId-Compass_Applications_Data": "Compass_Applications_Data",
+            "_operationId-Compass_Applications_Data": "[[variables('operationId-Compass_Applications_Data')]",
+            "operationId-Compass_Data": "Compass_Data",
+            "_operationId-Compass_Data": "[[variables('operationId-Compass_Data')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "playbookContentId1": "Custom Connector",
+            "playbookId1": "[[resourceId('Microsoft.Web/customApis', parameters('SpyCloudConnectorName'))]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/customApis",
+              "apiVersion": "2016-06-01",
+              "name": "[[parameters('SpyCloudConnectorName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "connectionParameters": {
+                  "api_key": {
+                    "type": "securestring",
+                    "uiDefinition": {
+                      "displayName": "API Key",
+                      "description": "The API Key for this api",
+                      "tooltip": "Provide your API Key",
+                      "constraints": {
+                        "tabIndex": 2,
+                        "clearText": false,
+                        "required": "true"
+                      }
+                    }
+                  }
+                },
+                "backendService": {
+                  "serviceUrl": "https://api.spycloud.io/enterprise-v2"
+                },
+                "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.",
+                "displayName": "[[parameters('SpyCloudConnectorName')]",
+                "iconUri": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOYAAADmCAYAAADBavm7AAAK9klEQVR4nO3dLXTb5h7H8f/uuecUKqhQGiq0UQtlVGiPrNBBLctCNuigFHqkGfNGFJgiFwpFsEMyDIrDwiwYlIFd+cr2I1l2/PJz8v2c43O6xC+Kkq/0yHrk/fDw8PBoAKT8Z98LAGARYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwAUGECQgiTEAQYQKCCBMQRJiAIMIEBBEmIIgwMSNN030vwl6o/dyECYuiyF6/fm2vXr2y3377bd+LszNpmtrbt2/t1atX9u7du30vzoz/7nsBlkmSxMz+XYmTyaT0fq1Wy8zMGo2GHR0d7WTZ9ilNU8uybCPrZTweW5ZlW1lOZVmW2Wg02vdiOEmGORwO7fz8fKWV9vnz5+m/wzC0fr9vzWZzG4u3N2ma2sXFhV1eXtZ+zPx6ubq6ehEbrkMnN5T9+PGjffjw4UlbsiRJ7Pz8fINLtX9RFNm7d+9WinJekiRPejx2R2qPuck/nOc0NBuPx85jvzAMLQzDWs+RD31xGKTCjKKo9Hue5y0dmk4mE9ljhqf48uXLTFSNRsO+fv1qQRDscamwTVJhXl9fL3zN933766+/au8ZcuPxeFOLtXfD4XD6b8/zLI5jjhOfOaljzLu7u4WvnZ6erhylmT2bvclkMplZL91ulyhfAKkwXZ7bO6urmh+a56c/8LxJDWV3Yf5NkOL5vTRNLUkS53nBZrNpYRgu7K3y86xFdY6HXW/G1HncvveW+XG867AjFwSBtVqtylFL8edf5/2DqvOyk8nEkiQpnc0TBIF1Op3K19u7h4eHR5WbmS3crq6uNvoaYRjOPL/v+4/39/cLX3fdPM97HAwGlc9nZo+NRmPpcjQajYXHdbvdhfv1+/2Z+2xjvfd6venzh2FYeT/P85aup+Jz3d/fL/09VL1mfovjeOa54zh23m8wGNRaRs/zHrvd7tbX7bo3+aFs1Tu1m3B3d2dv3rxx7vnmZVlmnz59mrmv6/h3NBpVzsbJ7zPP9VzLnmdXzs/P7fPnzyudckmSxN6/f7/FpVp8vU+fPtVaxizLpM/pSoXped7C1759+2Zv37618/Nzu7i4sCRJSoeb61r1/F5xY1E2JKoKvex7ysOri4uLmf/u9XoWx7Hd39/bw8ODPTw8WBzHNhgMrNFoTO83Go22vnHNffnyZea/2+22xXFsNzc3M8t4dXVl3W53J8u0LqljzGaz6fyjHY1Glecn8z1NEATTY8FV3zTyfd+Oj49nvpZvBOYVj12azaZ5nrcQd5qmpaG5js+U5/gmSTLz8/X7ffvll18W7pdPeOh0OvbmzZvpY4bD4cK63YZv375N/91ut+3r16/OZTT7/0ZQda8pFWan06k1pJxXfEy+oleZFxqGocVx7Pzezz//PPMLN1schnY6nYVf8Kp7zHVOCe3K/IZk2d7m6OhoZp3s4pKq+deosyE4Pj6WDVNqKNvtdmeGQU+RJEntS5iqhpB1fsGuqFYN86efflr6Ogp836+1sSu+I+s6P71p8yOWQz+PLRXm0dGRxXFsvV7Peby5qsvLy1rHolXD3rI/wmJcrZJzi64Ay4JV3mMW90Y//vhjrceUrZNdOfTz31JDWbN/Qzg7O7OzszNL09TG4/H0D2M8Hk+n2tWdlD0ajZ70R19nyxsEgTUajYUh7vX19cJru44v2+322su3C4cw+V3tEwieSi7Momazac1ms3KomYdbdv2mK45V1B0ShWG48Pp195j73rs8ByqnlTZFaii7jnwWh+sduF1yHSPWDVN5GIv9OPgwc/s+2C+LqxiiK0rf9w/+eAib92zC3JZVhkiuY8XiMaXr+HLZMHb++8/tWApuhLlE2cQG17vGrsiW7TFXHcYewhsx+/DcjtOfTZhPOfivemzZ91zDT9ebVMU9nGtvt2wa3vwQveqqjm0pbjzqrud979kP/UJ5qTCf8sssm0xQ5/it+AkBq3xvXhAE5vv+zNeyLLPhcOg8vVNnGl4QBDN7513NOy1T96Nbbm9vp/+eXydm7hHHJh16mFKnS/IP3c3/YOte15imaenskjph5tOyOp3OTChRFDmnbFUNP1ut1sJjPnz44HxM3WFsGIbTaYF3d3f266+/2u+//17rsZswvw6jKKqcETWZTGY2aK5JCc1mc/oz1dkgLxspzM8Yi6Jo6frd90auilSYueJWeX6e6irCMKz9bu3l5WXteZNV0wZd82bNnjYN7/T0dGY9/PHHHzYajazT6Uwn0bs2QMWLi29vby1NU2u1WitfxTL/B56PTlxx5ueUixtK1+sVN4BZltnHjx+t3+8vjCDG47FFUTTz+bguR0dHM5M8Li8vrdlsOj+KZZ3P5925fV8QWrxZzQtw69w8z3v8/v175QW6695ubm4qf466FxOvsm7mL+pd99br9da6UPrk5GTt34PrYumbm5sn/RyuC6UHg8GTnnPff/+yF0r3er2NPE+73ba///679vnBVa7NGwwGS/fCrkui5q36buyff/755DnEnuetffnV2dnZylMHfd8v/US/IAjs5OSk1vN4nmeDwWDpz358fFz7d5l/2qCqH/63p5IxHo/t+vp6OtWuzumB/Ji07HN5it6/f78wrIzj2IIgsCiKKieZHx8f1x4aR1Fkw+HQsiyz29vbhWPgsmsalyl+nk1x7nCZfJibz5ByrZskSabHcEEQVMabpmnpm1m5/HrYOkPm/LXLPjspH3oHQTB9XbN/N35VFxiUPWd+zW4+xC0+59nZ2dLl3RW5MLetLMxtTotzXdP5/ft3ZvyglNRQ9rma3xDUebcZLxthbplryKf82T7QQJhb5vq/jnE1CZaRPI95qF6/fm1Zlk3fjCp7g4Q9JpYhzA3KI6yattZut2U/DQ86GMpuUJ1zjKenpztYEhy6Fxum7/sWhqGdnJxs7CLrfr9fGqfv+3Z1dcXxJWp5cecx0zTd+qmKqv9xEVDHiwsTOAQvdigLKCNMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQEESYgiDABQYQJCCJMQBBhAoIIExBEmIAgwgQE/QNJ5aSYMcswbQAAAABJRU5ErkJggg==",
+                "swagger": {
+                  "swagger": "2.0",
+                  "info": {
+                    "title": "SpyCloud Enterprise Protection",
+                    "description": "The SpyCloud Enterprise Protection connector allows access to SpyCloud’s Enterprise Protection API. The connector is organized around the SpyCloud Enterprise Protection API endpoints. JSON is returned by all API responses, including those with errors.",
+                    "contact": {
+                      "name": "SpyCloud Integrations",
+                      "url": "https://portal/spycloud.com/",
+                      "email": "integrations@spycloud.com"
+                    },
+                    "version": "1.0"
+                  },
+                  "host": "api.spycloud.io",
+                  "basePath": "/enterprise-v2",
+                  "schemes": [
+                    "https"
+                  ],
+                  "consumes": "[variables('TemplateEmptyArray')]",
+                  "produces": "[variables('TemplateEmptyArray')]",
+                  "paths": {
+                    "/breach/catalog": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Catalog_Schema"
+                            }
+                          }
+                        },
+                        "summary": "List or Query the Breach Catalog",
+                        "description": "List or Query the Breach Catalog.",
+                        "operationId": "[[variables('_operationId-Breach_Catalog')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Query"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          }
+                        ]
+                      }
+                    },
+                    "/breach/catalog/{id}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Catalog_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Catalog",
+                        "description": "Get/Retrieve Breach Catalog Information by ID.",
+                        "operationId": "[variables('_operationId-Breach_Catalog_ID')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/ID"
+                          }
+                        ]
+                      }
+                    },
+                    "/breach/data/domains/{domain}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Data_By_Domain_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Breach Data by Domain Search",
+                        "description": "Get Breach Data by Domain Search.",
+                        "operationId": "[[variables('_operationId-Breach_Catalog_Domain')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Domain"
+                          },
+                          {
+                            "$ref": "#/parameters/Type"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Severity"
+                          },
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/breach/data/emails/{email}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Data_By_Email_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Breach Data by Email Search",
+                        "description": "Get Breach Data by Email Search.",
+                        "operationId": "[[variables('_operationId-Breach_Data_Email')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Email"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Severity"
+                          },
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/breach/data/ips/{ip}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Data_By_IP_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Breach Data by IP Address",
+                        "description": "Get Breach Data by IP Address.",
+                        "operationId": "[[variables('_operationId-Breach_Data_IP_Address')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/IP"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Severity"
+                          },
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/breach/data/passwords/{password}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Data_By_Password_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Breach Data by Password Search",
+                        "description": "Get Breach Data by Password Search.",
+                        "operationId": "[[variables('_operationId-Breach_Data_Password')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Password"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Severity"
+                          },
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/breach/data/usernames/{username}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Data_By_Username_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Breach Data by Username Search",
+                        "description": "Get Breach Data by Username Search.",
+                        "operationId": "[[variables('_operationId-Breach_Data_Username')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Username"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Severity"
+                          },
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/breach/data/watchlist": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Breach_Data_By_Watchlist_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Breach Data for Entire Watchlist",
+                        "description": "Get Breach Data for Entire Watchlist.",
+                        "operationId": "[[variables('_operationId-Breach_Data_Watchlist')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Type"
+                          },
+                          {
+                            "$ref": "#/parameters/Watchlist_Type"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Modification_Date"
+                          },
+                          {
+                            "$ref": "#/parameters/Severity"
+                          },
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/compass/devices": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Compass_Devices_List_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Compass Devices List",
+                        "description": "Get Compass Devices List.",
+                        "operationId": "[[variables('_operationId-Compass_Devices_List')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Infected"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Infected"
+                          }
+                        ]
+                      }
+                    },
+                    "/compass/data/devices/{infected_machine_id}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Compass_Devices_Data_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Compass Devices Data",
+                        "description": "Get Compass Devices Data.",
+                        "operationId": "[[variables('_operationId-Compass_Devices_Data')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Infected_Machine_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/compass/data/applications/{target_application}": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Compass_Applications_Data_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Compass Applications Data",
+                        "description": "Get Compass Applications Data.",
+                        "operationId": "[[variables('_operationId-Compass_Applications_Data')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Target_Application"
+                          },
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    },
+                    "/compass/data": {
+                      "get": {
+                        "consumes": [
+                          "application/json"
+                        ],
+                        "produces": [
+                          "application/json"
+                        ],
+                        "responses": {
+                          "200": {
+                            "description": "success",
+                            "schema": {
+                              "$ref": "#/definitions/Compass_Applications_Data_Schema"
+                            }
+                          }
+                        },
+                        "summary": "Get Compass Data",
+                        "description": "Get Compass Data.",
+                        "operationId": "[[variables('_operationId-Compass_Data')]",
+                        "parameters": [
+                          {
+                            "$ref": "#/parameters/Source_Id"
+                          },
+                          {
+                            "$ref": "#/parameters/Since"
+                          },
+                          {
+                            "$ref": "#/parameters/Until"
+                          },
+                          {
+                            "$ref": "#/parameters/Since_Infected"
+                          },
+                          {
+                            "$ref": "#/parameters/Until_Infected"
+                          },
+                          {
+                            "$ref": "#/parameters/Compass_Type"
+                          },
+                          {
+                            "$ref": "#/parameters/Cursor"
+                          },
+                          {
+                            "$ref": "#/parameters/Salt"
+                          }
+                        ]
+                      }
+                    }
+                  },
+                  "x-ms-connector-metadata": [
+                    {
+                      "propertyName": "Website",
+                      "propertyValue": "http://www.spycloud.com/"
+                    },
+                    {
+                      "propertyName": "Privacy policy",
+                      "propertyValue": "https://www.spycloud.com/company/privacy-policy/"
+                    },
+                    {
+                      "propertyName": "Categories",
+                      "propertyValue": "Security;Website"
+                    }
+                  ],
+                  "definitions": {
+                    "Breach_Catalog_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "cursor": {
+                          "type": "string",
+                          "description": "cursor",
+                          "title": "Cursor"
+                        },
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "title": {
+                                "type": "string",
+                                "description": "Breach title. For each ingested breach our security research team documents a breach title. This is only available when we can disclose the breach details, otherwise it will have a generic title.",
+                                "title": "Title"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "description": {
+                                "type": "string",
+                                "description": "Breach description. For each ingested breach our security research team documents a breach description. This is only available when we can disclose the breach details, otherwise it will have a generic description.",
+                                "title": "Description"
+                              },
+                              "site_description": {
+                                "type": "string",
+                                "description": "Description of the breached organization, when available.",
+                                "title": "Site Description"
+                              },
+                              "site": {
+                                "type": "string",
+                                "description": "Website of breached organization, when available.",
+                                "title": "Site"
+                              },
+                              "confidence": {
+                                "type": "number",
+                                "description": "Numerical score representing the confidence in the source of the breach.",
+                                "title": "Confidence"
+                              },
+                              "id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This number correlates to source_id data point found in breach records.",
+                                "title": "Id"
+                              },
+                              "premium_flag": {
+                                "type": "string",
+                                "description": "premium flag.",
+                                "title": "Premium Flag"
+                              },
+                              "acquisition_date": {
+                                "type": "string",
+                                "description": "The date on which our security research team first acquired the breached data.",
+                                "title": "Acquisition Date"
+                              },
+                              "uuid": {
+                                "type": "string",
+                                "description": "UUID v4 encoded version of breach ID. This is relevant for users of Firehose, where each deliverable (records file) is named using the breach UUID.",
+                                "title": "UUID"
+                              },
+                              "type": {
+                                "type": "string",
+                                "description": "Denotes if a breach is considered public or private. A public breach is one that is easily found on the internet, while a private breach is often exclusive to SpyCloud.",
+                                "title": "Type"
+                              },
+                              "num_records": {
+                                "type": "number",
+                                "description": "Number of records we parsed and ingested from this particular breach. This is after parsing, normalization and deduplication take place.",
+                                "title": "Number of Records"
+                              },
+                              "assets": {
+                                "type": "object",
+                                "properties": {
+                                  "target_url": {
+                                    "type": "string",
+                                    "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
+                                    "title": "Target Url"
+                                  },
+                                  "av_softwares": {
+                                    "type": "number",
+                                    "description": "List of AV software found installed on the infected user's system.",
+                                    "title": "AV Softwares"
+                                  },
+                                  "infected_time": {
+                                    "type": "number",
+                                    "description": "The time at which the user's system was infected with malicious software.",
+                                    "title": "Infected Time"
+                                  },
+                                  "infected_machine_id": {
+                                    "type": "number",
+                                    "description": "The unique id of the infected user's system.",
+                                    "title": "Infected Machine Id"
+                                  },
+                                  "country_code": {
+                                    "type": "number",
+                                    "description": "Country code; derived from country.",
+                                    "title": "Country Code"
+                                  },
+                                  "ip_addresses": {
+                                    "type": "string",
+                                    "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                    "title": "IP Addresses"
+                                  },
+                                  "user_browser": {
+                                    "type": "string",
+                                    "description": "Browser name.",
+                                    "title": "User Browser"
+                                  },
+                                  "user_sys_registered_owner": {
+                                    "type": "string",
+                                    "description": "System registered owner name. This usually comes from Botnet data.",
+                                    "title": "User System Registered Owner"
+                                  },
+                                  "keyboard_languages": {
+                                    "type": "string",
+                                    "description": "The keyboard language found in the OS. This usually comes from Botnet data.",
+                                    "title": "Keyboard Languages"
+                                  },
+                                  "user_hostname": {
+                                    "type": "string",
+                                    "description": "System hostname. This usually comes from Botnet data.",
+                                    "title": "User Hostname"
+                                  },
+                                  "password": {
+                                    "type": "string",
+                                    "description": "Account password.",
+                                    "title": "Password"
+                                  },
+                                  "email": {
+                                    "type": "string",
+                                    "description": "Email address.",
+                                    "title": "Password"
+                                  },
+                                  "user_os": {
+                                    "type": "string",
+                                    "description": "System OS name. This usually comes from Botnet data.",
+                                    "title": "User OS"
+                                  },
+                                  "country": {
+                                    "type": "string",
+                                    "description": "Country name.",
+                                    "title": "Country"
+                                  },
+                                  "username": {
+                                    "type": "string",
+                                    "description": "Username.",
+                                    "title": "Username"
+                                  },
+                                  "infected_path": {
+                                    "type": "string",
+                                    "description": "The local path to the malicious software installed on the infected user's system.",
+                                    "title": "Infected Path"
+                                  }
+                                }
+                              }
+                            },
+                            "description": "Catalog Breach Results Object"
+                          }
+                        }
+                      },
+                      "description": "Catalog Breach Data Response"
+                    },
+                    "Breach_Data_By_Domain_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "cursor": {
+                          "type": "string",
+                          "description": "cursor",
+                          "title": "Cursor"
+                        },
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "source_id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source ID"
+                              },
+                              "email": {
+                                "type": "string",
+                                "description": "Email address.",
+                                "title": "Email Address."
+                              },
+                              "full_name": {
+                                "type": "string",
+                                "description": "Full name.",
+                                "title": "Full Name"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "email_domain": {
+                                "type": "string",
+                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
+                                "title": "Email Domain"
+                              },
+                              "email_username": {
+                                "type": "string",
+                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
+                                "title": "Email Username"
+                              },
+                              "severity": {
+                                "type": "number",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document ID"
+                              }
+                            }
+                          },
+                          "description": "Domain Breach Results Object"
+                        }
+                      },
+                      "description": "Domain Breach Data Response"
+                    },
+                    "Breach_Data_By_Email_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "cursor": {
+                          "type": "string",
+                          "description": "cursor",
+                          "title": "Cursor"
+                        },
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "email": {
+                                "type": "string",
+                                "description": "Email address.",
+                                "title": "Email Address."
+                              },
+                              "username": {
+                                "type": "string",
+                                "description": "User name.",
+                                "title": "Username"
+                              },
+                              "password": {
+                                "type": "string",
+                                "description": "Account password.",
+                                "title": "Password"
+                              },
+                              "password_plaintext": {
+                                "type": "string",
+                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
+                                "title": "Password Plaintext"
+                              },
+                              "password_type": {
+                                "type": "string",
+                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
+                                "title": "Password Type"
+                              },
+                              "target_url": {
+                                "type": "string",
+                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
+                                "title": "Target URL"
+                              },
+                              "user_browser": {
+                                "type": "string",
+                                "description": "Browser name.",
+                                "title": "User Browser"
+                              },
+                              "ip_addresses": {
+                                "type": "string",
+                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                "title": "IP Addressess"
+                              },
+                              "infected_machine_id": {
+                                "type": "string",
+                                "description": "The unique id of the infected user's system.",
+                                "title": "Infected Machine Id"
+                              },
+                              "infected_path": {
+                                "type": "string",
+                                "description": "The local path to the malicious software installed on the infected user's system.",
+                                "title": "Infected Path"
+                              },
+                              "infected_time": {
+                                "type": "string",
+                                "description": "The time at which the user's system was infected with malicious software.",
+                                "title": "Infected Time"
+                              },
+                              "user_sys_domain": {
+                                "type": "string",
+                                "description": "System domain. This usually comes from Botnet data.",
+                                "title": "User System Domain"
+                              },
+                              "user_hostname": {
+                                "type": "string",
+                                "description": "System hostname. This usually comes from Botnet data.",
+                                "title": "User Hostname"
+                              },
+                              "user_os": {
+                                "type": "string",
+                                "description": "System OS name. This usually comes from Botnet data.",
+                                "title": "User OS Name"
+                              },
+                              "user_sys_registered_owner": {
+                                "type": "string",
+                                "description": "System registered owner name. This usually comes from Botnet data.",
+                                "title": "System Registered Owner Name"
+                              },
+                              "source_id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source ID"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "email_domain": {
+                                "type": "string",
+                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
+                                "title": "Email Domain"
+                              },
+                              "email_username": {
+                                "type": "string",
+                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
+                                "title": "Email Username"
+                              },
+                              "domain": {
+                                "type": "string",
+                                "description": "Domain name.",
+                                "title": "Domain"
+                              },
+                              "target_domain": {
+                                "type": "string",
+                                "description": "SLD extracted from 'target_url' field.",
+                                "title": "Target Domain"
+                              },
+                              "target_subdomain": {
+                                "type": "string",
+                                "description": "Subdomain and SLD extracted from 'target_url' field.",
+                                "title": "Target Sub Domain"
+                              },
+                              "severity": {
+                                "type": "number",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document ID"
+                              }
+                            }
+                          },
+                          "description": "Email Breach Results Object"
+                        }
+                      },
+                      "description": "Email Breach Data Response"
+                    },
+                    "Breach_Data_By_IP_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "cursor": {
+                          "type": "string",
+                          "description": "cursor",
+                          "title": "Cursor"
+                        },
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "email": {
+                                "type": "string",
+                                "description": "Email address.",
+                                "title": "Email Address."
+                              },
+                              "username": {
+                                "type": "string",
+                                "description": "User name.",
+                                "title": "Username"
+                              },
+                              "password": {
+                                "type": "string",
+                                "description": "Account password.",
+                                "title": "Password"
+                              },
+                              "password_plaintext": {
+                                "type": "string",
+                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
+                                "title": "Password Plaintext"
+                              },
+                              "password_type": {
+                                "type": "string",
+                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
+                                "title": "Password Type"
+                              },
+                              "target_url": {
+                                "type": "string",
+                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
+                                "title": "Target URL"
+                              },
+                              "user_browser": {
+                                "type": "string",
+                                "description": "Browser name.",
+                                "title": "User Browser"
+                              },
+                              "ip_addresses": {
+                                "type": "string",
+                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                "title": "IP Addressess"
+                              },
+                              "infected_machine_id": {
+                                "type": "string",
+                                "description": "The unique id of the infected user's system.",
+                                "title": "Infected Machine Id"
+                              },
+                              "infected_path": {
+                                "type": "string",
+                                "description": "The local path to the malicious software installed on the infected user's system.",
+                                "title": "Infected Path"
+                              },
+                              "infected_time": {
+                                "type": "string",
+                                "description": "The time at which the user's system was infected with malicious software.",
+                                "title": "Infected Time"
+                              },
+                              "user_sys_domain": {
+                                "type": "string",
+                                "description": "System domain. This usually comes from Botnet data.",
+                                "title": "User System Domain"
+                              },
+                              "user_hostname": {
+                                "type": "string",
+                                "description": "System hostname. This usually comes from Botnet data.",
+                                "title": "User Hostname"
+                              },
+                              "user_os": {
+                                "type": "string",
+                                "description": "System OS name. This usually comes from Botnet data.",
+                                "title": "User OS Name"
+                              },
+                              "user_sys_registered_owner": {
+                                "type": "string",
+                                "description": "System registered owner name. This usually comes from Botnet data.",
+                                "title": "System Registered Owner Name"
+                              },
+                              "source_id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source ID"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "email_domain": {
+                                "type": "string",
+                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
+                                "title": "Email Domain"
+                              },
+                              "email_username": {
+                                "type": "string",
+                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
+                                "title": "Email Username"
+                              },
+                              "domain": {
+                                "type": "string",
+                                "description": "Domain name.",
+                                "title": "Domain"
+                              },
+                              "target_domain": {
+                                "type": "string",
+                                "description": "SLD extracted from 'target_url' field.",
+                                "title": "Target Domain"
+                              },
+                              "target_subdomain": {
+                                "type": "string",
+                                "description": "Subdomain and SLD extracted from 'target_url' field.",
+                                "title": "Target Sub Domain"
+                              },
+                              "severity": {
+                                "type": "number",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document ID"
+                              }
+                            }
+                          },
+                          "description": "IP Address Breach Results Object"
+                        }
+                      },
+                      "description": "IP Address Breach Data Response"
+                    },
+                    "Breach_Data_By_Password_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "cursor": {
+                          "type": "string",
+                          "description": "cursor",
+                          "title": "Cursor"
+                        },
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "source_id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source ID"
+                              },
+                              "email": {
+                                "type": "string",
+                                "description": "Email address.",
+                                "title": "Email Address."
+                              },
+                              "password": {
+                                "type": "string",
+                                "description": "Account password.",
+                                "title": "Password"
+                              },
+                              "password_type": {
+                                "type": "string",
+                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
+                                "title": "Password Type"
+                              },
+                              "full_name": {
+                                "type": "string",
+                                "description": "Full name.",
+                                "title": "Full Name"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "email_domain": {
+                                "type": "string",
+                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
+                                "title": "Email Domain"
+                              },
+                              "email_username": {
+                                "type": "string",
+                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
+                                "title": "Email Username"
+                              },
+                              "domain": {
+                                "type": "string",
+                                "description": "Domain name.",
+                                "title": "Domain"
+                              },
+                              "password_plaintext": {
+                                "type": "string",
+                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
+                                "title": "Password Plain Text"
+                              },
+                              "severity": {
+                                "type": "number",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document ID"
+                              }
+                            }
+                          },
+                          "description": "Password Breach Results Object"
+                        }
+                      },
+                      "description": "Password Breach Data Response"
+                    },
+                    "Breach_Data_By_Username_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "cursor": {
+                          "type": "string",
+                          "description": "cursor",
+                          "title": "Cursor"
+                        },
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "email": {
+                                "type": "string",
+                                "description": "Email address.",
+                                "title": "Email Address."
+                              },
+                              "username": {
+                                "type": "string",
+                                "description": "User name.",
+                                "title": "Username"
+                              },
+                              "password": {
+                                "type": "string",
+                                "description": "Account password.",
+                                "title": "Password"
+                              },
+                              "password_plaintext": {
+                                "type": "string",
+                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
+                                "title": "Password Plaintext"
+                              },
+                              "password_type": {
+                                "type": "string",
+                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
+                                "title": "Password Type"
+                              },
+                              "target_url": {
+                                "type": "string",
+                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
+                                "title": "Target URL"
+                              },
+                              "user_browser": {
+                                "type": "string",
+                                "description": "Browser name.",
+                                "title": "User Browser"
+                              },
+                              "ip_addresses": {
+                                "type": "string",
+                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                "title": "IP Addressess"
+                              },
+                              "infected_machine_id": {
+                                "type": "string",
+                                "description": "The unique id of the infected user's system.",
+                                "title": "Infected Machine Id"
+                              },
+                              "infected_path": {
+                                "type": "string",
+                                "description": "The local path to the malicious software installed on the infected user's system.",
+                                "title": "Infected Path"
+                              },
+                              "infected_time": {
+                                "type": "string",
+                                "description": "The time at which the user's system was infected with malicious software.",
+                                "title": "Infected Time"
+                              },
+                              "user_sys_domain": {
+                                "type": "string",
+                                "description": "System domain. This usually comes from Botnet data.",
+                                "title": "User System Domain"
+                              },
+                              "user_hostname": {
+                                "type": "string",
+                                "description": "System hostname. This usually comes from Botnet data.",
+                                "title": "User Hostname"
+                              },
+                              "user_os": {
+                                "type": "string",
+                                "description": "System OS name. This usually comes from Botnet data.",
+                                "title": "User OS Name"
+                              },
+                              "user_sys_registered_owner": {
+                                "type": "string",
+                                "description": "System registered owner name. This usually comes from Botnet data.",
+                                "title": "System Registered Owner Name"
+                              },
+                              "source_id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source ID"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "email_domain": {
+                                "type": "string",
+                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
+                                "title": "Email Domain"
+                              },
+                              "email_username": {
+                                "type": "string",
+                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
+                                "title": "Email Username"
+                              },
+                              "domain": {
+                                "type": "string",
+                                "description": "Domain name.",
+                                "title": "Domain"
+                              },
+                              "target_domain": {
+                                "type": "string",
+                                "description": "SLD extracted from 'target_url' field.",
+                                "title": "Target Domain"
+                              },
+                              "target_subdomain": {
+                                "type": "string",
+                                "description": "Subdomain and SLD extracted from 'target_url' field.",
+                                "title": "Target Sub Domain"
+                              },
+                              "severity": {
+                                "type": "number",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document ID"
+                              }
+                            }
+                          },
+                          "description": "Username Breach Results Object"
+                        }
+                      },
+                      "description": "Username Breach Data Response"
+                    },
+                    "Breach_Data_By_Watchlist_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "cursor": {
+                          "type": "string",
+                          "description": "cursor",
+                          "title": "Cursor"
+                        },
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "username": {
+                                "type": "string",
+                                "description": "User name.",
+                                "title": "Username"
+                              },
+                              "password": {
+                                "type": "string",
+                                "description": "Account password.",
+                                "title": "Password"
+                              },
+                              "password_plaintext": {
+                                "type": "string",
+                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
+                                "title": "Password Plaintext"
+                              },
+                              "password_type": {
+                                "type": "string",
+                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
+                                "title": "Password Type"
+                              },
+                              "target_url": {
+                                "type": "string",
+                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
+                                "title": "Target URL"
+                              },
+                              "user_browser": {
+                                "type": "string",
+                                "description": "Browser name.",
+                                "title": "User Browser"
+                              },
+                              "ip_addresses": {
+                                "type": "string",
+                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                "title": "IP Addressess"
+                              },
+                              "infected_machine_id": {
+                                "type": "string",
+                                "description": "The unique id of the infected user's system.",
+                                "title": "Infected Machine Id"
+                              },
+                              "infected_path": {
+                                "type": "string",
+                                "description": "The local path to the malicious software installed on the infected user's system.",
+                                "title": "Infected Path"
+                              },
+                              "infected_time": {
+                                "type": "string",
+                                "description": "The time at which the user's system was infected with malicious software.",
+                                "title": "Infected Time"
+                              },
+                              "user_sys_domain": {
+                                "type": "string",
+                                "description": "System domain. This usually comes from Botnet data.",
+                                "title": "User System Domain"
+                              },
+                              "user_hostname": {
+                                "type": "string",
+                                "description": "System hostname. This usually comes from Botnet data.",
+                                "title": "User Hostname"
+                              },
+                              "user_os": {
+                                "type": "string",
+                                "description": "System OS name. This usually comes from Botnet data.",
+                                "title": "User OS Name"
+                              },
+                              "user_sys_registered_owner": {
+                                "type": "string",
+                                "description": "System registered owner name. This usually comes from Botnet data.",
+                                "title": "System Registered Owner Name"
+                              },
+                              "source_id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source ID"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "target_domain": {
+                                "type": "string",
+                                "description": "SLD extracted from 'target_url' field.",
+                                "title": "Target Domain"
+                              },
+                              "target_subdomain": {
+                                "type": "string",
+                                "description": "Subdomain and SLD extracted from 'target_url' field.",
+                                "title": "Target Sub Domain"
+                              },
+                              "severity": {
+                                "type": "number",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document ID"
+                              }
+                            }
+                          },
+                          "description": "Watchlist Breach Results Object"
+                        }
+                      },
+                      "description": "Watchlist Breach Data Response"
+                    },
+                    "Compass_Devices_List_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "infected_device_id": {
+                                "type": "string",
+                                "description": "Infected Device Id.",
+                                "title": "Infected Device Id"
+                              },
+                              "user_hostname": {
+                                "type": "string",
+                                "description": "System hostname. This usually comes from Botnet data.",
+                                "title": "User Hostname"
+                              },
+                              "user_os": {
+                                "type": "string",
+                                "description": "System OS name. This usually comes from Botnet data.",
+                                "title": "User OS"
+                              },
+                              "ip_addresses": {
+                                "type": "string",
+                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                "title": "IP Addresses"
+                              },
+                              "source_id": {
+                                "type": "number",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source ID"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which we ingested the breached data into our systems. This is the same date on which the data becomes publicly available to our customers.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "infected_time": {
+                                "type": "string",
+                                "description": "The time at which the user's system was infected with malicious software.",
+                                "title": "Infected Time"
+                              },
+                              "application_count": {
+                                "type": "string",
+                                "description": "Application Count.",
+                                "title": "Application Count"
+                              }
+                            }
+                          },
+                          "description": "Compass Devices List Results Object"
+                        }
+                      },
+                      "description": "Compass Devices List Data Response"
+                    },
+                    "Compass_Devices_Data_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "cursor": {
+                          "type": "string",
+                          "description": "Token used for iterating through multiple pages of results.",
+                          "title": "Cursor"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "user_browser": {
+                                "type": "string",
+                                "description": "Browser Name.",
+                                "title": "User Browser"
+                              },
+                              "password": {
+                                "type": "string",
+                                "description": "Account password.",
+                                "title": "Password"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document Id"
+                              },
+                              "source_id": {
+                                "type": "string",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source Id"
+                              },
+                              "email": {
+                                "type": "string",
+                                "description": "Email address.",
+                                "title": "Email"
+                              },
+                              "ip_addresses": {
+                                "type": "string",
+                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                "title": "IP Addresses"
+                              },
+                              "country": {
+                                "type": "string",
+                                "description": "Country name.",
+                                "title": "Country"
+                              },
+                              "infected_machine_id": {
+                                "type": "string",
+                                "description": "The unique id of the infected user's system.",
+                                "title": "Infected Machine Id"
+                              },
+                              "infected_path": {
+                                "type": "string",
+                                "description": "The local path to the malicious software installed on the infected user's system.",
+                                "title": "Infected Path"
+                              },
+                              "user_os": {
+                                "type": "string",
+                                "description": "System OS name. This usually comes from Botnet data.",
+                                "title": "USer OS"
+                              },
+                              "user_hostname": {
+                                "type": "string",
+                                "description": "System hostname. This usually comes from Botnet data.",
+                                "title": "User Hostname"
+                              },
+                              "user_sys_registered_owner": {
+                                "type": "string",
+                                "description": "System registered owner name. This usually comes from Botnet data.",
+                                "title": "User System Registered Owner"
+                              },
+                              "keyboard_languages": {
+                                "type": "string",
+                                "description": "The keyboard language found in the OS. This usually comes from Botnet data.",
+                                "title": "Keyboard Languages"
+                              },
+                              "target_url": {
+                                "type": "string",
+                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
+                                "title": "Target URL"
+                              },
+                              "infected_time": {
+                                "type": "string",
+                                "description": "The time at which the user's system was infected with malicious software.",
+                                "title": "Infected Time"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "email_domain": {
+                                "type": "string",
+                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
+                                "title": "Email Domain"
+                              },
+                              "email_username": {
+                                "type": "string",
+                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
+                                "title": "Email Username"
+                              },
+                              "domain": {
+                                "type": "string",
+                                "description": "Domain name.",
+                                "title": "Domain"
+                              },
+                              "target_domain": {
+                                "type": "string",
+                                "description": "SLD extracted from 'target_url' field.",
+                                "title": "Target Domain"
+                              },
+                              "target_subdomain": {
+                                "type": "string",
+                                "description": "Subdomain and SLD extracted from 'target_url' field.",
+                                "title": "Target Subdomain"
+                              },
+                              "password_type": {
+                                "type": "string",
+                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
+                                "title": "PAssword Type"
+                              },
+                              "password_plaintext": {
+                                "type": "string",
+                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
+                                "title": "Password Plaintext"
+                              },
+                              "country_code": {
+                                "type": "string",
+                                "description": "Country code; derived from country.",
+                                "title": "Country Code"
+                              },
+                              "severity": {
+                                "type": "string",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              }
+                            }
+                          },
+                          "description": "Compass Devices Data Results Object"
+                        }
+                      },
+                      "description": "Compass Devices Data Response"
+                    },
+                    "Compass_Applications_Data_Schema": {
+                      "type": "object",
+                      "properties": {
+                        "hits": {
+                          "type": "number",
+                          "description": "hits",
+                          "title": "Hits"
+                        },
+                        "cursor": {
+                          "type": "string",
+                          "description": "Token used for iterating through multiple pages of results.",
+                          "title": "Cursor"
+                        },
+                        "results": {
+                          "type": "array",
+                          "items": {
+                            "type": "object",
+                            "properties": {
+                              "user_browser": {
+                                "type": "string",
+                                "description": "Browser Name.",
+                                "title": "User Browser"
+                              },
+                              "password": {
+                                "type": "string",
+                                "description": "Account password.",
+                                "title": "Password"
+                              },
+                              "document_id": {
+                                "type": "string",
+                                "description": "UUID v4 string which uniquely identifies this breach record in our data set.",
+                                "title": "Document Id"
+                              },
+                              "source_id": {
+                                "type": "string",
+                                "description": "Numerical breach ID. This correlates directly with the id field in Breach Catalog objects.",
+                                "title": "Source Id"
+                              },
+                              "email": {
+                                "type": "string",
+                                "description": "Email address.",
+                                "title": "Email"
+                              },
+                              "ip_addresses": {
+                                "type": "string",
+                                "description": "List of one or more IP addresses in alphanumeric format. Both IPV4 and IPv6 addresses are supported.",
+                                "title": "IP Addresses"
+                              },
+                              "country": {
+                                "type": "string",
+                                "description": "Country name.",
+                                "title": "Country"
+                              },
+                              "infected_machine_id": {
+                                "type": "string",
+                                "description": "The unique id of the infected user's system.",
+                                "title": "Infected Machine Id"
+                              },
+                              "infected_path": {
+                                "type": "string",
+                                "description": "The local path to the malicious software installed on the infected user's system.",
+                                "title": "Infected Path"
+                              },
+                              "user_os": {
+                                "type": "string",
+                                "description": "System OS name. This usually comes from Botnet data.",
+                                "title": "USer OS"
+                              },
+                              "user_hostname": {
+                                "type": "string",
+                                "description": "System hostname. This usually comes from Botnet data.",
+                                "title": "User Hostname"
+                              },
+                              "user_sys_registered_owner": {
+                                "type": "string",
+                                "description": "System registered owner name. This usually comes from Botnet data.",
+                                "title": "User System Registered Owner"
+                              },
+                              "keyboard_languages": {
+                                "type": "string",
+                                "description": "The keyboard language found in the OS. This usually comes from Botnet data.",
+                                "title": "Keyboard Languages"
+                              },
+                              "target_url": {
+                                "type": "string",
+                                "description": "URL extracted from Botnet data. This is the URL that is captured from a key logger installed on an infected user's system.",
+                                "title": "Target URL"
+                              },
+                              "infected_time": {
+                                "type": "string",
+                                "description": "The time at which the user's system was infected with malicious software.",
+                                "title": "Infected Time"
+                              },
+                              "spycloud_publish_date": {
+                                "type": "string",
+                                "description": "The date on which this record was ingested into our systems. In ISO 8601 datetime format. This correlates with spycloud_publish_date field in Breach Catalog objects.",
+                                "title": "Spycloud Publish Date"
+                              },
+                              "email_domain": {
+                                "type": "string",
+                                "description": "Domain extracted from 'email_address' field. This is not a SLD, but everything after the '@' symbol.",
+                                "title": "Email Domain"
+                              },
+                              "email_username": {
+                                "type": "string",
+                                "description": "Username extracted from 'email' field. This is everything before the '@' symbol.",
+                                "title": "Email Username"
+                              },
+                              "domain": {
+                                "type": "string",
+                                "description": "Domain name.",
+                                "title": "Domain"
+                              },
+                              "target_domain": {
+                                "type": "string",
+                                "description": "SLD extracted from 'target_url' field.",
+                                "title": "Target Domain"
+                              },
+                              "target_subdomain": {
+                                "type": "string",
+                                "description": "Subdomain and SLD extracted from 'target_url' field.",
+                                "title": "Target Subdomain"
+                              },
+                              "password_type": {
+                                "type": "string",
+                                "description": "Password type for original password as found in the data breach. This will either be plaintext or one of the many password hash/encryption types (SHA1, MD5, 3DES, etc).",
+                                "title": "PAssword Type"
+                              },
+                              "password_plaintext": {
+                                "type": "string",
+                                "description": "The cracked, plaintext version of the password (where the password is crackable).",
+                                "title": "Password Plaintext"
+                              },
+                              "country_code": {
+                                "type": "string",
+                                "description": "Country code; derived from country.",
+                                "title": "Country Code"
+                              },
+                              "severity": {
+                                "type": "string",
+                                "description": "Severity is a numeric code representing severity of a breach record. This can be used in API requests to ensure only Breach Records with plaintext password are returned.",
+                                "title": "Severity"
+                              }
+                            }
+                          },
+                          "description": "Compass Application Data Results Object"
+                        }
+                      },
+                      "description": "Compass Application Data Response"
+                    }
+                  },
+                  "parameters": {
+                    "Infected_Machine_Id": {
+                      "name": "infected_machine_id",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "One or more comma delimited Infected Machine ID to search for compass breach records.",
+                      "x-ms-summary": "Infected Machine Id"
+                    },
+                    "Target_Application": {
+                      "name": "target_application",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "One or more comma delimited Compass target application (subdomain or domain) to search for.",
+                      "x-ms-summary": "Target Application"
+                    },
+                    "ID": {
+                      "name": "id",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "Numerical ID of the breach. Both integer and UUIDv4 ID formats are supported. You may also use a comma delimiter to request more than one breach at a time.",
+                      "x-ms-summary": "ID"
+                    },
+                    "Domain": {
+                      "name": "domain",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "Domain or Subdomain name to search for.",
+                      "x-ms-summary": "Domain"
+                    },
+                    "Email": {
+                      "name": "email",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "Email address to search for.",
+                      "x-ms-summary": "Email Address"
+                    },
+                    "IP": {
+                      "name": "ip",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "IP address or network CIDR notation to search for. For CIDR notation, use an underscore instead of a slash.",
+                      "x-ms-summary": "IP Address"
+                    },
+                    "Password": {
+                      "name": "password",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "Password you wish to search for.",
+                      "x-ms-summary": "Password"
+                    },
+                    "Username": {
+                      "name": "username",
+                      "in": "path",
+                      "required": true,
+                      "type": "string",
+                      "description": "Username you wish to search for.",
+                      "x-ms-summary": "Username"
+                    },
+                    "Query": {
+                      "name": "query",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "Query value to search the breach catalog for.",
+                      "x-ms-summary": "Query"
+                    },
+                    "Type": {
+                      "name": "type",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter lets you filter results by several types. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records, email_domain to just match against email domains, and target_domain to just match against target domains or subdomains. If no value has been provided the API function will, by default, return all record types.",
+                      "x-ms-summary": "Type",
+                      "enum": [
+                        "corporate",
+                        "infected",
+                        "email_domain",
+                        "target_domain"
+                      ]
+                    },
+                    "Compass_Type": {
+                      "name": "type",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter will return records that are verified or unverified, meaning those that matched the watchlist or not. By default if type is not used, both types will be returned.",
+                      "x-ms-summary": "Type",
+                      "enum": [
+                        "verified",
+                        "unverified"
+                      ]
+                    },
+                    "Watchlist_Type": {
+                      "name": "watchlist_type",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameters lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'subdomain', 'ip']. If no value has been provided, the API will return all watchlist types.",
+                      "x-ms-summary": "Watchlist Type",
+                      "enum": [
+                        "email",
+                        "domain",
+                        "subdomain",
+                        "ip"
+                      ]
+                    },
+                    "Cursor": {
+                      "name": "cursor",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "Token used for iterating through multiple pages of results.",
+                      "x-ms-summary": "Cursor"
+                    },
+                    "Since": {
+                      "name": "since",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter allows you to define the starting point for a date range query on the spycloud_publish_date field.",
+                      "x-ms-summary": "Since(YYYY-MM-DD)"
+                    },
+                    "Until": {
+                      "name": "until",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter allows you to define the ending point for a date range query on the spycloud_publish_date field.",
+                      "x-ms-summary": "Until(YYYY-MM-DD)"
+                    },
+                    "Since_Modification_Date": {
+                      "name": "since_modification_date",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter allows you to define the starting point for a date range query on the when an already published record was modified (record_modification_date).",
+                      "x-ms-summary": "Since Modification Date(YYYY-MM-DD)"
+                    },
+                    "Until_Modification_Date": {
+                      "name": "until_modification_date",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter allows you to define the ending point for a date range query on the when an already published record was modified (record_modification_date).",
+                      "x-ms-summary": "Until Modification Date(YYYY-MM-DD)"
+                    },
+                    "Severity": {
+                      "name": "severity",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter allows you to filter based on the numeric severity code.",
+                      "x-ms-summary": "Severity"
+                    },
+                    "Source_Id": {
+                      "name": "source_id",
+                      "in": "query",
+                      "required": false,
+                      "type": "number",
+                      "description": "This parameter allows you to filter based on a particular breach source.",
+                      "x-ms-summary": "Source Id"
+                    },
+                    "Salt": {
+                      "name": "salt",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used.",
+                      "x-ms-summary": "Salt"
+                    },
+                    "Since_Infected": {
+                      "name": "since_infected",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter allows you to define the starting point for a date range query on the infected_time..",
+                      "x-ms-summary": "Since Infected(YYYY-MM-DD)"
+                    },
+                    "Until_Infected": {
+                      "name": "until_infected",
+                      "in": "query",
+                      "required": false,
+                      "type": "string",
+                      "description": "This parameter allows you to define the ending point for a date range query on the infected_time field.",
+                      "x-ms-summary": "Until Infected(YYYY-MM-DD)"
+                    }
+                  },
+                  "securityDefinitions": {
+                    "API Key": {
+                      "type": "apiKey",
+                      "in": "header",
+                      "name": "X-API-Key"
+                    }
+                  },
+                  "security": [
+                    {
+                      "API Key": "[variables('TemplateEmptyArray')]"
+                    }
+                  ],
+                  "tags": "[variables('TemplateEmptyArray')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[[concat(variables('workspace-name'),'/Microsoft.SecurityInsights/',concat('LogicAppsCustomConnector-', last(split(variables('playbookId1'),'/'))))]",
+              "properties": {
+                "parentId": "[[variables('playbookId1')]",
+                "contentId": "[variables('_playbookContentId1')]",
+                "kind": "LogicAppsCustomConnector",
+                "version": "[variables('playbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "comments": "SpyCloud Enterprise Protection Custom Connector",
+            "lastUpdateTime": "2023-09-12T17:32:15.907Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId1')]",
+        "contentKind": "LogicAppsCustomConnector",
+        "displayName": "Custom Connector",
+        "contentProductId": "[variables('_playbookcontentProductId1')]",
+        "id": "[variables('_playbookcontentProductId1')]",
+        "version": "[variables('playbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Breach-Playbook Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion2')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Breach-Playbook",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            }
+          },
+          "variables": {
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident_2": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Account_Name": {
+                      "runAfter": {
+                        "Incident_Email_Account": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "account_name",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Astriek_Variable": {
+                      "runAfter": {
+                        "UPN_Suffix_": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "astriek",
+                            "type": "string",
+                            "value": "@"
+                          }
+                        ]
+                      }
+                    },
+                    "Check_if_the_incident_is_created_by_SpyCloud_Breach": {
+                      "actions": {
+                        "Entities_-_Get_Accounts": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/entities/account"
+                          }
+                        },
+                        "For_each_account": {
+                          "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
+                          "actions": {
+                            "Set__upn_suffix": {
+                              "runAfter": {
+                                "Set_account_name": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "upn_suffix",
+                                "value": "@items('For_each_account')?['UPNSuffix']"
+                              }
+                            },
+                            "Set_account_name": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "account_name",
+                                "value": "@items('For_each_account')?['Name']"
+                              }
+                            },
+                            "set_email_address": {
+                              "runAfter": {
+                                "Set__upn_suffix": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "incident_email_address",
+                                "value": "@{concat(variables('account_name'),concat(variables('astriek'),variables('upn_suffix')))}"
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "Entities_-_Get_Accounts": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "Foreach"
+                        },
+                        "For_each_incident_alert": {
+                          "foreach": "@triggerBody()?['object']?['properties']?['Alerts']",
+                          "actions": {
+                            "Add_comment_to_incident_(V3)": {
+                              "runAfter": {
+                                "Check_if_the_exposed_password_is_in_use_on_the_network": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p><strong>Breach Playbook successful</strong></p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              }
+                            },
+                            "Check_if_password_exists_in_the_incident": {
+                              "actions": {
+                                "Set_Incident_Password": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "incident_password",
+                                    "value": "@{variables('incident_custom_details_object')?['Password']}"
+                                  }
+                                },
+                                "Set_variable": {
+                                  "runAfter": {
+                                    "Set_Incident_Password": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "incident_plain_text_password",
+                                    "value": "@{replace(replace(variables('incident_password'),'[\"',''),'\"]','')}"
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Set_custom_details_object": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "not": {
+                                      "equals": [
+                                        "@variables('incident_custom_details_object')?['Password']",
+                                        "@null"
+                                      ]
+                                    }
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Check_if_pwd_length_is_greater_than_required_length_by_organization": {
+                              "runAfter": {
+                                "Check_if_password_exists_in_the_incident": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "equals": [
+                                      "",
+                                      ""
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Check_if_the_exposed_password_is_in_use_on_the_network": {
+                              "runAfter": {
+                                "Check_if_the_user_is_currently_an_active_employee": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "equals": [
+                                      "",
+                                      ""
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Check_if_the_user_is_currently_an_active_employee": {
+                              "runAfter": {
+                                "Check_if_pwd_length_is_greater_than_required_length_by_organization": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "equals": [
+                                      "",
+                                      ""
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Set_custom_details_object": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "incident_custom_details_object",
+                                "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])"
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "For_each_account": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "Foreach"
+                        }
+                      },
+                      "runAfter": {
+                        "Incident_Custom_Details_Object": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "equals": [
+                              "@triggerBody()?['object']?['properties']?['title']",
+                              "@variables('incident_name')"
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "IP_address": {
+                      "runAfter": {
+                        "Outputs_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Custom_Details_Object": {
+                      "runAfter": {
+                        "IP_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_custom_details_object",
+                            "type": "object"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Email_Account": {
+                      "runAfter": {
+                        "Incident_Plain_Text_Password": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_email_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Name": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_name",
+                            "type": "string",
+                            "value": "SpyCloud Enterprise Breach Detection"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Password": {
+                      "runAfter": {
+                        "Incident_Name": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_password",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Plain_Text_Password": {
+                      "runAfter": {
+                        "Incident_Password": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_plain_text_password",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Outputs_Variable": {
+                      "runAfter": {
+                        "Astriek_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "password_enrich_data",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "UPN_Suffix_": {
+                      "runAfter": {
+                        "Account_Name": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "upn_suffix",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId2')]",
+                "contentId": "[variables('_playbookContentId2')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "SpyCloud BReach Information - SpyCloud Enterprise",
+            "description": "This Playbook will be triggered when an spycloud breach incident is created.",
+            "prerequisites": "SpyCloud Enterprise API Key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "entities": [
+              "ACCOUNT"
+            ],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId2')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Breach-Playbook",
+        "contentProductId": "[variables('_playbookcontentProductId2')]",
+        "id": "[variables('_playbookcontentProductId2')]",
+        "version": "[variables('playbookVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Get-Domain-Breach-Data-Playbook Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion3')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Get-Domain-Breach-Data-Playbook",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            },
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom connector name"
+              }
+            }
+          },
+          "variables": {
+            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident_2": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Entities_-_Get_DNS": {
+                      "runAfter": {
+                        "IP_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/dnsresolution"
+                      }
+                    },
+                    "For_Each_Incident_DNS_Domain": {
+                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
+                      "actions": {
+                        "Check_if_records_exists": {
+                          "actions": {
+                            "Add_comment_to_incident_(V3)": {
+                              "runAfter": {
+                                "Check_number_of_Records": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Domain </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_DNS_Domain')?['DomainName']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              }
+                            },
+                            "Check_number_of_Records": {
+                              "actions": {
+                                "set_more_records_display_text": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "more_records_display_text",
+                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Create_HTML_table": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "greater": [
+                                      "@variables('total_records')",
+                                      "@variables('min_records')"
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Create_HTML_table": {
+                              "runAfter": {
+                                "For_each_response": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Table",
+                              "inputs": {
+                                "format": "HTML",
+                                "from": "@variables('domain_breach_data_array')"
+                              }
+                            },
+                            "For_each_response": {
+                              "foreach": "@take(body('Get_Breach_Data_by_Domain_Search')?['results'],variables('min_records'))",
+                              "actions": {
+                                "Append_to_array_variable": {
+                                  "runAfter": {
+                                    "Compose": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "Domain_Breach_Data_Array",
+                                    "value": "@outputs('Compose')"
+                                  }
+                                },
+                                "Compose": {
+                                  "runAfter": {
+                                    "Condition": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "Compose",
+                                  "inputs": {
+                                    "Document Id": "@items('For_each_response')?['document_id']",
+                                    "Domain": "@items('For_each_response')?['domain']",
+                                    "Email": "@items('For_each_response')?['email']",
+                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
+                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
+                                    "Infected Path": "@items('For_each_response')?['infected_path']",
+                                    "Infected Time": "@items('For_each_response')?['infected_time']",
+                                    "Password": "@items('For_each_response')?['password']",
+                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
+                                    "Severity": "@items('For_each_response')?['severity']",
+                                    "Source Id": "@items('For_each_response')?['source_id']",
+                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
+                                    "Target Domain": "@items('For_each_response')?['target_domain']",
+                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
+                                    "Target Url": "@items('For_each_response')?['target_url']",
+                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
+                                    "User OS": "@items('For_each_response')?['user_os']",
+                                    "Username": "@items('For_each_response')?['username']"
+                                  }
+                                },
+                                "Condition": {
+                                  "actions": {
+                                    "For_each_ip": {
+                                      "foreach": "@items('For_each_response')?['ip_addresses']",
+                                      "actions": {
+                                        "Append_to_string_variable": {
+                                          "type": "AppendToStringVariable",
+                                          "inputs": {
+                                            "name": "ip_address",
+                                            "value": "@{items('For_each_ip')},"
+                                          }
+                                        }
+                                      },
+                                      "type": "Foreach"
+                                    }
+                                  },
+                                  "runAfter": {
+                                    "Set_variable": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "not": {
+                                          "equals": [
+                                            "@items('For_each_response')?['ip_addresses']",
+                                            "@null"
+                                          ]
+                                        }
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                },
+                                "Set_variable": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "ip_address",
+                                    "value": " "
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Set_more_records_to_empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Foreach"
+                            },
+                            "Set_array_to_Empty": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "Domain_Breach_Data_Array",
+                                "value": "[variables('TemplateEmptyArray')]"
+                              }
+                            },
+                            "Set_more_records_to_empty": {
+                              "runAfter": {
+                                "Set_array_to_Empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "more_records_display_text",
+                                "value": " "
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "set_total_records": [
+                              "Succeeded"
+                            ]
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "type": "ApiConnection",
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Domain </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_DNS_Domain')?['DomainName']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                }
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "greater": [
+                                  "@variables('total_records')",
+                                  0
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Get_Breach_Data_by_Domain_Search": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/breach/data/domains/@{encodeURIComponent(items('For_Each_Incident_DNS_Domain')?['DomainName'])}"
+                          }
+                        },
+                        "set_total_records": {
+                          "runAfter": {
+                            "Get_Breach_Data_by_Domain_Search": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "total_records",
+                            "value": "@body('Get_Breach_Data_by_Domain_Search')?['hits']"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Entities_-_Get_DNS": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach",
+                      "runtimeConfiguration": {
+                        "concurrency": {
+                          "repetitions": 1
+                        }
+                      }
+                    },
+                    "IP_address": {
+                      "runAfter": {
+                        "Outputs_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Outputs_Variable": {
+                      "runAfter": {
+                        "more_records_desplay_text": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "domain_breach_data_array",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "minimum_records": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "min_records",
+                            "type": "integer",
+                            "value": 15
+                          }
+                        ]
+                      }
+                    },
+                    "more_records_desplay_text": {
+                      "runAfter": {
+                        "total_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "more_records_display_text",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "total_records": {
+                      "runAfter": {
+                        "minimum_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "total_records",
+                            "type": "integer"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "SpyCloud-Enterprise-Connector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId3')]",
+                "contentId": "[variables('_playbookContentId3')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_Custom Connector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Domain Breach Data - SpyCloud Enterprise",
+            "description": "The SpyCloud Enterprise API is able to provide breach data for a domain or set of domains associated with an incident.",
+            "prerequisites": "https://www.spycloud.com/integrations to request a trial key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "entities": [
+              "dnsresolution"
+            ],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId3')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Get-Domain-Breach-Data-Playbook",
+        "contentProductId": "[variables('_playbookcontentProductId3')]",
+        "id": "[variables('_playbookcontentProductId3')]",
+        "version": "[variables('playbookVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName4')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Get-Email-Breach-Data-Playbook Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion4')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Get-Email-Breach-Data-Playbook",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            },
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom connector name"
+              }
+            }
+          },
+          "variables": {
+            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident_2": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Asterisk_Variable": {
+                      "runAfter": {
+                        "Email_Address_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "asterisk",
+                            "type": "string",
+                            "value": "@"
+                          }
+                        ]
+                      }
+                    },
+                    "Email_Address_Variable": {
+                      "runAfter": {
+                        "more_records_desplay_text": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "email_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Entities_-_Get_Accounts": {
+                      "runAfter": {
+                        "ip_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/account"
+                      }
+                    },
+                    "For_Each_Incident_Emails": {
+                      "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
+                      "actions": {
+                        "Check_if_records_exists": {
+                          "actions": {
+                            "Add_comment_to_incident_(V3)": {
+                              "runAfter": {
+                                "Check_number_of_Records": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Email </strong></span><span style=\"font-size: 14px\"><strong>@{variables('email_address')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              }
+                            },
+                            "Check_number_of_Records": {
+                              "actions": {
+                                "set_more_records_display_text": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "more_records_display_text",
+                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit: https://portal.spycloud.com/"
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Create_HTML_table": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "greater": [
+                                      "@variables('total_records')",
+                                      "@variables('min_records')"
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Create_HTML_table": {
+                              "runAfter": {
+                                "For_each_response": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Table",
+                              "inputs": {
+                                "format": "HTML",
+                                "from": "@variables('email_breach_data_array')"
+                              }
+                            },
+                            "For_each_response": {
+                              "foreach": "@take(body('Get_Breach_Data_by_Email_Search')?['results'],variables('min_records'))",
+                              "actions": {
+                                "Append_to_array_variable": {
+                                  "runAfter": {
+                                    "Compose": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "email_breach_data_array",
+                                    "value": "@outputs('Compose')"
+                                  }
+                                },
+                                "Compose": {
+                                  "runAfter": {
+                                    "Condition": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "Compose",
+                                  "inputs": {
+                                    "Document Id": "@items('For_each_response')?['document_id']",
+                                    "Domain": "@items('For_each_response')?['domain']",
+                                    "Email": "@items('For_each_response')?['email']",
+                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
+                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
+                                    "Infected Path": "@items('For_each_response')?['infected_path']",
+                                    "Infected Time": "@items('For_each_response')?['infected_time']",
+                                    "Password": "@items('For_each_response')?['password']",
+                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
+                                    "Severity": "@items('For_each_response')?['severity']",
+                                    "Source Id": "@items('For_each_response')?['source_id']",
+                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
+                                    "Target Domain": "@items('For_each_response')?['target_domain']",
+                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
+                                    "Target Url": "@items('For_each_response')?['target_url']",
+                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
+                                    "User OS": "@items('For_each_response')?['user_os']",
+                                    "Username": "@items('For_each_response')?['username']"
+                                  }
+                                },
+                                "Condition": {
+                                  "actions": {
+                                    "For_each_ip": {
+                                      "foreach": "@items('For_each_response')?['ip_addresses']",
+                                      "actions": {
+                                        "Append_to_string_variable": {
+                                          "type": "AppendToStringVariable",
+                                          "inputs": {
+                                            "name": "ip_address",
+                                            "value": "@{items('For_each_ip')},"
+                                          }
+                                        }
+                                      },
+                                      "type": "Foreach"
+                                    }
+                                  },
+                                  "runAfter": {
+                                    "Set_variable": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "not": {
+                                          "equals": [
+                                            "@items('For_each_response')?['ip_addresses']",
+                                            "@null"
+                                          ]
+                                        }
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                },
+                                "Set_variable": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "ip_address",
+                                    "value": " "
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Set_more_records_to_empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Foreach"
+                            },
+                            "Set_array_to_empty": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "email_breach_data_array",
+                                "value": "[variables('TemplateEmptyArray')]"
+                              }
+                            },
+                            "Set_more_records_to_empty": {
+                              "runAfter": {
+                                "Set_array_to_empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "more_records_display_text",
+                                "value": " "
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "set_total_records": [
+                              "Succeeded"
+                            ]
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "type": "ApiConnection",
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for Email </strong></span><span style=\"font-size: 14px\"><strong>@{variables('email_address')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                }
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "greater": [
+                                  "@variables('total_records')",
+                                  0
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Get_Breach_Data_by_Email_Search": {
+                          "runAfter": {
+                            "Set_Email_Address": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/breach/data/emails/@{encodeURIComponent(variables('email_address'))}"
+                          }
+                        },
+                        "Set_Email_Address": {
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "email_address",
+                            "value": "@{items('For_Each_Incident_Emails')?['Name']}@{variables('asterisk')}@{items('For_Each_Incident_Emails')?['UPNSuffix']}"
+                          }
+                        },
+                        "set_total_records": {
+                          "runAfter": {
+                            "Get_Breach_Data_by_Email_Search": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "total_records",
+                            "value": "@body('Get_Breach_Data_by_Email_Search')?['hits']"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Entities_-_Get_Accounts": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach",
+                      "runtimeConfiguration": {
+                        "concurrency": {
+                          "repetitions": 1
+                        }
+                      }
+                    },
+                    "Outputs_Variable": {
+                      "runAfter": {
+                        "Asterisk_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "email_breach_data_array",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "ip_address": {
+                      "runAfter": {
+                        "Outputs_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "minimum_records": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "min_records",
+                            "type": "integer",
+                            "value": 15
+                          }
+                        ]
+                      }
+                    },
+                    "more_records_desplay_text": {
+                      "runAfter": {
+                        "total_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "more_records_display_text",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "total_records": {
+                      "runAfter": {
+                        "minimum_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "total_records",
+                            "type": "integer"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "SpyCloud-Enterprise-Connector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId4')]",
+                "contentId": "[variables('_playbookContentId4')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion4')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_Custom Connector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Email Address Breach Data - SpyCloud Enterprise",
+            "description": "The SpyCloud Enterprise API is able to provide breach data for a Email address or set of Email addresses associated with an incident.",
+            "prerequisites": "SpyCloud Enterprise API Key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "entities": [
+              "ACCOUNT"
+            ],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId4')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Get-Email-Breach-Data-Playbook",
+        "contentProductId": "[variables('_playbookcontentProductId4')]",
+        "id": "[variables('_playbookcontentProductId4')]",
+        "version": "[variables('playbookVersion4')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName5')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Get-IP-Breach-Data-Playbook Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion5')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Get-IP-Breach-Data-Playbook",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            },
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom connector name"
+              }
+            }
+          },
+          "variables": {
+            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident_2": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Entities_-_Get_IPs": {
+                      "runAfter": {
+                        "ip_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/ip"
+                      }
+                    },
+                    "For_Each_Incident_IPS": {
+                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
+                      "actions": {
+                        "Check_if_records_exists": {
+                          "actions": {
+                            "Add_comment_to_incident_(V3)": {
+                              "runAfter": {
+                                "Check_number_of_Records": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for IP </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_IPS')?['Address']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              }
+                            },
+                            "Check_number_of_Records": {
+                              "actions": {
+                                "set_more_records_display_text": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "more_records_display_text",
+                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Create_HTML_table": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "greater": [
+                                      "@variables('total_records')",
+                                      "@variables('min_records')"
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Create_HTML_table": {
+                              "runAfter": {
+                                "For_each_response": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Table",
+                              "inputs": {
+                                "format": "HTML",
+                                "from": "@variables('ip_breach_data_array')"
+                              }
+                            },
+                            "For_each_response": {
+                              "foreach": "@take(body('Get_Breach_Data_by_IP_Address')?['results'],variables('min_records'))",
+                              "actions": {
+                                "Append_to_array_variable": {
+                                  "runAfter": {
+                                    "Compose": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "IP_Breach_Data_Array",
+                                    "value": "@outputs('Compose')"
+                                  }
+                                },
+                                "Compose": {
+                                  "runAfter": {
+                                    "Condition": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "Compose",
+                                  "inputs": {
+                                    "Document Id": "@items('For_each_response')?['document_id']",
+                                    "Domain": "@items('For_each_response')?['domain']",
+                                    "Email": "@items('For_each_response')?['email']",
+                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
+                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
+                                    "Infected Path": "@items('For_each_response')?['infected_path']",
+                                    "Infected Time": "@items('For_each_response')?['infected_time']",
+                                    "Password": "@items('For_each_response')?['password']",
+                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
+                                    "Severity": "@items('For_each_response')?['severity']",
+                                    "Source Id": "@items('For_each_response')?['source_id']",
+                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
+                                    "Target Domain": "@items('For_each_response')?['target_domain']",
+                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
+                                    "Target Url": "@items('For_each_response')?['target_url']",
+                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
+                                    "User OS": "@items('For_each_response')?['user_os']",
+                                    "Username": "@items('For_each_response')?['username']"
+                                  }
+                                },
+                                "Condition": {
+                                  "actions": {
+                                    "For_each_ip": {
+                                      "foreach": "@items('For_each_response')?['ip_addresses']",
+                                      "actions": {
+                                        "Append_to_string_variable": {
+                                          "type": "AppendToStringVariable",
+                                          "inputs": {
+                                            "name": "ip_address",
+                                            "value": "@{items('For_each_ip')},"
+                                          }
+                                        }
+                                      },
+                                      "type": "Foreach"
+                                    }
+                                  },
+                                  "runAfter": {
+                                    "Set_variable": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "not": {
+                                          "equals": [
+                                            "@items('For_each_response')?['ip_addresses']",
+                                            "@null"
+                                          ]
+                                        }
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                },
+                                "Set_variable": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "ip_address",
+                                    "value": " "
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Set_more_records_to_empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Foreach"
+                            },
+                            "Set_array_to_Empty": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "ip_breach_data_array",
+                                "value": "[variables('TemplateEmptyArray')]"
+                              }
+                            },
+                            "Set_more_records_to_empty": {
+                              "runAfter": {
+                                "Set_array_to_Empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "more_records_display_text",
+                                "value": " "
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "set_total_records": [
+                              "Succeeded"
+                            ]
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "type": "ApiConnection",
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for IP </strong></span><span style=\"font-size: 14px\"><strong>@{items('For_Each_Incident_IPS')?['Address']}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                }
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "greater": [
+                                  "@variables('total_records')",
+                                  0
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Get_Breach_Data_by_IP_Address": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/breach/data/ips/@{encodeURIComponent(items('For_Each_Incident_IPS')?['Address'])}"
+                          }
+                        },
+                        "set_total_records": {
+                          "runAfter": {
+                            "Get_Breach_Data_by_IP_Address": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "total_records",
+                            "value": "@body('Get_Breach_Data_by_IP_Address')?['hits']"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Entities_-_Get_IPs": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach",
+                      "runtimeConfiguration": {
+                        "concurrency": {
+                          "repetitions": 1
+                        }
+                      }
+                    },
+                    "Outputs_Variable": {
+                      "runAfter": {
+                        "more_records_desplay_text": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_breach_data_array",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "ip_address": {
+                      "runAfter": {
+                        "Outputs_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "minimum_records": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "min_records",
+                            "type": "integer",
+                            "value": 15
+                          }
+                        ]
+                      }
+                    },
+                    "more_records_desplay_text": {
+                      "runAfter": {
+                        "total_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "more_records_display_text",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "total_records": {
+                      "runAfter": {
+                        "minimum_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "total_records",
+                            "type": "integer"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "SpyCloud-Enterprise-Connector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId5')]",
+                "contentId": "[variables('_playbookContentId5')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion5')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_Custom Connector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "IP Address Breach Data - SpyCloud Enterprise",
+            "description": "The SpyCloud Enterprise API is able to provide breach data for a IP address or set of IP addresses associated with an incident.",
+            "prerequisites": "SpyCloud Enterprise API Key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "entities": [
+              "IP"
+            ],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId5')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Get-IP-Breach-Data-Playbook",
+        "contentProductId": "[variables('_playbookcontentProductId5')]",
+        "id": "[variables('_playbookcontentProductId5')]",
+        "version": "[variables('playbookVersion5')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName6')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Get-Password-Breach-Data-Playbook Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion6')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Get-Password-Breach-Data-Playbook",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            },
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom connector name"
+              }
+            }
+          },
+          "variables": {
+            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
+            "_connection-1": "[[variables('connection-1')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "manual": {
+                      "type": "Request",
+                      "kind": "Http",
+                      "inputs": {
+                        "method": "GET"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Check_if_records_exists": {
+                      "actions": {
+                        "Create_HTML_table": {
+                          "runAfter": {
+                            "For_each_response": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "Table",
+                          "inputs": {
+                            "format": "HTML",
+                            "from": "@variables('password_breach_data_array')"
+                          }
+                        },
+                        "For_each_response": {
+                          "foreach": "@body('Get_Breach_Data_by_Password_Search')?['results']",
+                          "actions": {
+                            "Append_to_array_variable": {
+                              "runAfter": {
+                                "Compose": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "AppendToArrayVariable",
+                              "inputs": {
+                                "name": "password_breach_data_array",
+                                "value": "@outputs('Compose')"
+                              }
+                            },
+                            "Check_if_ip_address_exists": {
+                              "actions": {
+                                "For_each_ip": {
+                                  "foreach": "@items('For_each_response')?['ip_addresses']",
+                                  "actions": {
+                                    "Append_to_ip_address_variable": {
+                                      "type": "AppendToStringVariable",
+                                      "inputs": {
+                                        "name": "ip_address",
+                                        "value": "@{items('For_each_ip')},"
+                                      }
+                                    }
+                                  },
+                                  "type": "Foreach"
+                                }
+                              },
+                              "runAfter": {
+                                "Set_ip_address_to_empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "not": {
+                                      "equals": [
+                                        "@items('For_each_response')?['ip_addresses']",
+                                        "@null"
+                                      ]
+                                    }
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Compose": {
+                              "runAfter": {
+                                "Check_if_ip_address_exists": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Compose",
+                              "inputs": {
+                                "Document Id": "@items('For_each_response')?['document_id']",
+                                "Domain": "@items('For_each_response')?['domain']",
+                                "Email": "@items('For_each_response')?['email']",
+                                "IP Addresses": "@substring(variables('ip_address'), 0, sub(length(variables('ip_address')), 1))",
+                                "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
+                                "Infected Path": "@items('For_each_response')?['infected_path']",
+                                "Infected Time": "@items('For_each_response')?['infected_time']",
+                                "Password": "@items('For_each_response')?['password']",
+                                "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
+                                "Severity": "@items('For_each_response')?['severity']",
+                                "Source Id": "@items('For_each_response')?['source_id']",
+                                "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
+                                "Target Domain": "@items('For_each_response')?['target_domain']",
+                                "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
+                                "Target Url": "@items('For_each_response')?['target_url']",
+                                "User Hostname": "@items('For_each_response')?['user_hostname']",
+                                "User OS": "@items('For_each_response')?['user_os']",
+                                "Username": "@items('For_each_response')?['username']"
+                              }
+                            },
+                            "Set_ip_address_to_empty": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "ip_address",
+                                "value": " "
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "Set_array_to_Empty": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "Foreach"
+                        },
+                        "Set_array_to_Empty": {
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "password_breach_data_array",
+                            "value": "[variables('TemplateEmptyArray')]"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "set_total_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "greater": [
+                              "@variables('total_records')",
+                              0
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "Get_Breach_Data_by_Password_Search": {
+                      "runAfter": {
+                        "Provide_Password_to_search": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/breach/data/passwords/@{encodeURIComponent(variables('password_to_search'))}"
+                      }
+                    },
+                    "Outputs_Variable": {
+                      "runAfter": {
+                        "more_records_desplay_text": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "password_breach_data_array",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "Provide_Password_to_search": {
+                      "runAfter": {
+                        "ip_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "password_to_search",
+                            "type": "string",
+                            "value": "welcome@123"
+                          }
+                        ]
+                      }
+                    },
+                    "ip_address": {
+                      "runAfter": {
+                        "Outputs_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "minimum_records": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "min_records",
+                            "type": "integer",
+                            "value": 15
+                          }
+                        ]
+                      }
+                    },
+                    "more_records_desplay_text": {
+                      "runAfter": {
+                        "total_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "more_records_display_text",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "set_total_records": {
+                      "runAfter": {
+                        "Get_Breach_Data_by_Password_Search": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "total_records",
+                        "value": "@body('Get_Breach_Data_by_Password_Search')?['hits']"
+                      }
+                    },
+                    "total_records": {
+                      "runAfter": {
+                        "minimum_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "total_records",
+                            "type": "integer"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "SpyCloud-Enterprise-Connector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId6')]",
+                "contentId": "[variables('_playbookContentId6')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion6')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_Custom Connector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Password Breach Data - SpyCloud Enterprise",
+            "description": "The SpyCloud Enterprise API is able to provide breach data for a provided password.",
+            "prerequisites": "SpyCloud Enterprise API Key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId6')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Get-Password-Breach-Data-Playbook",
+        "contentProductId": "[variables('_playbookcontentProductId6')]",
+        "id": "[variables('_playbookcontentProductId6')]",
+        "version": "[variables('playbookVersion6')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName7')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Get-Username-Breach-Data-Playbook Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion7')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Get-Username-Breach-Data-Playbook",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            },
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom connector name"
+              }
+            }
+          },
+          "variables": {
+            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident_2": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Entities_-_Get_Accounts": {
+                      "runAfter": {
+                        "ip_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/account"
+                      }
+                    },
+                    "For_Each_Incident_Emails": {
+                      "foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
+                      "actions": {
+                        "Check_if_records_exists": {
+                          "actions": {
+                            "Add_comment_to_incident_(V3)": {
+                              "runAfter": {
+                                "Check_number_of_Records": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for username </strong></span><span style=\"font-size: 14px\"><strong>@{variables('username')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span>@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              }
+                            },
+                            "Check_number_of_Records": {
+                              "actions": {
+                                "set_more_records_display_text": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "more_records_display_text",
+                                    "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Create_HTML_table": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "greater": [
+                                      "@variables('total_records')",
+                                      "@variables('min_records')"
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Create_HTML_table": {
+                              "runAfter": {
+                                "For_each_response": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Table",
+                              "inputs": {
+                                "format": "HTML",
+                                "from": "@variables('username_breach_data_array')"
+                              }
+                            },
+                            "For_each_response": {
+                              "foreach": "@take(body('Get_Breach_Data_by_Username_Search')?['results'],variables('min_records'))",
+                              "actions": {
+                                "Append_to_array_variable": {
+                                  "runAfter": {
+                                    "Compose": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "username_breach_data_array",
+                                    "value": "@outputs('Compose')"
+                                  }
+                                },
+                                "Compose": {
+                                  "runAfter": {
+                                    "Condition": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "Compose",
+                                  "inputs": {
+                                    "Document Id": "@items('For_each_response')?['document_id']",
+                                    "Domain": "@items('For_each_response')?['domain']",
+                                    "Email": "@items('For_each_response')?['email']",
+                                    "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
+                                    "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
+                                    "Infected Path": "@items('For_each_response')?['infected_path']",
+                                    "Infected Time": "@items('For_each_response')?['infected_time']",
+                                    "Password": "@items('For_each_response')?['password']",
+                                    "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
+                                    "Severity": "@items('For_each_response')?['severity']",
+                                    "Source Id": "@items('For_each_response')?['source_id']",
+                                    "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
+                                    "Target Domain": "@items('For_each_response')?['target_domain']",
+                                    "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
+                                    "Target Url": "@items('For_each_response')?['target_url']",
+                                    "User Hostname": "@items('For_each_response')?['user_hostname']",
+                                    "User OS": "@items('For_each_response')?['user_os']",
+                                    "Username": "@items('For_each_response')?['username']"
+                                  }
+                                },
+                                "Condition": {
+                                  "actions": {
+                                    "For_each_ip": {
+                                      "foreach": "@items('For_each_response')?['ip_addresses']",
+                                      "actions": {
+                                        "Append_to_string_variable": {
+                                          "type": "AppendToStringVariable",
+                                          "inputs": {
+                                            "name": "ip_address",
+                                            "value": "@{items('For_each_ip')},"
+                                          }
+                                        }
+                                      },
+                                      "type": "Foreach"
+                                    }
+                                  },
+                                  "runAfter": {
+                                    "Set_variable": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "not": {
+                                          "equals": [
+                                            "@items('For_each_response')?['ip_addresses']",
+                                            "@null"
+                                          ]
+                                        }
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                },
+                                "Set_variable": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "ip_address",
+                                    "value": " "
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Set_more_records_to_empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Foreach"
+                            },
+                            "Set_array_to_Empty": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "username_breach_data_array",
+                                "value": "[variables('TemplateEmptyArray')]"
+                              }
+                            },
+                            "Set_more_records_to_empty": {
+                              "runAfter": {
+                                "Set_array_to_Empty": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "more_records_display_text",
+                                "value": " "
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "set_total_records": [
+                              "Succeeded"
+                            ]
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "type": "ApiConnection",
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Breach Data for username </strong></span><span style=\"font-size: 14px\"><strong>@{variables('username')}</strong></span><span style=\"font-size: 14px\"><strong></strong></span><br>\nNo Records Found.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                }
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "greater": [
+                                  "@variables('total_records')",
+                                  0
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Get_Breach_Data_by_Username_Search": {
+                          "runAfter": {
+                            "Set_Username": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/breach/data/usernames/@{encodeURIComponent(variables('username'))}"
+                          }
+                        },
+                        "Set_Username": {
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "username",
+                            "value": "@items('For_Each_Incident_Emails')?['Name']"
+                          }
+                        },
+                        "set_total_records": {
+                          "runAfter": {
+                            "Get_Breach_Data_by_Username_Search": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "total_records",
+                            "value": "@body('Get_Breach_Data_by_Username_Search')?['hits']"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Entities_-_Get_Accounts": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach",
+                      "runtimeConfiguration": {
+                        "concurrency": {
+                          "repetitions": 1
+                        }
+                      }
+                    },
+                    "Outputs_Variable": {
+                      "runAfter": {
+                        "Usernames_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "username_breach_data_array",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "Usernames_Variable": {
+                      "runAfter": {
+                        "more_records_desplay_text": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "username",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "ip_address": {
+                      "runAfter": {
+                        "Outputs_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "minimum_records": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "min_records",
+                            "type": "integer",
+                            "value": 15
+                          }
+                        ]
+                      }
+                    },
+                    "more_records_desplay_text": {
+                      "runAfter": {
+                        "total_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "more_records_display_text",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "total_records": {
+                      "runAfter": {
+                        "minimum_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "total_records",
+                            "type": "integer"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "SpyCloud-Enterprise-Connector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId7')]",
+                "contentId": "[variables('_playbookContentId7')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion7')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_Custom Connector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Username Breach Data - SpyCloud Enterprise",
+            "description": "The SpyCloud Enterprise API is able to provide breach data for a username or set of usernames associated with an incident.",
+            "prerequisites": "SpyCloud Enterprise API Key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "entities": [
+              "ACCOUNT"
+            ],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId7')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Get-Username-Breach-Data-Playbook",
+        "contentProductId": "[variables('_playbookcontentProductId7')]",
+        "id": "[variables('_playbookcontentProductId7')]",
+        "version": "[variables('playbookVersion7')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName8')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Malware-Playbook Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion8')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Malware-Playbook",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            },
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom connector name"
+              }
+            }
+          },
+          "variables": {
+            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('AzureSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident_2": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Check_if_the_incident_is_created_by_SpyCloud_Malware_": {
+                      "actions": {
+                        "Entities_-_Get_Hosts": {
+                          "runAfter": {
+                            "For_each_incident_alert": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/entities/host"
+                          }
+                        },
+                        "For_each_host": {
+                          "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
+                          "actions": {
+                            "Check_if_the_records_are_returned": {
+                              "actions": {
+                                "Add_comment_to_incident_(V3)": {
+                                  "runAfter": {
+                                    "Check_number_of_Records": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "ApiConnection",
+                                  "inputs": {
+                                    "body": {
+                                      "incidentArmId": "@triggerBody()?['object']?['id']",
+                                      "message": "<p><span style=\"font-size: 14px\"><strong>SpyCloud Comapss Devices Data for</strong></span> @{variables('infected_machine_id')}@{body('Create_HTML_table')}@{variables('more_records_display_text')}</p>"
+                                    },
+                                    "host": {
+                                      "connection": {
+                                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                      }
+                                    },
+                                    "method": "post",
+                                    "path": "/Incidents/Comment"
+                                  }
+                                },
+                                "Check_number_of_Records": {
+                                  "actions": {
+                                    "set_more_records_display_text": {
+                                      "type": "SetVariable",
+                                      "inputs": {
+                                        "name": "more_records_display_text",
+                                        "value": "Showing @{variables('min_records')} records out of @{variables('total_records')} records, for more information visit https://portal.spycloud.com/"
+                                      }
+                                    }
+                                  },
+                                  "runAfter": {
+                                    "Create_HTML_table": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "greater": [
+                                          "@variables('total_records')",
+                                          "@variables('min_records')"
+                                        ]
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                },
+                                "Create_HTML_table": {
+                                  "runAfter": {
+                                    "For_each_response": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "Table",
+                                  "inputs": {
+                                    "format": "HTML",
+                                    "from": "@variables('compass_device_data')"
+                                  }
+                                },
+                                "For_each_response": {
+                                  "foreach": "@take(body('Get_Compass_Devices_Data')?['results'],variables('min_records'))",
+                                  "actions": {
+                                    "Append_to_array_variable": {
+                                      "runAfter": {
+                                        "Compose": [
+                                          "Succeeded"
+                                        ]
+                                      },
+                                      "type": "AppendToArrayVariable",
+                                      "inputs": {
+                                        "name": "compass_device_data",
+                                        "value": "@outputs('Compose')"
+                                      }
+                                    },
+                                    "Compose": {
+                                      "runAfter": {
+                                        "Condition": [
+                                          "Succeeded"
+                                        ]
+                                      },
+                                      "type": "Compose",
+                                      "inputs": {
+                                        "Document Id": "@items('For_each_response')?['document_id']",
+                                        "Domain": "@items('For_each_response')?['domain']",
+                                        "Email": "@items('For_each_response')?['email']",
+                                        "IP Addresses": "@substring(variables('ip_address'),0,sub(length(variables('ip_address')),1))",
+                                        "Infected Machine Id": "@items('For_each_response')?['infected_machine_id']",
+                                        "Infected Path": "@items('For_each_response')?['infected_path']",
+                                        "Infected Time": "@items('For_each_response')?['infected_time']",
+                                        "Password": "@items('For_each_response')?['password']",
+                                        "Password Plaintext": "@items('For_each_response')?['password_plaintext']",
+                                        "Severity": "@items('For_each_response')?['severity']",
+                                        "Source Id": "@items('For_each_response')?['source_id']",
+                                        "Spycloud Publish Date": "@items('For_each_response')?['spycloud_publish_date']",
+                                        "Target Domain": "@items('For_each_response')?['target_domain']",
+                                        "Target Subdomain": "@items('For_each_response')?['target_subdomain']",
+                                        "Target Url": "@items('For_each_response')?['target_url']",
+                                        "User Hostname": "@items('For_each_response')?['user_hostname']",
+                                        "User OS": "@items('For_each_response')?['user_os']",
+                                        "Username": "@items('For_each_response')?['username']"
+                                      }
+                                    },
+                                    "Condition": {
+                                      "actions": {
+                                        "For_each_ip": {
+                                          "foreach": "@items('For_each_response')?['ip_addresses']",
+                                          "actions": {
+                                            "Append_to_string_variable": {
+                                              "type": "AppendToStringVariable",
+                                              "inputs": {
+                                                "name": "ip_address",
+                                                "value": "@{items('For_each_ip')},"
+                                              }
+                                            }
+                                          },
+                                          "type": "Foreach"
+                                        }
+                                      },
+                                      "runAfter": {
+                                        "Set_IP_Address_to_Empty": [
+                                          "Succeeded"
+                                        ]
+                                      },
+                                      "else": {
+                                        "actions": {
+                                          "Set_variable": {
+                                            "type": "SetVariable",
+                                            "inputs": {
+                                              "name": "ip_address",
+                                              "value": " "
+                                            }
+                                          }
+                                        }
+                                      },
+                                      "expression": {
+                                        "and": [
+                                          {
+                                            "not": {
+                                              "equals": [
+                                                "@items('For_each_response')?['ip_addresses']",
+                                                "@null"
+                                              ]
+                                            }
+                                          }
+                                        ]
+                                      },
+                                      "type": "If"
+                                    },
+                                    "Set_IP_Address_to_Empty": {
+                                      "type": "SetVariable",
+                                      "inputs": {
+                                        "name": "ip_address",
+                                        "value": " "
+                                      }
+                                    }
+                                  },
+                                  "type": "Foreach"
+                                },
+                                "Update_incident": {
+                                  "runAfter": {
+                                    "Add_comment_to_incident_(V3)": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "ApiConnection",
+                                  "inputs": {
+                                    "body": {
+                                      "incidentArmId": "@triggerBody()?['object']?['id']",
+                                      "owner": "someone@someone.com",
+                                      "ownerAction": "Assign",
+                                      "severity": "High"
+                                    },
+                                    "host": {
+                                      "connection": {
+                                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                      }
+                                    },
+                                    "method": "put",
+                                    "path": "/Incidents"
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Get_Compass_Devices_Data": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "greater": [
+                                      "@body('Get_Compass_Devices_Data')?['hits']",
+                                      0
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Get_Compass_Devices_Data": {
+                              "runAfter": {
+                                "Set_Infected_Machine_ID": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                                  }
+                                },
+                                "method": "get",
+                                "path": "/compass/data/devices/@{encodeURIComponent(variables('infected_machine_id'))}"
+                              }
+                            },
+                            "Set_Infected_Machine_ID": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "infected_machine_id",
+                                "value": "@items('For_each_host')?['HostName']"
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "Entities_-_Get_Hosts": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "Foreach"
+                        },
+                        "For_each_incident_alert": {
+                          "foreach": "@triggerBody()?['object']?['properties']?['Alerts']",
+                          "actions": {
+                            "Check_User_Host_Name_exists": {
+                              "actions": {
+                                "Check_if_Host_is_Managed_host": {
+                                  "runAfter": {
+                                    "Set_variable_2": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "equals": [
+                                          "",
+                                          ""
+                                        ]
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                },
+                                "Set_User_Host_Name": {
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "user_host_name",
+                                    "value": "@{variables('incident_custom_details_object')?['User_Host_Name']}"
+                                  }
+                                },
+                                "Set_variable_2": {
+                                  "runAfter": {
+                                    "Set_User_Host_Name": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "SetVariable",
+                                  "inputs": {
+                                    "name": "user_host_name_trim",
+                                    "value": "@{replace(replace(variables('user_host_name'),'[\"',''),'\"]','')}"
+                                  }
+                                }
+                              },
+                              "runAfter": {
+                                "Set_custom_details_object": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "not": {
+                                      "equals": [
+                                        "@variables('incident_custom_details_object')?['User_Host_Name']",
+                                        "@null"
+                                      ]
+                                    }
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            },
+                            "Set_custom_details_object": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "incident_custom_details_object",
+                                "value": "@json(items('For_each_incident_alert')?['properties']?['additionalData']?['Custom Details'])"
+                              }
+                            }
+                          },
+                          "type": "Foreach"
+                        }
+                      },
+                      "runAfter": {
+                        "Incident_Custom_Details_Object": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "equals": [
+                              "@triggerBody()?['object']?['properties']?['title']",
+                              "@variables('incident_name')"
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "IP_address": {
+                      "runAfter": {
+                        "Outputs_Variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Custom_Details_Array": {
+                      "runAfter": {
+                        "Is_Managed_Host": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_custom_details_array",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Custom_Details_Object": {
+                      "runAfter": {
+                        "Incident_Custom_Details_Array": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_custom_details_object",
+                            "type": "object"
+                          }
+                        ]
+                      }
+                    },
+                    "Incident_Name": {
+                      "runAfter": {
+                        "more_records_display_text": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "incident_name",
+                            "type": "string",
+                            "value": "SpyCloud Enterprise Malware Detection"
+                          }
+                        ]
+                      }
+                    },
+                    "Initialize_variable": {
+                      "runAfter": {
+                        "User_Host_Name": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "user_host_name_trim",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Is_Managed_Host": {
+                      "runAfter": {
+                        "IP_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "is_managed_host",
+                            "type": "boolean",
+                            "value": "@true"
+                          }
+                        ]
+                      }
+                    },
+                    "Machine_ID": {
+                      "runAfter": {
+                        "Initialize_variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "infected_machine_id",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Outputs_Variable": {
+                      "runAfter": {
+                        "Machine_ID": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "compass_device_data",
+                            "type": "array"
+                          }
+                        ]
+                      }
+                    },
+                    "User_Host_Name": {
+                      "runAfter": {
+                        "Incident_Name": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "user_host_name",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "minimum_records": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "min_records",
+                            "type": "integer",
+                            "value": 15
+                          }
+                        ]
+                      }
+                    },
+                    "more_records_display_text": {
+                      "runAfter": {
+                        "total_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "more_records_display_text",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "total_records": {
+                      "runAfter": {
+                        "minimum_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "total_records",
+                            "type": "integer"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "SpyCloud-Enterprise-Connector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId8')]",
+                "contentId": "[variables('_playbookContentId8')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion8')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_Custom Connector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "SpyCloud Malware Information - SpyCloud Enterprise",
+            "description": "This Playbook will be triggered when an spycloud malware incident is created.",
+            "prerequisites": "SpyCloud Enterprise API Key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "entities": [
+              "ACCOUNT"
+            ],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId8')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Malware-Playbook",
+        "contentProductId": "[variables('_playbookcontentProductId8')]",
+        "id": "[variables('_playbookcontentProductId8')]",
+        "version": "[variables('playbookVersion8')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName9')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloud-Monitor-Watchlist-Data Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion9')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "SpyCloud-Monitor-Watchlist-Data",
+              "type": "string",
+              "metadata": {
+                "description": "Name of the Logic App/Playbook"
+              }
+            },
+            "SpyCloudConnectorName": {
+              "defaultValue": "SpyCloud-Enterprise-Protection",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom connector name"
+              }
+            },
+            "SpyCloud_Custom_Log_Table_Name": {
+              "defaultValue": "SpyCloudBreachDataWatchlist",
+              "type": "String",
+              "metadata": {
+                "description": "SpyCloud Enterprise custom log name"
+              }
+            }
+          },
+          "variables": {
+            "SpyCloudEnterpriseConnectionName": "[[concat('spycloudconnector-', parameters('PlaybookName'))]",
+            "AzureLogAnalyticsDataConnector": "[[concat('azuredataconnector-', parameters('PlaybookName'))]",
+            "SpyCloudCustomTableName": "[[parameters('SpyCloud_Custom_Log_Table_Name')]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azureloganalyticsdatacollector')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureLogAnalyticsDataConnector')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('AzureLogAnalyticsDataConnector')]",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('SpyCloudEnterpriseConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "properties": {
+                "displayName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Day",
+                        "interval": 1,
+                        "startTime": "[variables('blanks')]"
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Day",
+                        "interval": 1,
+                        "startTime": "2023-05-06T00:00:00Z"
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "Cursor": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "cursor",
+                            "type": "string",
+                            "value": "start"
+                          }
+                        ]
+                      }
+                    },
+                    "Custom_Log_Name": {
+                      "runAfter": {
+                        "date_": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "custom_log_name",
+                            "type": "string",
+                            "value": "[[variables('SpyCloudCustomTableName')]"
+                          }
+                        ]
+                      }
+                    },
+                    "IP_address": {
+                      "runAfter": {
+                        "Is_First_Fetch": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "ip_address",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Is_First_Fetch": {
+                      "runAfter": {
+                        "Cursor": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "first_fetch",
+                            "type": "boolean",
+                            "value": "@true"
+                          }
+                        ]
+                      }
+                    },
+                    "Until_Modified_Records_Exist": {
+                      "actions": {
+                        "Check_if_this_is_first_fetch_for_modified_records": {
+                          "actions": {
+                            "Set_Cursor_to_null_2": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "cursor",
+                                "value": "@{null}"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "equals": [
+                                  "@variables('first_fetch')",
+                                  "@true"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Get_Breach_Data_for_Entire_Watchlist_2": {
+                          "runAfter": {
+                            "Set_modified_records_array_to_empty": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/breach/data/watchlist",
+                            "queries": {
+                              "cursor": "@variables('cursor')",
+                              "since_modification_date": "@variables('date')"
+                            }
+                          }
+                        },
+                        "Set_false_to_first_fetch": {
+                          "runAfter": {
+                            "check_if_data_exist_for_date": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "first_fetch",
+                            "value": "@false"
+                          }
+                        },
+                        "Set_modified_records_array_to_empty": {
+                          "runAfter": {
+                            "Check_if_this_is_first_fetch_for_modified_records": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "modified_records",
+                            "value": "[variables('TemplateEmptyArray')]"
+                          }
+                        },
+                        "check_if_data_exist_for_date": {
+                          "actions": {
+                            "For_each_response_2": {
+                              "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['results']",
+                              "actions": {
+                                "Append_to_modified_records_variable": {
+                                  "runAfter": {
+                                    "Check_IP_Address_is_Not_empty_2": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "modified_records",
+                                    "value": {
+                                      "Document Id": "@{items('For_each_response_2')?['document_id']}",
+                                      "Domain": "@{items('For_each_response_2')?['domain']}",
+                                      "Email": "@{items('For_each_response_2')?['email']}",
+                                      "IP_Address": "@{variables('ip_address')}",
+                                      "Infected_Machine_Id": "@{items('For_each_response_2')?['infected_machine_id']}",
+                                      "Infected_Path": "@{items('For_each_response_2')?['infected_path']}",
+                                      "Infected_Time": "@{items('For_each_response_2')?['infected_time']}",
+                                      "Password": "@{items('For_each_response_2')?['password']}",
+                                      "Password_Plaintext": "@{items('For_each_response_2')?['password_plaintext']}",
+                                      "Severity": "@{items('For_each_response_2')?['severity']}",
+                                      "Source Id": "@{items('For_each_response_2')?['source_id']}",
+                                      "SpyCloud_Publish_Date": "@{items('For_each_response_2')?['spycloud_publish_date']}",
+                                      "Target_Domain": "@{items('For_each_response_2')?['target_domain']}",
+                                      "Target_SubDomain": "@{items('For_each_response_2')?['target_subdomain']}",
+                                      "Target_URL": "@{items('For_each_response_2')?['target_url']}",
+                                      "User_Hostname": "@{items('For_each_response_2')?['user_hostname']}",
+                                      "User_OS": "@{items('For_each_response_2')?['user_os']}",
+                                      "Username": "@{items('For_each_response_2')?['username']}"
+                                    }
+                                  }
+                                },
+                                "Check_IP_Address_is_Not_empty_2": {
+                                  "actions": {
+                                    "set_ip_variable": {
+                                      "type": "SetVariable",
+                                      "inputs": {
+                                        "name": "ip_address",
+                                        "value": "@{first(items('For_each_response_2')?['ip_addresses'])}"
+                                      }
+                                    }
+                                  },
+                                  "else": {
+                                    "actions": {
+                                      "set_ip_variable_to_null": {
+                                        "type": "SetVariable",
+                                        "inputs": {
+                                          "name": "ip_address",
+                                          "value": "@{null}"
+                                        }
+                                      }
+                                    }
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "not": {
+                                          "equals": [
+                                            "@items('For_each_response_2')?['ip_addresses']",
+                                            "@null"
+                                          ]
+                                        }
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                }
+                              },
+                              "type": "Foreach"
+                            },
+                            "Modified_Records_Compose": {
+                              "runAfter": {
+                                "For_each_response_2": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Compose",
+                              "inputs": "@variables('modified_records')"
+                            },
+                            "Save_Modified_Records_to_Custom_Logs_Table": {
+                              "runAfter": {
+                                "Modified_Records_Compose": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": "@{outputs('Modified_Records_Compose')}",
+                                "headers": {
+                                  "Log-Type": "@variables('custom_log_name')"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/logs"
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "Get_Breach_Data_for_Entire_Watchlist_2": [
+                              "Succeeded"
+                            ]
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "greater": [
+                                  "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['hits']",
+                                  0
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "set_cursor_value": {
+                          "runAfter": {
+                            "Set_false_to_first_fetch": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "cursor",
+                            "value": "@body('Get_Breach_Data_for_Entire_Watchlist_2')?['cursor']"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "reset_first_fetch": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": "@equals(empty(variables('cursor')), true)",
+                      "limit": {
+                        "count": 60,
+                        "timeout": "PT1H"
+                      },
+                      "type": "Until"
+                    },
+                    "Until_New_Records_Exist": {
+                      "actions": {
+                        "Check_if_data_exists": {
+                          "actions": {
+                            "For_each_response": {
+                              "foreach": "@body('Get_Breach_Data_for_Entire_Watchlist')?['results']",
+                              "actions": {
+                                "Append_to_new_records_array": {
+                                  "runAfter": {
+                                    "Check_IP_Address_is_Not_empty": [
+                                      "Succeeded"
+                                    ]
+                                  },
+                                  "type": "AppendToArrayVariable",
+                                  "inputs": {
+                                    "name": "new_records",
+                                    "value": {
+                                      "Document Id": "@{items('For_each_response')?['document_id']}",
+                                      "Domain": "@{items('For_each_response')?['domain']}",
+                                      "Email": "@{items('For_each_response')?['email']}",
+                                      "IP_Address": "@{variables('ip_address')}",
+                                      "Infected_Machine_Id": "@{items('For_each_response')?['infected_machine_id']}",
+                                      "Infected_Path": "@{items('For_each_response')?['infected_path']}",
+                                      "Infected_Time": "@{items('For_each_response')?['infected_time']}",
+                                      "Password": "@{items('For_each_response')?['password']}",
+                                      "Password_Plaintext": "@{items('For_each_response')?['password_plaintext']}",
+                                      "Severity": "@{items('For_each_response')?['severity']}",
+                                      "Source Id": "@{items('For_each_response')?['source_id']}",
+                                      "SpyCloud_Publish_Date": "@{items('For_each_response')?['spycloud_publish_date']}",
+                                      "Target_Domain": "@{items('For_each_response')?['target_domain']}",
+                                      "Target_SubDomain": "@{items('For_each_response')?['target_subdomain']}",
+                                      "Target_URL": "@{items('For_each_response')?['target_url']}",
+                                      "User_Hostname": "@{items('For_each_response')?['user_hostname']}",
+                                      "User_OS": "@{items('For_each_response')?['user_os']}",
+                                      "Username": "@{items('For_each_response')?['username']}"
+                                    }
+                                  }
+                                },
+                                "Check_IP_Address_is_Not_empty": {
+                                  "actions": {
+                                    "Set_Address_to_value": {
+                                      "type": "SetVariable",
+                                      "inputs": {
+                                        "name": "ip_address",
+                                        "value": "@{first(items('For_each_response')?['ip_addresses'])}"
+                                      }
+                                    }
+                                  },
+                                  "else": {
+                                    "actions": {
+                                      "Set_Address_to_null": {
+                                        "type": "SetVariable",
+                                        "inputs": {
+                                          "name": "ip_address",
+                                          "value": "@{null}"
+                                        }
+                                      }
+                                    }
+                                  },
+                                  "expression": {
+                                    "and": [
+                                      {
+                                        "not": {
+                                          "equals": [
+                                            "@items('For_each_response')?['ip_addresses']",
+                                            "@null"
+                                          ]
+                                        }
+                                      }
+                                    ]
+                                  },
+                                  "type": "If"
+                                }
+                              },
+                              "type": "Foreach"
+                            },
+                            "New_Records_Compose": {
+                              "runAfter": {
+                                "For_each_response": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "Compose",
+                              "inputs": "@variables('new_records')"
+                            },
+                            "Save_New_Records_to_Custom_Logs_Table": {
+                              "runAfter": {
+                                "New_Records_Compose": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection",
+                              "inputs": {
+                                "body": "@{outputs('New_Records_Compose')}",
+                                "headers": {
+                                  "Log-Type": "@variables('custom_log_name')"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azureloganalyticsdatacollector']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/logs"
+                              }
+                            }
+                          },
+                          "runAfter": {
+                            "Get_Breach_Data_for_Entire_Watchlist": [
+                              "Succeeded"
+                            ]
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "greater": [
+                                  "@body('Get_Breach_Data_for_Entire_Watchlist')?['hits']",
+                                  0
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Check_if_this_is_first_fetch_for_new_records": {
+                          "actions": {
+                            "Set_Cursor_to_null_": {
+                              "type": "SetVariable",
+                              "inputs": {
+                                "name": "cursor",
+                                "value": "@{null}"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "equals": [
+                                  "@variables('first_fetch')",
+                                  "@true"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Get_Breach_Data_for_Entire_Watchlist": {
+                          "runAfter": {
+                            "Set_new_records_array_to_empty": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['SpyCloud-Enterprise-Connector']['connectionId']"
+                              }
+                            },
+                            "method": "get",
+                            "path": "/breach/data/watchlist",
+                            "queries": {
+                              "cursor": "@variables('cursor')",
+                              "since": "@variables('date')"
+                            }
+                          }
+                        },
+                        "Set_First_Fetch_to_False": {
+                          "runAfter": {
+                            "Check_if_data_exists": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "first_fetch",
+                            "value": "@false"
+                          }
+                        },
+                        "Set_cursor_from_the_API_response": {
+                          "runAfter": {
+                            "Set_First_Fetch_to_False": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "cursor",
+                            "value": "@body('Get_Breach_Data_for_Entire_Watchlist')?['cursor']"
+                          }
+                        },
+                        "Set_new_records_array_to_empty": {
+                          "runAfter": {
+                            "Check_if_this_is_first_fetch_for_new_records": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "SetVariable",
+                          "inputs": {
+                            "name": "new_records",
+                            "value": "[variables('TemplateEmptyArray')]"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "modified_records": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": "@equals(empty(variables('cursor')), true)",
+                      "limit": {
+                        "count": 60,
+                        "timeout": "PT1H"
+                      },
+                      "type": "Until"
+                    },
+                    "date_": {
+                      "runAfter": {
+                        "IP_address": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "date",
+                            "type": "string",
+                            "value": "@{addDays(utcNow(), -1, 'yyyy-MM-dd')}"
+                          }
+                        ]
+                      }
+                    },
+                    "modified_records": {
+                      "runAfter": {
+                        "new_records_": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "modified_records",
+                            "type": "array",
+                            "value": "[variables('TemplateEmptyArray')]"
+                          }
+                        ]
+                      }
+                    },
+                    "new_records_": {
+                      "runAfter": {
+                        "Custom_Log_Name": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "new_records",
+                            "type": "array",
+                            "value": "[variables('TemplateEmptyArray')]"
+                          }
+                        ]
+                      }
+                    },
+                    "reset_cursor": {
+                      "runAfter": {
+                        "Until_New_Records_Exist": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "cursor",
+                        "value": "start"
+                      }
+                    },
+                    "reset_first_fetch": {
+                      "runAfter": {
+                        "reset_cursor": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "first_fetch",
+                        "value": "@true"
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "SpyCloud-Enterprise-Connector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SpyCloudEnterpriseConnectionName'))]",
+                        "connectionName": "[[variables('SpyCloudEnterpriseConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameters('SpyCloudConnectorName'))]"
+                      },
+                      "azureloganalyticsdatacollector": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureLogAnalyticsDataConnector'))]",
+                        "connectionName": "[[variables('AzureLogAnalyticsDataConnector')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azureloganalyticsdatacollector')]"
+                      }
+                    }
+                  }
+                }
+              },
+              "tags": {
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId9')]",
+                "contentId": "[variables('_playbookContentId9')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion9')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "LogicAppsCustomConnector",
+                      "contentId": "[variables('_Custom Connector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "SpyCloud Watachlist data - SpyCloud Enterprise",
+            "description": "This Playbook will run daily, gets the watchlist data from SpyCloud API and saved it into the custom logs.",
+            "prerequisites": "SpyCloud Enterprise API Key.",
+            "lastUpdateTime": "2022-09-05T00:00:00Z",
+			"postDeploymentSteps": ["None"],
+            "tags": [
+              "Feed"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId9')]",
+        "contentKind": "Playbook",
+        "displayName": "SpyCloud-Monitor-Watchlist-Data",
+        "contentProductId": "[variables('_playbookcontentProductId9')]",
+        "id": "[variables('_playbookcontentProductId9')]",
+        "version": "[variables('playbookVersion9')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloudEnterpriseProtectionBreachRule_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId1')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data",
+                "displayName": "SpyCloud Enterprise Breach Detection",
+                "enabled": false,
+                "query": "SpyCloudBreachDataWatchlist_CL\n| where Severity_s == '20'\n| project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, IP_Address_s\n",
+                "queryFrequency": "PT12H",
+                "queryPeriod": "PT12H",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": "[variables('TemplateEmptyArray')]",
+                "tactics": [
+                  "CredentialAccess"
+                ],
+                "techniques": [
+                  "T1555"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "Email_s"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Name",
+                        "columnName": "Username_s"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "IP_Address_s"
+                      }
+                    ]
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "AlertPerResult"
+                },
+                "customDetails": {
+                  "Domain": "Domain_s",
+                  "Source_ID": "[variables('_source')]",
+                  "Document_Id": "[variables('_Document_Id')]",
+                  "Password": "Password_s",
+                  "Password_Plaintext": "Password_Plaintext_s",
+                  "PublishDate": "SpyCloud_Publish_Date_t"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "12h"
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
+              "properties": {
+                "description": "SpyCloud Enterprise Protection Analytics Rule 1",
+                "parentId": "[variables('analyticRuleId1')]",
+                "contentId": "[variables('_analyticRulecontentId1')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "SpyCloud Enterprise Breach Detection",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "SpyCloudEnterpriseProtectionMalwareRule_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId2')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "This alert creates an incident when an malware record is detected in the SpyCloud watchlist data",
+                "displayName": "SpyCloud Enterprise Malware Detection",
+                "enabled": false,
+                "query": "SpyCloudBreachDataWatchlist_CL\n| where Severity_s == '25'\n| project TimeGenerated, Document_Id_g, Source_Id_s, SpyCloud_Publish_Date_t, Email_s, Domain_s, Password_s, Password_Plaintext_s, Username_s, Infected_Machine_Id_g, Infected_Path_s, Infected_Time_t, Target_Domain_s, Target_SubDomain_s, User_Hostname_s, User_OS_s, Target_URL_s,IP_Address_s\n",
+                "queryFrequency": "PT12H",
+                "queryPeriod": "PT12H",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": "[variables('TemplateEmptyArray')]",
+                "tactics": [
+                  "CredentialAccess"
+                ],
+                "techniques": [
+                  "T1555"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "Infected_Machine_Id_g"
+                      },
+                      {
+                        "identifier": "DnsDomain",
+                        "columnName": "User_Hostname_s"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "Email_s"
+                      },
+                      {
+                        "identifier": "Name",
+                        "columnName": "Username_s"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "DNS",
+                    "fieldMappings": [
+                      {
+                        "identifier": "DomainName",
+                        "columnName": "Target_Domain_s"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "DNS",
+                    "fieldMappings": [
+                      {
+                        "identifier": "DomainName",
+                        "columnName": "Target_SubDomain_s"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "IP_Address_s"
+                      }
+                    ]
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "AlertPerResult"
+                },
+                "customDetails": {
+                  "Domain": "Domain_s",
+                  "User_Host_Name": "User_Hostname_s",
+                  "Source_ID": "[variables('_source')]",
+                  "Infected_Time": "Infected_Time_t",
+                  "Infected_Path": "Infected_Path_s",
+                  "Document_Id": "[variables('_Document_Id')]",
+                  "Password": "Password_s",
+                  "Password_Plaintext": "Password_Plaintext_s",
+                  "PublishDate": "SpyCloud_Publish_Date_t"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "12h"
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
+              "properties": {
+                "description": "SpyCloud Enterprise Protection Analytics Rule 2",
+                "parentId": "[variables('analyticRuleId2')]",
+                "contentId": "[variables('_analyticRulecontentId2')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "SpyCloud Enterprise Protection",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "SpyCloud"
+                },
+                "support": {
+                  "name": "Spycloud",
+                  "email": "integrations@spycloud.com",
+                  "tier": "Partner",
+                  "link": "https://portal.spycloud.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId2')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "SpyCloud Enterprise Malware Detection",
+        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
+        "id": "[variables('_analyticRulecontentProductId2')]",
+        "version": "[variables('analyticRuleVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.0",
+        "kind": "Solution",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "SpyCloud Enterprise Protection",
+        "publisherDisplayName": "Spycloud",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>Cybercriminals continue to utilize stolen corporate credentials as the number one technique for account takeover (ATO). In fact, the FBI estimated that this resulted in estimated losses totaling more than $2.7 billion in 2022. SpyCloud helps prevent account takeover and ransomware attacks by identifying exposed credentials related to a company’s domains, IP addresses and emails. Through this integration, breach and malware data from SpyCloud can be loaded into Sentinel.</p>\n<p><strong>Analytic Rules:</strong> 2, <strong>Custom Azure Logic Apps Connectors:</strong> 1, <strong>Playbooks:</strong> 8</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/azure/azure-sentinel/master/Logos/SpyCloud_Enterprise_Protection.svg\" width=\"75\" height=\"75\" >",
+        "contentId": "[variables('_solutionId')]",
+        "parentId": "[variables('_solutionId')]",
+        "source": {
+          "kind": "Solution",
+          "name": "SpyCloud Enterprise Protection",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "SpyCloud"
+        },
+        "support": {
+          "name": "Spycloud",
+          "email": "integrations@spycloud.com",
+          "tier": "Partner",
+          "link": "https://portal.spycloud.com"
+        },
+        "dependencies": {
+          "operator": "AND",
+          "criteria": [
+            {
+              "kind": "LogicAppsCustomConnector",
+              "contentId": "[variables('_Custom Connector')]",
+              "version": "[variables('playbookVersion1')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Breach-Playbook')]",
+              "version": "[variables('playbookVersion2')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Get-Domain-Breach-Data-Playbook')]",
+              "version": "[variables('playbookVersion3')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Get-Email-Breach-Data-Playbook')]",
+              "version": "[variables('playbookVersion4')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Get-IP-Breach-Data-Playbook')]",
+              "version": "[variables('playbookVersion5')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Get-Password-Breach-Data-Playbook')]",
+              "version": "[variables('playbookVersion6')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Get-Username-Breach-Data-Playbook')]",
+              "version": "[variables('playbookVersion7')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Malware-Playbook')]",
+              "version": "[variables('playbookVersion8')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_SpyCloud-Monitor-Watchlist-Data')]",
+              "version": "[variables('playbookVersion9')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId1')]",
+              "version": "[variables('analyticRuleVersion1')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId2')]",
+              "version": "[variables('analyticRuleVersion2')]"
+            }
+          ]
+        },
+        "firstPublishDate": "2023-09-09",
+        "providers": [
+          "Spycloud, Inc"
+        ],
+        "categories": {
+          "domains": [
+            "Security - Automation (SOAR)",
+            "Security - Threat Intelligence"
+          ]
+        }
+      },
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
+    }
+  ],
+  "outputs": {}
+}