From 4eb3838af04600172483e0ba6960820eba5a05eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9sar=20Maneiro=20Salazar?= Date: Thu, 21 Dec 2023 16:30:22 +0100 Subject: [PATCH 1/5] resourceid entity including resourceid KeyvaultMassSecretRetrieval --- KeyvaultMassSecretRetrieval.yaml | 81 ++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 KeyvaultMassSecretRetrieval.yaml diff --git a/KeyvaultMassSecretRetrieval.yaml b/KeyvaultMassSecretRetrieval.yaml new file mode 100644 index 00000000000..c99b65a1b4c --- /dev/null +++ b/KeyvaultMassSecretRetrieval.yaml @@ -0,0 +1,81 @@ +id: 24f8c234-d1ff-40ec-8b73-96b17a3a9c1c +name: Mass secret retrieval from Azure Key Vault +description: | + 'Identifies mass secret retrieval from Azure Key Vault observed by a single user. + Mass secret retrival crossing a certain threshold is an indication of credential dump operations or mis-configured applications. + You can tweak the EventCountThreshold based on average count seen in your environment + and also filter any known sources (IP/Account) and useragent combinations based on historical analysis to further reduce noise' +severity: Low +status: Available +requiredDataConnectors: + - connectorId: AzureKeyVault + dataTypes: + - KeyVaultData +queryFrequency: 1d +queryPeriod: 1d +triggerOperator: gt +triggerThreshold: 0 +tactics: + - CredentialAccess +relevantTechniques: + - T1003 +query: | + let DistinctSecretsThreshold = 10; + let EventCountThreshold = 50; + // To avoid any False Positives, filtering using AppId is recommended. + // The AppId 509e4652-da8d-478d-a730-e9d4a1996ca4 has been added in the query as it corresponds to Azure Resource Graph performing VaultGet operations for indexing and syncing all tracked resources across Azure. + // The AppId 8cae6e77-e04e-42ce-b5cb-50d82bce26b1 has been added as it correspond to Microsoft Policy Insights Provider Data Plane performing VaultGet operations for policies checks. + let AllowedAppId = dynamic(["509e4652-da8d-478d-a730-e9d4a1996ca4","8cae6e77-e04e-42ce-b5cb-50d82bce26b1"]); + let OperationList = dynamic(["SecretGet", "KeyGet", "VaultGet"]); + AzureDiagnostics + | where OperationName in (OperationList) and ResourceType =~ "VAULTS" + | where not(identity_claim_appid_g in (AllowedAppId) and OperationName == 'VaultGet') + | extend + ResourceId, + ResultType = column_ifexists("ResultType", ""), + identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g = column_ifexists("identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g", ""), + identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s = column_ifexists("identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s", ""), + identity_claim_oid_g = column_ifexists("identity_claim_oid_g", ""), + identity_claim_upn_s = column_ifexists("identity_claim_upn_s", "") + | extend + CallerObjectId = iff(isempty(identity_claim_oid_g), identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g, identity_claim_oid_g), + CallerObjectUPN = iff(isempty(identity_claim_upn_s), identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s, identity_claim_upn_s) + | as _Retrievals + | where CallerObjectId in (toscalar( + _Retrievals + | where ResultType == "Success" + | summarize Count = dcount(requestUri_s) by OperationName, CallerObjectId + | where Count > DistinctSecretsThreshold + | summarize make_set(CallerObjectId,10000) + )) + | extend + requestUri_s = column_ifexists("requestUri_s", ""), + id_s = column_ifexists("id_s", ""), + CallerIPAddress = column_ifexists("CallerIPAddress", ""), + clientInfo_s = column_ifexists("clientInfo_s", "") + | summarize + EventCount = count(), + StartTime = min(TimeGenerated), + EndTime = max(TimeGenerated), + ResourceList = make_set(Resource, 50), + OperationNameList = make_set(OperationName, 50), + RequestURLList = make_set(requestUri_s, 50), + ResourceId = max(ResourceId), + CallerIPList = make_set(CallerIPAddress, 50), + clientInfo_sList = make_set(clientInfo_s, 50), + CallerIPMax = max(CallerIPAddress) + by ResourceType, ResultType, identity_claim_appid_g, CallerObjectId, CallerObjectUPN + | where EventCount > EventCountThreshold + | project-reorder StartTime, EndTime, EventCount, ResourceId,ResourceType,identity_claim_appid_g, CallerObjectId, CallerObjectUPN, ResultType, ResourceList, OperationNameList, RequestURLList, CallerIPList, clientInfo_sList + | extend timestamp = EndTime +entityMappings: + - entityType: Account + fieldMappings: + - identifier: ObjectGuid + columnName: CallerObjectId + - entityType: IP + fieldMappings: + - identifier: Address + columnName: CallerIPMax +version: 1.0.5 +kind: Scheduled From 170ad7497ea237a84e958bcfaa3445de37286e3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9sar=20Maneiro=20Salazar?= Date: Fri, 29 Dec 2023 12:26:12 +0100 Subject: [PATCH 2/5] Update and rename KeyvaultMassSecretRetrieval.yaml to Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml moving fileto correct directory --- .../Analityc Rules/KeyvaultMassSecretRetrieval.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename KeyvaultMassSecretRetrieval.yaml => Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml (100%) diff --git a/KeyvaultMassSecretRetrieval.yaml b/Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml similarity index 100% rename from KeyvaultMassSecretRetrieval.yaml rename to Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml From 40d21d62bac99aab4365358a324fdc5e0d1a4273 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9sar=20Maneiro=20Salazar?= Date: Fri, 29 Dec 2023 12:36:49 +0100 Subject: [PATCH 3/5] Update KeyvaultMassSecretRetrieval.yaml --- .../Analytic Rules/KeyvaultMassSecretRetrieval.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml b/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml index 62bf10f7e1c..7adcc230793 100644 --- a/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml +++ b/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml @@ -31,6 +31,7 @@ query: | | where OperationName in (OperationList) and ResourceType =~ "VAULTS" | where not(identity_claim_appid_g in (AllowedAppId) and OperationName == 'VaultGet') | extend + ResourceId, ResultType = column_ifexists("ResultType", ""), identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g = column_ifexists("identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g", ""), identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s = column_ifexists("identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s", ""), @@ -59,12 +60,13 @@ query: | ResourceList = make_set(Resource, 50), OperationNameList = make_set(OperationName, 50), RequestURLList = make_set(requestUri_s, 50), + ResourceId = max(ResourceId), CallerIPList = make_set(CallerIPAddress, 50), clientInfo_sList = make_set(clientInfo_s, 50), CallerIPMax = max(CallerIPAddress) by ResourceType, ResultType, identity_claim_appid_g, CallerObjectId, CallerObjectUPN | where EventCount > EventCountThreshold - | project-reorder StartTime, EndTime, EventCount, ResourceType,identity_claim_appid_g, CallerObjectId, CallerObjectUPN, ResultType, ResourceList, OperationNameList, RequestURLList, CallerIPList, clientInfo_sList + | project-reorder StartTime, EndTime, EventCount, ResourceId,ResourceType,identity_claim_appid_g, CallerObjectId, CallerObjectUPN, ResultType, ResourceList, OperationNameList, RequestURLList, CallerIPList, clientInfo_sList | extend timestamp = EndTime entityMappings: - entityType: Account From 5821c15f1c99815ad6da494e91b6c6778ff31a59 Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Wed, 3 Jan 2024 12:37:46 +0530 Subject: [PATCH 4/5] Solution repackaged --- .../KeyvaultMassSecretRetrieval.yaml | 81 ---- .../KeyvaultMassSecretRetrieval.yaml | 2 +- Solutions/Azure Key Vault/Package/3.0.0.zip | Bin 0 -> 19832 bytes .../Package/createUiDefinition.json | 2 +- .../Azure Key Vault/Package/mainTemplate.json | 408 +++++++++--------- .../Package/testParameters.json | 32 ++ 6 files changed, 227 insertions(+), 298 deletions(-) delete mode 100644 Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml create mode 100644 Solutions/Azure Key Vault/Package/3.0.0.zip create mode 100644 Solutions/Azure Key Vault/Package/testParameters.json diff --git a/Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml b/Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml deleted file mode 100644 index c99b65a1b4c..00000000000 --- a/Solutions/Azure Key Vault/Analityc Rules/KeyvaultMassSecretRetrieval.yaml +++ /dev/null @@ -1,81 +0,0 @@ -id: 24f8c234-d1ff-40ec-8b73-96b17a3a9c1c -name: Mass secret retrieval from Azure Key Vault -description: | - 'Identifies mass secret retrieval from Azure Key Vault observed by a single user. - Mass secret retrival crossing a certain threshold is an indication of credential dump operations or mis-configured applications. - You can tweak the EventCountThreshold based on average count seen in your environment - and also filter any known sources (IP/Account) and useragent combinations based on historical analysis to further reduce noise' -severity: Low -status: Available -requiredDataConnectors: - - connectorId: AzureKeyVault - dataTypes: - - KeyVaultData -queryFrequency: 1d -queryPeriod: 1d -triggerOperator: gt -triggerThreshold: 0 -tactics: - - CredentialAccess -relevantTechniques: - - T1003 -query: | - let DistinctSecretsThreshold = 10; - let EventCountThreshold = 50; - // To avoid any False Positives, filtering using AppId is recommended. - // The AppId 509e4652-da8d-478d-a730-e9d4a1996ca4 has been added in the query as it corresponds to Azure Resource Graph performing VaultGet operations for indexing and syncing all tracked resources across Azure. - // The AppId 8cae6e77-e04e-42ce-b5cb-50d82bce26b1 has been added as it correspond to Microsoft Policy Insights Provider Data Plane performing VaultGet operations for policies checks. - let AllowedAppId = dynamic(["509e4652-da8d-478d-a730-e9d4a1996ca4","8cae6e77-e04e-42ce-b5cb-50d82bce26b1"]); - let OperationList = dynamic(["SecretGet", "KeyGet", "VaultGet"]); - AzureDiagnostics - | where OperationName in (OperationList) and ResourceType =~ "VAULTS" - | where not(identity_claim_appid_g in (AllowedAppId) and OperationName == 'VaultGet') - | extend - ResourceId, - ResultType = column_ifexists("ResultType", ""), - identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g = column_ifexists("identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g", ""), - identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s = column_ifexists("identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s", ""), - identity_claim_oid_g = column_ifexists("identity_claim_oid_g", ""), - identity_claim_upn_s = column_ifexists("identity_claim_upn_s", "") - | extend - CallerObjectId = iff(isempty(identity_claim_oid_g), identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g, identity_claim_oid_g), - CallerObjectUPN = iff(isempty(identity_claim_upn_s), identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s, identity_claim_upn_s) - | as _Retrievals - | where CallerObjectId in (toscalar( - _Retrievals - | where ResultType == "Success" - | summarize Count = dcount(requestUri_s) by OperationName, CallerObjectId - | where Count > DistinctSecretsThreshold - | summarize make_set(CallerObjectId,10000) - )) - | extend - requestUri_s = column_ifexists("requestUri_s", ""), - id_s = column_ifexists("id_s", ""), - CallerIPAddress = column_ifexists("CallerIPAddress", ""), - clientInfo_s = column_ifexists("clientInfo_s", "") - | summarize - EventCount = count(), - StartTime = min(TimeGenerated), - EndTime = max(TimeGenerated), - ResourceList = make_set(Resource, 50), - OperationNameList = make_set(OperationName, 50), - RequestURLList = make_set(requestUri_s, 50), - ResourceId = max(ResourceId), - CallerIPList = make_set(CallerIPAddress, 50), - clientInfo_sList = make_set(clientInfo_s, 50), - CallerIPMax = max(CallerIPAddress) - by ResourceType, ResultType, identity_claim_appid_g, CallerObjectId, CallerObjectUPN - | where EventCount > EventCountThreshold - | project-reorder StartTime, EndTime, EventCount, ResourceId,ResourceType,identity_claim_appid_g, CallerObjectId, CallerObjectUPN, ResultType, ResourceList, OperationNameList, RequestURLList, CallerIPList, clientInfo_sList - | extend timestamp = EndTime -entityMappings: - - entityType: Account - fieldMappings: - - identifier: ObjectGuid - columnName: CallerObjectId - - entityType: IP - fieldMappings: - - identifier: Address - columnName: CallerIPMax -version: 1.0.5 -kind: Scheduled diff --git a/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml b/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml index 7adcc230793..9f500a4d8a6 100644 --- a/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml +++ b/Solutions/Azure Key Vault/Analytic Rules/KeyvaultMassSecretRetrieval.yaml @@ -77,5 +77,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: CallerIPMax -version: 1.0.5 +version: 1.0.6 kind: Scheduled diff --git a/Solutions/Azure Key Vault/Package/3.0.0.zip b/Solutions/Azure Key Vault/Package/3.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..d0f5432cde7ca8987298e611d79662a95cb369c0 GIT binary patch literal 19832 zcmZs?V~{R9u(mt4ZQHhO+qP}n)*72@Y}@8D)*9QM^X_x1cAc;4OI`VqRMJWQq`JEA zR+0q;LjwW=f&!{HCDl5c+?3jb1_COe00P4NZ`Rbs+}O=r-CE4t!rH;w&Dzm{!N%3m z;abPuacctk$Dr`nxCo=cEGq3Nc5%q+X1_VK#(9oCeiba-9E{e5++N-Vuv3PnpYywG z=^-7HW;L#mE31SC1>$UIVPSciot=08x%ZpUxJxMCf<%3b-@H4txs8`75kMyAJ$6ch zo(=zAAC6&My5uq!hcHBWV4P&zm}bJxvl^m%pZLhioSNODVtx=y()i$x^D|v}h1gqk z)Vi;o3nkxUFd;=-V!^@Z+=7cXH7Z*K54CuR(d@!=no}`kf~?U~K@2BB^Jnti0!VbJ zC%NAR-_&Ugl{DgcCJh&x-J^R@D@$s6J0tg(WSN_l$A_b;wd9>9SGJp~JRBJZkKQ`U z?MUJ97m z^TRk5bM)>1;?aYo(~wpVP;039BUi^l5l z-d-(#R_6sp@u4O)mf$qOr?dXHQew3*8n9V5N-xfucw`ZexWqe;){=3H+>uCdxLQYRTiTc$w6AsQru62eXPs#;YUBM8%+MX!av z?;l+2IC?04p)SdBO}(_o^>)d}9ty{Q%q7!bEeC!f3Jy~B%>t}Z9}nRpi9k|ZIOWv zHCv0zj4;!xi^*`4Po7AWAqCE#`rRS%aW4|IRzK!_;O*fHqztZ$+pbv^PgQzu{!&KX z_1f5E%lXR@`djXL6o*Oacu~Su)^xc|573jfUpt6aP;`Ml)2>T-VJJ&!ELD9PJ6^M3 zDdHL|zl}^3u#AL^gd7|!2o0t5Me4Zpi1ge!yvWD&s#f9JxRa~-f?KR?$N%0wU8$5L(4ljeF1yU{mydVRi$5YK|l0Rur1sbb$5K)$!l-=Eq6 zFXy}U4ZZU9dV1Xi+Q1Ey)e$iJ*9GkR(i^K}Wc;C_A5_e6>hu^&TrQYLaK1wzZjayPSQZxZof32o$Hk))JK2Zqa@--<>yfHH48Rb8TYJ{YpB zmf1ZCkE6yU#r88%PBnW{fzmZ@JeX{Qf9T7^5_L#4$dXd_QTt%pjp zWrrz0!D+A|gT|#`4MH-)OIBcG`aa9*mRD7q74YHIO?#ekSENvyanM~8TCWLCLo=hUCO0uApM|7?{Ea^R2-Gg9 z8wyfc+(VpIy?3HM*G+s>+~^yk!9rvX9s|rekG#s0OpI@N^KIYeyl%|P3%Xu_NqI5u zAGk$d*vd!36ju5_bNORMEGG@{4YrdXk1sPmmMo|_X-!fxz$f#D|)u>P?h5eV>`$BeV*8~F^Dp!89 z1`nG&yta%@kAMj2omL>YB5M`-#)hz=eZ~rmZPYBfHqiSQ$W6xO#2_; zHXFP?Ol_Z0b=HgX?+h7X`Cn_M31|Erq`TWF&{RZLZuH3>rVpmlPPYz-GbTyyPPQ2gf zvn+jXA6ePUPLOwgaMT5T;EAY|P#Mfp?IaV$BEmfDAy$z5x?zPO)LCdqiftpJKxh-o z7&}xs!mkzBuHs``%rh$mN>K=!rl3s59{H$WNpj_zs_jfPL-snXUi_d0IxKW6 zlC8kg*dOEjAL!>kP8lUBlS$c}kW*Vg zHa8GX1=F>?BXT(JZ|MD;t^8lX38DBx{=(r- ztLedD;q3Iw48ATVKkuxIYP1DoFsUfHM)P%geCuswwsT~Cw0X!}4a{W9+p{A9ZRC-t zqkeq-lg1m)pZ0{<#P&L-9NJ>N&%C`O(ajd5S|{+qR64T8F6ZWH36H8 z0PinG=q)6nva<}BsYXMpHZaoE*|+cCodUm3R)h@Y!I!&}3F8B<9u!XIt^x_P-$$-p zz=YoaU@2op(Q+EsFcHjoAR@&7ui@eUv;`cVlYT@S8pH!MClLz*V1eI$-w!GM zE9Z{IyCFNyV<6)D;m`DEOF7zpqw9p;AZ+&iZFrrcFz|acTZf+?X-P;q`Cp zc|>b&*S~5ach#R49q9pXR@U;6?bQcYZZW@ixBW{0hfnDFZzJcA2oTUQ9taTfe?FnT zv9*JmxxJI!f1ct0=MDPXdLD74oW1f}{(`QvzE0(%+xHUkJMTGfo{w#F^x0$5&cO1!LzL^G`FFx771b+fVP{v(RM)qk1f+XkYI$=odK6X7z zm=GkR&2{hXc;HKp8By=ykWGZnm{7%t#|$hFyfOxiG=`9yB#h1Q56Ef@ChMO6u;Nnk zZrmpvFu9XJ-T|SJ(~T8f5~W=s^T|0>fJH{7P9QRjo^inodP#;%AH(dfHIEZu9~kv> zA7Nj=GLtxS#p*qnqRo|e`+l0FDYDe!Npsb1#D7tbTc6e&o6MRVs@EORHG+un9coKk z$>(vk%kj%puZSB3#UwWFn3+Ez@i&kp5 zh}ZV-ge{(WU383KSpCd)bw2FSPAAeQiv6&|amNfn+yC55$nYv%9140~Axc(OxBO4FwOhLLxdy}?co$53iVK#C!nuB&DAHy8u=N1TI5F|#&2C7$MuU~15 zd`|7|R*br8mh)L!jBab#O!dd!*8(Ax{n^*|vc?CWd*is@!CFfh$e7>&U|$gl5}E4l zW|1|YZ&$$$-?{EcEY#2!wGkV;d1AazULWeKyM#tble)r$xw58=478%Y&pFANQ3EZ_ z5iXz4pbLh!?2MyLIfM(;0!fz6g4Gi{K;RtX%D6OVOUqjka^uCr;E{sCBXf4)F`lkorN?W6AaE7Lgh#NOwEE`eh*}qAM(86$mEC)Rgv1a(L}f zX*DxW?gO$`ZY85Kfh;9Lt3`@qt16yUMK&v6AX%CziRRj#FCP)VshbvQHS$=U8qA$k zua5QE%D2_5ZXWm@k7IIf(oFzjflkx#<6TwdFAY-Bv*nH#aXcxf8@-p$ofi`p+of3b zfM>2(qs`YX3e>U#v9trhlQ8z&eAXHZ7p7)+<}g@%h?%qnb9wW=Gv=V^hxCkT$Cj5R3oq7z<0}c?_sZXD=eRPySFEW z<6bs9W#3OXI~^r!b!^jR7#)lqH9J*tOVe#rPY%ugX9Lwi<6a z06VlTUngGuz3fcbvSr7w(482Xeb(-ndHbi`@h(ND=YS#G;PiN}-LaBOhT)KIcCbc* z;Q)>Cm(k34vt`{jII?)BX~!7#MW+ImQalgt+PGxdfukpZ7tcHVztalBr{fIs!*vr! zhW=SJg2A>E6okvpN}C*XC5MOq5n6RE`cBw2N$~&ZzGFZ0Ke=p*If$BN4`mc=GP#Ie zPb{w6g*(Nzk(fbeU6oS@D6tPJQ7Sf0(mmsqQM%SW?@eo6Ld0UkNYCm?ikDU*!!Bari-tXQvP&!I~&Q6zP_PQ|UF_N>GBv~|(d=l3B){G5{{m90?l zY9-|wlinZg2gBArdmQ(Sf);Swo=3`E;x}R8lnQuL1k4yk12v9h`u9-mHQxM@Xwv;# z*zJBqsj2ODo>Ny*#$`pVcJ~WmlDq;;Nc5C}kcK#j?xIEkNfuy~rfOp5c_BOM`nQ+$ ziupcK1Tp>JI&Xc3TdEAyahv7NU-tMd*6XH-T&3@Bh>aSD1GE84!NQ>rx?qW$dddh2 zabJ-W!ia{w!*%40_-%_5u+D=GTCl>!dn5Fg3}+p zgRSE!>DnzPiybcE5ae+%Z{VPVgt#GQNHE80q}_;yYE)gx3QCMHE0eS&XSnIB!2*WA z^AnNb6nC%-E+t#mCgVw}SR-vhPq1s%r#uBMacg}KQL7)c(s?(uk=vb~mwh@xvg}kCDQ{xAHVj9L_e{wWWrY`Ky!PC(5!Qa8( zk6q&u;NqsmpFPgWpAq~4P-LVM5@K@Hfka3>F@$X+J||O3kMG`Zkbq*b-+FAZet8o4 zFVk(p7Qw6iiHdRdrUUORE>n*lu@Q1CWzIy|&xA>Gycz0G0!v%Yisgl9=tE!I3(N0R z$>7oGfT{3QcP}gbs~$n`$Aipf!`=Mb->>1oUyrBD?#I}?Cq4Dw17P*%f~zxirNfbm z+y@9VPNZe+=q!dIZtC6(?VN<{$a4j=&S<@K!;bb6SYho4DM25D3bf&aRvt?NniHZdt|4_Ca8KZ z3$?N>6`8e#IP`4gf)k*HgObHFt&(cfXM&*n-tDRe!c3qXp0qOKn&kq~NM3!+k(690 zTjxS=w#q(Ml_Jijyh&^+>yQqRggzKf(ViwT{+S}K5VBbg!-#{^QRWitPeYnaB22ysM>DfpxRWLL zBF%4_ShE~E66DJ3-6I|asyz(dO^@M4YE`=ua=iY%xp03tAI<9l%6=RVW=zT~2MH}$ zPyuFi4E{W1_RTiKL~^Qeb-<*^wo9K5zIf<&7haHgnXYiaKZ)F=_hvux(<4;A?pXY^ zM`3LJ5L#bpSpVp~{Go=Q6T?cP+7c`@Dlk~IU>BHy2grUGoh-x;aY(=SP<`y$eImmX zAj6A&12-c^f2BS8w8+GNLWK}n+TiOPIN`Hftey1 zdNSpw7X~9EKqvJ&B}>k6QIu2sBFUg64NbuodIsbUWMAxnEPveGh~M3tNRnKPDxfQT zq%~Ys$mzX9liO~JevqT`_%j9sY<{vL>8bKFfat#pnJ@8tVLp{rj{!yzX2XKlgX~@& z>?Bxqlu(h8mO7U{Hv;Y$ZP(=>7X*KxWnum(g~LWu90AC%-bf$7b4I%{c>%T@1^p2Z zs7_J(V8}(C6a5lDL>xm&xKLEVXV=U2DccC!jYo{gCMh!J9x6_WXo z4-0W|YZQ@*yf4Ze!gF$icE=F07Oa0D!2er^Zq*@{t@1w1&K8I|7jnEX8hATowQm`P zvO*guzdamHXvJf(`ayiRw9bv*BJ=$HIMLq&wtHVVYRLkGDN@|7+5yuU$sRA=RMP_z zMffHX=vC2{iY=r=(MP^)vAHBP-E!`GI!z2UJ`JoOW~=$VoX_5){(@Lc($SLBSEWNy zEjpLkQw*4s3PMPdXU_&nV5uvka4W$ViNR1DwKVWJqDt>qt8VR0Y*l2cGgSQb;lPdm zVw8QVTkgXgqasT6ccjh+&4d|T{&04lR%PlCaWrVo3WA70Cn=omUT`{bA*5O&T>JGJ z#tnc+=u@-K0Gnu^_B!VVvt@a1Zrtl^Of{=VqY;Zz>LC=5 z>l+)9!-@w!^uiHTye;QmJQPOPRqJI1wHp1?UfD_wFw*u@DQW>z(Jl~~f$;)NWUQ`Y z-W@*?uO}4n$tub4OmK+O4pVqDoZA^KtP-;2$#;%w;h`AXwS`W0X@qQrbTj72igi`d zB9e^vWR3<*9=Ev1drxv`t{G+fwWjA$<6Uut$D^A38ETU^_I*NYTP2UlU)7*eT65>2 zmvg5TjHL6oSAN<0VB#ba=udZ2G!^csXoP>YquCaP#q0At%<2>nG%76+x_UN`^mT(k zOK&g`>3}>nP};c+5AzKgH*uC`N5KtIZ=cN*672zrT};!RZoDhL%z_9i_IIM_Uq2wi z(i8C^UMuocH}=(vcJgYZZQOrjYxyB%ZVMab|lIs|etL0vDc`3OT^rm}s~i*n_{l|4U6W>`Y{~N`Sv- z>EVI{886<(1Z76SGQt4fL`FhVkT(G@BK$LpC~xa!=!49O(!c|8MZ5`_?CLYiU2uBVzrI0oke`TK*Q4_-7IO-9n=C)QX3{=nI5etEI3V zQdklK5+l3Ue*L3#)tb|8{@mN62KLvbYc@yz!(h7V^%H;HT3ZvL7MP*s$XMHMDq*D9 zby#*yfI$;%LqSxEbR67x1y#WNQgVj8If(K;g~dd|`h!$X(?qR@5J3-q5jB93uMb}D zoe>9iAtbo1n+1pU9s|>}6bVbMb;`1N z(28X9xBQ3(a|e22**Z3FDF4p2^9^XJ?00!&xERDFo10Uwg1UEP18_=$VSZRck-Mgu z3n8&{lZu%*Z#NW4x|pn?q&RNiSGKn7A9{;crkN^8>N&WXY*x8?b)R&1_;zZ3~e-Jsme_hFL^$cy!$?9zi6 z5KpGAMtcV342wTE3FAEujEVti6fHzn9h2^J!bhRUji89Xeotp&n1$^#HaVd!X(2=r zkX6CN(P;5G9iPP2Ffl=>*G<^eJ9oipZpjXpqU<#x?9(E5Py6ED6Cigoa=5FU;yr5Y zr7OzVmFwY=0Rc|*5)1C5vd?@t-}AO5V_copo@x=+92|xs-nG_W)zmT7E+|s94qBz%C2kJ9 z*FD6BpxE2eB$tk}t5?{k$$|&buQbIra?3+X|DI?|D%LAMTCLDw_^BjK4xP5jlL07F z`0~V3II9vtSEPj^c=3Hh&cNM=VzmOn^halb!I9`b&YSCGQ93 z23A59f(M6aML#s{C1z4QvJt7(l0YZva6u-dAon>SI~V~l(d%~_gM*T&C)PES0$Pj} zniX~CLxV<`L0DE|LdiETAHmqS;cf=Ah-{BDHm?^!RN}^7#5wb#$7zz*diu>EcUB|5 z3#9$WK5a;qFow?gk!2jPHJXc4B3lgD6k4DY%VA1YJgC8_=QMb4#5^V z!$S1Q@UPzKn7h4O>zKm4y|?$<{~Z6ST>lPGsZB(_By?8N%i>KWW9K!D`S7fl>Hhb? z@ocJFB~Zxdj__9occDtAEWb%ZMH4@o`}=Wmp!Oqq2uBA@u5Yw%9#Y6iFJ)T!lG2K! zPn}`fG@x+G>q&~vf@gb|yDgN`jApXu3tPb)pqsper9e~$%Xv?3)zjD~`;;g8%&sTY zt35^9ea@_6F4C40v%-HiUM_g2M5ZvD1-Eq4jUw%}t_Gn=-)+!J17&vnC|5bzD&HsP z{I4|OsfMQE=D=zl*3!xA4g~~Tz6|2-4@%P%A~Bh0pWx^S80V^bljjjrN17G`=;vm& zHg$AIRfv_VO!=9)zv@{%yd+ALM_Uk8ny`mcIwV>XkOrg{%bw)PfgYFskW`7LdbtCK zWwe=JT}M(nQI*{g_c)!g_F@CX@c_CVo5zn!`Kao=@&0~cxF|gYE-t$f~eOZ$dEd6jUu6kmX&7VU_Xe``^e+~-*|#h7|A$@(3iwWo}@S2JT&Mi zezhVQs7|%~1e?McW}7n$zH>I*kEb&!w@Q}m!oGoL>7q4x#YUo{_%Cb}WnJYWubUdV zUdWvqpYp3Dx_a$}qCr?NSZcbse5_d4vD7`%WUIP3(7AYIWrWRwZM*dFr9;{~drOAY z!id_IUVP2r@eGgsY@X6d=`prYZy_)wqXauN|oVnZ9OQ=Q_w0Uo{R830yl&Fv9$olX)xrab?TJ5{Wb&7 zh--0e*s2v$h_ct%=b*iVwgAsar=qn4|BD7`NKD;eMM52Q@*o{NJ+vJJ_pOlvq6_<9 z-zpu5Cj2>6wZcwM%cs{THg9b(SMz#dpPWUu|-`BtfXy<4n zeBKCHG5u6dyq4tupTUGAKfy09-WH;{U1i_kizs$yU>o6-(k~!@%2e0z;5~p!lrwA) z%5OkQ#&%XJ2Kcj;lzKXQ{1sK2`aFN%s683&zbliO<4SvnB&Ri@nE#WSqM6G@2cZ^! zloD>qKrE$$bp<7P@`g}x>M+I%nDYnLH$F(ut8sEtB%WpZAy=|5%1dPXMOvJ*p%NK0 z`>-sdOBbT1R&pT ziZTIkMOyt*d_yI3do_4G30L~wqgPgyyFhlvBa{mvX3Q2{E9ST;AX;479% zHt8fKcrYNrM?u=NfPWur_1PKL)vXQ(^ISPikF8MUKq`rq8QXOfBt4cSrO*!3$~@+FbZ&i5HQ3j) z@ew-566}cefgfhCihc7tpxG96{(Pg(VzxQ5#Ao@YqxHt=xK*l|x%4PqgeH%g33zGW zjziAd(+Na1ZeOjCo;>8^9`dKmz$;0N6=dFuf+u{$p_2UTMUR|zFNuY^w)!Bqvm?p~ z_{W-j&eCLcl+ihyB?F1~9s~7h6MKH5M)R->x1@^j_t-Q$ey?8Yj$x$c7XZejTmVzV z=%>tov*(|PWb0{@+OEtcO)XOq|ISF58x)Y8pL)bcnvGQdwK%FEfpLFXOxr zXZUO|?S9egFnhzPujO8`+LHHTW##!9Z%}^(cRAv&q2-Ql-8WJfLS9bBzEHk(?a@Hz z6ORlXl$%U8=x4K*RR=uvxrY?8ZwW4u`nq253Y)*~3(lC6S4>c+G5ANLS^2Jfo%%xc zmLrBK=vo`BUey-;xti1Fn`8yI&WCuyjcvHwqj#Oghms!W22QF9!EtxykSzBOd>w1I z;fC7XOyU{mnF8CL=cV$}$0PPh;$@+x)xLhKW_@et#%iOgexR~RFU7l6b)W_{$@~Y~ zoKIU~Fj{y}oeC~7?mL>1gNaY+Sj!{X+N&m(P@ZcsFBly-1!~6!6BCmc(k1Z?h)|uK zs!%X7j~Lrj@}D?+ciHq`!Rq=dt#2MhqrKoJ`O_H@d0)6a^l*y+QQrJhR&Ium-=Xp< zA>a%Xpu?KG2vb;iDhW?TgME(P997!{9FJ75fpL3CF-QCafP9`)jYeW%@4&t_mB%8$EE64= zWMtHBlh;|#SszEvJ;Km*jaC-G!O$9-@(n(74XJ?NJVHN>4S`|IC#47msowb%I!j>otIQgI>#apHhog353ST*{-cx zcAL^gCr++(Ha@H&7O7<;bw9Y}yV4M**psE3b*XmXSZ2J{E{_^e4JAh|GLQB(!slL{ z<#P|t4m#|I|H8ZXu$hBp#vos1*zbxkgsKXl7&lgQ+gam7L!I~kll7w}G(4<#6Gcv9 zveKwK{+f_^XlN2*V8HKSnI%ZdiScy}h7<$%0jQZ^7hYoswA+plAsd8DMQqQ$q|?8a zaKDtWD(5>zMDF4~+IE9jpIPD@mLpgTVd({uIFw<38Z3H_5x>YK=GX$1$K<*`6a}Bj z5RlGY72oHi<_ZF1<@c&nHXlELMAj|vk^UqajspB%rN`zrh(X#}a+Ow&E15_`e<0z2 zst&${QtULKD7T8kRL)~5oWF>H$t@>B^pZ4l3=%#gZ8Dhm zLKseWxD@kiD7MXafCfb);Mmy$M4wc0P=+zb`oYD1CGLf7mKtm5)_2HvKT;EP{7aSx ze)Z&`i~JU~zex^P9B;mq&h=D0A2dgm)|3~tGK6L{SW_&@iVSlEp?Kh(WAV*T--$tJ zgt@a=;DRmud}_EBk%<48K2SWUdcvzzc@{ITS`Mcp{^eI%sS{OH7h;Rh(WF>A2{0SZ z;K7vjl&MzPQlxme{NM~ydrP_tX_(1*#U_pGT?l^cyrOW}Nj7t9d9UX(wDZfgMNU3M zMiY{1X7X`04QuDt)#hvXOtD&VqluYvbQpG!g#ZAr4&enf*;y`%CK)TTG?8il=mLK@p4r0Sx==>vLks@;IplIx$h~ zCLor^Ohuw6R6)U8-H=6&^W8C;;Zx1$D#M$+Am}{W$?DakriJsCMMyU zV@~4)%tA1$i9n)}maaMwzrS&DBxt>|J-L+o86&$ypwKh=l?IN9t-Bqc`ywRmEeVd% zD<^buP~Ej`zhKwV3Di@31U+MM?FL~0)=uts-;0A&0yXMh1DIasj_?WUyzCIAKqn(DX;PBFj-M9#A0)XaSKA>Yozl7#6 zk9sx|jBbrDxs;E$5yr?mJrMtd5er*>QQi{SOi>k+!eJWBaTt9vzf75WuQ#{6!0C%q zj`*l1X# z!6p#~tB>&ma*HzR$w4197J}P6nIz^&U4$KeZz`Y5Et>t1Eddr8f=DYlIAz$Vk<)0erWH?s9v6SRYpis)8HV5_{uT^8&W}L&_w5tawCuSSA2U}>uN`D(edMZ zWAJX%|4o4~w!2`yDPPXY2<$rAvbV>3k3AxY`HL3c8IT+i+3MjT3p=@YA_gB$+28cW z>$;aaGx=J<;=Q<`R($;DctjH7hmtT(Uuin8alu+e5y$6XMfLaPEOtH}%zX^YgX(U| z-d<&8JiJQhz1r5(b7-fVU8SHlxoZIji9t2zTSRa(Y7p3CGLrJ4{3N(lRxmt*ar`YE z#1g9aCBK-KfO5$H9`;{w@hxeGZfliaakb+bw{|ure&U*6WuZPAP0(*3s)F*Iz4@{R zhktjIbm5G^M|-&yh<`|p;ZUFV?t{#-VSebq)bSdrB+v4|ermj%fCHVofyr$#-}H~@ zY1CgVs-dlUw7;#gC9L&Yo8ar__dg8sHoPD2?N1Z}vlh#Iog|-xqh)FFlAld+opf2L z{3X`O+>y;-w9{6(sf5&HiZT z9n>OAN7+aoYal1L>9`z#{5F}tih z{c*J`H2E-wL--vL)f^6vI6bz6pt*cZx=lB0|9Z$&d3gP#BK?KC5RxF9K^57yl1WyU zD6JBsxv39ENY|w+RfZmd0jd8&ffFUlqHsQWYNrV@H+N{dbh`2)t1;jxY=A888V`Ou z;)k}_TP}}R7)@Hz;p2>QbEa0V?Vdn8B|#N52;kLhbGX8oiXl!kDJ9sd#|%@XKwq6{ zvb88-C{twTG$Ws3}j zXVbx}Zy3!FFtd}|X8aSWL#C_KIc=z-Q(3%G?;sR~8zk{Kc((1c;=`Vouzba-1MjP5 z`*f|*F4z?LjnkN?Q?g3finnz3*CjAJKQkm--{ab=j z-ExUfQOoEHx>(_#ea=D^-&7M%=9W)cs>JV%&;E?YURxj{FwI)-a0wF-Wkc&9;Fgtb z<>Uq`BcHg$`0_yO@4EPn)L z(|?mY%Am|D5&9q}0x)BO=Srh)3V-eze-aFA7etm$sRt1Y&^lx9%FhemL>&v81gXLr z*oCN0t#sd2!%@XKK}+Y@cvZkFuQ-*MYQpUUK%!G@Zo=z!LnECzjIVKAH+x|nwMZvs z?Tqstwt+JR=gsWv-_y#xh51bAroILYFB&EF@q13leN(34rl`4MFo92bC`!y2;JTt8 z{BdKOH*&Q>1VTGIm7Z^=CY34^xDCH1?H(}XC4-!<3_mJYRG#Dec^?@;1Hn3}g;V+* znl_-lsENN0#M)ge`dttVa{{VIS-dDRr5_y~kHvO^B08UTprHM#R5hDe8wa<$(ZrQi zT&cks{$Z`3sI)Z?8mz^8g&IkN^3ZlrlcQYnmUJ4Jv}Nr5jiwciWQ_2zFf?c$*zJ4O zub=@1oCmZ^jhk=M8%S$-Vo-Gi$WbgGd$boW>s-{S)s-4`Pv;<+hl)13-ioiTm=6vL zD@^m!^+lBJ3{J%>d8zAwp_Ka8X&;mljl>My4%*5eHL#_?+>(OqqVt?~B47m+@5L4l zmhVY6ztIHJli9yzocq+b5l29oeO0%XTeT^xLA05BmGjl|eQ}2Qty(T1c@_ zMTZSL&R30`)7?K#E|FSSSGwdaATl5087K?Uvn4~r&)q?O?*0xT;^PTG3EvF9HIb_R zr{y)FzN^NdZL63nV_jLYYC!CF2y>vEaz`&=RebnoP8z(2-K53b)A|V-kcR%G!1R<> z^!S=DKK;}%$^{hAZ+@nSU;!LJLKA9{i<{_VrCPg@enIHp!uD?F%_=QN=uHsN(CTyS z)gO{0H@k#~UU_Uh#~Hm}yHJw7kEj^YTx(Y(0p2!`nKWtQ#-flnpUtc_1?Khv5#Li( zPJTqxQVRDeQ7?Yfxc1i<958p68_izBg!*ot^_E6elk--Ev?6~=16lh{(yUE+;PzK? z7Or!^G3akIDpH=_!`{}YOpGVg;!YJ@mLSUdZwK#ucvZ614PNs6qw7_z;CK_l^0Qt^ z2el$!wHLE^ki5i1`&D=nqMfF5a#AmbNC+#j(=6jY>jX=`)1vds((>coLrPbVDkI}P z1GEeh2hn$^U^>hVjL*?}z5i={kl?LK{p!dnC_OjfX3yX_b{91o`5;J6uFNhi!MX9t zd3vDy;VY9YVZ|~>w>zmalskcXfy2KB5$m-Rwr2=0C4~r<`f;RpZBGYS8&%v4!s~ztq_MEUx_{&D<1aVUY-`YK+RkIY!7^eGnC&}y z!uj?oS-Y{v^L*hKB{*JF7F0Hv6Ykx;;*f4$Y{}E;wr$VZ>DqC8!FgG*<}@Pzz(0)V zNbs?N!E#mQTOmugJ~(MB+&hi-!+K(55dR^lkBd7tVJ2@7VgO@gX?Q8`(>M zL;l_vOt$C?G7LbQ>!)rl5kUhB;pLLpS+&$9?7Zi)lZG+^sgnjj@~2l$bR^fduI`ft zRBVLTqj-KAm-mn0V}5Vpve=f3%t{l*ylksm4AhH|%sSq`O0CmF$ELUj>kext)6MjN{u$ztklwErTVL5#P)Jv_{F--L+#e?r?V?oU3gX}}Y zZW&#G_L)A4eA{lBybZtJgfR)-F2!l%Mli3(*Cf#N1iZ;>j9jkQojFT_s3i|n$@Jj= zCOxlF5G|IC3S$=xBdF3U;qo{|x_}`EIJpOi!H4n_{7~Q-+=cnWkKkSO#Q`+-RF*u? zy|v4F?Kx4>kBaiJ2a#$asLFB`GLvnV_6wKgV8e!8%k-pU607}3@Sodk=;zFCLdlc) z>mZ5KR>8%eEIx&cv=s~H_WU6A)Wb^;c2C#KEK?^wZpj|i51J`XxjC<0leAARolC8Rn84n@2lZ};xy zj$8Qrx7DYFjM7Y4Jc~q}7lo})y^HEW^y#QA%IxknX?*HsrQ3~G0_X0j&eXb2xV%)D zyi|qjpnwG0a0G*>x{i2kv=O+3=d8g-0#>fwF*r5IR-~n^q(N0^Y_oP>0u~b@TYYe3 z&_y#`X0Hanl_wFjSZ0SA#(W*kr!BGnROS*jyN-UK+(+cw$2|51A?Qs~*qUz*rGh5b z1il)z&$$i&J8mCj$$G!`S|ta&x)~RZ6TNEwQV_BoeukBxC5|eX7M>6l@zA9*;UyNt z_vXu}_0a}ZKf(%$iMEcx|3!7#NjtJ&V8=g$YZ8u)KXKxxllI>%5YTs|hH;ZJ?YDll zBtynsNL(wXNATBA$J->jp_fL_XKwA_b%u8qy=y%?UjFLMMux+Gcx_hfwV{pt2kH#{ zTe*yI&(qUms{xyJtm9-n@# z*x<_k!qV{k5Ij7xot!cMj=kJ|GS>3c)vr+`P*=qC|Hsi5eNm$y&FVCbdZRi;TN$H) zgp-Nx$6?iG+}0B2fBd1z?4|d=U#T{Clr`+BRBYt861Z(k8~cw(iwk?}1jk#JHCejZ z`wm_+-HW5f+6()t#HBI;i3GtpnXs9vmwOGH$`vx^cEet~NiY@UjM}P0X%?xxP_jHA z3Q3sjj$;owwMBfxaL&DD+wnWzXp3V9QE;hwsE#}#lvFjoo=4La>|Wi0Wlv8*mBpyy zOROtYr02V4nNh?jw(mu3XVMhgiTwPz0R|NxTScwrTl`nn1!0Fw{*NcSznyn?G%X{x zb(JAU%9n`~m_&{}u?+y;mtaojt^SBB>Yuvd7$`dZ+%KH>&nLnYA3Z7S@4D%F!f!0GMJ7|cV~P4rvu1wg1^u+8CJMB*985^4EaCpAk_u$j!2F@;jLY>d+C zx`5)gJsk7#J~JuCsfdV;Hl~}iVR>N9Ib^}htOAKze$20P#DDY6>EEslDZZ=y-l`3X zSYLs?U3Dfcz*XE$v$-z!(Yp)xiJ`pp)vX)Pd@;_4%*^6t$=E!)cNDGxEkc-DN{wm5%KFnBUH(JG3R1$UYlxOrLV+p z;IR^q4CPtDc1O8yi%A&S@_iQ+zS9vuj7kXAr)S zO{|)bE5FLeFalMUDAdxhE?bRZ_7dRVuK~WgxYqu$Mt#CY*ESXdeElvMsw--NEn$>% zmP$eYBf3kLbL@Lw_UMw1un1qsdv1$q1tU^z)p4xUvUCw=0oZkFK9-~&iQYKI>Y-i0@FzwyGnuuQ2dUpFGOf`{1H!;+s-<=F>s6V%Ump_HN6T?*w(D}U zE&~!FTq1JAKJqC-em(s61u&F)pOsU8so`X4lJ;q9AzGy=x5xA=DK-b#w83AJ{s(*R z8Ck08+67iRTxr?<;jlyCA-zoD5c+hv6Hsus@Hkcu;ycWSxG?~mT!(1O-mrqd<@^z3 zH){*{Hnz3ucCgjD?9fkKiTES_0w1kJ2znqaC)EwGWqq(&$ZA5lqk1#QZx*aOKp`;Sg49aS-H5=mY4XSop$H`x<`e zqqTbb{=_p*uZN?RFW9SMJpj_b@c*gfJcF80kT_0)bdk_Sid5+xAr$F|q4ypLAWcL? zij*LP&J*c1K&Sx)Q4x?LC83D)UZhDA2!s%t(mCJUhr4-mxBFpdXLk1c?*8{DUzbHj~n&$1jSEzTW-cb{R5Zi_7tP5??6 z>Dc-4Y{Iaqw4&UvMcB9|bq3$AA#UKhCcOxmUA*B&e*u;ZfW(=Wh;ZMkB7&w4OWmRy zsWqa8Zzb_$cz*YUkpEONR;58`=n)sMzaTP975oJz&z80+9@a-P#Erx_#eNbMQl?W` zIb|f60)|Sqc)0o5;r?`yT<5Xw>E)jRr^1OSVG{=~F5^Qt)5V-^#uA^H-^AB&5H7uF zjxR2Zv*%{IsZ4_;h@?4h!?^yCY)H`~EBf3-yu_llD*e$4d{3~pH#eNk#Gdy-(uMwQ zABB*u{pqKC6xz2v^;V#yLUDYib2exWwOZV->lIaI{V_&DZ>-SMQD%rIMw!$Nx*#hT z`+V2<&@(F^e%Ci`wsEyh6pU!5KDvnxUuyG!Xx~j26@=*+WHDwYTi^Pv8){%?X>(tO zH#;|4DbFzHLQi5DAC!E*YXJ@F`%ti6am}QhxBjq!OrLLdcdTS7qhe#Q-rzKNplVMP@<4x!INP^@M21k z*3$`JcE#G9osT)Q_h^^z4NUMV87W@q_(9DdFj8M!_q&oKsT||KerpyYhuu|?8oYC) z<=68(_`;j5K8Z*4L2|!Q{oAqe{2wEqo6_KNM`&x z+Jbln9)GDTlhClq&4)!H`Blmz;I`_+_xd2bG0U7#{y3UwfUMbRbRAbQpa;l}h!1l~3W<$4+rvLfqWg&(x)b||=7;JCzO7lxec%S zkrGz6u9DxzH!Zgiku0;1)!YzquPiY6E%22UT`UVtX0O|VF#t|N$UGY$Hb zC$3T~kDAu`*#LLKh4Fxn8i%nXv}|NuV{wk;sD5_uf#EplGiHpZDP=-8h%Jv$t?Wqe zV{#SuCXM%ob~ZF=5@i4ur;}Uz)p^F7tuGw+?c0vRX}whsVImZ@u%(WAJ-!*hBm8EH zv-!xVVVv-olh+u_1JsS_g%TT4)C==&Jr_|y>{-}t&nyS$h%C#haF=fdPCCwMiM6!n z7NF2Ph{I$+YU@mhusi{6qj$6AX1lg+rAqk^&9s->Vzji0)s6D?x;9Av*?v3DW(&t; zPqHTof_=kV^V#Tp_``QN_A^z@LV~PI!(&3fnW5t6sbaRXCG3H-y!772I!lm{ee1gf ziNvkYy5Vf43t87OyzQqz1dp`>%&!O6vA3Rk(nm-ifTcvG3REE{2D*u3!VBSWPO~rB zX8@U6>wbpdqIrsYq|tW@l9*jNzHcRq>12P#W-J^}VgZkTR(*eV`>S%0mZ0ht_exrk|DqCLYyn9D$+u~|tbs0eM`fz5Y>(A{X^WJff z`YC6Qbjr1MD!}niAxc_epFFD$II11aT*TwCmQud+YKeQ;KqoK{kIBPu&@zs5RAQ zGRl$^OC&x}`t@o%l32^w&XEMH55+BJcKQy+6aWQ~{05OSmJE;JBU;2K_cA$= zNq`7MJWJrz!$S02_<0vn!_0t04SO5hF7AO$rwYQmXvk?Px6#pUpM9jgdTbhs9Q^^L zw$JDaf}qlFEdH4sFANw>Rwf|t2l{mcFoojrQ?fbn40B|0!m^7y{f}X@7|f{6FN_eW z*?qB@vw^{!U1d-~@Dm)z&BBX_K-P3S{yqbteM2aiJl%QShqw3{`GysJF28A!I8S+6M7Q zhQ$v<&U-QQuQKFLDkhvzG8|k45Afwn6rY9;JLEv7PwUb#eYr#dRUPy1KQN#Tp>ujY zQDl~(ZSVqFss6!lKcP)+Sn-&9gM&#cZk=uZbR@6o05rkAPCT66 z{L+OG5Al7;h|eSx1v~~I1Xsx*pr3|_a;P_(A)uuTYa}tQIl|*Js?DQS94lciIBa)N zmns0ZSS?c2>mTx$=Qxv|Ssl||nK(F0WDm6TUe1-s<5Ux13@Hy+2)lshYdb$Xx#f51 z6!roWZu=v(*ISB;q&~sVn>OL7z*XaNd{as`uV8rSl3x|{89mdwx53>)bq+4i-Ma-%4Y(E$b;U=}>Al62ESD2^Mu@KDBO>B3JB3E7TMV)#iH*eQMupY4jd0 zxY#IvWwL68x~!raFC5HlnRYCSRNHa???26+29_63ZIT*)(%fe)7dDYiO5=}!?0Ed) z2E+@dW!f5yjZIZ$d1jo-4t&5d`{YC%Ig=k`&epAuqH4&XKrFlZ=8LWbU=Hm_{C9M) zp2^D9xCn)en}Vdj;ZirRS-I=x5aX`{`GA^lEDttm^&jBJpv8cN%FDH}zxb?q_1EU{ zvOky|pRPv;eK2=?ctw82!Gb2%KE-<|8Os};V=VBE%wDttQjrVq{A{lmX#-y z7o0T^ z?AIX;R)zjG=>cI*1QGck45-*tx|61g0W$zZ{}ZLr-21x|2Tn8L&4*b@x%fRnodwva z*f?T2=H}f2Y_!7Duge3q>h&e1TN&RK6|>v=iVdJB??>bwzgA;ij6rhJ+Z;H}5iA>L zp!(Z_AqJ(epzBv>S0?%ZAQQ>|=bQb(S^Ss%AKKYJoBR`q@t+P%)c*sIVWLk){&xxR Nk4OKBiw1vZ{{rE#q6Gi| literal 0 HcmV?d00001 diff --git a/Solutions/Azure Key Vault/Package/createUiDefinition.json b/Solutions/Azure Key Vault/Package/createUiDefinition.json index 592050fe86f..a47121b6474 100644 --- a/Solutions/Azure Key Vault/Package/createUiDefinition.json +++ b/Solutions/Azure Key Vault/Package/createUiDefinition.json @@ -60,7 +60,7 @@ "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This solution installs the data connector for ingesting Azure Key Vault diagnostics logs into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." + "text": "This Solution installs the data connector for Azure Key Vault. You can get Azure Key Vault custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." } }, { diff --git a/Solutions/Azure Key Vault/Package/mainTemplate.json b/Solutions/Azure Key Vault/Package/mainTemplate.json index ea77c24f3dc..0646ae52222 100644 --- a/Solutions/Azure Key Vault/Package/mainTemplate.json +++ b/Solutions/Azure Key Vault/Package/mainTemplate.json @@ -38,74 +38,69 @@ } }, "variables": { - "solutionId": "azuresentinel.azure-sentinel-solution-azurekeyvault", - "_solutionId": "[variables('solutionId')]", "email": "support@microsoft.com", "_email": "[variables('email')]", - "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_solutionName": "Azure Key Vault", + "_solutionVersion": "3.0.0", + "solutionId": "azuresentinel.azure-sentinel-solution-azurekeyvault", + "_solutionId": "[variables('solutionId')]", "uiConfigId1": "AzureKeyVault", "_uiConfigId1": "[variables('uiConfigId1')]", "dataConnectorContentId1": "AzureKeyVault", "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]", "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", "_dataConnectorId1": "[variables('dataConnectorId1')]", - "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]", + "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]", "dataConnectorVersion1": "1.0.0", - "analyticRuleVersion1": "1.0.3", - "analyticRulecontentId1": "d6491be0-ab2d-439d-95d6-ad8ea39277c5", - "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]", - "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]", - "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]", - "analyticRuleVersion2": "1.0.5", - "analyticRulecontentId2": "24f8c234-d1ff-40ec-8b73-96b17a3a9c1c", - "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]", - "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]", - "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2')))]", - "analyticRuleVersion3": "1.0.4", - "analyticRulecontentId3": "0914adab-90b5-47a3-a79f-7cdcac843aa7", - "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]", - "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]", - "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3')))]", - "analyticRuleVersion4": "1.0.1", - "analyticRulecontentId4": "884ead54-cb3f-4676-a1eb-b26532d6cbfd", - "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]", - "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]", - "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4')))]", + "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", + "analyticRuleObject1": { + "analyticRuleVersion1": "1.0.3", + "_analyticRulecontentId1": "d6491be0-ab2d-439d-95d6-ad8ea39277c5", + "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd6491be0-ab2d-439d-95d6-ad8ea39277c5')]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d6491be0-ab2d-439d-95d6-ad8ea39277c5')))]", + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d6491be0-ab2d-439d-95d6-ad8ea39277c5','-', '1.0.3')))]" + }, + "analyticRuleObject2": { + "analyticRuleVersion2": "1.0.6", + "_analyticRulecontentId2": "24f8c234-d1ff-40ec-8b73-96b17a3a9c1c", + "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '24f8c234-d1ff-40ec-8b73-96b17a3a9c1c')]", + "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('24f8c234-d1ff-40ec-8b73-96b17a3a9c1c')))]", + "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','24f8c234-d1ff-40ec-8b73-96b17a3a9c1c','-', '1.0.6')))]" + }, + "analyticRuleObject3": { + "analyticRuleVersion3": "1.0.4", + "_analyticRulecontentId3": "0914adab-90b5-47a3-a79f-7cdcac843aa7", + "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '0914adab-90b5-47a3-a79f-7cdcac843aa7')]", + "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('0914adab-90b5-47a3-a79f-7cdcac843aa7')))]", + "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','0914adab-90b5-47a3-a79f-7cdcac843aa7','-', '1.0.4')))]" + }, + "analyticRuleObject4": { + "analyticRuleVersion4": "1.0.1", + "_analyticRulecontentId4": "884ead54-cb3f-4676-a1eb-b26532d6cbfd", + "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '884ead54-cb3f-4676-a1eb-b26532d6cbfd')]", + "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('884ead54-cb3f-4676-a1eb-b26532d6cbfd')))]", + "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','884ead54-cb3f-4676-a1eb-b26532d6cbfd','-', '1.0.1')))]" + }, "workbookVersion1": "1.1.0", "workbookContentId1": "AzureKeyVaultWorkbook", "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", - "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]", - "_workbookContentId1": "[variables('workbookContentId1')]" + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", + "_workbookContentId1": "[variables('workbookContentId1')]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('dataConnectorTemplateSpecName1')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "DataConnector" - }, - "properties": { - "description": "Azure Key Vault data connector with template", - "displayName": "Azure Key Vault template" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "DataConnector" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Azure Key Vault data connector with template version 2.0.5", + "description": "Azure Key Vault data connector with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -150,7 +145,7 @@ }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", + "apiVersion": "2023-04-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", "properties": { "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", @@ -175,12 +170,23 @@ } } ] - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_dataConnectorContentId1')]", + "contentKind": "DataConnector", + "displayName": "Azure Key Vault", + "contentProductId": "[variables('_dataConnectorcontentProductId1')]", + "id": "[variables('_dataConnectorcontentProductId1')]", + "version": "[variables('dataConnectorVersion1')]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", + "apiVersion": "2023-04-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", "dependsOn": [ "[variables('_dataConnectorId1')]" @@ -245,42 +251,24 @@ } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", - "name": "[variables('analyticRuleTemplateSpecName1')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, - "properties": { - "description": "Azure Key Vault Analytics Rule 1 with template", - "displayName": "Azure Key Vault Analytics Rule template" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "KeyVaultSensitiveOperations_AnalyticalRules Analytics Rule with template version 2.0.5", + "description": "KeyVaultSensitiveOperations_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion1')]", + "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('AnalyticRulecontentId1')]", + "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -299,10 +287,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "AzureKeyVault", "dataTypes": [ "KeyVaultData" - ] + ], + "connectorId": "AzureKeyVault" } ], "tactics": [ @@ -340,13 +328,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", "properties": { "description": "Azure Key Vault Analytics Rule 1", - "parentId": "[variables('analyticRuleId1')]", - "contentId": "[variables('_analyticRulecontentId1')]", + "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion1')]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", "source": { "kind": "Solution", "name": "Azure Key Vault", @@ -365,46 +353,39 @@ } } ] - } - } - }, - { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", - "name": "[variables('analyticRuleTemplateSpecName2')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, - "properties": { - "description": "Azure Key Vault Analytics Rule 2 with template", - "displayName": "Azure Key Vault Analytics Rule template" + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "contentKind": "AnalyticsRule", + "displayName": "Sensitive Azure Key Vault operations", + "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" } }, { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('analyticRuleTemplateSpecName2'),'/',variables('analyticRuleVersion2'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "KeyvaultMassSecretRetrieval_AnalyticalRules Analytics Rule with template version 2.0.5", + "description": "KeyvaultMassSecretRetrieval_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion2')]", + "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('AnalyticRulecontentId2')]", + "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -412,7 +393,7 @@ "description": "Identifies mass secret retrieval from Azure Key Vault observed by a single user. \nMass secret retrival crossing a certain threshold is an indication of credential dump operations or mis-configured applications. \nYou can tweak the EventCountThreshold based on average count seen in your environment \nand also filter any known sources (IP/Account) and useragent combinations based on historical analysis to further reduce noise", "displayName": "Mass secret retrieval from Azure Key Vault", "enabled": false, - "query": "let DistinctSecretsThreshold = 10;\nlet EventCountThreshold = 50;\n// To avoid any False Positives, filtering using AppId is recommended.\n// The AppId 509e4652-da8d-478d-a730-e9d4a1996ca4 has been added in the query as it corresponds to Azure Resource Graph performing VaultGet operations for indexing and syncing all tracked resources across Azure.\n// The AppId 8cae6e77-e04e-42ce-b5cb-50d82bce26b1 has been added as it correspond to Microsoft Policy Insights Provider Data Plane performing VaultGet operations for policies checks.\nlet AllowedAppId = dynamic([\"509e4652-da8d-478d-a730-e9d4a1996ca4\",\"8cae6e77-e04e-42ce-b5cb-50d82bce26b1\"]);\nlet OperationList = dynamic([\"SecretGet\", \"KeyGet\", \"VaultGet\"]);\nAzureDiagnostics\n| where OperationName in (OperationList) and ResourceType =~ \"VAULTS\"\n| where not(identity_claim_appid_g in (AllowedAppId) and OperationName == 'VaultGet')\n| extend\n ResultType = column_ifexists(\"ResultType\", \"\"),\n identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g = column_ifexists(\"identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g\", \"\"),\n identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s = column_ifexists(\"identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s\", \"\"),\n identity_claim_oid_g = column_ifexists(\"identity_claim_oid_g\", \"\"),\n identity_claim_upn_s = column_ifexists(\"identity_claim_upn_s\", \"\")\n| extend\n CallerObjectId = iff(isempty(identity_claim_oid_g), identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g, identity_claim_oid_g),\n CallerObjectUPN = iff(isempty(identity_claim_upn_s), identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s, identity_claim_upn_s)\n| as _Retrievals\n| where CallerObjectId in (toscalar(\n _Retrievals\n | where ResultType == \"Success\"\n | summarize Count = dcount(requestUri_s) by OperationName, CallerObjectId\n | where Count > DistinctSecretsThreshold\n | summarize make_set(CallerObjectId,10000)\n))\n| extend\n requestUri_s = column_ifexists(\"requestUri_s\", \"\"),\n id_s = column_ifexists(\"id_s\", \"\"),\n CallerIPAddress = column_ifexists(\"CallerIPAddress\", \"\"),\n clientInfo_s = column_ifexists(\"clientInfo_s\", \"\")\n| summarize\n EventCount = count(),\n StartTime = min(TimeGenerated),\n EndTime = max(TimeGenerated),\n ResourceList = make_set(Resource, 50),\n OperationNameList = make_set(OperationName, 50),\n RequestURLList = make_set(requestUri_s, 50),\n CallerIPList = make_set(CallerIPAddress, 50),\n clientInfo_sList = make_set(clientInfo_s, 50),\n CallerIPMax = max(CallerIPAddress)\n by ResourceType, ResultType, identity_claim_appid_g, CallerObjectId, CallerObjectUPN\n | where EventCount > EventCountThreshold\n| project-reorder StartTime, EndTime, EventCount, ResourceType,identity_claim_appid_g, CallerObjectId, CallerObjectUPN, ResultType, ResourceList, OperationNameList, RequestURLList, CallerIPList, clientInfo_sList\n| extend timestamp = EndTime\n", + "query": "let DistinctSecretsThreshold = 10;\nlet EventCountThreshold = 50;\n// To avoid any False Positives, filtering using AppId is recommended.\n// The AppId 509e4652-da8d-478d-a730-e9d4a1996ca4 has been added in the query as it corresponds to Azure Resource Graph performing VaultGet operations for indexing and syncing all tracked resources across Azure.\n// The AppId 8cae6e77-e04e-42ce-b5cb-50d82bce26b1 has been added as it correspond to Microsoft Policy Insights Provider Data Plane performing VaultGet operations for policies checks.\nlet AllowedAppId = dynamic([\"509e4652-da8d-478d-a730-e9d4a1996ca4\",\"8cae6e77-e04e-42ce-b5cb-50d82bce26b1\"]);\nlet OperationList = dynamic([\"SecretGet\", \"KeyGet\", \"VaultGet\"]);\nAzureDiagnostics\n| where OperationName in (OperationList) and ResourceType =~ \"VAULTS\"\n| where not(identity_claim_appid_g in (AllowedAppId) and OperationName == 'VaultGet')\n| extend\n ResourceId,\n ResultType = column_ifexists(\"ResultType\", \"\"),\n identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g = column_ifexists(\"identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g\", \"\"),\n identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s = column_ifexists(\"identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s\", \"\"),\n identity_claim_oid_g = column_ifexists(\"identity_claim_oid_g\", \"\"),\n identity_claim_upn_s = column_ifexists(\"identity_claim_upn_s\", \"\")\n| extend\n CallerObjectId = iff(isempty(identity_claim_oid_g), identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g, identity_claim_oid_g),\n CallerObjectUPN = iff(isempty(identity_claim_upn_s), identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s, identity_claim_upn_s)\n| as _Retrievals\n| where CallerObjectId in (toscalar(\n _Retrievals\n | where ResultType == \"Success\"\n | summarize Count = dcount(requestUri_s) by OperationName, CallerObjectId\n | where Count > DistinctSecretsThreshold\n | summarize make_set(CallerObjectId,10000)\n))\n| extend\n requestUri_s = column_ifexists(\"requestUri_s\", \"\"),\n id_s = column_ifexists(\"id_s\", \"\"),\n CallerIPAddress = column_ifexists(\"CallerIPAddress\", \"\"),\n clientInfo_s = column_ifexists(\"clientInfo_s\", \"\")\n| summarize\n EventCount = count(),\n StartTime = min(TimeGenerated),\n EndTime = max(TimeGenerated),\n ResourceList = make_set(Resource, 50),\n OperationNameList = make_set(OperationName, 50),\n RequestURLList = make_set(requestUri_s, 50),\n ResourceId = max(ResourceId),\n CallerIPList = make_set(CallerIPAddress, 50),\n clientInfo_sList = make_set(clientInfo_s, 50),\n CallerIPMax = max(CallerIPAddress)\n by ResourceType, ResultType, identity_claim_appid_g, CallerObjectId, CallerObjectUPN\n | where EventCount > EventCountThreshold\n| project-reorder StartTime, EndTime, EventCount, ResourceId,ResourceType,identity_claim_appid_g, CallerObjectId, CallerObjectUPN, ResultType, ResourceList, OperationNameList, RequestURLList, CallerIPList, clientInfo_sList\n| extend timestamp = EndTime\n", "queryFrequency": "P1D", "queryPeriod": "P1D", "severity": "Low", @@ -423,10 +404,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "AzureKeyVault", "dataTypes": [ "KeyVaultData" - ] + ], + "connectorId": "AzureKeyVault" } ], "tactics": [ @@ -460,13 +441,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]", "properties": { "description": "Azure Key Vault Analytics Rule 2", - "parentId": "[variables('analyticRuleId2')]", - "contentId": "[variables('_analyticRulecontentId2')]", + "parentId": "[variables('analyticRuleObject2').analyticRuleId2]", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion2')]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]", "source": { "kind": "Solution", "name": "Azure Key Vault", @@ -485,46 +466,39 @@ } } ] - } - } - }, - { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", - "name": "[variables('analyticRuleTemplateSpecName3')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, - "properties": { - "description": "Azure Key Vault Analytics Rule 3 with template", - "displayName": "Azure Key Vault Analytics Rule template" + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "contentKind": "AnalyticsRule", + "displayName": "Mass secret retrieval from Azure Key Vault", + "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" } }, { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('analyticRuleTemplateSpecName3'),'/',variables('analyticRuleVersion3'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName3'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "TimeSeriesKeyvaultAccessAnomaly_AnalyticalRules Analytics Rule with template version 2.0.5", + "description": "TimeSeriesKeyvaultAccessAnomaly_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion3')]", + "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('AnalyticRulecontentId3')]", + "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -543,10 +517,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "AzureKeyVault", "dataTypes": [ "KeyVaultData" - ] + ], + "connectorId": "AzureKeyVault" } ], "tactics": [ @@ -580,13 +554,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]", "properties": { "description": "Azure Key Vault Analytics Rule 3", - "parentId": "[variables('analyticRuleId3')]", - "contentId": "[variables('_analyticRulecontentId3')]", + "parentId": "[variables('analyticRuleObject3').analyticRuleId3]", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion3')]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]", "source": { "kind": "Solution", "name": "Azure Key Vault", @@ -605,46 +579,39 @@ } } ] - } - } - }, - { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", - "name": "[variables('analyticRuleTemplateSpecName4')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, - "properties": { - "description": "Azure Key Vault Analytics Rule 4 with template", - "displayName": "Azure Key Vault Analytics Rule template" + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "contentKind": "AnalyticsRule", + "displayName": "Azure Key Vault access TimeSeries anomaly", + "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" } }, { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('analyticRuleTemplateSpecName4'),'/',variables('analyticRuleVersion4'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName4'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "NRT_KeyVaultSensitiveOperations_AnalyticalRules Analytics Rule with template version 2.0.5", + "description": "NRT_KeyVaultSensitiveOperations_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion4')]", + "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('AnalyticRulecontentId4')]", + "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]", "apiVersion": "2022-04-01-preview", "kind": "NRT", "location": "[parameters('workspace-location')]", @@ -659,10 +626,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "AzureKeyVault", "dataTypes": [ "KeyVaultData" - ] + ], + "connectorId": "AzureKeyVault" } ], "tactics": [ @@ -700,13 +667,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId4'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]", "properties": { "description": "Azure Key Vault Analytics Rule 4", - "parentId": "[variables('analyticRuleId4')]", - "contentId": "[variables('_analyticRulecontentId4')]", + "parentId": "[variables('analyticRuleObject4').analyticRuleId4]", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion4')]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]", "source": { "kind": "Solution", "name": "Azure Key Vault", @@ -725,37 +692,30 @@ } } ] - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "contentKind": "AnalyticsRule", + "displayName": "NRT Sensitive Azure Key Vault operations", + "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2021-05-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('workbookTemplateSpecName1')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Workbook" - }, - "properties": { - "description": "Azure Key Vault Workbook with template", - "displayName": "Azure Key Vault workbook template" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2021-05-01", - "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Workbook" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AzureKeyVaultWorkbookWorkbook Workbook with template version 2.0.5", + "description": "AzureKeyVaultWorkbook Workbook with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -828,17 +788,35 @@ } } ] - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_workbookContentId1')]", + "contentKind": "Workbook", + "displayName": "[parameters('workbook1-name')]", + "contentProductId": "[variables('_workbookcontentProductId1')]", + "id": "[variables('_workbookcontentProductId1')]", + "version": "[variables('workbookVersion1')]" } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "2.0.5", + "version": "3.0.0", "kind": "Solution", - "contentSchemaVersion": "2.0.0", + "contentSchemaVersion": "3.0.0", + "displayName": "Azure Key Vault", + "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation", + "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Azure Key Vault Solution for Microsoft Sentinel enables you to stream Azure Key Vault diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity in all your instances.

\n

Data Connectors: 1, Workbooks: 1, Analytic Rules: 4

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", "contentId": "[variables('_solutionId')]", "parentId": "[variables('_solutionId')]", "source": { @@ -866,23 +844,23 @@ }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId1')]", - "version": "[variables('analyticRuleVersion1')]" + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId2')]", - "version": "[variables('analyticRuleVersion2')]" + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId3')]", - "version": "[variables('analyticRuleVersion3')]" + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId4')]", - "version": "[variables('analyticRuleVersion4')]" + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" }, { "kind": "Workbook", diff --git a/Solutions/Azure Key Vault/Package/testParameters.json b/Solutions/Azure Key Vault/Package/testParameters.json new file mode 100644 index 00000000000..70b814c1293 --- /dev/null +++ b/Solutions/Azure Key Vault/Package/testParameters.json @@ -0,0 +1,32 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "Azure Key Vault Security", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } +} From 3b15e109882712d86d7f81b88acf225ae9cc52e2 Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Wed, 3 Jan 2024 13:10:12 +0530 Subject: [PATCH 5/5] Release note added --- Solutions/Azure Key Vault/Package/3.0.0.zip | Bin 19832 -> 20436 bytes .../Package/createUiDefinition.json | 2 +- Solutions/Azure Key Vault/ReleaseNotes.md | 3 +++ 3 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 Solutions/Azure Key Vault/ReleaseNotes.md diff --git a/Solutions/Azure Key Vault/Package/3.0.0.zip b/Solutions/Azure Key Vault/Package/3.0.0.zip index d0f5432cde7ca8987298e611d79662a95cb369c0..d1f657502a23856f7233776a7d7e4dd9242afb1f 100644 GIT binary patch literal 20436 zcmV)MK)An9O9KQH0000800?O#Shi(75HAV<0Cpz;02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARH?OOkC8@Unwzd+w%pti7NXjhIeMhm04gU=4G#yNMc?ItKJBcOIEiRWE% zLvp3)QUmuaeY8GFXUN^vu67+q7biIs4RV2&KW2u*@0%Ht_wM(<1L*zHM01|9-XZkn z)@J5#H1aKB$|RfdluH}3pL5N_NTo%e8SRBn!u=rAd?EO9bgVhE{2!+$d@7`{Ldoz& zo>=iR4SzC9{-HN?y5>yA3D>0Sg^08=YHGtHC%Y!07`))xpdcFDP*!wjOtX|*9E2m@ zQ4=;sN>0UW-GEKPyb?b%9b@B^C58{Ho(VG|GWEgO7;_V8k=a7?Uqw0tqoZfz$~&4Z z!xED{_%uT;svS04~YqXm4a-o-nuwt=)+TZ)0 zukhcO3;{7J6gc@|8V|fdWY5){qva`E;UeJrR;r~0VN71PgWV!3&BzpbOS_F5?FSDa zIhuE}2u;T^S3lVWMy5*~2;nq5+ z^x_U_s1OgO-+)UtNw|TP%E=gmeqPkW zZt_W;;Wh4KCkjAsMEqQLL)r8dw1&1C=Wp*4;H0)msQ7kUV8rzsK}) zL%-81&sz37zC3>`kXw?nhShmpQ2Dd?Q3_rsjtUy}3?eZt(YkSsXGgE9rPQsmtBg03 zU&NT)}cKk}E;0=v`4%n~H?eA52zjj~R3)v%qOhL~wHMMd1T*P5^@; zII=u$$i_$!i!$k5&s;Lr{e;Vzo%b6~><>a(;b6Eoxal=r{RZQ&?E=YMQTpwD_x!4f zOibc-?lhu)gh#(lPE;h~;ZBVWA4;HaSSEs^e0a9Mx4#$c{Uz9YvV#V9?QUgK*DfwU za08E3iUBq}(JDK^WYid)unA9ScsCld1Y71RiG5{s>GlU0+@pE}1u<%jDOoNB2J?jW zUCE>di5eozmXN@NgqhTu)}A`z@c1Q5aLe5WrY!4wK=wU7`a4Ym>~(8{mMxusn5guo^VHU!Z8`-Prql+&diic7{O1+^iw& zjC;dz&soyld$)t4Z#HmB*cO_{?HEz_*g7QD2NgiODWeBgN!f$JgQ99wrQdEeZRF_2 zph?1FekH84=Dj0v>nU%wGTmlC@3!noVEJ3y$~X7&;|fQAi>ctYHAQ7UYqnAei6b2) z;H#plsMm}`G?@jJU9RBTsG~yoCssuflP>#g7FkhlEG8pLL{1bE#T7;!Ra?cZ5RRq@ z*89rsA^776DZ+zKQSJGPbi-T>;p-xPmW!BbF|xrI7V8R~YWA?#bkJS>vzaA7Y!d@C z{dWITZz3t_>Zn7yRqho=l3Se1d?08QI8I8gMXz>>#mdiY6zQ%+td0+(LU=%ugHrOQ z;Jao+)7k5fs&;xfowQ1{W`byUV^%yXMl{1Po`^97BU;MLeOv*KfOt9%m&AW~WO`NM~4g^$vhJ{}(N&@|^s<_=IZOiVP&l^6cdMP9XTu~x4T zoQcnyj;XCc@nCqsW^ExiWlw3yCnWyb@s5t4*zwy@{&7fca|~&MB|&lC4JeE|if>2l zt=#$K!##OP;Y`WagvueCnF%ML6YQ!r<37^SpDvfTjP4|#8@fFX+_d*#!HX@3c**&i zSU%7@W)v$0HTB8YyW$pI;ciq+NVi05nh;YBQ5KH}xck!;NHG5>Yv-^iRv)iohObuyMJw-=v4NR zd7|6GZSzEB*>53FG_P7q(?I7`)bSLLadfHqP|%Ou*}7g3HYAx(82s1X{GSj0F}GCN z**SUJ1irfe=G9f0Mz2Nu>|ANwouFFjYkx6ce}s5|-yh-r$4nNNRlwU!8|wi0Xo;g* zz!ys#r#{dNq{(v5Wi8&{zkFcWkz;(P>>-F>QIf~p9Qu(b=nacUf1FzWM6YXZn_uU- zp7~M5FW>wvi*EDGwfmppSRTn0_>a03X0GxihLqW84ohL@z~5%RdZahC7`Y!~9&*#l zEBcR5JX-;CizDEJz*J@ZH#|M~CPBZvmd^2d^L0gdUG*_g8=? zTud2>1FQ~VEL(mgF=V_uH86<$YZp+YGjxdvg6bPYc`W>eJ5^IS-I<1S<2-HPQfWv9 zM#!=vh=FBUQp`1ELV0asmz>?YZ1#MC!j4rg?Nz0=Dxuf{Wn=b=s2@$|vbs#+av`*m zw7V#mQXor=DlW3o>J|8Rzv3(o{nPW&QRD;-T*f4?plnGO1L;J_VhxpUZ!K-wK+smAr``B5Aro{MwFo1EhzKj9wF zq<4}dQUlcX{ol_@Cxb6Fh-fUCA^7Y(9n)RG6e$P^!(@R&7NSt*A^_nP%cFMIDvZmR zMM4n!D3^4smPmN-ioFmtm`FRJ`f@Cr;ef^TI>K;u6b&eltOJC>YLfxOLJCtAvdTZ- zped*BQ0B5JlG>NRE6=4N&~=EXF?G~g+{xjfO=3)(H3VPK13jlpP{hvc5Xuq|T|LKH zX)Y-}Hfuq9;LE|FDhCrhC89mSROuj>&Z@v~8|ny_bB3E~0;x2%1Qxa9R8l{hupk>9 z931Q&?0?=k@$?bn#19u&@I~swr(Z5i{J%cj4xHvnx{kn0OTA301*HH0BvDuZd7G$ zaBN|8WiD!SZ*J^edvn`HlK=mz?mNusu1@3?LGdNa%9e7g*s-JYBU(#NYRghFLtscE z0s$@nO6F#r&wkzW00zK-03VLlUTU{u66opa?&;~7>HY!y?ce{6kc0n<>?xbkgKx;e zG>+%dH%CX}N_$3qI$<;B$8GxeMabHAFq8M9qh69#xgKY4$~V(QQsCHM_5z$Lnfr$LCMZ(KVJqF@{o zi$sh0JP6}I&(t*(NHF2u%us{~TU`a-B8JXLECnLtASCCg1bM}lNysp# zAq6==L`@1WuxTtrmY3jSyqq)aB8o%TpQzqZ4cC9o{7F28yWRA%!^YUzPt;rRb{|3( z1&h#TFT-FlZ#3Jgms_1z!6cGbWQXot%5?BHh{+;iPK%5dG4UC5m_y=#%xM%68qTaZ zz5@$HG5O`S?8Lg71`E%zpsDp8vwonVV+YXemo_0kGvfMD%&3E0Njzobmxmy{i{{j3 zmJ;(9@-TJnDRCp>u+Y7SF2`XobxEn*SK;J?Al(2BwV>W&|Y^7e)I8^r!o6Xy5-7_k$(5&3s zYN`CQ>W}y!D4ztcg9$nJske+>JA$!fFeTDSb_FxY^_hpm8?ksXU#ZF{2=2NTvfgY6 za}yGJw-=!sFRN!&J@wxzrO`Q+zy*!8FmO*pmySH9M*)a-uE*6`8GeQd-G_urONMq(EBSPEA3mcU>|`J z&HqkDh6|?=rXLTJnbZDp&O#mlsCNM^Cet`NN~U{s*dltcNNzy1Xc3KzngI!mj8w=* zQ>sjP9)ipksxr+go2bS8YR+u*-mV^0OSEep9<5OBuvOLCa%}6cwea1)Etm)=jd})X zmT4iU6BoXlnNL}6a@TSh2F}7xTuRCt(>sV$S?GCEHNr`-|j zSaj5LtU>?Ou}+VjCl+;{GTJ}wot)Um8Yi8Rvb}lU6`bnaV_}T#l)vJvIjqya=J`1h z9>w)(n0Nh}S~N3ym-1mWg?o?W!u7OR z!-ac~@4~fo(p>mSO&9K0xo}^(@SxI#Icev#JAi%j$U5zej;#U6X3>+=v2|iQHnpD) z`jnoOx^RDc7p~KPeHZROk_*?8gN8z>oh8!M?2`b8xRw8V5*YA2OL-DJiu$@qdkAB4`uL}uMA&(S;#?p+7^ zI+Er}mJWSAn7dj|uh;4IMIFVOhwR>E4;raVt(NC&3R6A1^k^COgAYcRw$i+{-q2xl z<~z}kergte{qYlG$`7f1M<*mH zmi?-`eASAxdcCTZEX%9N1t?6^7^5!$Gn|oO;7LYsr$wTLJtZ_E=a(1cjxD1WFXX~7JMhuQ@fo`| zt|cu3V%gzx9tV?<&Zn-;>D!>|^%Qzfqm&1d@$O+u#^?+`7Runnap}YlB3=*lf=NVN z9|SGd1Y3l9UhsfwAxoe^C0u_IEF#co7WgjqN$uFZhsg+Ruz~0k3(M38RomnR(9D7m zi_Ku(8TVXJo{5U{2SY8=3G4-iI8i2Vs8Bfx+L=<^(fGl0{kx<2(f{JVu5;GwL8$B< z|Mx@Op4mgVpbBCrdzJUtixG9GH9hWV(E7wxKjW_mpQ4yTO=rBV(%AdlAVn z${e9;xjF7-{kfzsPO}3m-S|4kf57~n%^)oPosrixieCqlcXGJN8JW?Kjca$tUNRpS z4(2rTtszEZK80v{Lc2VtZwZ|QjT5I?GDI*Q+m9Xk>NS{sqw!MfyE-akp=*`DgMvt+ zG~A^dmk$sQMXga0UAmDU;9f9Za`H0cn{8aYSfI;Y_>?nOaTB%0h9p5&)Yuu79$b

;SE)QUKRl>Js!nRhT zcAuc#Cunz(psh&E7SkjfBx2V}z<%z;YxcB~n^WaUy7Hpi>ZIIPk&IhqGrL|=x;)=j zorGSMeEz&?ZGGEU7YP^BH3$Xp!kQ+sGBrcLtCzfjALVA_ek7VZ! zdmUE)8?+lVjLMYt8N6p(}1MB*>w*bE1 z2+HRS_OYymP1VOMzSYityIh15K_x$l%iqE5U(ES+@v(j5pZiN9zUWd!{NZ(2w_@0c z^NGnm&c&(}DHD^CXr^|##v*<`!FW}}21Y*2NB6=(9#b!3CX&CYO%j-b6a&y}H;Q3R zb(Y|?uHCrtKinK>M!h*`!AhSPR(#cst6$+}OgIqSwBR-fo8G)y@BL==ZaSN=S<>;Fy~W;-;o4PTV9eBm79EoT1E z9kY)>7By}T(%V9xw}E~ImYo|vWE_k9K6HnXk%vy8xcI8I%cn`a9NHdrXT!jCh7%(f z6Jd_qGdO0k@Z$2^aY8&yn%LxM3i8;Vi?IogWF^|@1XbEB=6(qm6JdrM4pF+P{Qe%u zp9Kp)KC|(^4e0GEreTcx%J;E-Hgo;l9yb=GLv`PK%hV-XfV1O=m_7c7VhBYz{K&w$@1aL^~sKAffmo%WmxD@Xv>>PV+9j;0l~oWD$cM7>I#1uLHxH zOGMfd?GNMsd=Vy#>*aO#hbsE-tHXILJX5%sct_34kbz5v*Hdb?f^2d zL1G#&`1@$qhI)Y~wtqsw?~}=??#7%pc24KHn3S^vB7?qM^1<{NFNa6WBof)t4s;N^1y} zwkegY#Fve3Y3#V(0A5`Fkz*%Uo;56`Eo8f~m0^6-j2Tk~F5`Zd96+aBggdN$9DfswMLEM2WvNis#U-9y+UUF}M@ z`rAX;R$bUb*fxQ%Z5~nbsJ7C8vTf3-66#i8hZMe6g?`(f=MKWB;`XJNdwLb+p5DIP z3!(VXthDMP{eZIp=Kf9;izjnDN?|`yl?>5KxYb^KlO5=H6ea`eNEceXty}%L! z6{-m#-fml1fkue1!fMKrP=Yurj~9T#Ho5WN1HSc}I9M1))qRi~v3{|K1G)AEz4d<?U|bLc4ya0k$0p8FY=JLq(r4C8oQXzV5RKf{Em%DV>0RHBMHr1z+n$kb=TA32(wIztMvn3J(Gj^0!2E&ha9h5>PRV5; zHa<~H+8O<3!M*2vKEL4p5;E~ZZ-+T;!3PFe+&%7`vcZ$%p5@S|jx{)e|Im|u$6}|> zfObz$pV)LjrWD2i2bwzgT5Rr)jBwo$!{_2~g&^%bfVC0_L|9KPjpQX_$q4u)V&G6R zZqt`6Qx-+|A$T?Ws9=ZD(zp3%&m(aN>l}2Q#6&{*BoRI3m3nGZ_Jp0BSgbQ()}RN0 zV03JctmBUJv^TO@@5!i}S1PXu$-n|H1DG;PqGBmYz(bhJC6^xcSsnf6$Ogj)L^b;^ zYKt*HN2DQhgzRbg^25zRozb~DXx$vt(O6a|vB$EC=?7Kb1lg0?X7X8SRaxfD7b!_2 z(_vE;J4c!8*c!oI(7i^I;H9h7ZxO*XbM&;s5zg zYL`GaW?mumCKcsUX0^4+N|tvokqs96B|fj+@wfpC6Gu~;#A+65ms^c&(+8k+g7&&e_)(u!NoQ}W$0dC>g7e^ zjZqgViw!^*d5DBylx~qYn*~Qoh+9bsA0Y=tw1jLgAQMK=Zn_fir6G@ANKpp(A~r!= zz)t85at@QW%EBo0Ci<9VTd3tqN}gWGk5UEbLg%U*J>N{fr?=7STvC)gszcDN1Z z_57S_R>*=7cWjA|B;c8r*0iN>3o_DgD6ko(f~Ia2T_+E( z$>L~Qh0!WOvPix5K$1O>B>(q#K$2%kj^doJzjYxXwIC&(PQNZcF^j9P0`(9Hj{qqV zf#v1GUGZisVn!yY7_}R4g0c5{X4?Zf_CSu^13B^u`3tA_2Ld^I##Ny{ki#JT)+;+|5LMj1bT~)90?yIj!#Uhtz&S84aK&Hhpnx6XGGqC=@Hl!o(gtB4(HplmC zgmm;vBYR$b&h)E+bolD5h%dy67LLR546y#th?gz}%pn*TU>$Oi3PQrC5s@#q(JH>9 zWj=4-=0$2zIQN(UQeeNMh3mx@^!Dm6uL%`XkvO0_|8ZnOy-5J$KAqj*%WB48M>rIP z69y#rt|~9%5{W75V&MWm3X(-bgzy@}CWw$qpa*|6zCP3gS*1?LF)wGN9RHE2se#So2Q+(w`&Te_ z=(2$?xk=ou*=)D9doY_CO;PMjQ6M#7ApBCZ4i1DAUIw(g2lDe+mu()y-_axQnfDJU z3I5~vgn+B6z3M5Y(wgRlSkb;%4NTvDlyQw*1x$a6JFgG0z`CT2qvQu5^On!_hvg9; zm~}k9B$hiJPVa)-!4)>wVqS3#=dtXCf;0xRz~gavLh-e4xml8*Iefo{1DGdEe58>q zBP|hRTS-W5LOY@U(7}*64*# z#7o;I+`ly}Nf6p!B&!X?4!PxFSOtzSx)f`qpUO#RG6F}qdW|zMY_`_P63-&$l>(ivj@4Na8W|=RX)+t=xO%} zPwcs&J8BczjZ^2s(o)2DFbRBomnehNB-&e@Y>=`37LK(SM*WJe_XdEdWR=||_O1k1 zwYv_ovhNTLxyM5O^I##RQ`Z3M?QE;q+61O&e4Ejwg5yAV%IwoxEj}MPnA`Pze;!KxfPqZ2<}#>`{Sx zR3O=-0>3y^U>b{dgK{(WT+d`*3L;Ro+=;ymu9?5IM+I(+3e4AZFP#1#hzjf*SB3hh zK!fyKqXO5f^pekl3anXamu&Z_KuNbp1@2LSg?5!bs<-(psKB}rWn)y}Ms@HFK!Ih7 zBrJ0J)By#q%X0@YRB`*#L4kt`P~cz>3Uqe?3Vi$SdiZMpvmW)FP&ORg=JYT4A$MwU#N59{s%ph#TSN#towe&gx9(lwEd5I?0?i_ld{$R zM?LmG>hT5ssK?_MN%obD;>C?B8T%i~DE!sW$n(8MNq?L?n~vxImQkDQ5cpSLp8XGH z)VI~<)s&r8o(z*De`#My*|w6BKM2Di@DHq{42-K%{Yr{K`mHM|>m85DXQ`yrOixI* z`$~$W+gDQdm6SreN*~qRe3nW|-H5VrC1sOj&IW~)GCdL&Id$q3Qr6|UgAl5?eOZMR z>~0hUcZFX-&(=LQO|I?>CfQTv&(ho^`S3LrM3ghh+ucH*{m}{^8OK2p>()6G{WBF? zi%Rjfn@*5~f!a<*Q`n}OUUyKK=x`Kx3PWcgP0kdxHq%!O^T_|--nTZljU$VGKUMcX za5H;K_8!qDCF+%lQ|rW=8CQ~-)Hs{@5a+lk60*6GL@h}r@%8oo_S=mI34owP$?_{v zYBv*+K%=|S=ocCwzpUOL#`BDx%t`rz!J}04iw(>Gd_DU{C+1;uUP^hM^G-XJVYfsDe zKZk(FEB$fwe_5Iffn1#mJ97HuDdu=Hf?)RDJ?9iJ-j86Jr|{|{G|Xsf{izF&`I>@X z@EjK%?fuhFy2VXTPvO-y^gy&|qYSjDWm_$LTmT*DKxM36|9kvS(0U9A<=D}a zWcnt?qyGf~n5d>o=o_EZkmq;bB1Gp}ZSpFKCpkwc*_hYi4_;&?SMt#;mJI^C|W! zrkJwSz?)vL*LCQhYYyauWEtkPSYtK^sP8`@1R>7~j5hDDKOa;)cl#AD+TE%io>%e4 zYqu)i^t)Ak++M2+16ZC_@Vbsy)yr);gDTWpo?8hrAI{vf8bX z)d}db=!6R1sidRgjDc%V7$F%)lSnM!X0dST?_%F@c&V!&O*zq(VI5d$mS9@%^z`(} zzT6|-$45;K$}Xn+hGdK#l^4z8lrB5frM{+W^=gsAzHZ=UJwP+tYT9M^uBkN33)&CE zi0N_B|93{F0tG~h0Z1?6uN+%wKrvb_T=%VT+o9t-?NQ5alMv*%G|C?y~SrPjJU+_a2 zx|n^Zb5SfcCv?C+X+c2M>k{x?2BF>eyM4Pq@LKI&;D;penB0)@_yZS)Qu zcpYG-l90cAgBG8@(}Hijs7xxVXZO5N+~-3HqWmH!3IVHHW8n7vcE9h~t-jm0y*_d5 z{>UfxugV1UFz1{|=r9gfXPb2)o<@DS@0Doyl{*xldRMJ3%yP62M7KyM(Zv2wO^I0y( z=lCmMPy{p#hE?>{s>zR{e3D%Y6yVhPs3=Ss5J$zmy$E$MKFZ=NtiXHZ8t@wkp z_lQ3&0Q;M&`K34bp|DfFUgVz6l?%i2UUUKk4h5+fHL zf55LXlPcoq4G_YB6c2aHospfdKcsR|o}oQ2eiJSZ>wwsNyb`wg`jd>Eu|q;;W3W&( zb(&uc=FMH`(hClm}8H-Nf=183-wOmpge?9zMtIf{%!rCV2Sh z6Li`UY{RP|wVoRKI+#=#UJeRFrUgSC@B%zJToYOSNxFx7u>M%e=Kmz^`o>dbcQ&_O zjP;0ZlTPA(s0!*Xdrbc+s9~SL0uftG4`!3404~LEuYu`rE^`jFw9I;50uHmlkS`7* z*732?S>i?#I>9etK@)Vvd_!G8XraKTWQiHjxD;xXvafc~o~ zzyBqnrU(a*`2`lV?ZJWCurNMU!sts_q3{++_cNg&nYH56hIcek)v7?wT|qO1RMf3& za6YkI%mNPOvZZsWXJ(RSIsciAVHoNIvP;HJdA0~;ETH+LKcg^X!*;cpgI(`h^5wS1 zWNS=THzrYv(^u1Q6#NwIUjx*EE}q&VzpgBqR)Z(zcP%~Eq%lZ@0x z`Q0?mr1x^V?mO4^U!ru5dwhjvn?)qJ@RN+Wp}I!#Dl|$a)uJUUieV| zjEU~)$mECqCAwAmNymaH>Wxz1`E}bT^k(rzccP!M9%p`dMladc=y>aY(?H2To7UTC zy6`>z;y>Oe2vBVxIiUV*2At5xD=t1yh(D&&1}^8!a*_LbV+_f6%OEur7lYIq`zl24 zC1Z4RhPIr3!r}lwkn_z*7h4hR{Q(~GO#I8UF`1rc7m_rlAXD1R+x}OWZkX~W>#a?T zJl5e5C*B{XKm}5?Bfl&qY5w&2cdX)h%3WifjnAz%ezHer#WTxpoA$3Yqzbq?k^tA- zKhL=6J)|5L1{yOLLW!b2j_ zeA70hxw4nOPEMwfxl*QK&@^TmX8st)VAKq$k7Z6~DB^#2xgM&T(?27OMC1-d&d09G z)?}!V!uab{&DUHx*H`YfDf?5MS8}SxNN}R-!e5eIqWIFg7fjID=Ei(7B*`nvXvSgu zSQ8h{Smu1;5rI*NCcK((o)Q|%(9IRT-D#d~O=*;7ykqXA>Xe$jbR)8k=*9_)B$f;B z;jp|m%y`MV^bSS7S`1OSR!L7wm7CS%dtu)6#n{K~wPn!P$(`PpbU&VHJ)Y2wk!iMk z0v`1AmUGweo7Uk;Cay4P$1DRO+iqzh`P-7J8B1H^%v0d+%zaBbr`$hd?-q|uHA=Zj zNqrRHe~nVy;tu?=@M-c)8fM{CtABa;E#gjsO7W*_B`}q~h?FUZ%B@kj{I z#V^$diocKGF4d;8MOEM2#Imw1`n7TMu~W5G0RMj(&n~yRX{(#QYuzMJrj2i^n!umn z?w5#f9=E>I{Fld|unN6(&pVy@#vqfu2e{LD`y=QBl#i8~3wxKQbu4`^bt<@b6+Xr+7vySxO0K z306^rvY@0zw3p1$7oK((uXIzP9mB%s2{?Z{e@Bqo8HJsX|GWR`e|FiJZnLONDUVwi z*F#oBBbinGWS9^u&`iMF1IrOWXgL)7vBUl&4wxsoDplQqOMVOLsjR3)r~Mh&8c~F( zcAQFeRC$Gr+)UU+9aqfN7YE1p_z3SKSS0wR&XWvy?Pt`=}tl_KO4NtUwiUqa{T~9g&w3sklD}J~S@z zB8|p0ZXoc+@6%xn4AV5ug8o(muxun<7OUEKkvYy)CSI6)xlp&3e3Erfp)}Xq@~B4YzVmuhX51e_DXLjyOI%v5 z8g(Uqs=blOZ^H&K-J}In>o9AWz;uBPOtnEaYXsA+6?~*t&|S}fy-VVZg`FjB4u%ap zS{$#k#jb8LHl*%XtwXKSEndEZWGD+&9D7~s)DIxU2|#1`U`%eUSB$x0JYH41+3ou6 zLCb5|Bd0a6z20DC4+jpheW&FOMxIYvJrO^DU^my>y5Z? zf>|2vZ3CnS)DFwLF^KC(!mS>YrW1H5pY!}1(+PKde)@(9ulubQ)sCXB=>y?6LeLKa zfm*OMs1Kt^+EaS7J#}aDyfsWP{sdL0$~G}gwcG$ z+O-z6dlP?UjoMAi!+Xk02Ci(+WN)wikhOW!ydN><@9(->UKRc!t|i@5=*s)cefMqhacgdM%c9f@zzWIlO?p(8*ziq0c+ zYN`9i-WJCDVfZ&%bki&H*#-_ zIjCChvL{5vKzs{r^S+Ns7wqqsyu2KNautbILQ)!Gw@M9&jRfgjEAo*oz-f#(3cn?3 zO7~%(;!Y~OPe_(BninQuxJADeMT1RWB=hv5d@Lky_=?xAK0v)x6kwPZaj#+#4>q!h zF&I6b2J~|5REkK&Gu;%?b#)x3&Ab=xCa^}u0W981#4^y{6!Y+l3V3dtKN4|dZS687 z*;hhv)s~jr-k$Q5uDSmyFSy-X)*Y+53WC?_DpnS`(z9tD71xIIcWh+vwB>T$;6?|BpT?l~V0<}|Dby6TSPHzR_ztV0mrl@2qnmxN zSuV3dr7pjwRY~Saxx8YenV+QO47ay-{(&Dx1iuqMyDJZ!yQaC>6)kgPi~9ih{g$DB zem0-N`uto#Gt$O)I5ZL)cBA>%2qR5SEN>>MY4JVWLqGf{xXCmuEpdTr9y;u<#Bg@e zqnY7%&xR9W%u5r^*7*`PS&UCc(mBmcz;Yp=TWtBonU(v&IdhWNP>)I;kg2dw2H3#zktwlJe+hFp<1z|`4sKnW68 zsocuJN{V+p&Z3zNm_MQ*uAFP0&I^Dvk}RYV<-AN|_vSR#O_<&+HHwS!IHZmjh0M*e z&~L>Hp&!_);wqtdEtCWoLXeu@6a2!rkWrj;q+WXZK0ZIEDepYXOTu${>)w>nt6A5U~M0oC;vT!);^_{+F2c2Qx_F6#RFmT#7 z>2$)d^d-!5)G*LVj)ej7sRbbIZ#(;3(; zXB66=+v(W-9tmx?KXQXM35TTJT`+ZPT>C!MZ}3s4ZFniNVHy?V(slLiPB04Fq-*!w z0pRYFf!+7oEjtL>PQTyo`u>P)9QS~J#oao7XT)86<9#XaVYffP!aUmv-LCC*JFsL( z;Mwhg@Aq2+x8-#D8^@h}&ya6&>!=?qFBhQhwtH>TZnbUS>-21|-E-|hyWg^hey0U9 zG3b(Tv~kq)P{4@$@9NunUkPyTdI7JQ;8=Y0`41_4y6rQ}OYi)9S-nMFbC-$EpDCrv z6uIF7upc8#)pmSxVK%d618KEKBy|*4PA&RkN{`bxGD&QlC~B;U3>`o?FiEQLI-zaiZURUW0RMMEJTlR5Qw#y<^1= z9EwoRevvn^?ers^iYv_m{zmrR5(ivza{36jM!3 zz5?PYE-ZCQST)Y^yS)6S(v4m)!Un2-_(YoPa>_jV*!Y8t`5jh#Y+B;O7?wl%%YoHs zaP~DNib}*9;Wf=XSRPQ^wq7@t1o45ERRi&6_i7pLEf6u+T5I#Z&HxDskNo8G>cP(D zZQi3-bed{g&52qyVv&Zb* zFlxk+7SVuSELvRlZB&E>J<;?_JpKZ#Q}3lLR(t*}!TN<@k4izE_z2T-DZ} zlDo|=75kT!*(K3rn_b$Z*Ta<@7Q({v7aO%_!Pt)`XLya=SsGlBiJzW*n~c-gpPj|Y z`PtX>tmQbJGx(p{B|V$Zrf0ee{e6f^iR#crBjgM44CJN+IHo|@(@{i{vvX~f!x@;j zfUaB9Q2uNdg+-@@X*IDYZLv>H3+0Dg0*fffX;QZBS{ux|DVyQnk^WmN=~ggfqwe3) zhI4M3i?rO0+q@4bD%s0k;87hfP;_6#57ZsJavA!K{kYq9+qSy-f$C<}h-7(mt1Gq48o*#%}`eI{w z@qBq%Y^Ikk^_J%jTHis4`thR$nV9l zbA0c`OWR&<@cDFmxxr0vFTx)K>dL0W_Hu(;Sis+_KfpTtnq{+-%+Kav>_Q^vlP;7u zX8`Cg+6|K}M@HZwUzYF#1#3Up0rK0EVzZYlP+H$XUiZu=~vULkO+B>}fx z0r2B$FS8@Ey-DI`g}vLGB*^wA2?OMfm+r0#ci*?c*G9n_9~6r(;;i6-+#o52X0TO&B4OkL*ebmNr~qipAc9epovL7({Df^K@WwO zfM*o!e59%oRo4;BBdB`#*`(?RRGR+igaipGHDpiU%^@yQdTUQuvlo8w8TcT#D;|A% zG+WL*ZvidwlqS01XlkPo`3CGwcMvvvN7YwO?Qb!AivQMOB?P7}&HkB0XQ>&Y+(L#q zr6cS%H=6r3qp-;l3?yhQiNY#Y;2R?gw6b<{Z@u>21Sl9sfa>vd6j$LOw^%?+F0&{p zfBBEn$inPclujXhrkNksO6$5wo-adSlVg?007fny{w&?q7qB{^OCVI80As+ENnHX- zZmWS&mg*8Pa@(>@NP6r)njWKogo0r&Pv$|u<<(L_Dc&C_t^Zg%X4SuI$!)wpPC&k8UP&7T>2DGH0Pgy#&0ca4MzQb zpSX6XJ@joa3>S%0#-b@M^5me%E7bRKBOJJ8X@Hz0T0?`5v)7*Xh_p(hlsPJtUoB zC+PdWy9UK?<7t$|fUmmVIZ56Uk}5IhAT$xAQ635jy+=+=sRE(R`|HmK70=y%#fx^g zs)y%Qyz$ztiZ?l3pRQM!y-#8#QclmJ@i^VIGF7xeu~^FY;oTtqGb{>lX0Hs7uca;F zvS4AS^3$g@Vj3Nu*?8f>yS@E4L5J~OCp-D3q2k0?&kZDeKQZL@7w>Ij zq?<gP!J4LRY51_sl)LF>Xqo9Q$tSwdly} z>^`e%E*7oFy`vzes5gbHcHY=X%Tlde3YA3dAk2cw<(GybjNjuL&|XbeZ>S>AYR|ik z&`;p&A>|_G4ci6fsBL2wASG6eTKk#Wz^R43-e5-@Pqd)8BKz5b03sHK4f}0Rv6NRfz8X*b%G8gg@23g&Mkhwxsyv`-mUO# zWsabSN|epHV}Kw&uZRrI6Tv4VJftgXI*)JlxXK=^Zmr?JK>VzRS&V-thmP#lN3=Qx zOOVt#5Schm(pc*zYq-!vFc z=<^bM7}Qkm$aV*|zXIMOy|&#K)czY~>apmvmr+eKVlNj>a@&knG@S`r9G=`(TYfte z7Atv-YithHQk&fLKYOSIY6v~sAtsOxjkpKD^pNtVc=lM)RcA(;9`ZsrAUV@i(59f+VvaD+@e3A zg!d60xAxo~0o~c@tMw~;f?sk6Il7h!ei#>fJm-HW!6fj!E@xuuK3-6FN|r0>FM<8;w?=(Ikv zxl**P(IkR$ENV5A-r#-~ECLj$iIqVgx_sPEsmi1l-Bx=X=G-YO%4_~pnJiqd0R5p{ zZSOVW$BQ2i?zKO7BP~n*eh|MDC~-2twi@m{Ei?>l{RoKHBeMnyZd-Gc!d4`$1H*aoVI@l5f8x>wN+ZW`+&>?1LPV`qnHx9OThadbF>PqTs6`1p_j96{MMA@mer(GwqeS=z`Be%8T4oSu;uJzLg z)#GmI#7DkNp5d4|m%m33Q}H%7!O9-a=lExHyO9fV;a#3T0T!_)RLXUo2Arojjgv~x zn05K%3w8-VT|QlrBj&QpF`|F;4EIO5i>ZMAPT9KIk*iTFXIB%V?sp!VR04~#f(&a1 ztY${)8WUg1$K;3HLyRgpyR92jN(Rgfbdd=S_Y5)@^A0B~wsdTdfTx>mv>*s7sWLyt zDpG+D?;prYumQs{?H3Sdk}j>njslE`heVz`jV*MEB-ESn_3Ym|>F~iC{n#G=C(#o7 zb8Wm!{ifwxd2xY4RyPC@*B&5>{51-h&2!5j6Bm8QNkS9CFQiqFK*G+)9!yTLBcJn4 z^jq5d_suOP>ix|Q**<12P5hgzlW~Vs(hU`k8q^LscmHI>FI*wUe5-3gh?zhO=~q(c zpNy}nzwknEr2(LS>PEC|>Y6k{2l2d@F`jWo6S|J*!h9Y)*>bljEZp49bo}RC4kg1G z(M@ROu#uiC|+B;K)ub)jH6GkkkqJ?xxO?gTa*or=~)GO7%`Yo z+nOrd=52goLS(Il9DVTXNwHDcX1$ksnLq*tC~k=kN)fpn_|$qT^~=7=YZy6|Kq!4n zvbRpouMpj94$SEK6GPc8MFqie8zeI@PVnJ>j@b#np&g?0aqv_{n*KfyIEi?byF&5m zBbuCf7Qx-09!=hBv;1Hf}w`nYcrrZckBGq;UD z(OHYl#k#P%M6Epd!X9Yif=KeI9%!JNU}9>0tZ!L9&~(mFA9iBgc=E#Vuf|Eo>sooF zWar7|J)fxhRJMjvvljQakg!e5*kRWyE3<3QvO5g@$E1@93f79Vc~aL&3eDGd zj%@4(%7p+vqh7)6RBfNZJuMID^}|~%lKSubQpqfNL%)Vw_bnq^5-~wJ2sYsW$=ijn z(^Fe8;#*{})a;d|H2wLHTT`_n{5jrP(yMlvCc8f`D^ z2syF&+7&R8G@C6X%V0P3Ps>~k=g5*bVEsxws!fAWznNZkCo*(3r7C1`IFFv(&_b`& zK?!o@k<9R|n4@W4$8Z<@YJs>bFYMW(fqngNkyYOc!ZLAR&FFFqm!0E|));3O?w~@+ zxvY<^FIT(c9&+IW<`{-vybaXj2hW=>^2$-hR6O7%N3}8KAQA^jE$Sq_1xZS=Rd({B ztnaAGKa%bTNnUzi)d*sguzo1hj^m1XZ-*(bN=^S=Gy6~$ z6X~bcD=Xf(rn&n`8_f%;{ut-W^q zYX?G&=8{VF+fHuTaj3^yecX?q0-w5xxPNdTf#ucWs2tauJi)9Kh- zP|TsJ#bT{x>-9#&gCT^OO#Mfeo%Jni|Ii)jieuN$Z|>hP?6#scFX5|#yP$E|xu(bc>p7Gem%~@HAUu0jfmzGO zn#+YBX92iH;XvWip$a>Ea=FIl4a|F`!=j3gx7H{Yl%K*m+LI8!CMQ*kRYfFH#j12p zF~0@NpkkwXTb$0(vo)8$568d>`dWark|4(O3l`TV`i1E42IA=K-q7e=)xI#>&oUJf zG6kg+0^n{&Gp&oLf?ISyHdtb3r7XgF3yVqf7AyMc=@=Zq=|f9_imkYSpss@+FoLqF zQU?>^^-<7}_eF&b1y&9B*o0B~iQ(2giBXYZr&Pq4z?3TbxQ}~1X(}KlV7NO>4-*Hl zIpSIrHq4<2=wAFGBP?=wji}8B^ZIzvEVYw8)8S`TjM(LOXmf^}mbziWXDcIm%kg(@ zqLJRsQRE@@q#jD$1c38)M4r0dkfrI^pW^MTwj-rlPp+Vkg zhj%p|dxv2;6vHTJg^P3P_W)y!FF7#^>Q+p*$73i>KajD~4|4yNh#_n~3i@ip8jlxc z#6OLnsit&a>DSG5gy+}Et6MUpCHW*dt~Hy#FqQcFblm01*Zi-w1~#b|Vkb_4o5pbh zIPYkSKvwTpvyA6e;vDl;{zA~9^CmHU=Lj(<>vJe&o@J6oy}O3*ppNgB8Uwx@)D$9+ zH|>}=O&{i5k>LDCOC#7ZujM$ZT(5c-l()h#{`T)A)*>we{xScz5?e94uweD=&b+T% zQNa|7@p@y*Qbx9C2^RgO16iX(ArR{|QAx%;+sxf}$k6sf=g}{P!(~FtkulvH-!zl` z;jnex9c6Q4l}9R!zMj32!t+0eR&NXP0K2ZQp!(XxBrHV#ot<}sHX$M=;{8`{;=hpe n{`Zpq503Kh=>IHveuL%vKd2OaZE}i#TS#s){6-aF|5pD2kpT8< literal 19832 zcmZs?V~{R9u(mt4ZQHhO+qP}n)*72@Y}@8D)*9QM^X_x1cAc;4OI`VqRMJWQq`JEA zR+0q;LjwW=f&!{HCDl5c+?3jb1_COe00P4NZ`Rbs+}O=r-CE4t!rH;w&Dzm{!N%3m z;abPuacctk$Dr`nxCo=cEGq3Nc5%q+X1_VK#(9oCeiba-9E{e5++N-Vuv3PnpYywG z=^-7HW;L#mE31SC1>$UIVPSciot=08x%ZpUxJxMCf<%3b-@H4txs8`75kMyAJ$6ch zo(=zAAC6&My5uq!hcHBWV4P&zm}bJxvl^m%pZLhioSNODVtx=y()i$x^D|v}h1gqk z)Vi;o3nkxUFd;=-V!^@Z+=7cXH7Z*K54CuR(d@!=no}`kf~?U~K@2BB^Jnti0!VbJ zC%NAR-_&Ugl{DgcCJh&x-J^R@D@$s6J0tg(WSN_l$A_b;wd9>9SGJp~JRBJZkKQ`U z?MUJ97m z^TRk5bM)>1;?aYo(~wpVP;039BUi^l5l z-d-(#R_6sp@u4O)mf$qOr?dXHQew3*8n9V5N-xfucw`ZexWqe;){=3H+>uCdxLQYRTiTc$w6AsQru62eXPs#;YUBM8%+MX!av z?;l+2IC?04p)SdBO}(_o^>)d}9ty{Q%q7!bEeC!f3Jy~B%>t}Z9}nRpi9k|ZIOWv zHCv0zj4;!xi^*`4Po7AWAqCE#`rRS%aW4|IRzK!_;O*fHqztZ$+pbv^PgQzu{!&KX z_1f5E%lXR@`djXL6o*Oacu~Su)^xc|573jfUpt6aP;`Ml)2>T-VJJ&!ELD9PJ6^M3 zDdHL|zl}^3u#AL^gd7|!2o0t5Me4Zpi1ge!yvWD&s#f9JxRa~-f?KR?$N%0wU8$5L(4ljeF1yU{mydVRi$5YK|l0Rur1sbb$5K)$!l-=Eq6 zFXy}U4ZZU9dV1Xi+Q1Ey)e$iJ*9GkR(i^K}Wc;C_A5_e6>hu^&TrQYLaK1wzZjayPSQZxZof32o$Hk))JK2Zqa@--<>yfHH48Rb8TYJ{YpB zmf1ZCkE6yU#r88%PBnW{fzmZ@JeX{Qf9T7^5_L#4$dXd_QTt%pjp zWrrz0!D+A|gT|#`4MH-)OIBcG`aa9*mRD7q74YHIO?#ekSENvyanM~8TCWLCLo=hUCO0uApM|7?{Ea^R2-Gg9 z8wyfc+(VpIy?3HM*G+s>+~^yk!9rvX9s|rekG#s0OpI@N^KIYeyl%|P3%Xu_NqI5u zAGk$d*vd!36ju5_bNORMEGG@{4YrdXk1sPmmMo|_X-!fxz$f#D|)u>P?h5eV>`$BeV*8~F^Dp!89 z1`nG&yta%@kAMj2omL>YB5M`-#)hz=eZ~rmZPYBfHqiSQ$W6xO#2_; zHXFP?Ol_Z0b=HgX?+h7X`Cn_M31|Erq`TWF&{RZLZuH3>rVpmlPPYz-GbTyyPPQ2gf zvn+jXA6ePUPLOwgaMT5T;EAY|P#Mfp?IaV$BEmfDAy$z5x?zPO)LCdqiftpJKxh-o z7&}xs!mkzBuHs``%rh$mN>K=!rl3s59{H$WNpj_zs_jfPL-snXUi_d0IxKW6 zlC8kg*dOEjAL!>kP8lUBlS$c}kW*Vg zHa8GX1=F>?BXT(JZ|MD;t^8lX38DBx{=(r- ztLedD;q3Iw48ATVKkuxIYP1DoFsUfHM)P%geCuswwsT~Cw0X!}4a{W9+p{A9ZRC-t zqkeq-lg1m)pZ0{<#P&L-9NJ>N&%C`O(ajd5S|{+qR64T8F6ZWH36H8 z0PinG=q)6nva<}BsYXMpHZaoE*|+cCodUm3R)h@Y!I!&}3F8B<9u!XIt^x_P-$$-p zz=YoaU@2op(Q+EsFcHjoAR@&7ui@eUv;`cVlYT@S8pH!MClLz*V1eI$-w!GM zE9Z{IyCFNyV<6)D;m`DEOF7zpqw9p;AZ+&iZFrrcFz|acTZf+?X-P;q`Cp zc|>b&*S~5ach#R49q9pXR@U;6?bQcYZZW@ixBW{0hfnDFZzJcA2oTUQ9taTfe?FnT zv9*JmxxJI!f1ct0=MDPXdLD74oW1f}{(`QvzE0(%+xHUkJMTGfo{w#F^x0$5&cO1!LzL^G`FFx771b+fVP{v(RM)qk1f+XkYI$=odK6X7z zm=GkR&2{hXc;HKp8By=ykWGZnm{7%t#|$hFyfOxiG=`9yB#h1Q56Ef@ChMO6u;Nnk zZrmpvFu9XJ-T|SJ(~T8f5~W=s^T|0>fJH{7P9QRjo^inodP#;%AH(dfHIEZu9~kv> zA7Nj=GLtxS#p*qnqRo|e`+l0FDYDe!Npsb1#D7tbTc6e&o6MRVs@EORHG+un9coKk z$>(vk%kj%puZSB3#UwWFn3+Ez@i&kp5 zh}ZV-ge{(WU383KSpCd)bw2FSPAAeQiv6&|amNfn+yC55$nYv%9140~Axc(OxBO4FwOhLLxdy}?co$53iVK#C!nuB&DAHy8u=N1TI5F|#&2C7$MuU~15 zd`|7|R*br8mh)L!jBab#O!dd!*8(Ax{n^*|vc?CWd*is@!CFfh$e7>&U|$gl5}E4l zW|1|YZ&$$$-?{EcEY#2!wGkV;d1AazULWeKyM#tble)r$xw58=478%Y&pFANQ3EZ_ z5iXz4pbLh!?2MyLIfM(;0!fz6g4Gi{K;RtX%D6OVOUqjka^uCr;E{sCBXf4)F`lkorN?W6AaE7Lgh#NOwEE`eh*}qAM(86$mEC)Rgv1a(L}f zX*DxW?gO$`ZY85Kfh;9Lt3`@qt16yUMK&v6AX%CziRRj#FCP)VshbvQHS$=U8qA$k zua5QE%D2_5ZXWm@k7IIf(oFzjflkx#<6TwdFAY-Bv*nH#aXcxf8@-p$ofi`p+of3b zfM>2(qs`YX3e>U#v9trhlQ8z&eAXHZ7p7)+<}g@%h?%qnb9wW=Gv=V^hxCkT$Cj5R3oq7z<0}c?_sZXD=eRPySFEW z<6bs9W#3OXI~^r!b!^jR7#)lqH9J*tOVe#rPY%ugX9Lwi<6a z06VlTUngGuz3fcbvSr7w(482Xeb(-ndHbi`@h(ND=YS#G;PiN}-LaBOhT)KIcCbc* z;Q)>Cm(k34vt`{jII?)BX~!7#MW+ImQalgt+PGxdfukpZ7tcHVztalBr{fIs!*vr! zhW=SJg2A>E6okvpN}C*XC5MOq5n6RE`cBw2N$~&ZzGFZ0Ke=p*If$BN4`mc=GP#Ie zPb{w6g*(Nzk(fbeU6oS@D6tPJQ7Sf0(mmsqQM%SW?@eo6Ld0UkNYCm?ikDU*!!Bari-tXQvP&!I~&Q6zP_PQ|UF_N>GBv~|(d=l3B){G5{{m90?l zY9-|wlinZg2gBArdmQ(Sf);Swo=3`E;x}R8lnQuL1k4yk12v9h`u9-mHQxM@Xwv;# z*zJBqsj2ODo>Ny*#$`pVcJ~WmlDq;;Nc5C}kcK#j?xIEkNfuy~rfOp5c_BOM`nQ+$ ziupcK1Tp>JI&Xc3TdEAyahv7NU-tMd*6XH-T&3@Bh>aSD1GE84!NQ>rx?qW$dddh2 zabJ-W!ia{w!*%40_-%_5u+D=GTCl>!dn5Fg3}+p zgRSE!>DnzPiybcE5ae+%Z{VPVgt#GQNHE80q}_;yYE)gx3QCMHE0eS&XSnIB!2*WA z^AnNb6nC%-E+t#mCgVw}SR-vhPq1s%r#uBMacg}KQL7)c(s?(uk=vb~mwh@xvg}kCDQ{xAHVj9L_e{wWWrY`Ky!PC(5!Qa8( zk6q&u;NqsmpFPgWpAq~4P-LVM5@K@Hfka3>F@$X+J||O3kMG`Zkbq*b-+FAZet8o4 zFVk(p7Qw6iiHdRdrUUORE>n*lu@Q1CWzIy|&xA>Gycz0G0!v%Yisgl9=tE!I3(N0R z$>7oGfT{3QcP}gbs~$n`$Aipf!`=Mb->>1oUyrBD?#I}?Cq4Dw17P*%f~zxirNfbm z+y@9VPNZe+=q!dIZtC6(?VN<{$a4j=&S<@K!;bb6SYho4DM25D3bf&aRvt?NniHZdt|4_Ca8KZ z3$?N>6`8e#IP`4gf)k*HgObHFt&(cfXM&*n-tDRe!c3qXp0qOKn&kq~NM3!+k(690 zTjxS=w#q(Ml_Jijyh&^+>yQqRggzKf(ViwT{+S}K5VBbg!-#{^QRWitPeYnaB22ysM>DfpxRWLL zBF%4_ShE~E66DJ3-6I|asyz(dO^@M4YE`=ua=iY%xp03tAI<9l%6=RVW=zT~2MH}$ zPyuFi4E{W1_RTiKL~^Qeb-<*^wo9K5zIf<&7haHgnXYiaKZ)F=_hvux(<4;A?pXY^ zM`3LJ5L#bpSpVp~{Go=Q6T?cP+7c`@Dlk~IU>BHy2grUGoh-x;aY(=SP<`y$eImmX zAj6A&12-c^f2BS8w8+GNLWK}n+TiOPIN`Hftey1 zdNSpw7X~9EKqvJ&B}>k6QIu2sBFUg64NbuodIsbUWMAxnEPveGh~M3tNRnKPDxfQT zq%~Ys$mzX9liO~JevqT`_%j9sY<{vL>8bKFfat#pnJ@8tVLp{rj{!yzX2XKlgX~@& z>?Bxqlu(h8mO7U{Hv;Y$ZP(=>7X*KxWnum(g~LWu90AC%-bf$7b4I%{c>%T@1^p2Z zs7_J(V8}(C6a5lDL>xm&xKLEVXV=U2DccC!jYo{gCMh!J9x6_WXo z4-0W|YZQ@*yf4Ze!gF$icE=F07Oa0D!2er^Zq*@{t@1w1&K8I|7jnEX8hATowQm`P zvO*guzdamHXvJf(`ayiRw9bv*BJ=$HIMLq&wtHVVYRLkGDN@|7+5yuU$sRA=RMP_z zMffHX=vC2{iY=r=(MP^)vAHBP-E!`GI!z2UJ`JoOW~=$VoX_5){(@Lc($SLBSEWNy zEjpLkQw*4s3PMPdXU_&nV5uvka4W$ViNR1DwKVWJqDt>qt8VR0Y*l2cGgSQb;lPdm zVw8QVTkgXgqasT6ccjh+&4d|T{&04lR%PlCaWrVo3WA70Cn=omUT`{bA*5O&T>JGJ z#tnc+=u@-K0Gnu^_B!VVvt@a1Zrtl^Of{=VqY;Zz>LC=5 z>l+)9!-@w!^uiHTye;QmJQPOPRqJI1wHp1?UfD_wFw*u@DQW>z(Jl~~f$;)NWUQ`Y z-W@*?uO}4n$tub4OmK+O4pVqDoZA^KtP-;2$#;%w;h`AXwS`W0X@qQrbTj72igi`d zB9e^vWR3<*9=Ev1drxv`t{G+fwWjA$<6Uut$D^A38ETU^_I*NYTP2UlU)7*eT65>2 zmvg5TjHL6oSAN<0VB#ba=udZ2G!^csXoP>YquCaP#q0At%<2>nG%76+x_UN`^mT(k zOK&g`>3}>nP};c+5AzKgH*uC`N5KtIZ=cN*672zrT};!RZoDhL%z_9i_IIM_Uq2wi z(i8C^UMuocH}=(vcJgYZZQOrjYxyB%ZVMab|lIs|etL0vDc`3OT^rm}s~i*n_{l|4U6W>`Y{~N`Sv- z>EVI{886<(1Z76SGQt4fL`FhVkT(G@BK$LpC~xa!=!49O(!c|8MZ5`_?CLYiU2uBVzrI0oke`TK*Q4_-7IO-9n=C)QX3{=nI5etEI3V zQdklK5+l3Ue*L3#)tb|8{@mN62KLvbYc@yz!(h7V^%H;HT3ZvL7MP*s$XMHMDq*D9 zby#*yfI$;%LqSxEbR67x1y#WNQgVj8If(K;g~dd|`h!$X(?qR@5J3-q5jB93uMb}D zoe>9iAtbo1n+1pU9s|>}6bVbMb;`1N z(28X9xBQ3(a|e22**Z3FDF4p2^9^XJ?00!&xERDFo10Uwg1UEP18_=$VSZRck-Mgu z3n8&{lZu%*Z#NW4x|pn?q&RNiSGKn7A9{;crkN^8>N&WXY*x8?b)R&1_;zZ3~e-Jsme_hFL^$cy!$?9zi6 z5KpGAMtcV342wTE3FAEujEVti6fHzn9h2^J!bhRUji89Xeotp&n1$^#HaVd!X(2=r zkX6CN(P;5G9iPP2Ffl=>*G<^eJ9oipZpjXpqU<#x?9(E5Py6ED6Cigoa=5FU;yr5Y zr7OzVmFwY=0Rc|*5)1C5vd?@t-}AO5V_copo@x=+92|xs-nG_W)zmT7E+|s94qBz%C2kJ9 z*FD6BpxE2eB$tk}t5?{k$$|&buQbIra?3+X|DI?|D%LAMTCLDw_^BjK4xP5jlL07F z`0~V3II9vtSEPj^c=3Hh&cNM=VzmOn^halb!I9`b&YSCGQ93 z23A59f(M6aML#s{C1z4QvJt7(l0YZva6u-dAon>SI~V~l(d%~_gM*T&C)PES0$Pj} zniX~CLxV<`L0DE|LdiETAHmqS;cf=Ah-{BDHm?^!RN}^7#5wb#$7zz*diu>EcUB|5 z3#9$WK5a;qFow?gk!2jPHJXc4B3lgD6k4DY%VA1YJgC8_=QMb4#5^V z!$S1Q@UPzKn7h4O>zKm4y|?$<{~Z6ST>lPGsZB(_By?8N%i>KWW9K!D`S7fl>Hhb? z@ocJFB~Zxdj__9occDtAEWb%ZMH4@o`}=Wmp!Oqq2uBA@u5Yw%9#Y6iFJ)T!lG2K! zPn}`fG@x+G>q&~vf@gb|yDgN`jApXu3tPb)pqsper9e~$%Xv?3)zjD~`;;g8%&sTY zt35^9ea@_6F4C40v%-HiUM_g2M5ZvD1-Eq4jUw%}t_Gn=-)+!J17&vnC|5bzD&HsP z{I4|OsfMQE=D=zl*3!xA4g~~Tz6|2-4@%P%A~Bh0pWx^S80V^bljjjrN17G`=;vm& zHg$AIRfv_VO!=9)zv@{%yd+ALM_Uk8ny`mcIwV>XkOrg{%bw)PfgYFskW`7LdbtCK zWwe=JT}M(nQI*{g_c)!g_F@CX@c_CVo5zn!`Kao=@&0~cxF|gYE-t$f~eOZ$dEd6jUu6kmX&7VU_Xe``^e+~-*|#h7|A$@(3iwWo}@S2JT&Mi zezhVQs7|%~1e?McW}7n$zH>I*kEb&!w@Q}m!oGoL>7q4x#YUo{_%Cb}WnJYWubUdV zUdWvqpYp3Dx_a$}qCr?NSZcbse5_d4vD7`%WUIP3(7AYIWrWRwZM*dFr9;{~drOAY z!id_IUVP2r@eGgsY@X6d=`prYZy_)wqXauN|oVnZ9OQ=Q_w0Uo{R830yl&Fv9$olX)xrab?TJ5{Wb&7 zh--0e*s2v$h_ct%=b*iVwgAsar=qn4|BD7`NKD;eMM52Q@*o{NJ+vJJ_pOlvq6_<9 z-zpu5Cj2>6wZcwM%cs{THg9b(SMz#dpPWUu|-`BtfXy<4n zeBKCHG5u6dyq4tupTUGAKfy09-WH;{U1i_kizs$yU>o6-(k~!@%2e0z;5~p!lrwA) z%5OkQ#&%XJ2Kcj;lzKXQ{1sK2`aFN%s683&zbliO<4SvnB&Ri@nE#WSqM6G@2cZ^! zloD>qKrE$$bp<7P@`g}x>M+I%nDYnLH$F(ut8sEtB%WpZAy=|5%1dPXMOvJ*p%NK0 z`>-sdOBbT1R&pT ziZTIkMOyt*d_yI3do_4G30L~wqgPgyyFhlvBa{mvX3Q2{E9ST;AX;479% zHt8fKcrYNrM?u=NfPWur_1PKL)vXQ(^ISPikF8MUKq`rq8QXOfBt4cSrO*!3$~@+FbZ&i5HQ3j) z@ew-566}cefgfhCihc7tpxG96{(Pg(VzxQ5#Ao@YqxHt=xK*l|x%4PqgeH%g33zGW zjziAd(+Na1ZeOjCo;>8^9`dKmz$;0N6=dFuf+u{$p_2UTMUR|zFNuY^w)!Bqvm?p~ z_{W-j&eCLcl+ihyB?F1~9s~7h6MKH5M)R->x1@^j_t-Q$ey?8Yj$x$c7XZejTmVzV z=%>tov*(|PWb0{@+OEtcO)XOq|ISF58x)Y8pL)bcnvGQdwK%FEfpLFXOxr zXZUO|?S9egFnhzPujO8`+LHHTW##!9Z%}^(cRAv&q2-Ql-8WJfLS9bBzEHk(?a@Hz z6ORlXl$%U8=x4K*RR=uvxrY?8ZwW4u`nq253Y)*~3(lC6S4>c+G5ANLS^2Jfo%%xc zmLrBK=vo`BUey-;xti1Fn`8yI&WCuyjcvHwqj#Oghms!W22QF9!EtxykSzBOd>w1I z;fC7XOyU{mnF8CL=cV$}$0PPh;$@+x)xLhKW_@et#%iOgexR~RFU7l6b)W_{$@~Y~ zoKIU~Fj{y}oeC~7?mL>1gNaY+Sj!{X+N&m(P@ZcsFBly-1!~6!6BCmc(k1Z?h)|uK zs!%X7j~Lrj@}D?+ciHq`!Rq=dt#2MhqrKoJ`O_H@d0)6a^l*y+QQrJhR&Ium-=Xp< zA>a%Xpu?KG2vb;iDhW?TgME(P997!{9FJ75fpL3CF-QCafP9`)jYeW%@4&t_mB%8$EE64= zWMtHBlh;|#SszEvJ;Km*jaC-G!O$9-@(n(74XJ?NJVHN>4S`|IC#47msowb%I!j>otIQgI>#apHhog353ST*{-cx zcAL^gCr++(Ha@H&7O7<;bw9Y}yV4M**psE3b*XmXSZ2J{E{_^e4JAh|GLQB(!slL{ z<#P|t4m#|I|H8ZXu$hBp#vos1*zbxkgsKXl7&lgQ+gam7L!I~kll7w}G(4<#6Gcv9 zveKwK{+f_^XlN2*V8HKSnI%ZdiScy}h7<$%0jQZ^7hYoswA+plAsd8DMQqQ$q|?8a zaKDtWD(5>zMDF4~+IE9jpIPD@mLpgTVd({uIFw<38Z3H_5x>YK=GX$1$K<*`6a}Bj z5RlGY72oHi<_ZF1<@c&nHXlELMAj|vk^UqajspB%rN`zrh(X#}a+Ow&E15_`e<0z2 zst&${QtULKD7T8kRL)~5oWF>H$t@>B^pZ4l3=%#gZ8Dhm zLKseWxD@kiD7MXafCfb);Mmy$M4wc0P=+zb`oYD1CGLf7mKtm5)_2HvKT;EP{7aSx ze)Z&`i~JU~zex^P9B;mq&h=D0A2dgm)|3~tGK6L{SW_&@iVSlEp?Kh(WAV*T--$tJ zgt@a=;DRmud}_EBk%<48K2SWUdcvzzc@{ITS`Mcp{^eI%sS{OH7h;Rh(WF>A2{0SZ z;K7vjl&MzPQlxme{NM~ydrP_tX_(1*#U_pGT?l^cyrOW}Nj7t9d9UX(wDZfgMNU3M zMiY{1X7X`04QuDt)#hvXOtD&VqluYvbQpG!g#ZAr4&enf*;y`%CK)TTG?8il=mLK@p4r0Sx==>vLks@;IplIx$h~ zCLor^Ohuw6R6)U8-H=6&^W8C;;Zx1$D#M$+Am}{W$?DakriJsCMMyU zV@~4)%tA1$i9n)}maaMwzrS&DBxt>|J-L+o86&$ypwKh=l?IN9t-Bqc`ywRmEeVd% zD<^buP~Ej`zhKwV3Di@31U+MM?FL~0)=uts-;0A&0yXMh1DIasj_?WUyzCIAKqn(DX;PBFj-M9#A0)XaSKA>Yozl7#6 zk9sx|jBbrDxs;E$5yr?mJrMtd5er*>QQi{SOi>k+!eJWBaTt9vzf75WuQ#{6!0C%q zj`*l1X# z!6p#~tB>&ma*HzR$w4197J}P6nIz^&U4$KeZz`Y5Et>t1Eddr8f=DYlIAz$Vk<)0erWH?s9v6SRYpis)8HV5_{uT^8&W}L&_w5tawCuSSA2U}>uN`D(edMZ zWAJX%|4o4~w!2`yDPPXY2<$rAvbV>3k3AxY`HL3c8IT+i+3MjT3p=@YA_gB$+28cW z>$;aaGx=J<;=Q<`R($;DctjH7hmtT(Uuin8alu+e5y$6XMfLaPEOtH}%zX^YgX(U| z-d<&8JiJQhz1r5(b7-fVU8SHlxoZIji9t2zTSRa(Y7p3CGLrJ4{3N(lRxmt*ar`YE z#1g9aCBK-KfO5$H9`;{w@hxeGZfliaakb+bw{|ure&U*6WuZPAP0(*3s)F*Iz4@{R zhktjIbm5G^M|-&yh<`|p;ZUFV?t{#-VSebq)bSdrB+v4|ermj%fCHVofyr$#-}H~@ zY1CgVs-dlUw7;#gC9L&Yo8ar__dg8sHoPD2?N1Z}vlh#Iog|-xqh)FFlAld+opf2L z{3X`O+>y;-w9{6(sf5&HiZT z9n>OAN7+aoYal1L>9`z#{5F}tih z{c*J`H2E-wL--vL)f^6vI6bz6pt*cZx=lB0|9Z$&d3gP#BK?KC5RxF9K^57yl1WyU zD6JBsxv39ENY|w+RfZmd0jd8&ffFUlqHsQWYNrV@H+N{dbh`2)t1;jxY=A888V`Ou z;)k}_TP}}R7)@Hz;p2>QbEa0V?Vdn8B|#N52;kLhbGX8oiXl!kDJ9sd#|%@XKwq6{ zvb88-C{twTG$Ws3}j zXVbx}Zy3!FFtd}|X8aSWL#C_KIc=z-Q(3%G?;sR~8zk{Kc((1c;=`Vouzba-1MjP5 z`*f|*F4z?LjnkN?Q?g3finnz3*CjAJKQkm--{ab=j z-ExUfQOoEHx>(_#ea=D^-&7M%=9W)cs>JV%&;E?YURxj{FwI)-a0wF-Wkc&9;Fgtb z<>Uq`BcHg$`0_yO@4EPn)L z(|?mY%Am|D5&9q}0x)BO=Srh)3V-eze-aFA7etm$sRt1Y&^lx9%FhemL>&v81gXLr z*oCN0t#sd2!%@XKK}+Y@cvZkFuQ-*MYQpUUK%!G@Zo=z!LnECzjIVKAH+x|nwMZvs z?Tqstwt+JR=gsWv-_y#xh51bAroILYFB&EF@q13leN(34rl`4MFo92bC`!y2;JTt8 z{BdKOH*&Q>1VTGIm7Z^=CY34^xDCH1?H(}XC4-!<3_mJYRG#Dec^?@;1Hn3}g;V+* znl_-lsENN0#M)ge`dttVa{{VIS-dDRr5_y~kHvO^B08UTprHM#R5hDe8wa<$(ZrQi zT&cks{$Z`3sI)Z?8mz^8g&IkN^3ZlrlcQYnmUJ4Jv}Nr5jiwciWQ_2zFf?c$*zJ4O zub=@1oCmZ^jhk=M8%S$-Vo-Gi$WbgGd$boW>s-{S)s-4`Pv;<+hl)13-ioiTm=6vL zD@^m!^+lBJ3{J%>d8zAwp_Ka8X&;mljl>My4%*5eHL#_?+>(OqqVt?~B47m+@5L4l zmhVY6ztIHJli9yzocq+b5l29oeO0%XTeT^xLA05BmGjl|eQ}2Qty(T1c@_ zMTZSL&R30`)7?K#E|FSSSGwdaATl5087K?Uvn4~r&)q?O?*0xT;^PTG3EvF9HIb_R zr{y)FzN^NdZL63nV_jLYYC!CF2y>vEaz`&=RebnoP8z(2-K53b)A|V-kcR%G!1R<> z^!S=DKK;}%$^{hAZ+@nSU;!LJLKA9{i<{_VrCPg@enIHp!uD?F%_=QN=uHsN(CTyS z)gO{0H@k#~UU_Uh#~Hm}yHJw7kEj^YTx(Y(0p2!`nKWtQ#-flnpUtc_1?Khv5#Li( zPJTqxQVRDeQ7?Yfxc1i<958p68_izBg!*ot^_E6elk--Ev?6~=16lh{(yUE+;PzK? z7Or!^G3akIDpH=_!`{}YOpGVg;!YJ@mLSUdZwK#ucvZ614PNs6qw7_z;CK_l^0Qt^ z2el$!wHLE^ki5i1`&D=nqMfF5a#AmbNC+#j(=6jY>jX=`)1vds((>coLrPbVDkI}P z1GEeh2hn$^U^>hVjL*?}z5i={kl?LK{p!dnC_OjfX3yX_b{91o`5;J6uFNhi!MX9t zd3vDy;VY9YVZ|~>w>zmalskcXfy2KB5$m-Rwr2=0C4~r<`f;RpZBGYS8&%v4!s~ztq_MEUx_{&D<1aVUY-`YK+RkIY!7^eGnC&}y z!uj?oS-Y{v^L*hKB{*JF7F0Hv6Ykx;;*f4$Y{}E;wr$VZ>DqC8!FgG*<}@Pzz(0)V zNbs?N!E#mQTOmugJ~(MB+&hi-!+K(55dR^lkBd7tVJ2@7VgO@gX?Q8`(>M zL;l_vOt$C?G7LbQ>!)rl5kUhB;pLLpS+&$9?7Zi)lZG+^sgnjj@~2l$bR^fduI`ft zRBVLTqj-KAm-mn0V}5Vpve=f3%t{l*ylksm4AhH|%sSq`O0CmF$ELUj>kext)6MjN{u$ztklwErTVL5#P)Jv_{F--L+#e?r?V?oU3gX}}Y zZW&#G_L)A4eA{lBybZtJgfR)-F2!l%Mli3(*Cf#N1iZ;>j9jkQojFT_s3i|n$@Jj= zCOxlF5G|IC3S$=xBdF3U;qo{|x_}`EIJpOi!H4n_{7~Q-+=cnWkKkSO#Q`+-RF*u? zy|v4F?Kx4>kBaiJ2a#$asLFB`GLvnV_6wKgV8e!8%k-pU607}3@Sodk=;zFCLdlc) z>mZ5KR>8%eEIx&cv=s~H_WU6A)Wb^;c2C#KEK?^wZpj|i51J`XxjC<0leAARolC8Rn84n@2lZ};xy zj$8Qrx7DYFjM7Y4Jc~q}7lo})y^HEW^y#QA%IxknX?*HsrQ3~G0_X0j&eXb2xV%)D zyi|qjpnwG0a0G*>x{i2kv=O+3=d8g-0#>fwF*r5IR-~n^q(N0^Y_oP>0u~b@TYYe3 z&_y#`X0Hanl_wFjSZ0SA#(W*kr!BGnROS*jyN-UK+(+cw$2|51A?Qs~*qUz*rGh5b z1il)z&$$i&J8mCj$$G!`S|ta&x)~RZ6TNEwQV_BoeukBxC5|eX7M>6l@zA9*;UyNt z_vXu}_0a}ZKf(%$iMEcx|3!7#NjtJ&V8=g$YZ8u)KXKxxllI>%5YTs|hH;ZJ?YDll zBtynsNL(wXNATBA$J->jp_fL_XKwA_b%u8qy=y%?UjFLMMux+Gcx_hfwV{pt2kH#{ zTe*yI&(qUms{xyJtm9-n@# z*x<_k!qV{k5Ij7xot!cMj=kJ|GS>3c)vr+`P*=qC|Hsi5eNm$y&FVCbdZRi;TN$H) zgp-Nx$6?iG+}0B2fBd1z?4|d=U#T{Clr`+BRBYt861Z(k8~cw(iwk?}1jk#JHCejZ z`wm_+-HW5f+6()t#HBI;i3GtpnXs9vmwOGH$`vx^cEet~NiY@UjM}P0X%?xxP_jHA z3Q3sjj$;owwMBfxaL&DD+wnWzXp3V9QE;hwsE#}#lvFjoo=4La>|Wi0Wlv8*mBpyy zOROtYr02V4nNh?jw(mu3XVMhgiTwPz0R|NxTScwrTl`nn1!0Fw{*NcSznyn?G%X{x zb(JAU%9n`~m_&{}u?+y;mtaojt^SBB>Yuvd7$`dZ+%KH>&nLnYA3Z7S@4D%F!f!0GMJ7|cV~P4rvu1wg1^u+8CJMB*985^4EaCpAk_u$j!2F@;jLY>d+C zx`5)gJsk7#J~JuCsfdV;Hl~}iVR>N9Ib^}htOAKze$20P#DDY6>EEslDZZ=y-l`3X zSYLs?U3Dfcz*XE$v$-z!(Yp)xiJ`pp)vX)Pd@;_4%*^6t$=E!)cNDGxEkc-DN{wm5%KFnBUH(JG3R1$UYlxOrLV+p z;IR^q4CPtDc1O8yi%A&S@_iQ+zS9vuj7kXAr)S zO{|)bE5FLeFalMUDAdxhE?bRZ_7dRVuK~WgxYqu$Mt#CY*ESXdeElvMsw--NEn$>% zmP$eYBf3kLbL@Lw_UMw1un1qsdv1$q1tU^z)p4xUvUCw=0oZkFK9-~&iQYKI>Y-i0@FzwyGnuuQ2dUpFGOf`{1H!;+s-<=F>s6V%Ump_HN6T?*w(D}U zE&~!FTq1JAKJqC-em(s61u&F)pOsU8so`X4lJ;q9AzGy=x5xA=DK-b#w83AJ{s(*R z8Ck08+67iRTxr?<;jlyCA-zoD5c+hv6Hsus@Hkcu;ycWSxG?~mT!(1O-mrqd<@^z3 zH){*{Hnz3ucCgjD?9fkKiTES_0w1kJ2znqaC)EwGWqq(&$ZA5lqk1#QZx*aOKp`;Sg49aS-H5=mY4XSop$H`x<`e zqqTbb{=_p*uZN?RFW9SMJpj_b@c*gfJcF80kT_0)bdk_Sid5+xAr$F|q4ypLAWcL? zij*LP&J*c1K&Sx)Q4x?LC83D)UZhDA2!s%t(mCJUhr4-mxBFpdXLk1c?*8{DUzbHj~n&$1jSEzTW-cb{R5Zi_7tP5??6 z>Dc-4Y{Iaqw4&UvMcB9|bq3$AA#UKhCcOxmUA*B&e*u;ZfW(=Wh;ZMkB7&w4OWmRy zsWqa8Zzb_$cz*YUkpEONR;58`=n)sMzaTP975oJz&z80+9@a-P#Erx_#eNbMQl?W` zIb|f60)|Sqc)0o5;r?`yT<5Xw>E)jRr^1OSVG{=~F5^Qt)5V-^#uA^H-^AB&5H7uF zjxR2Zv*%{IsZ4_;h@?4h!?^yCY)H`~EBf3-yu_llD*e$4d{3~pH#eNk#Gdy-(uMwQ zABB*u{pqKC6xz2v^;V#yLUDYib2exWwOZV->lIaI{V_&DZ>-SMQD%rIMw!$Nx*#hT z`+V2<&@(F^e%Ci`wsEyh6pU!5KDvnxUuyG!Xx~j26@=*+WHDwYTi^Pv8){%?X>(tO zH#;|4DbFzHLQi5DAC!E*YXJ@F`%ti6am}QhxBjq!OrLLdcdTS7qhe#Q-rzKNplVMP@<4x!INP^@M21k z*3$`JcE#G9osT)Q_h^^z4NUMV87W@q_(9DdFj8M!_q&oKsT||KerpyYhuu|?8oYC) z<=68(_`;j5K8Z*4L2|!Q{oAqe{2wEqo6_KNM`&x z+Jbln9)GDTlhClq&4)!H`Blmz;I`_+_xd2bG0U7#{y3UwfUMbRbRAbQpa;l}h!1l~3W<$4+rvLfqWg&(x)b||=7;JCzO7lxec%S zkrGz6u9DxzH!Zgiku0;1)!YzquPiY6E%22UT`UVtX0O|VF#t|N$UGY$Hb zC$3T~kDAu`*#LLKh4Fxn8i%nXv}|NuV{wk;sD5_uf#EplGiHpZDP=-8h%Jv$t?Wqe zV{#SuCXM%ob~ZF=5@i4ur;}Uz)p^F7tuGw+?c0vRX}whsVImZ@u%(WAJ-!*hBm8EH zv-!xVVVv-olh+u_1JsS_g%TT4)C==&Jr_|y>{-}t&nyS$h%C#haF=fdPCCwMiM6!n z7NF2Ph{I$+YU@mhusi{6qj$6AX1lg+rAqk^&9s->Vzji0)s6D?x;9Av*?v3DW(&t; zPqHTof_=kV^V#Tp_``QN_A^z@LV~PI!(&3fnW5t6sbaRXCG3H-y!772I!lm{ee1gf ziNvkYy5Vf43t87OyzQqz1dp`>%&!O6vA3Rk(nm-ifTcvG3REE{2D*u3!VBSWPO~rB zX8@U6>wbpdqIrsYq|tW@l9*jNzHcRq>12P#W-J^}VgZkTR(*eV`>S%0mZ0ht_exrk|DqCLYyn9D$+u~|tbs0eM`fz5Y>(A{X^WJff z`YC6Qbjr1MD!}niAxc_epFFD$II11aT*TwCmQud+YKeQ;KqoK{kIBPu&@zs5RAQ zGRl$^OC&x}`t@o%l32^w&XEMH55+BJcKQy+6aWQ~{05OSmJE;JBU;2K_cA$= zNq`7MJWJrz!$S02_<0vn!_0t04SO5hF7AO$rwYQmXvk?Px6#pUpM9jgdTbhs9Q^^L zw$JDaf}qlFEdH4sFANw>Rwf|t2l{mcFoojrQ?fbn40B|0!m^7y{f}X@7|f{6FN_eW z*?qB@vw^{!U1d-~@Dm)z&BBX_K-P3S{yqbteM2aiJl%QShqw3{`GysJF28A!I8S+6M7Q zhQ$v<&U-QQuQKFLDkhvzG8|k45Afwn6rY9;JLEv7PwUb#eYr#dRUPy1KQN#Tp>ujY zQDl~(ZSVqFss6!lKcP)+Sn-&9gM&#cZk=uZbR@6o05rkAPCT66 z{L+OG5Al7;h|eSx1v~~I1Xsx*pr3|_a;P_(A)uuTYa}tQIl|*Js?DQS94lciIBa)N zmns0ZSS?c2>mTx$=Qxv|Ssl||nK(F0WDm6TUe1-s<5Ux13@Hy+2)lshYdb$Xx#f51 z6!roWZu=v(*ISB;q&~sVn>OL7z*XaNd{as`uV8rSl3x|{89mdwx53>)bq+4i-Ma-%4Y(E$b;U=}>Al62ESD2^Mu@KDBO>B3JB3E7TMV)#iH*eQMupY4jd0 zxY#IvWwL68x~!raFC5HlnRYCSRNHa???26+29_63ZIT*)(%fe)7dDYiO5=}!?0Ed) z2E+@dW!f5yjZIZ$d1jo-4t&5d`{YC%Ig=k`&epAuqH4&XKrFlZ=8LWbU=Hm_{C9M) zp2^D9xCn)en}Vdj;ZirRS-I=x5aX`{`GA^lEDttm^&jBJpv8cN%FDH}zxb?q_1EU{ zvOky|pRPv;eK2=?ctw82!Gb2%KE-<|8Os};V=VBE%wDttQjrVq{A{lmX#-y z7o0T^ z?AIX;R)zjG=>cI*1QGck45-*tx|61g0W$zZ{}ZLr-21x|2Tn8L&4*b@x%fRnodwva z*f?T2=H}f2Y_!7Duge3q>h&e1TN&RK6|>v=iVdJB??>bwzgA;ij6rhJ+Z;H}5iA>L zp!(Z_AqJ(epzBv>S0?%ZAQQ>|=bQb(S^Ss%AKKYJoBR`q@t+P%)c*sIVWLk){&xxR Nk4OKBiw1vZ{{rE#q6Gi| diff --git a/Solutions/Azure Key Vault/Package/createUiDefinition.json b/Solutions/Azure Key Vault/Package/createUiDefinition.json index a47121b6474..1911cd6292c 100644 --- a/Solutions/Azure Key Vault/Package/createUiDefinition.json +++ b/Solutions/Azure Key Vault/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n[Azure Key Vault](https://azure.microsoft.com/services/key-vault/) Solution for Microsoft Sentinel enables you to stream Azure Key Vault diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity in all your instances.\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 4\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Azure%20Key%20Vault/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Azure Key Vault](https://azure.microsoft.com/services/key-vault/) Solution for Microsoft Sentinel enables you to stream Azure Key Vault diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity in all your instances.\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 4\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", diff --git a/Solutions/Azure Key Vault/ReleaseNotes.md b/Solutions/Azure Key Vault/ReleaseNotes.md new file mode 100644 index 00000000000..4a5bcdc3b42 --- /dev/null +++ b/Solutions/Azure Key Vault/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|--------------------------------------------------------------------------| +| 3.0.0 | 03-01-2024 | Added field ResourceId in (KeyvaultMassSecretRetrieval) **Analytic Rule** for proper Entity Mapping|