From fb84c501f0eeb74fee09c5ac36981769d44153b8 Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 11:42:16 +0530 Subject: [PATCH 01/14] Create User Session Impersonation(Okta) --- .../User Session Impersonation(Okta) | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) new file mode 100644 index 00000000000..d4db39f6cbf --- /dev/null +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) @@ -0,0 +1,48 @@ +id: 35846296-4052-4de2-8098-beb6bb5f2203 +name: User Session Impersonation(Okta) +description: | + 'A user has started a session impersonation, gaining access with the impersonated users permissions. This typically signifies Okta admin access and should only happen if anticipated and requested.' +severity: Medium +status: Available +requiredDataConnectors: + - connectorId: OktaSSO + dataTypes: + - Okta_CL + - connectorId: OktaSSOv2 + dataTypes: + - OktaSSO +queryFrequency: 1h +queryPeriod: 1h +triggerOperator: gt +triggerThreshold: 0 +tactics: + - CredentialAccess +relevantTechniques: + - TA0006 +query: | + // Filter for security events involving Okta user session impersonation initiation with successful outcomes + Okta_CL + | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS" + // Expand the JSON array in 'target_s' field to extract detailed information about the event + | mv-expand parsed_json = todynamic(target_s) // Unpack and understand the details from the 'target_s' JSON array + // Enhance visibility by extending columns with extracted details for better analysis + | extend TargetUser_id = tostring(parsed_json.id), + TargetUser_type = tostring(parsed_json.type), + TargetUser_alternateId = tostring(parsed_json.alternateId), + TargetUser_displayName = tostring(parsed_json.displayName), + Target_detailEntry = tostring(parsed_json.detailEntry) + // Summarize event details to gain insights into the security context, including actor and target user information + | summarize StartTime = min(TimeGenerated), + EndTime = max(TimeGenerated) + by actor_alternateId_s, actor_displayName_s, TargetUser_alternateId, + TargetUser_displayName, TargetUser_type, TargetUser_id, + eventType_s, outcome_result_s +entityMappings: + - entityType: Account + fieldMappings: + - identifier: Name + columnName: actor_alternateId_s + - identifier: DisplayName + columnName: actor_displayName_s +version: 1.0.0 +kind: Scheduled From f4c9f92bac1d7b7a2d476190304d405822ab0491 Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 11:53:51 +0530 Subject: [PATCH 02/14] Update User Session Impersonation(Okta) changed the mitre tactics --- .../Analytic Rules/User Session Impersonation(Okta) | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) index d4db39f6cbf..82ce3635fcf 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) @@ -16,9 +16,9 @@ queryPeriod: 1h triggerOperator: gt triggerThreshold: 0 tactics: - - CredentialAccess + - PrivilegeEscalation relevantTechniques: - - TA0006 + - T1098 query: | // Filter for security events involving Okta user session impersonation initiation with successful outcomes Okta_CL From 6d044a819791f130cc8757bfd95e66f05d64dde0 Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 12:14:12 +0530 Subject: [PATCH 03/14] Update User Session Impersonation(Okta) --- .../Analytic Rules/User Session Impersonation(Okta) | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) index 82ce3635fcf..3b0cb496c53 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) @@ -21,7 +21,7 @@ relevantTechniques: - T1098 query: | // Filter for security events involving Okta user session impersonation initiation with successful outcomes - Okta_CL + OktaSSO | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS" // Expand the JSON array in 'target_s' field to extract detailed information about the event | mv-expand parsed_json = todynamic(target_s) // Unpack and understand the details from the 'target_s' JSON array From 4cfc7f9e3e5d62b6d846202d371e3bb3447c3485 Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 13:18:40 +0530 Subject: [PATCH 04/14] Update User Session Impersonation(Okta) --- .../Analytic Rules/User Session Impersonation(Okta) | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) index 3b0cb496c53..df0e30274fb 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) @@ -20,8 +20,7 @@ tactics: relevantTechniques: - T1098 query: | - // Filter for security events involving Okta user session impersonation initiation with successful outcomes - OktaSSO + Okta_CL | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS" // Expand the JSON array in 'target_s' field to extract detailed information about the event | mv-expand parsed_json = todynamic(target_s) // Unpack and understand the details from the 'target_s' JSON array From 7f8e4caeb0824a17e43193d13aeacb1292644b26 Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 13:37:00 +0530 Subject: [PATCH 05/14] Update User Session Impersonation(Okta) --- .../Analytic Rules/User Session Impersonation(Okta) | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) index df0e30274fb..479665ca7a7 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) @@ -30,10 +30,8 @@ query: | TargetUser_alternateId = tostring(parsed_json.alternateId), TargetUser_displayName = tostring(parsed_json.displayName), Target_detailEntry = tostring(parsed_json.detailEntry) - // Summarize event details to gain insights into the security context, including actor and target user information - | summarize StartTime = min(TimeGenerated), - EndTime = max(TimeGenerated) - by actor_alternateId_s, actor_displayName_s, TargetUser_alternateId, + // Project event details to gain insights into the security context, including actor and target user information + | project TimeGenerated, actor_alternateId_s, actor_displayName_s, TargetUser_alternateId, TargetUser_displayName, TargetUser_type, TargetUser_id, eventType_s, outcome_result_s entityMappings: From 3c189f555536b7d2400928fd27de2dfb2ef1f619 Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 13:56:40 +0530 Subject: [PATCH 06/14] Rename User Session Impersonation(Okta) to User Session Impersonation(Okta).yaml --- ... Impersonation(Okta) => User Session Impersonation(Okta).yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Solutions/Okta Single Sign-On/Analytic Rules/{User Session Impersonation(Okta) => User Session Impersonation(Okta).yaml} (100%) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml similarity index 100% rename from Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta) rename to Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml From 9f7dcc740a4d6b16fcd3ddd94997d6e0401e1bb3 Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 15:17:33 +0530 Subject: [PATCH 07/14] Update User Session Impersonation(Okta).yaml --- .../Analytic Rules/User Session Impersonation(Okta).yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml index 479665ca7a7..dcf056cb60e 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml @@ -11,8 +11,8 @@ requiredDataConnectors: - connectorId: OktaSSOv2 dataTypes: - OktaSSO -queryFrequency: 1h -queryPeriod: 1h +queryFrequency: 6h +queryPeriod: 6h triggerOperator: gt triggerThreshold: 0 tactics: From 8a8c41803e1e215f94a7d765dfbaa67b71c74c3c Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 16:40:12 +0530 Subject: [PATCH 08/14] Update User Session Impersonation(Okta).yaml --- .../Analytic Rules/User Session Impersonation(Okta).yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml index dcf056cb60e..1dcc08b048b 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml @@ -18,7 +18,7 @@ triggerThreshold: 0 tactics: - PrivilegeEscalation relevantTechniques: - - T1098 + - T1098 query: | Okta_CL | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS" From f20bf26e3c975bc88bda5988c4f9e73368ae7fbc Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 17:14:11 +0530 Subject: [PATCH 09/14] Update User Session Impersonation(Okta).yaml changed the mitre id --- .../Analytic Rules/User Session Impersonation(Okta).yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml index 1dcc08b048b..35c4bd169d3 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml @@ -18,7 +18,8 @@ triggerThreshold: 0 tactics: - PrivilegeEscalation relevantTechniques: - - T1098 + - T1134 + - T1134.003 query: | Okta_CL | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS" From cb9f890b5cf7dd2983f0e45082744e736d6aac0e Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Fri, 29 Dec 2023 17:36:58 +0530 Subject: [PATCH 10/14] Update User Session Impersonation(Okta).yaml changed the mitre tech and id --- .../Analytic Rules/User Session Impersonation(Okta).yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml index 35c4bd169d3..54b7d03c0d0 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml @@ -16,10 +16,9 @@ queryPeriod: 6h triggerOperator: gt triggerThreshold: 0 tactics: - - PrivilegeEscalation + - DefenseEvasion relevantTechniques: - - T1134 - - T1134.003 + - T1656 query: | Okta_CL | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS" From 236f1feb7411ba2bb70adc74e2d1aef1ab80588c Mon Sep 17 00:00:00 2001 From: v-prasadboke <117061676+v-prasadboke@users.noreply.github.com> Date: Tue, 2 Jan 2024 13:31:51 +0530 Subject: [PATCH 11/14] Update User Session Impersonation(Okta).yaml --- .../Analytic Rules/User Session Impersonation(Okta).yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml index 54b7d03c0d0..798daf63d7c 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml @@ -16,7 +16,7 @@ queryPeriod: 6h triggerOperator: gt triggerThreshold: 0 tactics: - - DefenseEvasion + - Defense Evasion relevantTechniques: - T1656 query: | From ed8ddf302e8096613a55cc03a56c30a2c96e57fb Mon Sep 17 00:00:00 2001 From: praveenthepro <99244859+praveenthepro@users.noreply.github.com> Date: Wed, 3 Jan 2024 11:06:28 +0530 Subject: [PATCH 12/14] Update User Session Impersonation(Okta).yaml --- .../Analytic Rules/User Session Impersonation(Okta).yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml index 798daf63d7c..35c4bd169d3 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml @@ -16,9 +16,10 @@ queryPeriod: 6h triggerOperator: gt triggerThreshold: 0 tactics: - - Defense Evasion + - PrivilegeEscalation relevantTechniques: - - T1656 + - T1134 + - T1134.003 query: | Okta_CL | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS" From a72764c21e6d2b7703494c22b92662f8f70dfe8b Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Tue, 16 Jan 2024 17:36:58 +0530 Subject: [PATCH 13/14] Solution repackaged and correction to table for CCP dataconnector --- ...ta).yaml => UserSessionImpersonation.yaml} | 2 +- .../OktaSSOv2_DataConnectorDefinition.json | 2 +- .../OktaSSOv2_PollingConfig.json | 2 +- .../OktaSSOv2_Tables.json | 2 +- .../Okta Single Sign-On/Package/3.0.1.zip | Bin 51926 -> 52645 bytes .../Package/createUiDefinition.json | 16 +- .../Package/mainTemplate.json | 1144 +++++++++-------- .../Package/testParameters.json | 46 + .../data/Solution_Okta.json | 3 +- 9 files changed, 698 insertions(+), 519 deletions(-) rename Solutions/Okta Single Sign-On/Analytic Rules/{User Session Impersonation(Okta).yaml => UserSessionImpersonation.yaml} (99%) create mode 100644 Solutions/Okta Single Sign-On/Package/testParameters.json diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/UserSessionImpersonation.yaml similarity index 99% rename from Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml rename to Solutions/Okta Single Sign-On/Analytic Rules/UserSessionImpersonation.yaml index 35c4bd169d3..bd4fbad2cf4 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/UserSessionImpersonation.yaml @@ -43,4 +43,4 @@ entityMappings: - identifier: DisplayName columnName: actor_displayName_s version: 1.0.0 -kind: Scheduled +kind: Scheduled \ No newline at end of file diff --git a/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_DataConnectorDefinition.json b/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_DataConnectorDefinition.json index 58ab8c70c6c..ba2de7b4561 100644 --- a/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_DataConnectorDefinition.json +++ b/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_DataConnectorDefinition.json @@ -1,7 +1,7 @@ { "name": "OktaSSOv2", "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", "location": "{{location}}", "kind": "Customizable", "properties": { diff --git a/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_PollingConfig.json b/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_PollingConfig.json index bf9fec2e7d0..5b111a95ba1 100644 --- a/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_PollingConfig.json +++ b/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_PollingConfig.json @@ -2,7 +2,7 @@ { "name": "OktaDCV1", "apiVersion": "2022-12-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "type": "Microsoft.SecurityInsights/dataConnectors", "location": "{{location}}", "kind": "RestApiPoller", "properties": { diff --git a/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_Tables.json b/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_Tables.json index f2be8282dc1..fe237575884 100644 --- a/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_Tables.json +++ b/Solutions/Okta Single Sign-On/Data Connectors/OktaNativePollerConnectorV2/OktaSSOv2_Tables.json @@ -1,6 +1,6 @@ [ { - "name": "OktaV2", + "name": "OktaV2_CL", "apiVersion": "2021-03-01-privatepreview", "type": "Microsoft.OperationalInsights/workspaces/tables", "location": "{{location}}", diff --git a/Solutions/Okta Single Sign-On/Package/3.0.1.zip b/Solutions/Okta Single Sign-On/Package/3.0.1.zip index 4124be197b8730ffdbb9f538e30f86595260b299..f9f4bfa9631aca8253955c26d86f07c5eb4f9538 100644 GIT binary patch literal 52645 zcmX`SQ;;Y;7c4rqZQI;q+twc2wr$(CZQHhO+cRf>=lu6prSgzGtX^G})vG#*yc949 z3IG5A1b|c&gSuyn(|7;^0DzGS008>GRYM13eJ5iTb75l>a~pFfb6Xoa3rAaOKV)r&0soZ;9Uv}i5}^2|v?tfuUw9EwXeJ)b?VW9>x> zTB{CO&tTQp`*&Vn-I-atzaQu$oVlB3gh)H?L!8j3OrK^f52S-ZrCxMM@g0P}v}^_# z=OkT?g@OC~cl`v+29(1VPDUWE2hWY824qU-MY5r@j>ku{<9EBNrMb=@EGq$}^+;f& z9(2To)j93^X&*Ju2vqdJ^>c`-HZW*9rdxNy>}4RVKBGhwQBItRj}-tBMc*PnBQh|- z%r#YKskS9s6JsmXLi#jTMn)$CW4?*wSsKXRt~!dNcguEk+eEo1su&pagu!utnvi}S z8T;1lFrVBB;hC2n-en!46Q? zhnad&B|BMWkvx%98Jcp(78?RElcmf>0ajnfn2WEqwFAyY8{i&8IK~9V7HPv>Z3s>R z&hr<=*A?Qy03J3?QMC$-r6D02cs*FT*~}=7e9eBo>Xz0sSVT8hoRkv%Ey4neufqdS zjN*!-EnB9vk&u8JrO!h$tsetg5L(^83G;TfyFRB7%8r4ijT2qZ8WzO-F$Q>P)PDhx?AQhgL zj`}Q?drpcLp)$|L=%Ox|u`q{*c$Ww7$FUFgk#{QO^&^rQS-ygp)ue zhE3y>K}>dfRjP$?J_!$hH>_ZjEt{qb7Di;oF~ii!$nNZ2@YaEI1)X)aUcX0X3<(9m zyWDQMA3zHz97I_pANw6@{i+z2WqrPErWL`kwyaaCo4EWZcO}?aCTdXXjQ^AjiCo7l zE`z;tRnM99slhMTTgReXfy2RjNgKA^BjqnhCvLS~uhj@5kOt#NSm1$UlQ#ZY^*reH z065hmui`W&1mI@5nwJt!S8by7d01-#v@)fb>YA7TU(FE$c6n^xWX6HYv!YqmfN9XX zW!+ZK;#fwIVOKFztbflHRdWn&A5IjfGN)zhp z(4JV0V125NbW@V0q2brPK+gIiO_hDvF* zaHkuzZ7{^nZo-NUt3SQ6;y6y?)VeA&z~5YH)EGhqz;z4>Zpau|}s zpKdI+F9omP0q@oF3W0(U2u~4lb<@5B zM;A-EaC_k|X0^KGCV$A;4!k(+S-fpe8L+lhY`S`n++Yu$m+e;=T78TGmu%h;JQ+7| zuHDPVf+|#Bp0c@QS&}8Wkd0bwd8gY~N4dwxnZn1JZr(wQrHa{`Y}b!d+zg4&&DYnw zOEzqF5i2R;18Yo$QgzaVi)5g=9h3!Nn$Ii6eSbw(s%I;%j6XE~qQ&J0_3X(pCXf9Y z1DX1o88%9Jt+Q7MQLU~vQoC12u}Wp%@baMOnler&%_k{T{Wo?|KzG4qG+$7*>xWJ1 z9P|!gf3>0rKT~J=p~WSDo8JlI**xS46;k^cECF;gVRaqW;-XCfHZlr@lp2a%k9ee6 z3dhF9Ir4@)<*^sR6m&FBAGJnsz96y!*%+uU@umm#OC`!)pGQktz6>+p_iC(9ez)P^ z^e)ihZ9Ks3<66+2_nVB{LM4ba!i;o^Y||^2q-=~z(f)3nr=za?P&n}t^j4j@Hy*xD z2awfQhAu$$Y%#1cwPaTKe6p^wjpmCg~WPzAqW>Zsr*F@L@_4BCvx7%*vX4!+F@mch8^PWKP>{WYTaNP|&ao;S$WXxy8K zOk;PJlGmcb%Uf&vD_@#62Fv6l;$|?4P4=~{?!za2?SNpOP)YQ}#Lp;8ZD;dyKR#ZLF`3C#jtl(+cQ|%?DQVR!Y@dAkPW&;fW6DAGn3%yraOtCiU zxH@x2cOmBR4W{^a*6zv--kykb*$&A8P&uVt5j>G+8pO#R@V^_EE5z!1bPqa33ibi zQS=n8+hq!k<47{;X=kcZap5coz|r5EY#Zn;_84{AC=c_*6tm|2W8qiwtSw;Gg_6^5 zm*)>R3*IE=F$pf$g8K!-v=E8kt8N{ry2>VI;AKG(PYS<^EhOom*goo}My+=q)f`tK z@i7Aqs5^p!Vbb{mT;b0#h_b|h-wwOCgT%nW zDXF=Ry1qQ!a~vds0!{*oG{6nLapU`O zaPkmd4SGg_++T_rP*W*$EF55(PH2cfxu4O?{XjR3)Fhc${0N514YD~NYKNVt52_wQk9FG|lBpZ^_ z)lT@DQaoG4I67gdRy;W#7`UNF426a~V-k{wSPC*?q62+>c*o|k-GfK_r2xox1_Cfs z1M_$YRH|VtX)Gi{ig~MAXH1E_4<3*pzz_uaC_g94)MOP2wSX+Z=BWe*Es*c^tZQnX z!n2R$hI@G6J5_qyslVK~uP<UCpyOTNu&yD2s>oQ?QrO#0C&4uwzAa$x) zV8|gHV4WyFM)Sb?DF;s$RGsCuP#r~r$y@w;>Sb%gg<>*}h($j`uDFeBhprH*XEP$o zI1|7d7OE7!XNt8WV`0y0Um?y*9eOaj5?%tL4foXlhz0`;ZF1H1_OR;ZqG4Owr31at zph5`o0FXj7?0%p_{ZTn_a|sBQ zfW=TTi$H}nP|lW+$UEOKd`dd9WY>F&XS~10V-(o;gRH_FzoP+!tLG#waI(+-RLk1k z!NM8Qxun(Oqa+X2gq9qm*Ir58DXk(9aq5njX#hZ#Q;`|!M=6vBbT$Zl^LNgp1zq8c zppE4Oibfa8m*Z6Io@adRzmF%~t{tG4sFQB8o0%#sE8y?_T;J=a~7 zaX(D5D^z3#zRS;0n+9eveK{uu9{5sE+bfm;NKCXg95#`XR1-oBCKG(}FctOF<|C~W zSnJF{hnVd0&-01)yYvQo={`=yWcW(*%g)7?jrZe`x)^z~mHGQC?7{Un>}&x1xa+P; zV$xWEQeh< z8Mq^Lyk6jioxD0O%AH8;pbsXF!POB+uwxo=h`B>4a=ufA_L zxHWAp`%(ei>J}rWEy-tkP&CxRx)Tyn!78|41F z*nEU_%#DGRJ6WUVOk52>YWi*q^c(@F3==|_8NZ3*Ogsi3(xl7M3!SiSmU}LeYS*}B zz}ubkFkCqylgZMBc&w{iTEX+HF$E+GDkz#9*4hW;FJK@6jm0A&Pg(-QnQGYBT+ zFVw@0fPLQZdaQ=zb_JGF~Nu zq;#a>kS@%iU7Z*!v5&4g1GdFOQl5-bk*gER_4YZ(!A4MAMk@2sGxZ{EvqOd&YG>&H z4YC8egNHl4-M%gMg_~Loyhx7N6)PBQ2jVqu?zf>n$N^aW!mp0jSXvHT^JR8+r?1|9 zP8E3L_fW@Xjr-za&ScBe4o%(Pb!da?!1_yV1k2og739I=Dc!4>{UvvR{!+W(GL(A!}EnloJo=3fYV>u^_ zJX&^@b9QRT>&KvMLUm!2*fzrpwl^`FnPCsUU64|jXIsYZkIVwgp^0D>A71LGR%Fr6 z+kEfM1b!Gkho`eXjAisb)9no+&@@-*gS8d$Y`nC>x!_bQb8js2rS%O5`I}{m-b0X= zO;M^|i4kT{e0#mWK=S{;ZE+C7pbo}nazfe#0KjAh27vg_wy@SWw^25>wzK+YUi@Ff z;!0c7akDMKXSd=Tp5j_{yoL$)o=m}%x^(4|ow?=^+0)SUgwVyD0I7++L>yLP{cwEz z=f&C&-JgUa;6a2roCSSTxNv^^4J*|K;p5@ssOQdJ5Y9JxaF5Reyb6#D z28rS`T(}+`tO@toj{kRj;*_KxPPPn0_YBxAD0Q4BisGD)hYRX(P9`qk;Mf3Bbli9L z(NsAv3DVL;RwT^4dU8&eYz{+`$v+NT^z4hS|7-!;#v6#w2Kbo!Y<@yli35#&fB-sd zT;d?~kE~*Squ3pTyB5NRbe3=*ZK_|z0jMcSn~aHkMGYR;(6AKWJLIR7>aC;jfgR@h zQ7DBL-OCI7qpFRY4r`-PmjTxUTDo*Myna9mqdnZ5Q+l2sLMS^0)OoM3Bq(<8lE@%bSuTT=c{m~ks^5-!^elFxg06XDYzLo+L@mXppLq{a~8kr>B z3H_P=$vX4V@EBpdE4)mH0=wyvsaRRr+~o03#?J%mZ6&7^$EPan`npywVAR~6&M$Gh z@f(CfgbvDS-1sM%C=`E;yt4e4{I`Ste!ZO4hvu(da7MR}&d%;`ulZ_s(F4|W#ynZ^ z!>qd}1%N<0aaM5a8AacZ;lVoN6KOcaUycn@w|I1fTo+sEgyRB*WTYrQfY)h{`V%!sHmL_9|B6vskOIp3(TwQr`Vg+q4R9KGw~Sc0v#idc_CuehUV+(Uu#)d* z#3rob!5v__o)l8wL<%}?Is?$R{zOPwFb9UXv_@DtCY%xv|KpH_$cQS0AA^Emlc#6R zsi=jW6H^yF?Y|76|9y^-Vy=rf@R345Qz`-uak&{yqJnOH41f*Rcr#KGUfom&wx|7E_v|3XMpyaK3)W$=8w6nF}jPIiYAU5B25=*Jyp*6-|UtHl^ZY>^{X z`E5ZY6fBF+3q+LiVkfa2Ko=&^v~-juRwQ-z{C!+pPD$+0^3{yKBMJp<--ywioc4wf zC)e5(IXe}LYjETARnQdNZaMh-U?r2|Tc`|^>oI1P@WEZ}Pnh+bGq0XYoi>bq55<n)zPc65Fx)pA@~ib4@=eqALB#OCt>d%En^3+E0XuNQF4F9I3+2g?m$ zoHIiPN1#@$h32(3iHsQPz=HT#`j|H+oEScSSn?nW>uS`*w3(O}Ot?WzP zjHnD@QLrqOJXuoy6@H_AkdtHufrT!UOm`XgM<&H>hq{pZ8jQkt&`tVD#SyBnlFgE8 zEaJrsIBAK;9?1}KJsnI`l4&k0=3DuHXqM(=?n?YC%0f!0z(OeXE7pbUXypiEwCQip|gg}d`B(33VMpV zFrdi2`p@IvhZEzXLVx2+&U#dtL9Dh^-jEtL8qh6^s+j5iJ{O$-;4G>A4~`9UEjtAj zi!Bxk?s*C)j{3xsi{1vVthKQfmau~MsC>15$>xUqLRT$PJW6yo5|wy{8gA2is)9Hc zdoixT*%9N@&(cc%>nNvm2c2{;*hq>#qG^Rx?X+TuCPRG`oFMX|_QySw?7+Kyk5ma& z7~ZK08Lac0e70Yay{$Wn$Xh(4cxy_ot(#(=XVK^f_2$UmcYE584T|12D0-i4L6Qa4 zm*k%fyHN2vhdZ*;x?DnwGg~}XZfIMcPqX^4N{Vt&1QDubgHV+u<)#uldD(!mM$=ON zYmUBCQ~Gr82#Kc{lC{S}92Qz-Qhc*hb?5MB)|EaT%i!)66=25DW}Uon5-s1H>}O^v z`Zk|8gh|EQjla(`r86}w_*f%BOv zH(Oll0@7xi9h!y=iO-#oO}MJ;-i)$oNrl8w9$wUe+nm|o6M;SkhA zl!IvY-xv5$&>}0e>nSEH-UL@&A`Mao>kU!3sRCnz)>P>208HMW2wfY$6vZ54(IO?A zh>kNzJ5SayQQQy!dh?cYuF{*vfo)!N37FIz=#i{Ky6xMK>Nfe8l(v5IhbDT)a@!RF z%G&bnf#-feD%wpCI*U=L;E`;xGIY-h-ceRgs=P(OX~gw~&juzJuRUJlr%&dGUvqg$ zRhXW*`Jwo81=+CIh6y6j+`oO&FeOX98g+$c^Vy$OP=}ot+$!0j2f_EdJ7H}Z?mC|R zm?h+P4)I<`q;-A=|3u?;8MSm!pYsj_Qf;gDXXF^tkA2qDpnAMV7Da?GO*+_JhYWeq zbd=v|KQk|1TejDk3CNS#t$sZgf0fR8lgcurk{Wv*b=U2;#9#w1Zcya0Mgxf?bJ6P! z-jF_(0>iQcWyoxI>dhU&fC>y#)|lu-`4lR6p_n$(bV`w_&q$!q86GM53b5zr$r*US zqjZ~?fGUHy0O3z-0fRGeF|-Qy4N2if?!=+iTZX`0A}PgprO}n}8GR>xP)g#mcFSEX zMwp&dg~ggAwZ;3rFg7Z=8}Z{0k3gk1-6?J+!e5mxA<9gj!Qij0^^=N z*|^-(UAGoI%IP53a{?Ov4XyE1UK~stLcs{N4=6n902j5FZdnEE-L}Rzl0kU1&ZXC&tCb3 z1*A$bv+Dua6#e1`d_#;uMY{fzF6}iX%-anB5LUz&0vL|g&&>)?mLui!dH}-xr?8uJ z-#Q4LnX|YqdGmIBD1-``bKakVCk;2Y97MsC&YU(!q58vs^x-%5z@ih30@rmRuE7aSL!!JLNkx|!RcEQ?;_>x*h1-#)4;_=@1U>N8n zHhccaW5{)bYEcdt_~X2|P_<_dA&Q^KmBOMissKEIq13DQ$$O-{JS6Y;tP~Na+`Fb> z*_LdJncxGIMh$O;3xhV3Pj}3u6n!B^*;_fk{I9x6DiN+x+UY9Sgf;!r^Jb($<|0~p zLWE_qE`O0d=1s!PO0@EOvGTK@_I~>>4K^C5s;W&wmCb_6z7g1q-e!Bwl4@OnKfiX0>|zKjP8!dR)eA$RSmYr!CmNk?=ZmTGt~~kPr7vE`OQZp zP1>>po-tVS00h?6NVYKigQiSznnrQ7Lcu)-Lpu^)~b$=Y?4Df%XRaY>f>V4EG3S~$}&qD z^(R{HRGqf^RL7bvV**6Av@NW#FuP%2pVoa+^2OVlf>q&0PWyer0cbxyH&w844R5I* zQ~-E&J|uKb9~STL$B&I!FMK2{7imBtcx%aM^qhDhv${}zb*R7VvT{4A6MIEuv4(e9 zd~O7`_0B)*B&^4PtCp&oWMoFkHP;o4567+-T`I7J z?J`;Zc0aE31Z*asGQ*T{wDx*{sM&_^U35a!yy75kLF0@PBs;c;-5tK-=2Q#PRhI24 zzxhP&YjoRl*H+A?`CRU6uuWq>jE;QYrG%`v0aQuQ3=2ipD#e`ZQgXu~B18WSn;|af+||KbbLmuYLTUd^;Gl~rKUGxFFN=c$ z(naBRJQbVzoJTw)G@55U*z}?L4gxb}<4dOFW`tGULB>z#ZM(_#c{@M5dfGmEI~?y! zgjXvSGfiFX{&rAigC2xBNT;dk7&m`TIu`D82t>Xr4iVmepxuZm2GHpGg!@arUG-+l z8N9Pq2zv`&ByZ!zmp2s2*R4aP?kd?$By-K;(Y*|}|GKUJs14Bb^1cIn*Ex9dZt7~( zA^4kw`_zi*R%?@`w|F<<@2bsCG6}x(AN_Yb)>6SbBzJV}#nWpyK)3(szw3eSTKymW z{;vPg-{%>6)(58WLUyl)KII(S;ClQHQ)oJKU5jVT_P5|_gl^)7M=HttWSBV(YS%yL z>eHv^R@@WSMMLDUWZ+dZstG$9*iFTI{3y#o&1NmpdujHj6cVE#GDu)hdaHqt@lQYY01~u$>ZhxFg%W?moF&c_{Avx^%={bYn%d?8ee+)k}mUI=Gh?= z{@JpQJX>sY%i2&1!T8{g*3dhRqubdgd$^f6e?jzRj>C4MrG+ng(hg{GWv;e-$6FIv zvF?p>8wbwB1F>&QSd-oe;^?1-jpMqf59Ix5uZ{?{j8D$6*BH$<7RhzQPT`*|5Ask? z|DI}kFwV6bxkP(}_W0=rib`8d#8B|aU_jHTlH|ZOrfz1NV%;yDQmg1)m9|N%!XhEO zU6a2>9h1ShJJh8jF#84kytG7fd*kNuHlMmrMCOR&Z$cw3sc8FWF6Qyte~VOWQ477Y z(Iq0sVyLi7ML2__{)k7hP|DYpoe?HtoKHMrj?89l>hdrew2+8SX&VfA#te;tKit82 zjFG)BJYfvw%@+#R-f}4^4(qGVca`6LqcM}39H!~~R|UbCNr!#@_$CvOk&M+encBjE z906`4eK-hG^=HzoMc75*h21XZrYUetO|FR?5=3K*I&ylhr?=)axU#i-8ueK#T(sIo zl-Wz8H$L%z^A(+AT%N_Eor={_KVT?c+!Z%x|B{3?@cwn^6I{#<=?Ky zh9W-Q?>hi$$_&IbKgL?4WmNOHKrocXDm-(*u52Glrr)*?`82(oP@$gYAGXKBCPNVl z2Lma*4WPNdxd11~Kgs?;04J0m4p+f1JiIZ6AU-2-TOHMYVi-nI60Kez-+h3=@*<4QuVr;^L8rBajYzeG!KHPV?^eh*Tn?|ah! zXPgPy!C%az8|1lA4Gg~@pD&-wk=IfV!jmXJ+#6K}6m4%33{YusdK($en6$w+dS&VW5(MH8wcKrH(U2^o|uI#mrobtrie8_@)cCJ$2(+K6)#1NQQS^=TcZw zFM#A6FW!QnaU+Z6VEs7iFauKOP|cPCM0p-GMVmaq)=Msb%L1>@*dKkEpR!voE!hK1 zMI$%f8Fz!NHNL(uvDARC+qSmGHYM67h?b-Jr}gSSw;cE9U` zdw}M&4O1_(xPlXcTTt=-zTv#y7obVRh-)zNH+%>jGETc zZgSuqPasbaPaeBwy>iLZqogHLjI95JQ1$Va+M+9(P^6BHh3N_#aeknaaT{xAXvS57 zHNWEJB)~z)N!$)7y;%p9DoZ&*vig?U=W@XekK1|-Kgoe_$6|yeyd<5^+!z+%lfr=3 z^Rg0j)#B4h$QE7Edz^KCxG90$uWIubVXP%=AsYzkkh)^q%MpWNzSrT6DWqrQJ%|lq z-`ZvO?T3!|XI4xV+7`4TJKT`PH|a?in084E0Bab86_RHN=92<0yBlkOF$G1p4Af_A zRoq{mk#pQ4UzeOP=ISAemg5sGAA$MGpL863C_r|PKqLO^DRCY+j*>yq>4Ly|Dksq_ zdVSVQ;I%BPv9TBDlH#wIrrS0d<3B%N7(jU>`^oX&NAdog^Wg9qF~OGNKb_#^lDK>B zo;A(*Ug7pRM^eWldRUF1uyR!7WseX5!^QR=;N=v~b}X|P{?UVadQe~~6)gsyxUr>S zbAp-j;4O|Mr$>y%PYYGxg#K_lwBs2fI+5$$h2FgmvPbr*yWN4_Wo$(j!95a^f5Jw` z=5afbqhEr-t;#ZPPZ3+1?!CMS*1TufJjJ*}SpJ--2BfFottD&ml))?Lwf%uL8Vj!; zp=KgIYv)M0OZxI3J-!wdgeQ{M^EJpPJ@Lb#<+6p$Cxrb;EO@bII_&cRD=%USphW4_ z06Uq(fsncf%ujKh}Xtq8m75! zeH`+w@;V>YfhEv16)2*q?8AOL(_Y;+IQ4Z=U4PGQ-J65jy?8zF^;v$@UK|%z_t=^V zm#*IJa=j3C*@rwW%3p}d3|mB7(T&zZ}h>UUSeSWj=`tO+1y4z4{K?s6aSK> zFV?x^(eQrr&al7x4B`-{;4$ZM$E}P+hfAo^p$Zw_F%yR zn+_L~7Bm7mv}+7-hzyqz3Pge8D7bH$9k4Txy@YQ;i0Ge7)thNO968iC&;Y`wm@rjn zaRzTM-lc=nehcF*aq;NKk@(CinCKbA7wN&g7aX@ktUf1JS3ucSL}@6~xuU%qYLtld zB5aY9E^IuWLubt^)SY{Wv7l4{GfB7T8hxea;C0J`SLJEK=`3@nLf|cKL_6LN!&p(M zgxM^<7oz1v!CW9I31cjg+0pwTW7xtPm7CW>oG<9bzzNCxiyj+F+sw@%H}fZ`N5kPa z`=fw-+}oa=MaK*6)>Axt^LWsj8s7%CG;?M(L>1wNN>uNX-lKt+%@8EoKQL8doYiX!XmXL#UUQ)V5^-`x&jI3Z)p(M^Y!>vguWm4+p9Hlhy5X{TC6)3W?0J#ZUp zxB9MCeIGHfeqPblO1GxH-bKMr$w0_tpk}@-d(q*v$?3;MR_YP`tjVi6Xw8a@hR5c# zwrIt6hwE9brg=+8--gd~;qrw^BRkf`<|MTvJ^M~SoyXgd?Xmna27hPzY9SE4Gkp~p ztz6BXITXajxq*wVv3P4{y33Kdb_x1O!7}^DvMqg3GC6vCN`LMNHfvhv`i}&A2L8x; z7u_^%m`vb?r|Tb6pseZi?8fxnkjC^Qa<+ED1{Dduim1LYj0 zS7Od=<{ZVXb#LjXL-y?Lui=mP{uL3yt)XMEVT4K48&OuOI=h~kA$1YIFGHEe=y_A` z2Eq4eo?c5jg(V<0!As6~nbL$|PibyQ1=%E0fxgJOyRnQORn63{n8!a#oRD95q-+xz zrE1u=61)}mCk>m_SEeOXv9*$PZ+3N>(qhxAoG>b{d;$e{?=%hDt9OF=ys#X??|YtK zrb$KpX#J@Ub_mT0!kPi@!voz#EOSU9#OW)l;zDY)iDl3&sce3>%|*Y9%<~ zojr#ZIxa^yoGu=L)q^b;70uBzRIVDHi1~5sXsBSmpE=}+Fg61l%dO{33v2!FuKvJ_ zKEbO3>c83}nib86y(6BGCFP#^*|!THp6%#%r=3pLuNQ;aw+>Q2)&FLhnPZn8sV~p< zw(9*(C*F;BSltUYCnA31KaV3mLaT$bt9RHPPkX~YgU@w@7b;&Ng!LTRS2MO|l&z20 zH(w#t&p_@=e@lO{dvxeyxxWrwb2 z!pCd}!y)(+5SL73W?9v(o|_pCXolsj9X3N*)e?`I3f6;ENNMi;4~AsIpA{1}D;9$c zZ2_KRd z@jj`1b8E8rb+PxQw)B}X@I3KIL$G0bFr?$!2l2Xi)vrAUf9r>&E?*49fTpqw=f@~_KZTuVQp!i@q+7d2Kb(7mAZx*rs~ES zRgCt(2czf=LD}+fHbnPAN!!gfQpfNt^isgj&`(N)r$`b+bXD|o%|@U-O;`35hmm7K zvw6nXcMxfhZE0rZ`kZ*l?g(OH67jsmZ4Rb?N);28O>Fr8DHSpC ze@Yc!5BJgF4?kG>O$I5(Ht@!L35pvuqWns?H7|ju+o?kqX zX^#Axg9kw9{kP&?hM?|ISvbkV*(XM52v^z=<^?t%2_8b@ZrA92nVEr|%XD(c+A_TM zqcH!=9Fjnm4TZ3E8&kxXZTh9-*VHto*$U{F6pH{`MSw|PsZ*>%8+EAW1TdLBsKgdw z0#C5OK$d4e1UoW%F=cXCqLy1sL8+1epXW%et*k4y@vCb4duds*)QlSj=?#uuMgA?3 zep$fj`6%8oJ0Yqe|0nzD_)}^cOO*|_q5>(;1+Dn7XRW~N*-i&>>L_7f+`I%fX7*)F zmZh3Dlj_R(HWm#kP|XV-3N;A;&P}5ih6t!Fzml%`%&`9JnY!38Gwh5;@Ev+>7!vP@ zyMH9Um42AhczA5&7_m1{HLpqGKGTzbLxJt}2)kP>HqO9=yDxMqB+dX7mKRA~R6RUv zMhNoUf~xYY#JOAqrsU_S{fcFlww=aD zAgVD3Ak&2>y7PV1^`-Jg$kL%C#0-g-1kJ86^Qx+VCvL$cEaD1wl%Y`PvRm31;(1C% zU0|+cGykxNKE{SHCy_QQEU{r434r6`oM;Owmp7&mYlDYfV(rZ+nP-q43}B8*F-M~p zamQm@ML7|&xA}#?2kXR55HWLXaDNW2`ue?qOUTw6>G$|w(RXgls%~ws=(GXH3$<%P zX-JbBL2KXP5{2k3J)oI~G~t90@y=7A4S7LXF=_;M!_;u`A*QQ<3q@fVcU}HH+q4E& zHNd`+P&bt}k8e1hG1qR6wrBxAqEWe6<>g(XH$YzI`liStJ=Eb)rc z`mhUvQQ6&p&@*Wr#q;EiokG$WWL{KkKNpqEHDvhx`e;_QMgM*KNDeZhn|6SW3A8_y zR|NWz7^zVS^_624$a7O6)booykL6|ZhxH@6m)BcnrkPBf_FwA-G3hg5Z>UeANXEDS zW=y9yjVu`p0z>wRI68MYfWR_0wd*#LhS!MHNW-~>|8T6u^s0|O;aNg3-#kPhwp2<1 zX}t%wAT&P%Z3tw{BR7wz%Y%rCDAcALnjWJ{gq2V2!*&!MVitlBp)krJUd$z`0DwFT zTBOnI8^dadCbJmgANVACM?g`^FaKcEaWs3mRLTbRYlfdA&~Hl$+|xtFGG6ac5YxX$ zhNt-iW3)!$*}uIBz~9xp+}DX{ARm)7h^Wtil;P{H`P;} zXUn=Ch2SIRG)20`s{Ny>+uO1+43?Z1LlKa6ArNR*7bnl;OsmA1*Z%SG92zFwAwPIb z=opG6trTSyC(gzxSnvuV*L)A7u#AtR-l}NduGDo9w-lEioAwe$m49<6GlC^wtx2c1 zsR+ckU;hOB6br!!7x6ORu@bw^gidDyAQ@Zq{qfvstpttNc+5)*EhZ#z@$d1O5xat+ znRoYry55U8kY^MLXpcsj)eQnmN8u6;(u`m>nFmB7tNr3~1f^r3pNj_pp%e0`uD(m#-dVpPVUiL% ztqluscp|%yjVvK-;=(E#$cUD3`l;MEIM@_1rdURxzurl{mAreEPahUWNsGoOYDocO z!UAVR`G>y(-E|xe#w$vUM11tcJ8#$d^Lrqf-2o+|sb#GJP<+Tg6H<$yQBI(~eVq~b z?YgWzoP0zsTN`(O)xTuKRxgv$^;%ofK1eG`yC!1PE8Jt^zNflDXkSym@g}vhUg9s_vq!@Yc;_6WDV+MS-st#WGaR9=u zgi*NBJ3@Y+Ed^44I{c%I+~ky0s&a_>v5NC1;GaKzy;h-Ho&(UHeW!%UBk)}EB-OWx zSm0ElC_AiyxX9_mEv6I1M2klH;Ta)aiv6Z@5Ld?Ld!Y7^HZGfTI8=3eMdy$mfoAq{ z_?JA^1bci~WetV6=r8*1lm1<{r3-ghC7TCLJV5>pJBlwKNn_!fW+DtV=`FO2`A!Bg zNc&jR&6xTXVOixX>y1))t7T9Cg#_aN8CtobK?Fv=>CGR%aNPY7{0e#lV?Cs|9PbU= z3AaKqV%rxJM<;WHu!(hML6$!(!Yu3A;(lR+rKAEt+^a$Ew8|SVdoS?@>sW$t5+7%; zauV3^=ZIkmVUo}@WquiyFAxsL3Dxc!+Y|oifvUmb#tR7v9$^mn)fdt|5hubn^*^u@ z$?_9VLKI&V`U5?aNCJZRYlw^yf7SG;{1xlAl?7y^%U{Oe({FIBY;OyiMi;cGcSTVk zet`^|ae}Yx&aY7jn*s*dU=UX>xMU})g>f0LPUGh_6{lT>X!3r^m#U6l;0Jlt%HSU} z<@;HRSTC47t@r7R|5f~mYC*IQ^9?oRcZhkBp~eD(WJW_z_?dY8b#LDYz2EwKOh42%XiJ-{_r594q5dQ2 z3+^NJ;zzIVEU?RSE$^6?ul1AV<^Sg)fCU{ioN!^@f2AKh;8hnm^|G)%n{@u~Nj$1B z>a&+IST#c!oPbquF|Tkk;kk4R<`k*8i8Lz!PTVgZW}Hb?=+wnpkU$ju=oMs0QPKE>5hL9?2dDn8Nz)mGFqZlJe1nMC3K}lE zYJy`vf9_a}-FAR6;;f;o z0l}LOuShYnf9EJ{jNyG5HFG7TLS=*!^k>=rIA_+(wE`Ig0Z$%CGP0MgERk71_j`-U zaua~|_%sVxnT_@@RxAp0?lXx)sVD%htLVMzd&HB53$fE+l&or?Bno8`ML!XGJ+}2D zm1yDj{oUl_u&ab+;F~121c>K$5P5(vvPzc#7dOv;A;lHvT`M2X6{6iSAEuv+m=-zE5-W@D z^JO|9+d>Q*WKB>;fzc}%&ynQLU_0P36yPQhy?{;_5oLs%;n|0nhoJL6%>F!b2I;Ej z+>#{293A@xMkjG}C7b4?RmAc(ADK*mAPyYDN}%c6p6uXMQ!hd@iQ=PhWIeSv0w7Oa z=PN|26fQ2emk-Wq%cJa|(hUU`!|=1(2EiK%tFMd!zRV_Gr8L~`9o7rf%dTd$Qhs#7=8IJDZ6hdP>-ec24N$ zdF+~^(v<14`__ zzII8`G4GKg+w%ZfN%j$4UL8Bv*}hy|JM_Km-salf%uTWkc`jM6*ePGfm&9~Os@+&~l5m47s;)KmT{hE2q%$_p+UaTJl9pwU}g8e@Lp+H{0yL{!KeC4(E zu#cCQyvY#k@{eCT|9I_L`8avT8+85M=M!(x=Uv|LtL6=dNP%$IN5iBygvwhDkq_*Z zsJce}uX}J<=!{gi>aRU6fqA^a!xEIY`_fTyK5}Acfy@0>xi46?T>d<0!0&bPYIpgx zyL{SR;((zS{yvEVyL{TP%Ky8_r}YjBUq|9^BX9N{=gWrJrk6jTafM%~t=m$3olSiC z3#1Fb?dHGk@?Lj&uO2^dA+-E$!m-=PZ{6j!?($l9>gl^tPj}ks3$)W+UMqGfy=7i& zU{Yv6N@&p5xp7*jZ__**w!wiQoApmelv41GR?FhS@zyVhW$thHUcr|I zd{bU&1xE8gF)<$&xB*Cb)V?Gl?O8XUZ>C_Qd2-Jo`4cCoUWJs`n@o&47P~A#*7fm?3ZCO(CyR zgtgXc)n`d}Q#2rP#BEVpD%(;b*L9{}4? zQ}nnnj1YlKO$Fcytu5R|q;!Y5J+cj})VgaSmJCsCRr(q~PlRcc_^mToeU}ukO~%boaLyUUj^}TojUlg0++B#s zujXKwG4$P)82Z3`nkD%S@@mY=;ZhvT;%lTjm~{g4ZOoEEc{gUk7vF#A{=zd7YfHD! zk@)AAUW|t0QypGF6Gq%xKrC3p&LCJLKVkFOQfJNq&|gVza8Xd-+udtziQ+`qNh}(- z-82EzcvYQ`7}kca*>SL=jh;6oUu` zAn9Hr$oL^8U)0KIWrT{L*ehT`xx~8yKJNG0r{R9+emGvjK+lufV8no1Ox9x}P&#nv zY?xhzvP9g1cbPaKgIHvVeymYP(R!Oy>n}&C?Yam<593-=Z}|(e(!z_GjebLaHH z%iMnEu)y4}QO!_G2>0Q?!qpA*2I4}Y8WM6ce%Z`}!UbXXA-}ge;p-DHx;kYP1z8vY zyQ=kP&M4ZD#)0>S8NYC|8C)p91sq6Yxkvh5hwg3c zHwo=HNxYil#OLVZKnKQed?KI41@w{$+RpjE?!@2XNMIk=q)sK^P~eb9^tl^!=DG`c z46CK;${B+$a>1=TyVHT)D!uyYz;3-K0T-Ou_Y@$olwN?QZe;=Jv^HGQAYZ(evQF9H zWJ4_4k>9m|UzdS*KH7M11btUgq*?N)-*<_1cHNcIXjclg8#!dOAdsPJYJ%%YR9o}V zTPLz7FydHoFCVzmAybNDCIzl9Fl2Rlb2NzxIMQ8=aIBp-RIa;3y_r88p6Ty-vdjpH zDBW^)kI@Pvf*@Q|AXpci)vweT?1je0d6>q$>bMwU>X$b}L4yJs)30xdzzv!HqWJsF zksj4nEq`8hr6#Xl;gPipD8#F}HRHS-@o0->b2|2#;cW4Mi`RM1E z{rc9hTu&S7xaV)s9IykxmqWCK-=|$hnAGpnBHekiotC)2aCZW(K6E!DkjmIHLt$+y zoe{uWgkX<)4-TyLGILpoj}rq_H)|ft-UbGVsh%z&5NDHJiujukOG!LS&XvSV?FFw9 zE(y}yv(H}YE76L5)mImF*n>wrhQK*<-e2+`Ay4{du;k^VKy(x0`KDXtYKxmu-$+Q} zJp_sGfBEN+y+Se9Is1W%{@5!o{lSdzV=sc9)Jk=)cU`(!Bk!sl%WD(#5dFK@Y}T9P z@i{V*e(e4G%fUZ>h}LFcMX5>7##?DltCP^+o<1eW6%8(_b|hWI*AbqCYyd%UZpw_qIkmJ5`wV zX_5`--yLT^Xb7)x^rFCt3zsewkV&`Nez%6Zw0LC_aFn*f$)K&ev>C@pG>|^n=ch0P zc+5%QgykvvbOR@{k@J}8=~VC4GF=Q8f)9~5O>U?mi_>V1en`u|D2%n@P-3|Z=W_Fd z!T!E^z%*7Kqda>+4ye||u_(4S*g+trc>5ugRK#)F#etZD#D7+zEmx&H*RK4l~D z#RJQM;b1k>XKlo`MJSP!L$q4PHc-bEsfq^y>Zq=fUYrRk( z!5RJV0bW!?QO9Rex>L@>2}>eKxA0Bxuhcn+RHUIKR>`4MYY=FYfrUYCaX8qo9HKtR z2*eG7S;eDsWynSyK-zI2N!}>xMM_b$m8IoQ375nx&WF+ppZU=u>}Rkk5wQghQktzK zh(U{_2)sCmwB$Z1V_8ieWr;A&>nDJa)n)$+78)XW#z}cdgjoIRkdttTGbFv6(~OFm z)gaoUIX!0o+p4+7b@&>OU) zJNF~KEQn|tj!%#FWTbIpVP;g(oBU%hM_!>Ol2+9fUrG{u_*_+|9pjO2ahaK$1@#fT zlSH@1KBLE|L;*~D@LHfERx>}!8ZROw4MK;{pqLF$i{Q7$($u?YBD9f;9Sub99QdHU zeuu|UL8ZQl#+>h^aRBJdn`M9NIdsFQcA6djc! zO=4@KBD&QbY1#1rTB&K1p1!}p&gH-hqKsYuR*AD}T^?FLzFHL(IB3N5YcG z5>TdoCDEi~hO$2{D`*FNB2uj8`);7v7M;XW#dvGJYh$<$ zh~a-kbSD;ipyTq9_7X>PZa5Z*P2XQAOKH2Xu$BdhVJ%6R5=vVN5luE?wS{aQHedKK zA@#!(`vb@nZB8w0qk~~E=e?*m=3^(@I<2 z9G8iBSjS~R7>!D@w^u1`%Y!Lug0T8B*j;HP$-CoRA%+c?3v^F_}9Pfug=t8vb=NR{66NqF)GQP=1qNRJQOMVmDqqL&6#{QkOWN#6?Y z=6jt?(<=PHeI(G!hwtDA7dr;t^$EK831;#GcQF`~G&7<<>i_`88lv;Q8G-Mm=c}M` zh@O9xX*WUT&(vof{r+@a{!nkCd3q?fA4Vmtf2GNaNtpHnchGQ7e9SJ|+>Rf!iVATzQM;zkLfBJYjk7izSSB5*g_Px%TjZi1? zgUFYoFOe^7{|o*HrHTBb#*K1n^EU~V(C2+R@2~xG2Wlw+l(5ubfz+R$Xs>iDtqDS*_)2B?GoScmx`LJJ#;eP zI+uxVoZuI5d8qGQzW$em`d<>d(dD3_E(P7&T?V?l4D|QC40O#)Km#uST+u}~x$JXq zjY~c^yWG>RAlN$?aEa$?4_|g^XV`l$-7o8O>V$!<3wJ4J*hXz~8K>Xa17m=a8fx5) zeRqvZHh=l$ntq+{hq^>_bsUV1Jm}I)zi<0rj=AT1DW;tV{V%}`b@`=>L9?~XE??=A z%Z)C#40);LI+s}nUt$?}dF5WfrIkU(*G~skze_3IX4+WRSaSMaLg|!kyUQnorp9O4 z24AxlVsH6vE|au&$K!ks_w{24Q@bSfzBDq_#a&@8iS$Hqs7)?~+|p%`Ugs5id^y~u zk0CF6e9586{&TBGyLjI|7;aKSUfQ_MWsU1x(zxd3j9a;sF@%&@{`@#PczG^=K6Kz` zPAlx=A+FpDHMy4JFSuOsH7`{(yA5*|qPVfGhQ376W9{oNeLwiS%vk6<4L80F(d

%Ql;To3@z64-hy>!qU`21v- z3~qW8ncwAt!IuiY>@GErO9VH%JaD;ALb{VE-^&7RE;0AZ0nIOZ0oDzn{c!9{&`)pi! zV)aF>$n4{zc*t3|6kBu;^QWxzE`5SB>`Ybkx^Vhj+ zSjD16uq@3{U-#g)mV|K`n$=Gd%3)|U;?jRHS!;lCSoynojOkKl;V01vBckC0 z@F|L&RTyO=@03_Fp2(5~5JQY0NQ;SO-9+Kij=wo1quy?hFo>|C$ybdxv|$(h9Gp8lbzy zjaQT(cIO}im%o-L6AhoCOyri6nv9B2yrqnj=&G4+4vmDb1M}Ot9RRVp;$0SR2qC(m z-1TXYu`z{$s<*VU_g`#X>OI?CZNE*m!8YP+*_y_5xZjGmMXkZ48K6qLRoQ|~KzSLV zj@RoMqh{sxjZ(Af?k4-7mW42G%}TF+ll{sT zi$E1A?1vmxy}qa5+d+)+33FGct9XEK8%{SD$Gz)tqYZS5_7QJ^O(GsI6iI9_>d429 zw)b~eCxg2ecaJ#Tp`~C7hV9{$84?G#dt1qCV+blp_?&YLI9o!J2Vw6?94+-r&NRnq zyf5(2exjAeHCFkB7@^*K75P$`g}{Y@E@@k>Zp%v;>-|MjeCg`xaqX*d;jmA4?Mus0 zN)1`=P@|UiD4N+RxF495v}k!X_UWwFYGcsp?~ z360awPeYA9E4IBp%&GDMXNjY7$6lMy+nD<>tqAGA=&k;G%4;Y}Y^%(cdg1m$ZBdZV{NUO*`?P;nRa;xy7*EwW+oXEP? zK_i9Kgpj<&D{!9e3@W-scR4q6>z`I2*FyS(=h4V7NThMs@Yl?!(QS!OkxBCc1+2ea z_}|i#5iBrqh$Dr`9qLHqj9Q->A8k!J9O$0df%N=FAiXo5lb!HlL*{2ZBm|tvjHuq9 zFUK9yA@n~fJP*{IS4Whp&xUb-9R)mVyUpxfpz6VFr&mlkwr~f`?uX*N1W*gNRuyK( zu`P~~(I~l@MQdC>XRJ-opYI7|eXm2-23OqUak+P^z3DPE2?W|zT$=&?ckipa@nrWI zVb-Rm25(bCU~Z13@WqC%(O-M0aokWM*$P&+=RE@5%@hu}q+L(=_(thD_WR#|>j}RKjE%*-3a<2{)-}+51erT@Vx?wNBiWH2g?Hb<&5_v zKM9rk_TMSXefCh0BlotGqb?VAPJh_|lo=}_2xTh(E0{75rgnt41d}CypSy20= zDlW%?_XPw2DtE7munpQ?TfcShxY!m)&))L`?ul1a#3elYMZduqF0Le1USy*MYHsgNf`U(+CIg<$VdYR4AGPF=gY2igjLQ4c(70ZMd$6HAA!Izrf^X$D6 z(f_UD$v6J8v|#zr(l>ax+NsELLTm$V8@|Zum|3pfy*IDjy`S1P4-PfN7>o$9iclkd zh?MKS+4r3Df^cZDh07z3TYTY(<^EEAXduDre&~J;sYQ88y1iDJp{H5zWzHC4(z=&= z*)cQ2w??*4B%}Ld1qbOfL_S$kUFzAX3sTSM(Jl7v#3n4@c+KG5J zu_3wgmkec!xz7T!3{1$$k51Me^zz`mjwyv8%G~D%idC zao@1k642^Z<4f;&pz`3*eBIpgc2(C!$DtfvxnD2_YkJYvBJS@^v+_cKs14DC5Nftg zHo&R2;@onT4fdQj`@DP92zEWSqWy*Pg?nS{j%&KxWtD+G?M{{W^#vU^4mZ(^EgYK zZj^CO`)39-ogAlEO#XDx{q$g_ODx95E6^kmXpgJ~W)iMmp4ITCC?+{50kYZe$(ax2 zB!<^RDFdvFq}%H^19I%=Uyy@KFf;>aOD$0@a>@dyput2hj7s?QEMCE9O)V%zXLJJN zsQ6GD#d6ez$jz5i9{nLwO>ThCulR#n@2CqrB}cFXmDn}`nb3HUp|};5J|mEYwZ&$v zg$pH)Q#)Mf{oz7MPmMD9#<-As=-yl4LVjcLVqD0F_*>yZAvG4A><$;Ql-uD#J6vd` zULcQJ>%0ms6jrEgiVKC%i{BR@C&v8NefTA&iu%M7aFdT9+2|OYu z649_D826IVe{6`BCBDhdk|dLg0A*+_D|DmPY5kq*A^ojC`Xw<+WbFtvj-J|P1J*;M zvL`z<>iwZn$DZo!@f)L2F1r-WcNV(O=Z?x)A4QZBVOU4tfpK*MA$TnhM_LX1tBgQmPa7&RF%(E-khi)vHW#GmwN zCd*rv1I%D%N2uVv9+Gq4Tfo`#j+c66#8o)GPIx^OX_vIQOWF*VwCRzfsYjx9WS%5r zQvT&g!_4f>H^|+Lz@0;=Chi43_2ph><{k47#if9xxIXU5(j5H(@1Uppdwxo@ELvcs zj*}_$LPJi%H`Jky3PvycNG-6Ww60ZGQPI?GS{WyX%l_Xs?zlASpz&Uo|IN{7*d0JU z#lpKUb1ZNeBcM)B&|Wm*6;EJUHZ~V&xw#1Zn4?TN&SMB0%lrt11#|?b#}YZdjI@+I z^J*am(`*POaw^_OV|u>6@=E~g2F%W%yL zVKM5H0F3%%hf(v}z^K6rZ|GMqHZj=si9u>7)9DpYemdxWdXW0WrS_(a&?FFOj;sYz z17lOhrJ@8Tcyo-}H~^5K$VOvc4@wR&F_Lbt-wYC>EdUIGX3%Qqry7aOfR5i7ycp2& zA^ui?PDoutC%Xf5Eai59&JNI7sTatj);g~O=!6w2n*utaG}`xt=lBfSyT)@i?$?LK zbJ78LPI`yu@Y}$1YTUelW~k3KxgoMXc7caZ#?vdNe>&)XdQ2znQhU>dXc7ptNY=u1 z5OY&3=5Dn8E!mqI$kGG}^#L>C1)h;9v)OJmw+{7?7DYKxmIMLwx$OissJ6N!fd*wl zKvWEIx0 zC5a@SDQ)g0rGb_#Tz$8t51I7PXKdfmIe%N9(a9Z{0c|)+&x^W^(z5)4b=WI9_aPdH z0_YZj5ooB3KlTs>2to}GIg5lTYetxnwrx8CGEAJKe^8$-Xm2%`(8=cz*|>bhpxJN@ z_Vb8+6r^EY6c)y|jGy_%-g%HwN3gP6nu4?z{Wc7PLO_J0UnHY~R=uqAf!m6TxbeRu z8q;JtUE;vEE7FiBg2qMC*d~_xlVXO_ej>#lcnBj5HEY(Ka(oG&E^tEP)4%x|L7Nq5 z3~O+>(G4`{E+QTieUOkG2Ylw6zztLe?KjjugsxJSDMEjv7NF5E3A%<8TL+LPfcbs= z9@>J2(WQOX^5q69sxLTHdUXx{=H3H~F8~=YBECIT!AEH73PF#9jhv_j_(%h+6fmYP zp!29Y;)th!m7u<)qW{Sgd>VoPbAhXE6R+R73-E7KRe0wv2!_hjo@hh*jok${hxl8$3qqQ)I@z7Oz*27KF4(yXR_X=vsI^Z2HQWVZh03Pxf|r0L@5_te zGm`Jxi?DIOKCBnvG{B2+y7MCN+wdX~v-G;rYUtDanLP+jrqe5){&dj&^d5v$m)e^y zLX$wCk+PNtL5IX7nMeQ6U>3&vA!2pP;B|L5z>C}l<;FeWhtxM}-$<+m`*mMWJ^h0q z%?Cfk@BjJ3) ziQ`x$hI)5j)3aQoeP#Az?bDS-jUo)NI7ta2&vZ5ftuK()`0ffNOx zYQ$)Y%Fj4TKukeN13Ljyk?LtGVjmb6N>^X^enI)~tm@XAeyy+FX7~ zO!e<^s%!jo2a~=-nDo@soH~7DnAAm4qTU83^&5j1!=ygM-wGxTsjKT`cQC1?+zuw) z!K5qo0(sP0=T%_RutH^1m~?H6@O@#UKEwB}vC)nD^(3+*Xq2o4i{gg!2HF73jrPCVYa*f|`o{fiD&7w` z4C2{wQJ(#S7u5(qy=MrZ^9MyB(g;CI?#J8$r+NQj1Y$?@)}W97VLXBsaTh74bY z1ISjDjHp($BE*F?Ji{bv9C)EyCl-1UN*ysO1?PPM_KUVc;CNwSVzm@Ak&ti(9>HlP z0PsrkkP-Q3EZ}xn?#ge6<^I-KZpPF6%e*m`>!RIJZ-eFfjlqktTp!|Zh2@4cFm$pz zEZ0(Qhvn|D+?9HPJZi1;Dp+nr&rAWbkP0upl;Ts_NJ@RBoJtwtOe>~9kya7wNewE z(ansHSAcafn5YuK4>HPAtZ@Ve5;yvD{32<-Kny;S#Cx+*00uA9)jjgndz?DwIC0 zwo(592Y%D(C#8_T$-clOT;Jtu)fIgaE^nm zP>f1O202H+!3t^)KqiD8gIRh>w@o7G|4+pljawK!G=@384 zH`^kx@h!Z$oiS-pE4kReAI-kg^uqQMb`dR?6RrYSIMdr0Xbr} zNg{|cb`YSCv1Sl4ZqE_LP4FSl3VOyXj{D{)W;#V%Hw-)WRsee-vI_Z#OZRcu@;(d# zY9}IYWjpJLLpup)FRR@ zsK)3%A|QPLW8;1YAgONU8tBiTgc0oG)I5m@zeDXeAD}9@JJ#uOnZO7h(-!I=8bC5^ zItTfA+T2`fo^B}LtNQeJBpVeTgz&!oM!q*U@r|At!+wwW;hqg&8vT#8o!;ZW2dvDd zbGzrK%C`yHhVS7(P?xz&#F1T3b?DVnp0f#6KzJH#3x(*N7gkw1W zV*nbRbbI|Pe2SLyZOmiw8AXx$JXVeHrf=%3^)}8xzcF~R zGth_lTR8(m0#iEKoiorhakTdhafj(`U~1-Pkm-r;0ovIHEj%sDSvurU?T2Pebc3A5(qR; z*7pXIBW}%5Vod>NCX7!3=ervUn>qwn5)nL*H<<$iUG2#Hy+TnVMxnkaiWHkG1CEX1 zU~2A*UwXnf>WiM8@a5AaCs+^v{y-E$_lE~!&Bfh}NW|Y55p+`xsJDRx{fFVjpr9}Lw}J&j zE2%o+9WZDqw*v-uz~D-~KpwT$c@ct!W0x{6fU51&ohd|h8q_R*`8L2_%d-v3VnNNo z0Gh}e6s>>yHpEfSvn7^tK~3q1ik+zaf&aKT>v|83wPa9}&_=@{aZm0$2eS4DzD-)G z>)9k*$)G0b>~$tf+ElSHuKpkl`!4GSF)=9_)TF$?F)|cyk)#Jqdi9}i(_CqIHgBbL zP!pTnM4E9`ZqnmqaK+<}kqLEs5iqeHw0tJmrAAPbX%@3+TQcc8p7=I$wYF#L>_vl` zRpAvC7bM-m^R)8Jw`pz^JR9dM9Hx2Dn-T`t&DL2T1vbu6-?wd+vO!J5%bb)oMT!1r zupn91^A{teTu@WYQMFHBh_MMFJC?!xPSWxQN1u2ed13yx`u|EH;qIf7(xLxYwA_LdtkI(t{3ZLQuLH}nl>&9 z@)sA_+0uK{;PbGMeCjT(veouZd`+{i)ikqAp}ko)s|tSGb>-U!(%DUF)of0rkK$>6 zzy0^`fwSS}1F)IS-(3g9!KE9z@B5@Jh)%=D&e98`{==b%Uhge~s(|6lDIV5?URdJ` z+<=D@xNt{3Xi_W48QmyTmz*nTZ&a|GA8^o_UJ0L(MpD40yblFck|0tKYU?L=kc7nG zZ=(@K{YD0i>N${lNtNl9MV5Qob9dI7<@%uOw7Dm+^6)(~euW{90ZBT%0##XazsDDT zF8)K$$1V?DVfY@?A0x%OMXXa#K2pg0jx4M$k(R@2)USl=2kKgovFhH(Tk54v#pdBlAE5Eb2e_2{YtkQ*rnY$a_wwBK&o(-kirT z&xR6>ezjI-RO}4Vzv}R3VU(w<@c$DzE+pZ}Z7Em1E?#%!S|t{XWgCxbsrty~AL1H! z_EbAL(X#T>VdJSdRbnTHvEymBA(S6$`O1@)W8`c*iJmpng9dv#V-AnCV<9seO;weh zX*It4TyK<9hlkTdosTEEX=avv?xtg{{4BdTPHJ*7HOq@}tv5K0-JSMtA4bs1WJf4o zT{lx=Eybe*c7AX% zNwjY(saSH#)RlCdzMX1_En;a-OCDavA2KziewgV=4M97-k|N^^RBm+jA{)#rI5 z$4G|{HA$;pR>ze@;(BtNnvdqkC#ShQo2(W4r|Pki?A5Q%tK-<^^MoH?_AkV7MLkvf znSAPU(Ku%dgR{r_GvAnV)nxW!l;B#WMeMHqL}zk^!;Uf<^gBYCi_xj)o={y>YAJqv zesaSfrV4kB!+w@eJY@&5#w^C3$9nzz4&`pY^n9tz9_ml&ag*((#u|OfX1d3VW;uB>rj=tU$CVrOAagcX zt_J;mJbI6qvqr+k5p?NEwjB?Wam|rYnSKZub zkW+H0*yXHxbM^Redo`J#k2Ezah(qzN8Y%p@dHZZtGzUWmy|?y$|5nMFdWP4Zbe_DHv< zb@^`mbTL;C=ecpN+gXez^ZY|0bD~xXC#j3e#9jB1uFtM()!aq1eqFz&3y0mr%}L?v zqSRbe&l{IFlltPM_Sjxzn#0G`&2_&Z(yeQ@vbdoi(<qG9Revg7MiVp#279-fRYrloxDY1AFW5{F`1xvbq5Wl^gRQqtXNOQd6Wa)v2Lx#KHo zI&a*aAD+wk>*4KfEJNRNxqhO0GtbNFVVS#?7I!CUy762*I~KZ^!{Tu~v4{ys#5~aX z+gLo)sSc&9^W)3J>ACVC*RLym`YICxzBv~j=zc?N<{mQ_r$XtfmMO3giP5xuSY+wM zL+pG~sL_p7|0bR-(}%aQyXsB9c~id3RQhN0&g59Sp^I$2DbF9ci%EMteps-_&+Kjb zLW{NY7yN0rmMABnK-(D&7C@&m7sl$`x5~z-tOir!|G*2qOYoA zAu;63^i@H+tR|F2Ctu*z>7sNaWk%)PD3KFSa@SfEKyeA3~|mq}I0jjR323kZrR4Ex{;G5Nd>5CRW3f=FKhLyylfI^_`NrKDBh!*_TfNQEoWV;%g}`zrAaHZT6|FNTnXh0-Rq^xH#B`#zmAT*g#@t z!^)u48+RV&?1X(B(MnS}LE2reL$@w3F6B-=MbpV#yg88Po$|207$(cNo%nJ8sx$07 zA7;69zEEoAE-JOk1KN)+hOw)PmL4mG#^XqsO)K?Q?xt~iTsXbUsC2zF9LJ7tawW9% zny0zMMV`JmKI}@(*45+5VWZHEcZZFIa5^vL<*RD(t~j43&ZOMo;PLMGS()VHh04Qu zb~3+gOs-Q}gF6>8{pQ*HJjvY6p5xgjfAvtVwYo`0sLi-hlTJP)#?=Aper0j?j6T!7 zYD?$RbCT2Og;?Y|k4pdMSmWvH)y3gSB|dtHpJgtjSmLVvaC%ZoOoU8ZsxsBofUEV! z*~InTUGBMin4F!_)AHrX-AtO-g~^>*T#T}eEZxlFf_O4#g)ZBzbuUwst6coF6F++{ zj}omC-56fh`P-B1oS)`KbR%Br*ORxsB>yy|Z-nQfP)^R0*=MnGk-R-AcL%lW!}BNl zS?OnhgVPL5|6 z{kwXz(tRpsiv>|?$?9#ssEQdOpExYakL?*fzPKE;n7dA@an)>&rgW=wnvuJ7v3+yM z4?C%Lt;*7+$`fC^oblxXclFSSSI1Kt4N9icDkKw?Y^^_}%M-N!%j#uJI-lLmub-}H zZRO2u9}x45}3O6hb_eJ(T8v5+cVKQdP(pJP~?b=b-_g?aBVmq#1vd@?UxJ>4)Dr;oxzx)f`s z9+Sy}@|eD&IkaI(&$9Bsl`;=^Kr3@|C661~eD<+Ee^%tAbS@NH&)NK7bj+R>Ir;M8 zc-Ew=!i;W-NP^yEZ;Q>^^r4ci*ZHU8NAW2uUfnz~u|f0tN=$Z!Otn(KJFd4Dt&6L} zGv-m``5RTZoSxqx*_SQJhs~~VIvHx>9nbKJIxU=~YZEaw=c`ZG4}5A`I;)+vFK@?c za#qkT#k=~v_P8jsN`<~oR_Pd%RtIO9;<->t-b@BLVJ4py)A0n`EjLs1`OW;W zwn!DKn%2?Um&IN|iZz5sPVDoyWi?SAc1{=7VUJ19?((cyO(HF;*=|X6flpUP=kaD` zh`96dE>VB(WjUq9H5awvu@D!O1T)~rCrBM0J=6r@E?qd}ujtZ4Z8lR*%JCbqcpC2% zrqUwYY~9vs^`}B=^zb~suGZ6!z1x|#NSEnp{Wg0$NEW-L`q^DMhO~siUHi0iI-N9% zmvO0`n5gr|#37%2$`86d_Tfov-%j${MW%Eqq;CqXv*d-U+@2lI9y00ix!8;4TGMNZ z89iJS7fE3tl^$cIDU)jC?qb8ole^PIpK0CZOZ<~uoJ?izghe()Rc!U1%S|a>Nu4Gd zU7=GLwo`|v{AKEKnitL{{IE3a9u~)ZYmk~YE-PjEtQ&t!vDdxJDF? zygN^3r}X&h@R8M$`S#TVml-_ECn-g{>&H%7gXU>jIaMdA`EmPto;e#o$<=vW8MSZ9 z^c|C4Op&5h$=y`$j_2yM%fy-&74B|G_vL4`Hz++%p45vAI`%BnO*JvgXOdICah$%* z2z0agn7%t*G-79!(Nk+Eqg6(;4~_I4o#dI)bZ|Rnl8I&|c|K1_4K{rnA8VPMHdF@F z`E^{%jh@GB=HUXVcIhFXzEkf`uTDG7WN}{a9M7&RY;BUMb;`Ny88>}QbLZt;DI?M4 zn!*=)ol&ckyQn^vDz&?jBu(0>K9Y@MFFzMcmuJ0h`LXoO{eSkZy*Y7R$$u3WwN-OZ zapsT&NXY)R2EzLdAtC49I%RBQ%)>T*@Vd2C`yKWh?k8DGeqbE1TZVzm9J;1zW)gL) z`zNVemekVY{JykW427xCFxFDO+MgTCl-g~VWro%7<@~0>K0HXPm*pbI3$5gHy7SV0 z>($x#s-v_!%NI?_=I-Q2x^mZC74_-eN^0dMljo;yXIWiyAKm8}$Ciw7SD|yJa~)L8 zxU@~rpSGzFndw!#w6dAXNxqvjaboA$MIy7RkGtiq@+|aJu{wBXWpnN!NpDkg`bM`a ztB>@P`Tdrw2-;GbY-{wUqS0Hfu%Pq8b4ivn6Z0!?oNky#RPxJgrvILK*HTY{mNFzM zo@+k}%jGbi&OJ5hbiT~gi-T-0)#T~$Ccb&t@_$5=hu9#r?2^m_}sX!unjS_%$IXd>$gp- zU+*v8W-BS)=QqZx6n|CZ=9|%=>jGUZ$#tp%!h}o5LU+&U{M<(;gRLu`OVOB7NdcT!! z*BP$x%o_BIktpT(MzWJ+xI20{;uGo%(_*Wor@_3MTp8O3(=UsUe4KvUj)s*AE9Png zR<0M;T94_Bx62jXnZ*0~3^Q)mgzcs`D!sJRV&#!G)``W(Vtg-eMnXPy_sYEpO5wdF zR*K1HdD>lW8-;A+RZEE4^INY%ck>^UME8Yd(ruM4rKO}MEQNeEo0-3N?l;OC-Fhx| zSZT>W6t>A$Iy;+{<6Nqop1hSZoy^#HYS#1ZX+aS(?XoeNPE&QJGiYwINl6~iMoY|d z3G-9zF8*SUjp^y9y0V92TN>Ogn=PfW%ogT_N^2Sa zU`Jb#(+c;SVtdWL*Ju-D!O*$a`dnldZK+$4#gFtrDa#MSESpS5L;{x-%{$YWc@X^PMvmYolFN^IGMtG-Bdvk&!3d^Lt5W5|z8hq&fQ> z6w@uPSL;tUnbKe~C~S0v-mITmYc6+}UFzv-Pn;_K>_a{GUY|Wqirvygd=Ty*H$rvQ ze}0_M&vJ27i`OeA;`ej9)a{o`>_c_q>SrT5P8baV|eqk_}bJmFlB-YrWF7#&D6y$0vmim&rYd?f1lL($1vR&2}Ys zW|?6{ST*RUCp9hK6-UG7rarsNWY?XCxqFi3 z>hwd%BuWOoY|HD%L8I2nb~CMIHJu%GH-kyz{cY77Y)pek*|$|^yVlKlP`vW~Z;dZL8==^NPCkoYfA)e{e-P!Yooz|W*)4rT%rwely^qP9e zw6k1c9Zx;Wcdv_aD)+3iWH&k&5MHvb|87ZCZNoEfb|mXTnT3?P9yW`j{v= zrZZ;~{9{A>c$}q$Iy);QxAO8`9o)ao$At#d*G9}Rwah#&7KvF==T|S%u%2CQ`;+%V zk9}w_b8@r&G~&emHbFC`-m+gT=F7tzT5F`uui4(TYqaON+`-jNZN&%zfBc;I?)R~W zKMv+8pe0giBnRy}i24k#!RDgbrO$`Vyf17TvR zksG5+NH2>EMuD{|#;`;~WZ!^rUJxoM)fC?VbWuchwZhn440ep+d|>;n)5w?Y6E(A5 z3cCu*u&R&lJiIo9bAn(|?4xMc7%p#PUZOsY8Rf{CyCX7PaQv2pbHe~q<&ii$dWhsx zdD1x!W+I*EAc~F9gQv$*O^#8dhC_648c=XmfXi_kY^Ohr7t&ma@G!Y9E=U7PiinG= zK8zI%i<3xvB}}a9;WAu2EJhd~7>pT7C`5E#Fs!@ypkEG%JpBV077>B*n9D=c%eBU` zbe&;S$MsW^fezO@*=Z;?5QuaU@)`rQjWH+hodo+UbP>Bo0+us(4=f8V0E#~%C+XpO#^Df8HvL1i z3t$p_`iJNO1IO*xFaaQqVA}XK@dm(f{!m3i3IzT-;Fm$Rc~j4jMSGbwhw@~PZa&!Z ztXm%OJ(DH}^%^p5@*_&)#2Yl*;?Sc#BVK36)^|C_>*m}$Z~-f}{yx{fFGWo>=Uk$W zl@RCX5+OzkbY=TDD*PFQbJ)&>ljUUXt%MD_m}t)y4&U*)SJacng0fh`ijz4Je>=2h zJfrcHbxQ%pU*xENyyA;wcGnl~&5n=k$$9F)&Ex4HHbxP<^{1=-96H|LV~TOx&B6?% z(fYQV6oiDyq1~*#jjS)WiAD0cPdu-|Or&!gL+aKh)4twL&Gol^O;qs4FWCy$-(lky^_Q=> z^(%?&^s2y6NQ20*xaz}L!LaOKopB{(Y$YOt<23@t4aVnoVqiz;E+JXsUakv?`~FUJ zaJ+WFxWN$F(+KNAohu<^>p;DBY6OyY6Y!l0FlGX9_z|zFJXbTP_68$d(dEo+4XD*v zWXF`N8G%?2V1Bb;GQhZ@@2Vcb_Y0!4!G$V5^)!lW0E`t3jI0WbByODx+Aa?c?n~$< zI8zF>rwv@Bi_#uHj2(=WQ_1BavTBBLgU#VYwB2^iMt3x@9mtqZXyyPJ@-tZy$fSFw zF}6`KRybI^!l*jB9{wtD<=yJNZp6jyM9g-!!I;6Qv9hM;@J8fSQ1fnx56x&bJ#>TX zaq{d-?CgLsgAqa*g7Svv8~DWH&yAAL7MK7qQrA9OYVC5#5_)sbK43~9?36>Lz*@{X zl!&(HuMCl`g##6VG|yzvV+f2L43cRh&+GQXlUG5>c?a{v`QW}GFn%yftaSwE^5Epm ziXCLa4j}E5$6F)iVQgSP@H?_sK?Dz~F0LLfV{Z@j>|l8giJ+PqzGJ^ z3yfm}j1vrv{hsc1;jxvV5H|J`&!R@n%&9SvXwUR#XB3S42X0v15+On;l6r_fA$?1P zKy*ul*pXkWTOtG|r$z#nGk1>{^zZ-=JaFdF&co~Qg+)Zr=0kMLqc}=%7!L%&TOI|$ zFN19J<~>*k$wI$8qGv0Bb2b8>yxSA$|GeB!!?4cSY4|hqo96Co$@s*s({lDxy=btp z`ge8CjaO8He#7rFV?1r833C((BFvyR` z6ze{?fOfv6XdGea*to!o6ZcV@$%m9%X*e?^HpHykyhuKM&titB+Hm%-9)P;mI17(J z;8dMsj408zt=qe8+qP}n)^6LjZQHhOW4CSFcK7RZ?z?$;$x3CVeyr4=O4T>!m~-&Y z!+7C3$sNy$7vzf@bOJ=^MPhnTZ#vkVuC`2Egi!9Gg&vm?-&_7f9lhPK=lcJcM$Hc_ z*A|E^Y5}}!f#3^u1m|giL*{FNa|(ew=q2$Q!b5r%d&pVXp*!FJ4ugo{bFNUm=-K3- zpn6o{iNW%i4DCMk;!EANz8)~bkK#o&JQOkXujviYS~7WSjy|j4(jH26*w+bNyTQa< z#@#_8jmSDWqLe3>#mekdJvbV_2x)A6d6G&l@BvXh3KLb4J70oc@ziAE?VylhA@gm= z{-FdAQ8~zt3Z(ZGHl2}%aob#_y%1o%P+J(`S&nERY7CBLZkY_)PPoUS#xV1x zSDqrjkvB3={8c3Y&jzR*QS(r0M&ZixB7&VWi(ahRrl2t(${Q`4$x$F2j?nTSI?E&W zb^gU2xm4>$74x&>v}Ekhy_lT)KX*t;CCHpdyU!>%F6Yn08P7a|BzCv$2w>R=1u1n3}@4DId%Gki!dGn(ezv^YQ)sK5$@rCCP|KCk@NT#JNy4?*w@fsi}#~g zrX)VGexeDde0JZ;_hp2o^J4(zwtHM(+q(`gywnBtPASO|51{p4qK2?1i$yEATTSv# z?0IyH~q=aR;um^NAix?GRSe^zr^Cw+~^SO}$(z5$|{^pKZ`A!VX&V`Uo)j zl)tgZs4V_`&HN}bkFEjU2lY*+2@?ApU3=lT+Kq@?o`;pZ^1PuM)S^QG5Im#)jYa-R zKzP2TBlOtRl*TY$r)6fI!hXU)jaW;tIMHSfs6fyDLVK(-CSZw_}$f$-k+16Q6rQy0=k z0#+roAfR_} zwHHp;-zDHIjCbSn75%J;m?62k^n=9jlMr}OOVGRYP)&1q4lafnfRgHFcfazx52Y2< z0ufoTMV;f2kjJU-o#pTVQgb0`l^8kx)O~h>_qe?HE9##%LkZlE>pNtuz04W1>Zi*!&`EFr~nq=fX|+#4zrnNsEW$9nVyp)o_IrP z%tluRkf$mW^|8M6<^X4^idfY<9b*_3;baj!h9~3BU9d?ej3D+ggfJdq)&Xr2F8La9gf*2FCzneIZDnQU}YW4>`a zX*AqFPwl8z(PDXrfrY6Gc9T1&#{ISZCG22Na9k(cSL>%uM_&)DHcQ^8;n)zTQ$Lwq;JA4IVkhI&lma_|ikE8M5apsOg?& zu#eHC_UzP-%_kV$96a4W_`^j+7lYrASG;pB6f;C1eLCv>us{Zat7xU;5Qn`2<32zB zs;CaE|F%i0kT!HD#sE>s%3P$4{1e2lR0P$(;5GfcrCPZDw9$_6`#DHA?S z&{*m25yJS*cc-f*yuUCSUac9r>uClkEr{Z8}s@J%zHpAr^tg(_(}In{+;D;7U|Bm z5K#o)Q2oJtBYT%R#b)ORq5T;{rAnkm+pF2RKGpWnui-dAXXME$0QLf%1c&pTXNM`e)?L|jS%;y@)tqY5SKW|kUW*Qj#*d%xW|x}Oa74j z3QKS8Kxa#75>6$!7G?njXq)k8z|*lcjm01d*OpNY5DlYtl8fXD2Bu)9u%r)(2rK~e zJ6VID*DWJ#)@)Ay?w{AB(hcg!HCT9tYy5akoGO!S$`EJ1WEl|ODQqG5`u?K2fEfwv ziFz$x%*MjKRHTh$UJp6}xcd-G5(Y5nOClF)8COjFF;VKgnj$Bp^k@RSl4U!_pf$rh za4}n-9c`er37jV{Q1{u4#%Z+=6*{!u4XpUSsH@;465e+BR*t>-&UarI&wp53Fm@^UM{Tg7}k9VdC|;Y*f&LF>&AYZ|lIK=gVZ?9~|#J-e0gB0|!=` z^tpna-Tl`+o`ciqO1Mvdl7%Q{EG+`jh&Q;4zu>T97OLE`@o1KvVO4fHR|~9GT*J+D z%g)D*pOrJ4bq>A6GB^>%_Jde-Gi8Xa+WlvD{xV}?GycwT3=-_4piq_lyq)JZOmRBn zzDM-66lB6IB!JY$&blnCs(>5?psq5V=Ck+sTHoO44S}?=vJ$>g;ho*(tE0y3CtZBi z`LkY63`Fht>!yb)x;^IrQT9Xhm^a<|Unnnbz08Oos! zUj{;5^e4G^k5Jp@zo8x8v7Y6|N!1Uxm(y4C%Dc<8>t09|L%imxmpNq`6{BY>78evn ziPg4qEiuUQ$#q5Qgl0#1jLrB#ttqr|bJ}!>1fMY@nIeOqMy|)56mcNkW4LB&MDD4c zliU5~orfb~l_#DW!U+#i0>YKQ4jq9fX+_`HEG~@;jbXwk&O55`rz~{h0JokJNhv6% zGTKA&Y!|6djCysmYx@2jD5`k6k#iWO4E>Cerz};u+J6#b=uw|Cy5FyR6l*1(FhEJM zolN&%{zj~)$CpJH@WP2Id?aNYHsB6L8c}(C55aXG3Z)&Lu9N*h^@DeO&7D{txnzB} z8*@nt+bTYXmPv3;tA@*toa8WK^v&6)F}If|tyE~aBO!oye{)6!eowitiUEJk=z9Qr zhSZ+=E1v|&1UQQE=E?j~>Mza$?%J4$BhjD{;x%-y*ZyF$5Bp85y_GS%3;|J5_rkp1 zXrEv8%+)ZT(oiNsapaz#u1`taSRb!V@RD{C z18&><4&};tb2+He%!bYcCAnbtnVw>CO0n(AlXv2$#{(&s0B$>1@>EzaGE_IB3BOCMvJ?srq(W)e;zswY(E>LYsqCk%ss(H zh?0>_e1zsw9`7P>)^GPqIAcuu1+6dL#Od=h;=Xl8Qb<7+!bKVbVhH%RLP3?J(8BIp zyVJPCN=!k8^`9V^*y zH*3c7RErH4ITrb|^jF%qQo(@+{E;<8jdlT^6znCnLS`ywWMCJ;?qJP~MFqi?^H<~# zQY~~^xIx_Fo%s#kB5Dz=c2F+si&?u#8(jsnz2j1u(KipkJaHwoYQqu|R=s<5U5>un zuYb|Xizmm6vFHOkBTHz`T-b7=Kd-YhoiK!VE^PFM+{7w91zbyhxOsa^mI7$lU2_F@81C0#UJ?<$i_iS{06QH39IZtAMRU;^K3J7p49R$lA1?N~> zgBrnV!UMyw384Vu)wVod(0tc+3$v{nvhl)Lt4 zRzr_g4#=&N@!sG6AYh$M$^=CKZS%AiNaaQwB)ZR0CKi_@uV<29zuWwj;Qkpu`Je^f ziT>)5Ycj3n3M;gC^*De+(3JEHBnQ)HzvO4!(87e=23kkpll*O zaABAiN)_{<&q5cD%hu?<`8XacT31rIP0G!$q-3g#iQeoBV1>d!J$!J+j4dbBA+-jo z)h?hIWBm7_3(m^%$MWtXhB2{oJQC z`Z2!o30Fr~32(vP#XM)FtCgnm7>yx+>K)K!d^#TNR~LYRl2a7lVi_nH_5_4f1_F<40Alycx& zOX*TtTm$}U)ihhj2;OD@%2Zns%Q(7g9R~EHS4|9G^?N5E&-Erl2y{PXWW$(x+FVGc zEJ;O-$i$}*Y876~aB7e$D3G^nXk`Kei9_nS308boBdUo#3Y3%Ev^T8=h`&a3L|saE zfAAz6y|ol#gWDYl?IYU5qr$>Wl+0quouFjH{Dt;3lqWTsB3T0|k7HR(aHlPpRO3#y zWfLjn!6O4SPK<-v>K(g8S{U@r#%vt>;?Y!~${b#VCY=}gDWIxApB*YvkUCijM>RL8 zg&e&GQ6nTH@yZYRX*@asOvm$~2rsw#GE&29CSdRGHZr(ZDRn7INCz8IBzf0M!ZogH zHi)niBABvcEo5P*!gmxc8Ikm!kJSF@9{+sbVT+iHiyLy0QB=9kD8$I)bS*NN4phT~ z0bifNV<$fLz>wK>pp|oWX7H*$W=X~tr#B;3R;3EB*A-pA)oUb_eyRHf{mU9(CZZZy z^qzMeNcefxY2LNfTNTr1V`x=pAsUWgYxdFzkkS>BM_cq@quMXSq1|9u`nbSzeVw#E6;$9G*n3mtq2;fELB-@&bS{> zN(De)X@@;s!vj!ms^o^Va(~ta8iTueKIt{PLw}Jy-o1<}JSHevar$=fcdzle*5cP4 z2;$qH%7CUk!`D$4I~eSP0?@;rXARe~|Ci;`cre-uIO{JLi#bCf^<*&-(7^md`9e5@ z4|<8#zSvcuPZOog;+kxA&~!UU#cHpyJ{dJxU@73e*lFtk^6crX2aRoxzDQL?4uy&qi1B0!$%Z-Y zc7LHZ1ad{YJxQFeiFb!_y^ZiA8Z)1l{nS`FS4E_#RX*1DLgT- z@L1phO^lS26g~qkS*Wc9ve03iGpK7#B0rK>$+Cs~uG2drL-kJ6(*_l}9-sgU3-OxLT0yM(oTCXj8?)IAv zHYeNM))VUq{Y>wZSlui0?mowM@NXdaJofY$J+X|(dChf*bHny>>6|H_mEfYW`rk}< zI-Tv<+8D~k04Rs6!O5*H!_QK5g)vjoE{8a|X-{Ejq%;=a9GuuR~ zPRhNiP*=j_SKSzghjp-De*6Q`uZ~{FG$h~)o#a&}r_To-!@@*l2wv_1pg(|{rFL-0 zWIYmwq8Jv@8}6w_Q=FrSpsfx299IuA;g*;*JAoR^qmv6GUyH9)hV77SDND_aIrLoS z4l#a0!`OafaKL;ZL61Xoug7fmHH{U!x%7=Qf!a5jSIf?ueLVnw{#6!$UNZ$tY<0`5fR75CYa^gST#Qe(*r z2Pm-#{zxT;kWDXsU546qC14?7Fc9$H1}Z#)lNIq}ip1G&CfisyfR3GT#7g|Vee@K=hQ6Qch>0#pVvt&GgVN)Q+owx7$Jv zE5}lwsyvcWQt)bjk2ENhoGY2KR{186aWKVO@T)1FUL?Dxg#cS#sd-i6npEb7>5lEm zoW;q`{h~(?nHEU`**&v6mo-h14)B4WLOeNHTXg?24p=Z@IAxcpDV@fJQ z^=>)46Xiz5)!?2!PL3IY%`7rlJ8__<1n5%(+)|p!28eZ<*<1zAKXI`aO4p3Q zU%KAZkJxL{HUJ?*Vzlmwc56hnE;g9*tK*YQI$3lWuCiVQRRhcfqm)6a)X$=Jsk4uN zD~Nrnnj38+PB)3;eV~;>K`V)nS~xfAFf^SXwGpRdPnZ5MQMI1=WL$rj37*b{`9m|B zvJIlLqIugve^?S@9Z;baB-p0RCCP zEW$+$&vA0Hj)uCdx?}1AVY%TNRBNJUtG$6onIa`VmZ zz%S)YgvfxL98yLCsYx6YH`tQS+%5zwm5NQ@Y46fM<3N%!tOB^63vhM8?YMNO=SqFg zC&ZnD^II7(?dWn0<~KGJRd3G1eHV1hTp{YN+hIH9bb`c z-j$)6DN?KnjE`&eq*9*$Tk?De^WpSNUmlUd*=SxA@I|9WrnIXm6S!YapX)KA zyoiV`ike7#8toMZENfzn?RNr~N*hZ(Qzvr#cx}()`L^`EtGvJSZr7BarWRvIrwZtI z$0cqJrEL_$igtWYhQdd(C=X`bxX%S=Fg}@M;H4c4mqSfD8Wh z*?7NKCd`)Jg{%@Ts%F;XKj)L7#3mtjxUfckiuBbV>%E%n=QuAYu4BtLM+E}{ZU!^2 z?7Lwf5!-QcwvkMZKFkJJcUasGm47uqiiyYGxwl2dXA&JdEM$) zx*Y#7Q&JA&z^wT!G$5 zQUv>|FcNy5u2eZM7?noPy3r9K2?e(>Ax3fF((mYZI!qq=7pRwg8!o7Ab*>ZmD_^dg z3w#8`%pO@SW)F0Imr@L7r_V~gPl-D1nA0V&@VhC_I|dZW){$o1rQW9DCwHOhloO=^{GNVY#EApVqt?&eoZnG9(5L>w~WML4u%vddj}>tbu2+2g_4} zC~U}E_B$U|@AkXo^av$ZU!0&B)B1FgEmKD2eQ~S;NgAm4vqJW+{HfSauU+c2Jxu>S zuWNYJge#r5`H(atn)|#i#9CE!&gIE^!(YF6AN}aYaVtX_uTykoyj8^TqbiV1s;zjJ z)sZfP731T;cD~abe%dY}BOuRzFp;!y;keg0fOL&P{Hit`Ppe2wJa=6_=u?Ri6spT~ z5)qZijM@Nqw}5LLXyaU#s#)ue>rs0RUQQ)-36tULovZ1DL%KeU%M%&;^P5M3KeNoo zwO!PP0i3n%Xlr9ErhFal4G4dSb<1~;EwqmZ*wexnIHQI)A3EnKUAAmAIHM-tC~%jq>{Cy~n+2%HAkf@e;dAFd6P zwgH`(c_OK+JL49yD0EldF$c%wAe*v5h@NU9fh)nCF<~hrcM~Oi{FwNHXJHlubu1df#;E zu~Hl2_4C!v*7wofijtgtY2B3Zkc*FUV%6nYssE6OSsgG9r;1s&#hOUvP`sC}iY{OJ zr0Q$;OlGgGr9>rjlo{uQ447ruQpet6UZ$z-P}Ry5uGiP`%CsIvy|+rh6wGvS9hj_2 zt;4XfJg$z+cXe(@W{5f7*axoX?(EX4lt^8|ZIOB3(7=Q?%V_?D1m`QEDTkU-_b9U% zA>b`Ba-Ngocw+RC7@hb;HBmUuUXtQ)3I6_j*U}S3P%ub?B|F8@`s6uXk|?5~u7u`k z>zvwlj>{`nS?>cw?0YCxjBOQWkAb2Me^zcra%Url5t3+6I>pbMg?E_;zfq7bSqX{C zs3^)P1Y5>f7JvvCr)H1MjOAgqeqAT?BB9Vq#yI^n6E_@!1kYKDPRlS_ad`|Z$o zuN>~;t5We3c3?`CjZH;4s z^h0tQqew)BM~QO#+XO1PRLg=;3?9_Z)`}JD*U|U6fuY z9oJ-|fG*G`A`}>4kgr5x`zvLy+aL!H$z04}LBn4??pW2JhRqd;MDOVY?IxjeVpcDp?DIF+DGBL!_Hba% zf3pkBN(|Be64MC=q8L&n!!{8{(gRPfAis#e%-FK@KH-%?@ocJdb+fo~zdk}9&a!Vt z@*R=3bZi|Z_TE~*!BOYHh#`lmsdN|RG6pd)+KVKB#h13~WFJG`nF)y&qHF|$pKmhc z9HQ*A@fw(`=8gGDNaxrz<5tSO-P$`nqkcXs>F0SjXcS=Y%kRa7^UYHV%hhvB%+-RD zDE#zea{i;6|1pLrkRDHJD5KW*AY%Khn!r5UB`w6XzQ4jwSZyQ9k?F)wa!4Q}QYpe~ z7$ZAJFah_~Dj>RL%(z@NXg1w(bh}$0D3MoDK}YJ!QRt4ls2k1??Hsem3twOs_ z68m1X;d7A{omudieYeG7z z7kxTTkXzifTAe{JEeYi!JYJk$)6|8aqDeoUf?1w=5c!48#c{N;BWObZCaA zSgC1`e&d{ytANw&99niELva6#Ra)3Av-i48Tw_s>=W~NS?APSKRlPyP4sb1@Wcx{N zhq?hci(4)vDzRkes6q&9u1lY>tg;-5*1XF&8Othcogq5wTFMZ})?kzrO0gu|6(f$e z328|lh6D^(SD_{ygC}?i;mgb*$-hSe{}?Nox%gQKAW#~rhnoErm974mYJ)y)-jhm+ zFD*M)pHfT;{;?E|5;Q)I*t({6+vLf?^U?FGX>IU3Sta&`{?WnBw?QB>Z%^W*gvN7c zUx$Jlh4cm^y-_tmUpF3{WrZHx=7bBh%TCJgRSW5{VCpQn0um%835aR& zBhGAe@ui3P|9~-neB7PXp)#Gr@5+Ag->LJI$~44=qT1Am%&xnS`U&;8t1A1$eRd=q zfjVv-XatCg7?<#{E2i7p;pId|xmndO;3o^pZxpVhaNmE2#|DX zyLsKv*$e|E;8IigAix9O=BA3a;_~^6^0atXu5>rF1hT6Ti$*1Pqb0$|7mxGe3{}H;!>nG0`WX^|`He3(Z#%{LTB~k?*yRV-` zqB!h3&=$XDqX*``kf=T@bQYUBip-sF8kSAjP&yjhuj!I-_FFqz<O4)~qsGOBB)M}-Y z;rAVzn{Z)&uR;wF(EKr2B?hfW!IA)vRmB`o5^Y*Kf?TeTr%|631?>+QK1@%VM#VKn zXsy5|xg1h_u#zmlh%#p>ZfMFPV?4r{$rNb>`1_{8Tul0ppc+Plxw4PZbdI^mplQ6o zd`!bUU1R~^Xs*EwQ(tAQz#PyVropU)f_y2R`HT+1umEmtAsan$h>Cmx-EA!H4-5mK zsSl~Kq?k;ygP9#aXovxcH>IfKhebN=(~hS73GfT z`h)?13nB32y(nF_@(TZC=z{l!129xQ&*3geZ|i|IwA|(*&d#YKCMUdo1jQEblb9jd zIbZcZ2&H7`l!^9nvyB#U*e#1~9SMQ43%rq6RUHo_IPqv`3W$9p77%p$)Vh$wTA=_0 z1r!nCKwQqUVnb!6fWS#ig#fjtiwQP*h+b6BoJzrdaV|#vXpk6bs_RGpRYg#^vMZCW zo@W}%AKoW}5c=;szIhuiw9SUSL17`eHF+)&)ao*b|9s53?LQ~SKPlZoZbyz_G$eWq zt2^nZQt`^eDYgM97VK%wQlXK~A7U-0|HHp;m?Y}f3y&~bVWnyBO4$){b%8PLKWhG< zglsL5c5b-<7z)sWJz%)^&|j`>prhvaTjicdNp#O;!42AO!7jbtV}3H^oD}Dn3c7bpDZ987Ml5 z!pnQez6t`j<9p2c$8a6V!VQI2V%|UuD!g(S@@RoYq)l*SsAH{lGDsis1-jlAe$8kK zlvJJNft%f8E=*)b8S#QJQ7`FWx~_sFJeF)yis)2gn2t;@sYE-jVO44nuI(=I-lD8t zsyR4WtLpj}yjChvMOeYO_Y5T9Gf92nxhc6aS+Os)l~ZXEGuYVJXhKlM*fc>(eCtEN zLHMZ{-GD`9-VI?u3NJ*%NBYmr?%HA4yjmTn;M>+wn1OPN9FnocO)Z83=M;uS9d+zM zDS;tr{*6ZZ1lq@KKPp~(WBwl1bE2@UmmchK=y0y+VSu=qW0h9x4u6qm> zWC+K5$P+8$9#JUyxg;^h9d7)cF0 zcIFm4L#(ezNcA>TRm<91y;*eoi)Y=WJELOpGXFJ zR0al{HPgXk^tq?-_dZ~;9_{560S3k3y>~`a&W;O?o1^>SK!kL+iV3juEUdO%>BU?8 z%o0a%0n0s8@5ZiWJcMFZc2ld0KE~v7Crl4K21)4omwCbZPcaQQ^g?}lDQ=Oj>V!nL zl)XlFBB2!wjF65pJxGqxEy%^DnE4 zIkY5_7UlZQh!vXtngRG|MYifeqRs+_Y2uAkk_f=}I{a=QXunpbJ^9#lCK6H~2{fmw z=Bi|1T6I;iI2BnlwWw-#McCC;yI3PG-;?B!Ehd&z_QzXUR9Ssgz({hZc6namPND+H zecS<1-z=`K#fa1Z;8@*1p>lS+fcL)%Fu{(hpRiW^O6-o$4u0L(f>zWN%uAWLB9!6_ zy{w{Bpn zlA{{txhc(YTrfxXO+LCxm8%R3%(++AWt0D9QEFm9=_Va=m(D3OAqH?<==u9~7NG)*o{{7dwe1{zxcc{-76NF5h> z;V(x!!GDOtxPxEd5(_{R`IGdZ&GVA#*A)bz_g7U!$zlAzH74}?Me*cK42?AiuMHmf z`noUC&b7OP4S>_W()Orh9nj-EeQw8h_@v57bR#wl$%tl|98v*oTS=5RzGkHM-GVgV zWY750L?DHtAgzparMxWhLYCw9RHz4~v88336<4j>nV@3;MddwCv|I_9{kd!!^At{M zt@P8AW!O?++zebqSRv$i>w?BV3)Uhg?~b;3{fPT23AG%(C})&=jw6yCsEh3#?~g7T z^){($yayyr^ls1M@m9Jjr>xnqDrjp~<{NqQ0+mL0v`z(c&?F@Z#>3c!s;dMpD`R9o zSRqev9hm9L4fnUiRU}&q_Qf6G20FFP;nxsA3r>(kS7;u>2R9q8r0FuG3RTV85#9FF z1!;?RQef(jQGmYbq?=b_hB73AYxOYe!b9F64*NaC)`jubgNU9P(KB!#B$M{hW9Eba z0f=zXx;iJs=_MS@#+hg;PtxTL|I5g8!T(`oY1{v0WKt0Kzqs=}9QJ2y2BJ7N4!g3b zHS2E-@>o&OS3?r`D22cpLX4ec3*fEFoOsjZ%Ap*BrzTNZ~?jTES|o`D;d=Bp~3 zb>{4;(D>#%!Cu6?)+1k+jZMVDLZ>_I|9Ycb!kuvKNADWRB3#8&dF)9V_Oe3EdjViD zQ*xZ#m>oQdG?S#g{n2l93hA|t{tk7Q1j%HX&2#Er-W*lH2{IZNFI1HONjC* zI1|`46pj-G#cU3PGZk46u-hFA?#31;aZmF&99>IZ@mc@I$B@oKsV~C~7JsCj_F75S z0qGt>HRU6mbG&EvhAp8i1yxl3ir#vN4hz-{rUb+4!X&?Urp|n{hpCQU^w21r-(&O& zP%pOo`3MO+2oO4!4S_uWa&yctH@~C(hnrb8Q`Lk-HM6QfQmGBv>U{3C$LGaSU{e3% zHJi7SfJw=tuQE4#O~s@*)wzE$b8_u6+0-45O6RHSJRRum@ojfM3MY@ssJbX|G-&DxD#=s1b!E76$H;)6FInQh}{YA=QQtfXFV6-aF;?4IGVjZMd|4z?K#I)>H zC3Xy;V1tY|05Ae3fk7a+%-dOISfqWEqXWgir@S+qZzu^Va4*c zB@PZYujLBd*7m}C&&Bl$+*jbBN9~Fa>nV)pb)zmGpn5aVm?4C`HQ&9un()z;zy#9s zwgex2(lg+~A(5kIA{z5_ewe9X$3;DVS+Bs)#z%GGGcETHdRz=2sDYH(Uk?vp_E$K+ zK85MNRl}!;n^@)>tI&kZ9u}-%+SJxL7&Fh_F z9W|4{Rn{_hSLPRXdM{VIySo@4E;1%C(V7;>4G=#e&geS0?tz0}re8kZw)AF8FS!T` zC(kdN@BSz5zc&N7h+gzzJG_ECWi6_xnU2eBv zzkv~mukYAsZ?oal)b@N4GQGG-sm6AA!6nW`u1T93qw@Ib`C?-k+LoIWBEtJ|<)cF_ z#qi2J@qzP1D#?cYypQ0t10deG{bsXw>K0zl;g)N(BVB(IVg_m7rqDE=BcP+y`3seQ zAS2#aRA5e$M(K#WZ$y}%j}$lJOc_zkWVg%*N0o(JG>sYWb>Mxb<;B*m37JlX`%4JW zu)KYlCI8U>-BYLA${}}$7%wbYvk8yA3A*Ka8WBJzURXVf7qA?!B2y{BLMEcDGyF*? z%|Dwpe35B0+szuN$OMt7xtK-93O;gnW5i%EEhuOWuBEz?8b>$sB=OB~gs){v3TfgG zt7=XyZaAVH3jE%V@7&?4fP043X@I|Zd)nT$tMzI7aq{hTUggDpggt?Gn`D-DgCM*|zd6W_;g3lHYCl_NMwsP{ZC?{-Q&gg(!`8m79fm z-%u(Fu(>CO%I>uRaG4$tcXSR;L(0@Y5AnwHxyKY9B|>cDBaw&5Mbx17W8FmPryvfQ zYbV1LFK~lQ)^o^F&3UA9u{` zbFl+{B7VBR!su9_@=d$_4_HZ{i+571Y*@v!<8Rvr+v4IYd)D}n;4cOo%YLwdC&Tan z6~|yj=s?xsy#<<^TW3ugY_+(>M_?RgA)GNDXhZkLD)R-pDcaVt)38Ai&=S?ljID@+ z(Yy459ITm=9=imSrPSepJ|qcZEIelI%8OA=xa}@m;@(-rWKJ&JIQR ztIV3klTZ;PkRE_74W zxfmk$=^?TnC*8>h$N>3<1c4_v{sFjaT!!v#-E$%-rK<}3M31^LIE{rl`Qgv{$-osO z#*TYHqSb;lqk&_yZuKVsGCz(zBu!)1p3#DwJOEUf$tR;(CGFgGV=M{Z2?ic4SATEv ztbR;q;-6Q?AZT8UOHw>tK;${8oxgb~3wPK7J?i*m0MD_- z@x<-HQ)w4qs8hVB*+8q;q!ns8SX<8*l8E?2oYH(KKauP4qZ`9ALCX6T z);MlZYVGFC(ba)V`h*S5Q5#aj87QhXhI2F7toN#^;G4>!Ufipuuv1>CTS!&S#B`Zt zi_eQ(i#(mD@gU_nNbblaX%EqBkJJ%j+AK`scB;*yYWap8G?fsg~K+vQlPEj z0U%vioRV`;<3Sv?ZrNskufs4C!nGXBb*!PSI;QZCW7M4z-ReS>@p^>FH{mI)+7k7t z2qkV&YXU(wkY=PUW&3lyqkbh*&-Iwom-s{Nh-PaL=OBjmshkoHZ(MdYLcZP7)j2c+ z*UHq*e!K+PZn9gdWruf_Z}rLJsef;`uIHy}skT%1C$Gns{x-M8b)&l!w;RA>DS|(E zE04=JxOU+{=dyc{mp*Bo3(hlKnt(Rz2T&0XM8+W(K1ui9PL|vgHRW}`L0wgwiD52S zhiN_;0gqL}=kAL1BI4(9(&&Ebwwvh1eB{i!tY`S;nHE|y}SwQRPyFtKqT|NN;A zeBQ<;e#@{7k&xYGbVYD^zaw`+NJvcD<}M$9uL~GLPL1<%Qw09>Nvdoj=ym&%A$?L# zBsibzr;O@tH%|#Sy-3FN2UjWIjaCw$Ph8E7(jHS1X{A)|sZP}rKGn0nva&wnDvA5I z3aUQqP&TLL@qh$XtVpJ&^_{oTk(75vn=xB0MJ1Lw1xUb7?}!;P6t>$nMXbGyGRgx7 z5Nij3lyxz2$90sM#YNc&e|R#(|852jpW}9+Bs!~e><5XrDpAPVommf!4o4?qB~z!u z3Cp&BL@+d&C@H!Slg;HTc6}I=%xbj(EU!=PN#KNYWe(JG@fjf+rt1mV;sw!c=;%1* zV&Op9+!dZc(EfOt-9c^wlY1`gh9sQxoC^5;ru|9$UR}l+QU^ z1NbFW(X{2k5VOV7<&pwHe<@T8VkUDN;L+#-MAX(oF=Za@(cr{k=Orp=}^h_ zRBUiHdo!*d`!4=65fSsiFf@lLTn65ZfE>=hwUlXwu9koMF6>Z8vG5{3LV>+XGx1Z( zB1N0GmBHc`e4Wlm*%!?lZq&?0d4tK&b-<&$eL>|&7R@KuNGvLD#hpE@PUvRyj7u=p zsyr_#8gCx&HaL;?E9u){h^+raRB@X<(4bVP!2xbT;_BbX8D_G7z7F^oLA*onn{dLD z6lUSD)0Dr43mDo~;~=7FPHgQC$oCkPe@yD3b6;uJuC15rM0v`Wcl^p9iqt)Mz|aX`-H+7D)Jzt7blc?00{V^n{WDv8-^7S ztQZ52pvy>G4t`b)wyK5os1*)8vRn;sURmDmGz_DBudMbaY`R{DS=+CVL@ywW?fTrY z0-mVtIF>)^Hz2a$PJ1#$?Kt0u;`nmkfabj513_`}e4ZpE7TjmMci|(UxY|GOPBM|% zchXKF4N=R}qjC6Qa7_i+hC7L>gb{8WKD_&5TkmMsk0tcoRGX5OGy3IC?er2Wl6F#(z9e7R%9I1=0ZrG zRmXM8t^Jr(xx9ZQ7ivWm`%HcZD>ryP%WgrVo;ZC+g!Af%s=@?8e&It6xGuvH9H_0Q zZ#*}26nb>qEpI-CM$u{zuxij!(b{%hZzL>Pe>4BZ?%>@Zsm-BNKP@HPD0be0tYoZx z@;2_w;_nJbqqG5u2K(|(pYd)V_rjp2c`!Z+1iqhX@5}$rchIdU4|g0tIP7i8f2Z}1 z|36KgcQhPY6TlbQl~}<>SiLXNMTp*O^h76mZ>#e*Aw-EN!6Kqtvieg(EP@avT0#&) z^p>?ER(+OLzRi2@JLlc|$DEnD^ZR?woI5iDp=26Pk6Xf~aQwo-h}FeY`+ojs%Q)o|R(^s0$^Lje z1!e!BhLgzA5vpVUUC+nPX0>b=ohuAnkJ<9+Bi z%lHE>GO`a8&sMC!9CatSS^M9BnG!Z;*NlY>rpgXFx*d#-l+v!AX`V2MsTRvb-^{95X= zh${Fz7;t?7dRw>1p!H(nwi4rkc{yzH1r;2{VOGy)XxPa9S zbHe)Mk?};*B)`w~vpt>m$A68Uh*z%dMn9yH^`4aFKg{3C=}wSk0%__M^|VYLnwIOi zBjh32@`llx!?{df7-C$$#BI_txAf^ey<@>cVn~1_EIJ3loZK&H=WS$U-f#S}Ojt_Q zQbm$9JV<+v(N8sApzL}jqh2U}j0z@7W{M2h7h}<0@xM6a-`5is$~KdKv#RA4>J@0d z7B~vdiiM2SfvAXZvbYroa_!Ql`3Itdd(=x^J>OyoLvT*ra-BP_OV1v5~-#c|{!{v2LXN%;eS$Q)UAo`Lg>W#mAEf+&i zJwad0U|+B28Y$fr5atyGAKs~OOPmMi^$xXfvs$DIL98XZC?h!bskAU`N~?W!4mZ6` zq&0SDDNmnHJH>+^>BviP;slgM9>LAs-B~l5$umNO-!#b zF!3$AmWuY6p8XQY zTjPs3SXN&QsuoNxw|(z7g{@LB^HmtvSrdfVnt)WKv-{UnX5`Gt;!V-ZH)abgov`Mc z?im+vliZ=Z^FA-x?Z&sAlktqi6m)zk^z_|KRv=a^xWTE2{a}0N^^?npf!W3-LQO=r zdZ%B+$K)D}YvI>it45E?z$LTq#8vFnJ=z+zFSbOGACGYnJybU^^HIjiAYIqmBfbeZbi=NwX8I@R#xYK8CGfy z1Y1bXMmwUzAU zPS^ZS^NV)lwI7*xWBTvz?uQi(&xbM0haULDYMY{rqZIn7oSS{PGw~n%TmCEz?<|Hd z8d@{QeHZuGt($HCSxsD$G-7S;`n>MZbX@PoGD(=MCX5T6j2S#>8orPuZ8qaRV3Kxd zP_TC^HI9mh!^bNafH%N5@ewcY2LhosaN|YQL!Ry$-$f5xf`1=gRy!}l@`FQ#3%VAY z2^~vxS2IY3;$K%qoplU7ksCYTOV&@(xEqEqEW#^>7v|4!7NC)y^J8!qgDYG=$vt}4 zgP9iMJ%Rj|%}~NfiAu4|0+dcX_Ldm;2NubAV{RHsPIDe59nJis#C0H|+{wvR`G)?gx{~v8>MPg!M~~8>4Is8Xs=< zlr42#OGL`^b*Q5V_Iex>Uovs@u~#^T`U2S@jmwKqThKT)DHg5p8OXIQnpGs-WN#wK zB-NmkZKr#WVqfwHA5)x=P+xl%v)adgTYBo+`Wy-drLP4Bd|gYC6gM&sCt-f+(AUerl<*Rw>vZNr zJcRdj=~R}A!dX+=DLWr^YudUY|5hEn*FDE#bvdkz&FIO|{(g+Tx6;~%<3}=u=_Y>M zy?aqvy|{q}icG0COp(;3M+jK_Twy#`=FIj@t-I842J26*v=H7zc4ygLbu)dW3T7hh zEVcc|9nf|jC=$Dt^5@Kh+}CeE)i=>;Tsg<4%y{Lh*Dk#M$_yd~-AYZ*!O$Y4=|k~l z91rON3-QbL!{PEyNxfq*A?CSo%{SDAx1X!D=xm1rV|h0&UfC;qs8VqoZW;lL^qsvJ z&GqeYv(WeNeJDV?M(bdkK5#?b_X_>p14qS>j8^gM`rC`ro^;YP`p(hmqk$Q?sGkub zh#9GwLBl*Qj22f-O+fPu|f@ z7*FY{*pW0ZZwWc;flI0XEjp!AsC%Ta*>Eg z7ToI-J2==k8&)OD?lUBDtU3bLxvz|kj-=pkb zoR}HS@QhB?qg{-0JY1QR?i@FoX`}w%_D!q!VC#3^cY@9=Vn}P(ONB-m8Yop{K$f5- z-*qfoc)2M+?_5Lhmyk(Su=gbY3;IE=n7Q-{rAr(fq&9ik$TWTU1|PNO2^B{DiY()G zrOtu#h}7>+3~be%b3M<*0hK@pNgr+9b$E`qenqzVNC$RTW*-EhO!d9bZ0e>ej&04A z86K5eL0rniXe4=a7^hQ7GjniXx##+Q_8=#9{ixAb8i;w}3`h zG|y0=N$~o?+0rHJ3HFl0M4ycOCg3Ij0JsX!Pm!>Cj0qWvp#uP1%>e)?$@=?{0l5B_ z0Dw!7n^TCJxtFG!yBFLm#LFKp<{j)0|1V_qnS>Qc#{CDZ0|1cp1OXubhW-O-A))=8 dyx?YTegVED)W6|C(C=5|q#H+);LpFc{{i%J?^OT* literal 51926 zcmV)zK#{*tO9KQH0000800we?SGw35n<)?g0Q*t^02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARHJad;D zk}E~&<-6a^aG%mDj$=9Y`GVH=a`_kzfAb`{fBy9^jJ3YE!CXYV^@z3R&L#HIVBkyo z5s&#yL?U*5{xLP8ALuB1X9s)z{r0^w?!>ESkHu8R(n%fnpQp;n*HQo9 zR>$A9x-{0D$DtAi$9gUUqphC0{*d~v^pI6v2xFlmtXvx`d!2B@BjKPD)c6yNpfJ$! zRL;r*D3bP#{K!oRg;TDq=oW7#+{(aKD??!@Y+z*KvXTELqZzX%_~o?Vj^WGxOuBhG zNv$w2qC*ZLZ)hg|XKw_BG8Sq8%mN|@hkB;%K%Y7OPQjmjyO^D}*iwdW4t@XhAo&1~ zb0KGQS3LiE8lT2@@4nDZJi2?Ay&KPk5iH^>HWBRPEY{1INo!MK-?nq=_!%sm9oTGm zt5u3~u~gev?yy7{$6=x38FQMsxwLGQRqV1v32p^5Vk(S(Eg~3js$pyyTgR1xhW&R) z98kngj$l%31Z7IVuUXtXidlO!I_i{EEtkta&Yjql7#*g810tzS&te-LcUVp=gRxiv z5SFu&LBoZF1wxWoz!N@^O1c#i2|Wqx*a=TV=@`I_i3K!cz-zmO3<(Q2GXT0lsDl(? z&T;U8w2PiyS!mfK9*8&)cF=(#V4Mc3QcHXUl86z*<7fR-a~d<|f8M?ODh`EFE38#E zAB$ifYZyerd;mxxt}wQsR%2X}f*p>ZK_$*YkqGE34pt0HVZ^CcN-t^rN`GBqfYp&; zdW!X6Ig7S9o&fm5;$}#aF*`Z-vQ@zmNo7<>Dan4CB-*%v5;Lv_nK<^aRFRtCss~Vy zkXZl|2cyFnh-d(l1$BTU@h~L)z*V+pI6UHzBpw#juF+2O@jrW!?`MGE7=+MIFUb4p@kDm~$ocq_V*Dp* z9FQ=b!zN)C5-~H)>kq!u3oI1Nyl)chYzlEqLt8|^y)FRem>cMWp7-(jjW%Z!tK4bEPk3ICTHxAR2b>Y_xJF{L28|jn4boyB4{~G61z4yb$zV(su=7( z5_)ndxQSVW3V=^^>KdeALje(EaxK(h|6!ZG2Mt zc;%gR*;25X0J(N-Y5-rTl0c|H{djmL!a4&UpR*flN`fQ8*IdDp(*j03X?sAny?C_m)CJ&9r@z4JU6$4BuwQ;<=n2CR zw(ayG^k}kou=1TQ%gY+^*MSOc=|n{RBxwEG8H(=wdFpw7+In=_y3=J?jaqftozqtL zv_+IOzx{Lvx_-NcQ^dA3BHYvwRgRS^sah!m+S^=vfM=hat2|Jv28Eq%M$?)nP^&ai zJQQQ;h?>vV6y6QnuypGRy_vFoaNa(+4STayKE_b{A7Bd3Hk#WunSeXLu{FI&ue zw{0>1?^dt}q@Ufp>J`L6nqE|u(}v@o5s7RemU)%F;i^(EsgbQpYH4d^mV5hytn(hl zWqHr*9e=79)R|pA6khQ8j=_erT{rccufe}L%xcsPD#XQLOaU#q4|Y%h4uQDEvu`C3 z^w!%w)^XKsuGy!$QD~;{qUNBW?Az-OyP-RBV%oNY`JK5?3Ccd3fs28)$Win;8RV*? z$vU%QStu_;lGF`FajtrRV&f`Fot%&>6#SC$B#u|i_=}1BZiL#Upwc8)dFrKyYMey; zVxoN^cJ6;UCr5%3H5&~IhBTO@jmq2P4gWQ9dxPFaxudEVhX6JE3=Dj?nGF7pLIr;d zkgJ8r#mh_A*6c3YM+)>m!pm+hcPKV!R|9Q~P@JBJMN;-RO3G4d*7h-dEK5l*)4Sw+ z`_wLx5D9Bh?xEib%yZJ1Nznro5k&7!*mEsJKq-}~ z_gL%6UZJHZxq0g?MJOD)fo_i6wml!r{r%0j9|iAZ_{*_2xZhCB^d054-&MB}&ynv- zuz#19=*E!e`eZ;X)pJ4DE_#`6cDG1)P<7M!V&jS|CGZ0H%!*m)-- zF~zec`@MRJ`}0Y$6fzE_-y_2vczBa9jisgGv^3usbU*A6bi~pp+&Tgs zOMnG)bd(;G(QaybS=jw>6JY0k63YT^y_>h3%V5q5ZV)pBC>!9xLZ}tPGZHXsL?@{% z#3pCnQWZ>Fiiwr(TU)6IJA}gvv4o|^Ll1+)Y;Ty+sUDOhrE!jErUN5kU=WYuu*c3} z^57=G1cF#l1Jmqe4=5EYM4Y)aq(frh*G%YQBYoiQ5-0{xKtd_}&8b#MT%}k8cm~=o zLd0w`@>^T5A9skJ=TC+pJr1H-!P-av91lA?hsBTA1`C|rG@G1P``%Urs|g@O1P~zM z2{wvyK%HPN!&gJxh!2U<(s?gOe3phE698%&tc zAwIH*KFg9twbC#o5cC?@P>hek4nk0d&802tpt{OwMS~|cfxb3RZ;7)lYSNFG?CZ1B zn7tI!N31w%DuVJv9_UK5Li0P5b|tftp4 zstF5Qx$x{5&ypH&s?Zh78-!>&qk=(`mB;9q^lNs$=<=8-AHFadJWuIh=6ioGv&yE5 z&PZ#AH*1yZnc2_Pyl8&5PT9>%(q{CrjKFh~vnC~*W5s$)+C_vS3K_Gk;?_(pyL_s4 zjj^{iUz<(y3X-iA2CjCQaP<~BF<_9DfR&#aP7zugHO1~+&l>sHrd0nReHzR~aORUG z-nP zstm5OI|vppFCec+qoe%y;@0DZgUl@eD%gRbtBu||llD0-D;#DV&4P~7qv@I(&Cwd^5d?BEuHc$cZ?XL!{QnJ**Ys?~9p z`4Oa9t`gGMmxRU*nSM6Ier?`efOZN#$qGa6*$hu06#nPP-<;}_1Q_^H!*)eI*EyMm zIV3WmwGW5KqgSKv*~DNhbsJUeE_2i`k=K}(DDU=MB_yveL5*|F63rIXA;m&;jV?>% zY(<;NSyYL&l{~}Sf*dmzIj$2xj_BeoKH>c3!pRD^G)hIh-B&;rT@V6l+R;hf0k{vC z^R%}S#k)+c(*|&{eMBp8g&@AZ^!cy?84sq2$1+J39kt28QgJ-DLE8JbRR@81=2NIS zA1Ux7#f(=#ZzBYEnV)}A?n9W3G)x*#c_fwOrr6E65@cRq2EREkRoR@G2!xGi4Ox9+ z3@`YRrS&mSK`0D0w$~2+HxW4um93%M2gP0H)w5Gl8~NbZ$0Jr=^t}rFU1y^G+*2_4 zMTz|InBQDRhUB*`bE6C99&gGyNmKRh}*23pDhvk6&Cdpl?K?zYgg9#6Y%Lw#JSE zSAGB8kt8*V2A5KjmCsZ&9!XzSjZ)ER?h$1AqS9a2pCdC%A#9YN_vUdDrvt5O2RaV_H$tcKp(y|SUTuar*SZL zxr;l^6kc>=xS;H&> zytu9&64Cw&L|C3hZrZ=beh>VI>DbeBvV)69B^qw)Ms{)W$Pg^T;^t94^{cyk)TE;P zA8)g%wRGx|wEp#$@_RNtResf}buyL4y7pIo#04ORpI-Ue54m*3`;;r2x4^<~KK!yA zdF_iY^wpMp4z(|~v}!ZUAKJAl<+pXPPQz&Vr-F#5@B{w)FHlPZ1QY-O00;n6bADIS zhj31>xc~rrJq7>~0001OVQFquWo>Y5VRU6KYIARH>|O0s<2aN5epUBBsB%{osKOAx zBypardFnWZ*`=O&25!Raei){*iY*f_j-9m~SaxsjZ$C+XiEK%>oPi9-hJArp-L3BS zuO+!#R{s3ge*vKP?}@WOOW6Ax=q=K8mHh4GB)f9Fgdw~|OBANZ@Q-zjj-6OB?7XE?NcABcZ!S%T)kVbo^@)h5yz&q8&IHbD5-ZKz#_J;MAo(_;l=h;_kgGMWUD1Jg|H{1U#HKCTeyCP`x~ ztDHA`h;E^d}gsDc|Q9CDA%|&<}C6UL71B7rlI8WpQrFWhGAR zuX3GwAEFej6XYI&`8ow5LN0Pa8i5r|5&+|+mZo>u3rPxod7pQpO&8HRa5c=T{TI@H zgt6;HnC+Ki0DeZm50ex@mq-Qa0)by1qWCUZK?iAtn!kXDh3_nYp8yxd{ypx}i=!na ze}4)}hF+of*X)n4#l7N1s`$jdLI*KB4zu8GH=(5^x}xFzzl`?dn$Ah+&7YCWeJ-UO^y$U^CKP)KO30*r;g#2yVj&qW*UXP zT_ur`ROuHwjDJLMh8)kxtTs>o-7bTk|gh5AQ*829NPAk%A_>6Ocn zvQyS_o+r9wQdI28x|7_x0?ReC1tf+d+$o(g8CtGoSeiGsN18PnkF|;CIhtcwj%7JG z5Zqx4+zlnT8*;cC&klD(8Scglg}c!O?#9c9yP*d6y4eB}QxWcz4jE(D9iyRUnWM3W zAwJNcF&}H5gRhRE4Tl4}1@5L2+)X*$&1Z+ZsSJ1Xg~HwJ0(bM}!`)Pad);gSiKPg4 zN;kG$V?G!;n(aCR%^DzGo9K?MjYjT7A33@`^2`>vTS{=Ztf!ky9~6A$8Zccgjt2x^vL8`{K#Lv3zBeQw#VYg>~RxZ6r_x8-oRpB?VDGTiMK z3U|8;-0hbScUukab+gz0SrmHyZJul;WrOMTa^sa+JBv!DiG?C5-r$B1IcXH173ztl zH_);@NywzV79vQgB_vjV+=PNSDlS(jrd1jkl(;J)Mgl^Dy~88W6k8RoYH=kqz7kn8 zpIFwmYEe#Er5xFX@9>CjF5?p8N0DjBr!UwR_a4v#{#@8HF zx_pCjZv0<1BK>C-q&MG@^7C8d`JqobF!-C)z={7#1RN4y$-2u&n0uo+2uJ|PM6|}l zR;U*B)<2YodY!R!Pj?GT)@QYh_R<$bZV+Ux=b^ibe8N#trhme2K_R0Gs~+1%$D_)& zkvcWE1%$ z68-|JZ<@XqzimBz{m7`o&t5WfxXDX|yeV7=d^&GtAdNET<-_bJcQ##Xj zp#h<(S>v&-S*~qs6CM9$Izvad#zT8P7`A|&tALBCCz|K{_#Z+>zH&wr%1ngsFu)PU*%2+c8b#Xodj|yp}O1cx1P14X_3!9IDRV4rjW`{c!geWC{Ty43;_eV~Z; zjBo_;5I(_U``j_{*gi3b8rj*0*YD7_Y~;?(*5qR*s1@(}prNodcy7d#-W4IAE7OMB z-D95GpbYw|87~s`#2^*ebB2>@`Pn*2qvcsqxF*JmE|H7yX&<|FV}unx}sHoF$=3cPa#t2yHrwx#vKSE#j8LsC^(RBf$?Db4M6Xs zTi-cdt&%!QIJ}EY;-Fqfi2&u=c^Lc7;v#f>7t8tCPZysO6u(6&^n;`TO$${e2HGXo zL!z0Z0ro~K?2WD#h$S>efg#ecxxP#9GuqJg7o2nwq;C@dB2#9WQBVTog-sWjXzHY}ys*h&4jV{CA>Us-HyQ}^9XY>4W; zb?DWsBrao`^A)?nwU>QtUVZS%aZFSHHoOdf&Z#)I=FO9pmlFti4PAWaeUa|pWoiE~ zZ$g()^9s7ej{V$Xy+A-6p4&VdJj}O-XL0L!c#8Dr;919C%}v<aWv1)vCEmKSy5?Ql+lX#t-0fcr% z+v*;Z#}=;&=kBM7tJU^z&1Dt|27OL*e#oylvOe$>UDfT|!n|brS#6qM;SJv=4|`M&JZt+z%aA(k#RVndmlY8 zq#;~#=O8w{Z^{A_R1PKXeHMnHwmFKHWpvRBg>G^gZoERTfB%;X3m8J@4&HJ}Z59lN zo1=BVY%Iff2rHKQ>{*z($(1uU-$6e>E?LZm30X^j3h%<`A-s$)!h0C_E_v*n6|bto zfZU9PIV+cZ1`mF^*qkhVpWSm%Ic$=4O%5+D?qpRf@chSammTGvWuPfT-DarxQj@W{ zr^Jr0)y7hqpiK~l#m}GBkHWB2c(1#vDV5U}U5;qHXZX25He`WZvfTM09XY4?Ho3S9 zS3t9E)RqEd7%vHGSifHQ3HXgv5?s_2IpSf62Y4DS01NT6cp=Ax$MhuPV_svTlAn-Aj}Q4R$-)n0@s}N{{b?gJk3qoZ zek#&XNNy+bvfOLl==z4*1xQGH5yaD>~KW@UJtr!XL^?V6&6aG(r zq%yiEk%b{S!_EH-ZhFMhj3AD`g8ZlRj~DMQ&Q7l{ zE`g6x|e&^K*}Y6Zlw#nZG)9 zU2H%?uFd`M;M!lJA5cifVRG>MaCx}Vn#!DkzjLM&5)2^nmYz_sKm+V3#w))@7%K$l zZ~PGV4Gvfb9s)c9DvEtcEcLAdA&zy&GB7Iyq{B~n-<;0Rn?W%Z!*FwNXmIQ0meI@FL_yATt?c&EYqE=Krw z=+LOXy4HV`lU||NkK9JO1cQ!DDRiPiuD@Q2$=0h?oB{FeIxfd;x!4W;dHW!RSID=w zD9+YWSta%d3~lU?>jf0MB4;V%8S@N;ili`I)7<3gJq}Q!iclVLsvje_@>aiKn$CU% zvkmzni;Lovh93W5&XJQBlS#Zw`=L}s%IxfYPfYMdbor~W$8K70-ah9T)b%FTchQ@_ z_(gd4am?WLr>y(l8NQP^=6o37ki#$(=pdGhoJIDWE){*P>-s=d9-=Y+Pq{m=S|2MyL-^e~2&g0(hv06L zpC>?c)pHkDyL4K0{O{nee4>3CcL@Mmzf_~CdsyXxL^)5eEWYtU?eRiye!M83XxdV5 zN{PGbQA{MY!hAi8q}mqN<>Z+P;~MPv`rV#hMN6xlR!43;PoxL(3hIeJHykoh7AVA1Hc z`BpEn6@_{wge6J|zqw>qeszhWGWpk|sB42)@-gOs4GvcO?v)x-nvaHUW(R(FN9f9I zQP#(CwGV;yZNnh@kr^{tui>DhdAWZy0Ii^rB%1h??H3VuF{ubyNuz|X6{9Rq9^F%# zQ)Bcs*+K(Lx$S6C@c*N2uy~q0Nzq+3nct%Irm|62-v37ajssu8S^J)<|Ho;2qvDaR z6M*})eUAnL2?GN8g#7W=_dG;a0$G9uOCU)~KQtHE`s6R3!Z&K62wrUppSP6qzxEV< zvZjyu-a5z<@If|F}bH*p0tJ!TVhrGKm)p@Rrl#& z_NO%+d_fLleU@DCU~H?(L;GCtQ{{pM9jAuVa`W4sBEK!k$r;fx$;t6|8~_W>*OTNl zD<0W8MY2zF_O4)(V6EKgDu$1L@eHO}i!<fD7Fukn8#cnN0l|U+eZWu4 zxNq0bOb3xiTJm@V2??Je^ta@u&7J3_P2upXmYWto&VbI@CaIj~$W2Q- z+vlbkx_xeXpPT0RS~1GzM9>81YraL^je_JA&)3{?In&a;{+7+CyClPH`JhFAB zYoCbjT`l}%fv2grSVQ_1vVZYpv{j2W@M@FMyrq=?6(*xyitPkAFhMjm_ptDtMV5Ac zhgaof_y@@INC4cU;1Lj0v5!d3nm(_Rj5P$=I~l7yV88>KCw{7S7Dm|>ooY5R%BT|x z>5?XH&RxC%eVV!?t3xv9WsasFXZJpwEj`$8+TDuz-<@8(|Mc-(NLC!wK*$Pzy2!z+ zDeS`1*gXH=f4beV(z712i_A@6&e$N1IK3r*MTzX_jfNB_$zTz2x$u8t4m@BHrn=jX zZbHsSg0mf5G+*Bq(&-11^qK|H?PVA|7J~r2#-vpxTx5SPOsDGvPn6h0LbGG|@TvTe z9C7XQIC>yQBVpbm9oga&M}efs3^PgD_j$nMdz+*&d1_YZ)JJM1kM%ullJDR(t}+q|z>DyOS@m6@`GdT*I!j#SGo z!0i-p)qA_!ggn1$=-{^JPRfhI$f5Ov&6i(@Gjip^fU!}wau6Hbd(W)&%fETb)|6RI zy2=xia@OMYRSvA3R}L)U0zj>DAb$1)opXUwInPl!kao7O958hI%E7*J!11+Wl;wH0 z%0WGVx2_y?O6PoA?SRv{W9@+B?>OESoUf;LFx=M;o~U;40X@9Mcf&!&GVctlK{7F= zU4QXn!mt*6;MEorcuOh&D=a3IPjbbE^aPfvAWgwF5hFG=eM~Ps+qm;9b4{L3K?;+>WVY{g@E+g0X9wkhr5~4pKu{ zwm9A8P5pG2jF5iq%8Y(3ZW`rZf5TksQrS5?o}&f4_oFyDJUqtXLBcsV44a*)aCJGo zxW4%5e3v@>fFi9JPrj=n+3l66u&F1`AL&?hhsaib!OI8bKy@fQv3{%Cp|EzAw`GI8 zN+C{ssD7nlTlkMGF|o?QG=p&EI|Ld_VoGH^h0^8=Dr|}@!PkoEcZSzC|Hs~!a3_u= z>;4s8&%9H18JoozL(i*zBQ_hG%`C=tRUeN)0%U|Fw1Dx<+~59kk%X4ihH)(})Tg_R zlzT=-Mtl*G`NT#~4gO`nr;U=lRkntJFqRw}#?4@ykt^#_EJn6pIML>5zi`4*!-WHg z*>__mhJ5*uJ&OJ^s49g8S21=5I(8qmpew#-8Lax2~k}INNr>w zerYtZ1-4@a44ZFLjl>qFSCy1GgM1uzg6#eK-)8Io``z?85Da!v*+%o`0Q)5ih#?gKFyuZLSLg(~7Jhl7Xt8WKK@Y*$x$AICpAcH2Ks$c^#i-CrK@%jnA2i1~t zTD}Z$3XJrpU{1|UN0ieJS8E%PkNxyNf`u!cN*!58{kancSgBAxKqA&-Trh+#mqCaI zKRzV)B5=%|g@O+95lRdi7e{&UU2u7kX6VRsQeZ4gA<6DZv`%>}ug*D!kb&lZ=g*i| zHs8H5(SDN$%0IMz!(#AxnC2%uCE&d^mhdh9fyU+gjf7!bSK$uD!j@PAanSipO~pi==3?L$i02JVYlH$v~sW~8Cf zm3Hn1R@I`U+3)NcawD*#aCj$?1**2G$^Lpo2|`yT#rv>&~*b%kIF? z^YQGm?|OP>E|ZR09=A8H`lSAV##I7MxL@rpLT|AM<-WT`C`a5YqFIE<00I>oq0M^?~J)TC!H1&A$$7FD3&W~g2 zx!9X}c4X>-mmEVEYnq+&A`L^VAO`q*TYWBE>y7%bRv&LqQT~r&_34>b4+T&-#fcMM zePdFD})!h>w!hd9B8Ar4=- z1Zt8-JcMQOvYCQ;JVDih-i&!6qJagj(-XK*DYQ~4bEy*Z#x=7z7QZtFmuKduisX#6 zwcdf=&v}G;sizFfZX!R;z)5^K>Ju8QC!nhnV?$LKc_Om5xK0M^{-?46S|o52?sTFs zqJ~pU6iJuKp8_Lb9S!5>pzVNHU^9hLgcUl9#={Yn92#Qf7{b5+tN*1w8Sz!0T$ulx zPdfb-qOSI#RJ#hLieZ;B=-S-uqum7u$@-HK=gln{L1*Bxwm9JX6O}Ly3^rF3ijn?g zqx_vl`$C3!baaY1HNI%=s&;u59FlEYXg0GBCI#4eQmb~>Qlpxq{R-c&@b9t06DDDU zrS96kh+&mZR)C@@BL-2%Xw=@Wx3}wAsrGg~_q$NL-n+$87V=TcP76pHbj01l>^XtWTH@{vGxAbV{S2B`E#Wtw;mh&Fw zSKrF^=2u&~z4>)-e)Z%FrBQpH(R-O+-3xeY^J^4%`)x*8Pg7$WVLka{vN<#7$1%d@ z_eR(q8DViKYKNNuWe@kG!3g|_mvpt({>_cCdDpt5KCCg;+f$VP;}~N}c2wg?Ry*xu z^J%S3F<4Q9H!_+TSa@j4+*}+G5l6yZ523QgyhO66`qpc$Jc_K+#x|~6#ul4Z6(j7Y zoTx~GfYz32skCg6jxPC~kZeT*Vp#eV-(zVV2yA}Ep^WA+wxmzU{z_Sudl?d}INV%h zpvke$mo)4$Fvbg4TVtPMSZ6?=CLAdF=xge)Qyf8Afi{Mtqf>j4fYV!t(LYIQ8?07% z&d!c1vdRP1IO;K0?yjmaiaWAwBM39{E8S7jCcQl-YOBLb!31f5Oft5*v~u zF}moMX&?S*CvMn#Q;Gsb5+)ud2K(4E7$eFR^BFj<)-^6%S{#OSL!R$5{2ChDc7dx9QoR zc-Ap8_Cm$6jqPoE_GfR?bEbX=qIe#rX8*A6?+=jOF-q5xqLmNp_fJ0ANdgg~Rr#Yy~NRxK0FY0^Q({?0y z+6lwazmmy0)1SyH)1VQ=)Iz^hX%`7E|e7%rgE@w3Q{ft%Dtt*WA{om zF#lG#5yvk{hHfh_3>FnF6p^Zf83;%{WK{0fG~))toJ4Ga1iXP_RR%C~?hPa0HmXZ9 zl}=%IDUPBy7qkZTZQ<${vKGvjC)|sSC)~6!TNXr$+8AQYm#2`#uss*l3z(tCi17AJ z$`#d$@WDf5kF%_lRv9)F&!|MhJp!pw#wWi)_vv2Tkt-q833?mQrnf=dkt24MU`>hB zyBH)D0rB=96uTY|DLi2LFscSE5FKNsxfh4?%t!mE_?l?lSulO^swkn*`!z~_w1Xis zI4ANbgg4NG)yHf#T&6rwQ;n_N90&h#gMqW0e_bd|=n&Sy-~)zbj(w!jH0_$Uwt{@_ zlK!NaiFA0DV*SS12PBO*0Sq>9p`FT4z@Tgvv9!;49`I`05Y`Nv9Vs1|HyqebD+p+V zDbuzMNiJyWg1~KglRvWf=ubw@<{L(W9?;uh@nGv_(T2Q&v`yI(qDwM?=wMYrF<^z6 z21TD;+N{s$K-mc=49ubeGpi#>j*;AKQ9H^M8F^4=K`KqrNtRn%N;p1|65o*aNom7CFhYO`PksOOg!qr#M*wwMSa1f0Kq9 zP{B_&+7i#6fJJZu>NwhpvO@>+I}kPY?05qOl0T5yGG)f4ZEeBxAls({ZU{6b4d@n#+6;q4Av(WW8hYcT)({JGicRsQ(=86OR`QOkAcs!XC#oC5xd z$FAFgf6KZcP`svMFd#tn2bIj>20&q-F{sruEX(7~0qegQWN!yTDJ%-00Ysjb zaKP{ya*QTu#8^W6BCd!>m$iVV8g;zq&>Xg8g9IRHAAvzaa483R4Vb#(*t$VS;o`?; zQ~njNaIjMzs^~HkbXpet8-`w?4uZ{)x?=#fow{Fa&?g4pM#E8aZZu^?UY#Q$0@cl+ zqjrF{5BLGBh(dZ0Ak42-Nf4x!0ae-7XCz)L%O~*ucYfsf8}9ihOW3#*i_d`0z*z-# zxZ95qenxc9B-l0HZMHst?)EBeDoveG7%?>*6~SNurew)l7Iy%1_4)HR5vX*LhRcWN zPINd;NxVS<+2{nY-V-#{<~vZT@#4t7m5Q64;vI*i3DkT*v?o**bRTUpyf{Yp*20l7 zG#9AbQUX8c5%+`WA7)}4OgaMV+6V!$7A_(H3S*(v=g(gqn_BpoZT2ZeIGG62kP%Mi zlev}z>+2oI0+B}slE+k%KrdR&$_5@DBN9NYWhGG?%Mc~W)*gf3VgTCWk_gQMZ)|4} zI*A?=8Q>+gM!VJN(aj#@wMER+>>SNTn^y4&%xvLDOCY9dWmN0tMO)$LjIu`S?{LIG zjtPp8VJMHcgGUMb<;d%73B(_Gb#`+3I`0*3!&F27&1}8Z56)-)4h58Gq@Uh^pk|eL;NY_yX{#k;G z`%&X-&?6wnoei&z#J}t4`hD^P>|(R2AF^7ai|m^xq)hnO?2w3SqRkj{L(}VlY9Qmh zLLJhb#t~&%_d^H)l}-wF1YMp=tW91L(c!am#E9)|eC)$vDQq2u`*Ej%+5`OnAj?jl zLd%6A;eY;IHn_i`AOjvg)HMx>r+~4-`~JW`+SmX2Y9#C#32oy4j5(dFhTDNAA#n?r zapXy)8oCMGIZ;BKYneGQJvENLi5aL@3P|mlB8eRAs}NiQd!0VC#_IFu1bAajz$HA} z6|^31A)h~+kwReS1wA-Br7EJvDMpv=JPnt!c>@+Aer1Ula^5QXHb@!LK#vr z18LW|9f;y^V<@W#WNb!u7)q2Vk>ijF7$}@T-bWX(q46*!EHIu4^oIj|Spkl0#;Gy_ z+?-{ZGlUUdm8jGosgyMZK)--Ky66Logj1E=3iFmr?D0Th zLDHCLC~5vd)y9#I?B|vBmqD4dOt3HA{vJ+#ox<u@+H~7CNCZw4h0<}6hX8_?VNoP&a;QVnXE6RjlrfZDR9p>H+6@sFtP(;m;!5}Cm9T)wxmf%erUc! zTaJ<7^JfRd26h}YtwxzZCfqnlfh-zCc2&6hFvG;Ah+`PY4yV_h6cq<|keXrgjp^A=Seem(jFO7q$` z4M>4Vw8g(HthZKny#TTVegkL`{{e(8D|!G3E!3f80Le#tvH158i}zCT8>C`uk+|0p zXd|RQ1yB>}2=v1>!&FoRV1mh(B_7Nhww|$&Jpe))36jp9A{?B1K^~$BlmhuXkMQRN zw8k26E1qQJBli!K5YOGEwCs0rYEaXXS0oXR3}9=3vq0+JWUAw!_RirW@R97_WspJ;XKRd_ z)CU4{KT)^ZjpLt7{zQO9qz*)AdT66V$_UIK5qyl>!Pp=q=`|s3XsDs9J03ykEwLMM zBCdVoysRuc3Vbnge{x97{t?&C;20F4@urw-N38S@4;XVs*SO-vVub}!L6MohB?Sj^ zJEn-3(kG}fTELc3#y*nUmTn)(y^rMf--KjmzCqx3qD#0cwcqgDMwvp=3d@pi@# zDnP_uI`+I|fgwath%O++7YrP`30V*b69A%b{Eo_eHu^Xle5{Q0^;fYx!A~Tf?xdn4&vX#;@yUyEdStQZ!bcFiGP|P;-D@YWEU1J><>7F2L}fQ1&0sC4+#eTEBXM2 zoN?eCxHp_>@JpX%5RPHK;mm?}KdT^!1cKwe{o}lYX6&%kUDUO?nb8Zoh>m7Y( z^WHOFd#gC@h@q@;LRiD&u|wmq!{V>Kpp~bXUCn4ne0A95{#J3-apS4qgZM(?ro-S) zx37OtTr`Qq-Vg`zkEFL7Jc5w4ZmyLaD)&DvOF3kydhHDYJ_-Tzd+R(@xNr} zu*eaqr0nlKE}?O};lmOZxBJ#naldk7XrasfU8yfzwA?&CWx(fs;%fKtwEKA4ec*s8 z7ydkf1N(T|sKWm*5l`#y6ds4;?;>vY7mk;WuuX5CfN_OSq^;YQJkBP*c|yyD&u-&i z_i?ZLxL2RYp9yWAZ76mZ@vZx~)_q*-UOfF}#M8ZW`UdHAAJ>XZO5ZcCH8dzRBqTI! z>)bl5Gq7pCjq=GuOdkTSMQv~>$Y%fP@=^-F(Q1=C+~4{QzRaWD-YfVvhi}R+tiWs@ z6ilp_Wo`^PJZN7A6iubGsf$$ZBDcS=5Z1ZHg@vP-AtdC9aK?Q^i6S%H?ucSc%#M$e;@yF4_0w)+uBexYRB(o)3B6vJ;Ge*=RI2+04H1J^g>94+F^XM%PU)gEar z7-fgXsaYvw#H+<=KuGL+#7H!<2x2Y7h|$Kjte#LhZz_`9vk!tNW_tG^cvA1N%mLIS zUycITmJt`?8F~4G8ng z4L6bRXxEH9Vi9;Rac?ZV+urE6qY!G@RuH!eFo^*x(flhMvTgR{k=fpew+=&*wcBki zGrpW6D8`Z`+uAZaqASCA&G!klL_V_CAnhjJvb$C{4$Z-lm#*r0l^W{2pg~~Kn*~|O zz{*i6iwdc>5n6y+gxrkn&9FIE!!C?DZG_Nb+;-I+{b{gsl`5AyCorCorM_oc zDU7IEzJ8HBIgx3`426KhmBc>(&}mz>@YW;HE=Gg0p4kaAA`|XktiWOW`Lx z*!oaqecsRYG0t4F{-Mm~<3AFnnBh-s0Tk{R^z2*Me@Jo96y=HW{ZFJ|XY+|OSO)iX z1VL{zZl+vw#W>|gbq8&Xc&YII%3$6brD#Q&4Lnh1p%JH>;oPVma$ z=cnJqKLa+v=>BoR>)G5)oIA;-5+sG7jB%Xm4(5z3gAogED1JhUg3kd~0!-dmF%0Fw z4R&O`GtLUJY1OB2et`aS3aHvDF|5E4TeBYvG9Mu1i+T;Lj7UC)2W7-4!*C+=2{dyD zG(5=u9gUU{zVo8B88PIZuXscRg$@*45@lDRY%wX&{|dY4gptSw^oWs1)rZ?;8*N6Z zM_h!FhcOn{+dNTLT68wEc_NexAB$X|{4|ta!un`Fv502#Y{&sIaO_fs90H?O46BB| zM^i~)H^+wAOQH_B)5&Rqny>LoYv=TV$w-eiEO72)WHZGQOnvBAw7jAIGAL1`hD4l< zA2#z);DUi^5$p3#c>Ds)uF8z60u3W%SG7OZjDihm7J9R$`9zz|@I)a_QlVvRz5Dom z@+t89TSefSR#j=4IT?)z9?!(18e>~3T()gNz=oxcE)dV9+L;l;Zsr;aj5t%t=|im% zVB6rBd6^pt4A!*$4S(41abm!!@Q^!ySipdPgSMh5x?3>HW}6Z0U%KO1AF~yvktAAE zpzAIK=HIC?2ysV(NR-CB>$sTK+#lW$6$}bANBsDf2;77jtt&sz92x#^4Ng^=$xqN8 z#?M>EN@=Yl>{I_v?ZD^${R9n>bPWie(Prj-TY?XB{23YoEt(;@>X+D%KyAIN~G_a)ie3W$td%SYBB(wVNl6=>LM4dL;% ze%^pA^aT(@L^pd>%fS{vt0kUpTu0qaCL{@VuG(i?!+hE^}@a-T0-ZZN%zi$J&)5PBz9Lwu-@Dlu8>2z8h{Q3$gN#73s`|0Q( z-$Z*ekf7ATC*^sX)9sf^m2MZ8(8aO2s5-h{Zwep_XDL0353jP6aX-L90~ zU%=mVt={icydO$epoU8G()iS7fC7bj3V!sPH_g_-=xvjBcdEP`(Kt3RxI6BC(9o3R z>P49o*Mu&VflB9XKdIq_7JDWEIijhY0;N?#n~^=J4dlTQFT)`~V~&kPwzr__HVSLQ zr!&*CZ1idqJcbg%itv{XH_?H{X*S0=vgJP%@=-@_Q%Vh<(#?;@hlkd2(@1zc<=G>A zT(vIFL}>+zK1vw9^`<;Zz_K8(@hQ!5ay7(y8D3ODasPzH2Bb~E8jozpi#r??KxLX_ zYJ!KB0tp&QV^>8Oc32TLWerl|!r9Hc1WvRuEu-QbO|iwb93@PTk-j->-f^(fprYwb zN4%*Wy|f4frNr}Me`(MS99dq)ei%3r9w0a|kj`o>98N2rF(2mCI6wFlDWa}!$hzHh z6lvtL`r@JPudZ&wt^epR=is>uv87DVB*Dx1(sY7w6hX>%$`JEKsszRN!wPs&i&Q!~ zp^{v337)qkLhcs5=_5~`qeNYrNMZvYQ5B0AxQ zrjB6{a%hpfnbfZ+Rn)iB?=dNgg^2DhrdJNv4>^mN^*UY%c;Uw1A7i4@Zfv zGQw$WtH~!VW~L?MJP^FPoWI~g0|j1kQVBYJdTX6<5_0E)A@J5TgQQkA=-sA7&WTf- znd@LsG@Zr01#+1Xloz}+5!6#4K?8fMd8?+xLV@ZQgDoM67SZx8D zAC?fJ^za_n)wLz!3^MY4PAaf`flEefcGu%1?=eV{m4iQSu_m~ zQ$HOlK;lNs%*OAXw zj|Jqial(bIHwJce3aD8{MCz2MoqM5E-2O@^1iptmB4xRtw(vJ^iLOkE4%W3n5<}}w zbe(trtv2=f(AZz#&gH@jP8lNsTqW+TEoEY_+?y37IC9r$*n0!=VG}G~0;(L85==TG zDCg^%3U4ni=rztBGRUWD;8z^Q-l(hu}I`82Te&7_-0& z1D8+qHaMDl!?8hZ#{NRtQahQ2JuT!I_LP_?VQO0Y2tSoKSi7XB#<=c1E(R+^e{5;4sXz!H(`bpZn(7-bJHnLV}mZ6w5}1)}vqfU~zhs2Zb-kehtiE;_XH2)#6+<6p0vHrMs=ZvLv1 zX=#ZcxQ`f$`S2b5;B3dlzkY)*{suGofx8%vQCiVpzv}=%%r!#i1EV2+m7aS+>+;9t=@t?ip?klg!ec>B5&HKFPM;m5{=hvX0^+|xe?KnYaoayW za4#{@e&7z8#)^;GMTZ&kV|K9~HF)8d?&QW*f^2yp|`&phD-9UiqOqpkYb4rVZTLJ z4bQX)eT9B&91}DuKVfI>zReN(_$$t*;k5gad)NA)(A~yU{zLZIs->tv{3 zs*~4e1pxp@_)CO7{)+VKj0gIdoxBS>lO6In_;m6q@rfOMLVr-Y$S-uRizfBZD8x5E%IY|%7?-l`ZC|(v(JpQC+@eVy z%{X@ynj_go0bjORJUdODrW`4KE}0`uv6;)DGLxvRg=j6jpWuqM7+0%V3?OoRUz{t| zwvPD=xk4@QV&LE_(}J%`+vRzOu|M9fr0p+SO!H8@0`qWIWDPe!PN)5W2i!{^bvPPUU@G34hZ`)tN6*e^i%QpP7nFxE! zPjjV~y*oZ9b&%JO$xNeOofYZ&k|PqyhpsbmQbOluK zEck!)xmn4drITKhxUKt@E2A$2Z~pn-=&6z0iDtXd=y{r2kRdyn?FBAZ3`GLpYcCRP@e)Ozz-3A%LEXyeS$q8PNB{+O|02L zG>#NLc7o`34QGXTM%>)&!0)~Ue^ZBj;Y74E+4^f4zibQD-b{GZu%vjJY1ZfmbaQiP z`gb=8y>*^<=%~!VYQt*-qQ3%CVzYuz%|>DWbl|tH#9%Q6;`IVA&fs@bb2G|xV#0pC zVL6!-S)k7m&Lcb+#ejF>QyyGzZi+Js+j8*)lxUKY$#9$)R3HRp8#(h&-`(L2%+%Fb8{2%{yM~<$+W5#u9SyV!?uziuYtrm?l1O$!vk^DJOU9l9%IYR%c(};ltpiOr zEDF6joiidBJ_tUYB4ZUoneaC?nMtJ!n9P%a5CmyGx2=v-c%8@JT#V3Yw~sqSY)%v? z&u{Fvo9)vWX%Ya198xTpBl1)j`NMo)4(7aA=fsIN1*y_5Ugk=@x%VhiQ^^aK%wt{6 z3~2{Df@DlEeB-aqb`Z2FpHq!t0}SJ?`H2dGqFlwmTTW~9xsDD8#>>!MngWtgye*Bp zP_Nc$4UL5Ey$T(gjq)2|Z0yNHC*^IlW9WiW8f7Hiaf9qXUC6Mt)Cr3<0{7gK;RZCw z+>s(-)H~X@M{iaujh-D5S9o-_(#rA%iO8#7TBU{_qWu%Ao3WHkb2`Wuhu*wXP zlu223Df?4?TBqxCJnhrU9A68yvIc0Q=0n08eY8{SbBLB|rHibsnh&utKH97GJ%$!* z<%y%sTA4z$S}R>#?bdw4?7!hIDLZ1x)F;b@k1RG3m})xnZcNq5iU?(ItFBoE*cgaL z%X}M3P6WOY&cpphY(K9^BV(XwiBtH>j$a*pwo3YRbV|zwZ0z)Stx95>(WU{Gw1dAB?F?i??g6&D!c*$Ec9I%8?3h59d!M;vC&^J#WzG_53#T2ZNvfHbuKMaJT;lQOQ6~)G7wJsggi`^ zY2>=<-&5$>R_EuucH8cPTGAOvGWu@m=F{deO z6fzFdo%!u@b57E=ng})qNn|1E=X@GCMPwFa$)`snPDUfiY%U>9BHAYw39`WBdrt82 zevkl0`j8>tB;?0b7)65)g0u#-wV|$AUbiYQ`W;Gkz=rXBS8E1>Ci5;KydJ$tkZK@S4#-h!P)TZ1aIs8L=Ue6&^T@);fMq~iSs_r>{gftyrSI*>i9w#5%q^(za2~zNtaKpHk_h1;7ecO zRj8-T2nB91Ck z2|0XgJ3h$r3yNSuSIFa=DW7m@^CkBpLwDaHSb6X-NIqW}MPb&|AQgnS99O(@EcK5NXxS8w;zS4=i(-#7gfm8EGn!doTa z(W9A)9Pt^HkG zG1X{WbzE!E7G|j(fx9N4VUzpTQ2l`ce1~8~@(#_*E;QBHG%DV!{TM9_-Q`{4D9Ne7 zDSr}#5z1vL3u$z3Yjk#&7j{HUlSM!*Ye zhs}tk^QX_Ud!7GB==_=Qt@D!|q@wBkz7Co(#rRNH(;e#k+d7r*b^g81zt{PLY1E$Q z-E@9W7~7UQe*|gqZOXoM{4vcDr`zcvTSfU1nTU>FU5YnA`Z zwb-b=%Kvmm$i3~FvkC~6U}LHLHR$yZ36i%HG|(9lMSoWS0QsR96`wkqbIKd7v^lJh z6T016$f>Y5NO-acX#h(Gd*5#gQuKYtB|+(`&IrPq(iDC&;S}sJfQ5Q26DAO*p@9E5 z&v;sfiH`r6-JCE*(1`R=Z+(cm{ns5@j83=S#Fnc)yB7iN- zC{|uo15>wcW)!Ta1lMieEoSBc_u~4^#u(T zb90e4n~T8DILhMVJc1_?&reW@K_^hi66WI@4=Kqv)(QGfSq-5?PDA@>(uko{e+U@a zhBLPhbc&<|eK;sG`@Nw^f|N-`g(AIDyOBL6y5L*RJ3x`Xb?u=@Te>|IxrZV>`9f*b zp6A`5NcRHX7K)6fyS@#7^t3f5{^-dclh2tsKMwwQzQ-STgg-*9t8H9y)Is3J?+iem zyH*;t2Oyu$3Awjja8?1K5^O905)v_GUetwE!0(Pfng{M+gwSlv`@w`E0&s@(`Mat6 zv`x9jYByNfysRUxVXD=(BS!p`e|(aOJ;n(QFFM4;ns79NNYaMKUhb83*RxmF-&t8d z|K7?vfg@8CY8B!H6FL>EUSXZj0$P5pJs z0=0`5D$vW|=;+j5B;alqXL*v;HdvnUo{$|?WR(Z1anxf_{;sMqiaW9#QIL0yU+IpL zHtCP-!(KP250n8)fa+nW=LqQHw*ycDbRG+L6-h)%Yk7v?w(Z(;DT;qmurrRs*~aSx zG=383DTq`3Ttxv8F2_c?IK^{md zSoMlQ2c#91Akn|ei^?K8gX6%u>(YeBjE2Bz91~0ZNih@YFr8(Oe3%h}5p{czk?-Vs8K)sVY(w{1-6Z;cLLxK6#4jz6lZrnl;3RfKq*E2D?Gsh7eNsy$OE*~0WM8^J% zfr2quny!dXx(J#LXd8xTju}Da-X-)h3cM2oz>I)MMZ!4W4dRT7XzmKiv;_%A!>T?a zROL8wUDc7#;#e0T)C5gHh&|0jX(b{iWy(|Lil7um1iL;wiXD~7W59|L!AMORU4@r6 zQvx6gN*X&0z!|Bbt^x9a<3g!`s9-XPf6XP31&Uvc07llz1z6`0Oe5G_euyvR&vA-c z>S7Op{SXN3;(J421c`=<3W0egL?e4lt=6}kcYwfr>)JzLwsd<4Y!88X@`ci#9(Fp z4+_Iy39Jb}&A2rRz5By-piCI80hRw@zJgO^WyA+e87NvpR`?Nz>KF^m#C&V`@t8l& z888c^z#E4Bg96#8#F%3=u)wU^pz9A64Vtrrq2wIs-Xjy0gF^yFAV(Yfyh&iy7J+WR>Q{sBE+@bfNT|N z1|b_VwynGbrA--)f+vYUTn}u8km7~4g~L(ITmsA)(g<<~hv1#0Oc;@WMGS6_(|Mjf zPWR3@UH*IHbObSsii*>D#abhKOx4@BoOi(KeCyidbhdPRoNkZPdGdwQs6EfS;dJf= zye&=_N4a|&MCWO7Oo+~tKPI;`bAB9%uCRybb_vl{!3t;q?T(iP&J2-Je`~<5;97Fj z9jNNWpm{!7jeL{~r#h7c2>PEJRbgNX(2hYyPKcSsH18t34S4K<8SzlzY)`Hc`*YI(m{fLz z>N-k-qiD5fGXsQ_=!6B-ha<;YIZ-&c>0pffi(?Tu=oWst;nrXPz(^jV)QQdT8)aJP zEoH*DDE!yaLRY;Nk#*LJ;P|?8m3X-by#QHIckI(cn7{-Y(=O;B7(hI11_cFKQAp+zUlT*%wI{|m918_sM6j&< zM0OPt`v&jKVSfVj@We(>4gO^vCn^N*0iM}(Z}+^cewl-9_z500Mwq*FDg}Dor@g6s zXA@?D%+n+rA3}*hcm|!JB^Xv~92#;k$7r^t5Ueyq`urp8MYb~stYc^yRh33O5{=NN zZ^`mbZff8+K)xGu5VNN2#JG|B;bz28V1rXM3Md@B#3GIj#jIT#S)y8bO4eOFKiJTd zPN(*Uo*!Z8DSU534?%sWq8fUy1Gxd1d9Mja}$sd#7nK?g>sVAM<+j@3o>)|HMXiYoB=il1OmGoe(*wC{S%<)ISuqW0I1&D#BnLCl^0(jgi4f zyizU8jTxY^-kCx*VSEYlow@k1e*htYCGkcQ|B%{ecpJg{VyI2s?#v-#`$3me&{4e= zk!?%7NZimpoi^wB-_T_ajzAfOkpK7ndk*HGQ#Snui(7`RhC%XwP=3ui3LO>u&mg?d zHF%QA8*1#yC8t4n05;P6(>>NtKIy;O>6nm)Al5pn?#s|y%Ph_IE3g61T)u7CBnxW> zf=@)&EYbcmupzE|zAdq(3u{VWRGo!7Uj&bfJFoxH*i(iz32Zc+X5Qxxi*>#TY?3Fh zZ<8D;!rF6WB;^Zr|29lZG{` z&Z`!ixeg zIzY%zUrlub_3!ZL)JP08fluOJq;gFOw`8fyu)qicsFl;m^3|%_sp<^4VRD3uqGjH# z+7JZfPXsX2)_Y6g^U;t3@@}*;Z+qu~s@cG<#;hwA*5I3O-6C6^P5P>*n1KsoIIJRYh%#C??Y6|M8PnnblCZgLl>V_lY&SnOu`T-B8F*2cZZE$FZ%mj zavW$BUN;y~czFs?Z+r*RNU1Tyn#gi52V_&7m2L!OogViBwLEn0dr)F%#Ri-Xtw2rD z$#@UD{^x7mv&b9|tw}dhCRPnELzjjp{1{7`BO`qg7DH%<=b-N|fvNf%#e zm7dk+^Ymg|NXuuXW9@u$-DoTeqjaBtrYqMBy_(a~OK0$SR%l-@#U8sVKQ8roZ_%zz z8;{Q&p~^JRmS;jOTU3+lTbb?+XUbLSx{_)svt{>&E6Iv*t=3Gx^YFv`ez7B=Py57w4 zv#axa{y1BHY#)ybeEOv@PPUgx_9{6XmFCA2g?%1Y7t6^y+sa?`Mr-L>I&SNHwlo#< z7Z2=cQSB%5TJHFPUDaQ6J-zu{98PnO$DQO=5Af+ao9Ro>o%7}WapCfwmX~tw;(m3r zEL=P;Y574uEA+?LjfpZCRbOw^<#X#LH|wy&>`bRG*!g{+`yf1KVF3(TK8ELr6JiNZnG)@>~waZ*hlgdd!E9XV2o)Xh-`l3=Bys)F*Ow!of zi`&v``?cDvAB%i7egCj(JzRCz!T7p8VJc0D?o7C9dU`y`KX)F)^J!69o$>2+@^(<1 zj*DtBo4i>z?r#^*54ZEx)l}CCf;iEx``uNB&fbfiaiyU(JLLu488hQTZCzmQnAPQ4 zPIkd^=Er?{kh^b)XSb!Z7xt>wXyxnlB%hWNv6{=9s9 zUG1zJSM8hod24;%T=drY&Sa6jzZ;cBx_igg*Z1@yr_udfx0z}@KD5X8phCU%yrj8W z>W(cI`!jvMES8Ip{OxQ};zyZDBel3Z2J3^*j!RPcalkL7T1_a{R^{9xmzhj1ic9)= ztv#-?)5_|(+`cV!Jk_mb7Y}#k zR`EDBIL{5v?=G&nqEP6jSC#r)qU(+E;-*xtRU5P->Wy($dc5e0bn;QjGi9lGb}PxN z_T$y@l~TH!JUk@x^aEEMr5pFFlA;~gxCd$dc%Gx%ua(O)VQ@34oTbw1qySjVGhKQ} zrttx?nj;b+D*Pbx?J_=XVN`gVOt$#^~_z*d$ZZ|nmv1EA9B}v zvRAt1F9yw0RaLTbgUz>Q`i-9HJUq(mach1W?%sIpUquV(XVYI2ur zIH+mlEGE&F0w(TW<9RrTV0C)0XJlhFDHd z_!@m%mTnqpb=@zOc}-qd@1^{-R-C4b;(75-A1aTP+gkVLYFVDV$a3=PtXR%hoBG2@ zEZ(M<_1?6Tlg5?g@qMRVJmW8hb)|Sr=Ti@@O7d=`5AvG`m)?D_qpDSe0JXFYd0B9EzTOF`uv=|8BcTb<^A>aeo=az zWnb>cay4^yQM&ElygsI+&P*)VTdzw!)uHd`MydUH$tbiWJTxAP^elIClWa@!>_YC0 zr;TBjxvQ~@VV*AEs~uWhHdEtP|5m8g>ESR}yQk^P)?MV(08)N~<0997uP?KHa^!zES$EEKO&Msm@qg^=p&XdXlL<^iyY}+y12gdR*Xg zrE;}fyskIv&tN~go+NMUdTyqc+l#5NlkUteFof@%i0J?Tn% z&2T!s7AstTp^om)be?Y9ULT*=Q`6_vW&T=9rf+-C7w6UVT*&vN2Ghunx#nw%pb+ddRkx<>3*3K#Pby^4A?<)aFd4f)a7e!n(kKV z_T;9;Kb#j#}z~Zq}76={(z1=|Q%)mM>`faXdV}I-_UGuZt|Kc4q9~PQ3VppD7UIHV<96I=Yztq)NT}5u~WEwEeVDB+46ey*y_{= zFO@>2EJ|HPdni>jF)x(T#}#GKThg=Zn{k(U>}T7zoz7IIyZwv2GN3EH`(u96&-R)P zmaf)c_~y-$ua&vm=XR0ATNQeZ)a9Cf8SuARz>o^H zHY+u5s>fqFr%Cl?s@!_cTxyeUp(Ct@$HfxZNLTY!_4ehSxxQEk&$(){lU-yoWp$Ce zr8%%+Nw13f%vJNxkFc!#{jD-<7fOXiYxSxs8R<$WcV7#o@$`(nsBp^7^VzaPH-shK z6#)mmFFaH_P5HTAXtns4vxWFl5O42anB=%~cPnQ46Q)sbJ)X6?>+bdK@g=hmdH!A# zZseEk)#UPJt~nR8E57k^_snPI>Sgn?ck?jQGRv}lBR;lP z&BeOLs&)D0hiHlOdB?K9*RqkpWUxr`MI}GM}qYuTq`*1W@PVG2MC{ z7C5!ab=J+vnUE6HG&AOB=Rh2uJ~sv7F;_n3Z|UlDbGcN{YpHv&a*^tnWocdLbRU|{ z)=N1%eSV$YHCnmF@L{R1b2VCSJro|snaZHrx_qo9fs`|OLPLq;d0JTs*}NSWyW{MS-E{vuPK*<)FR8?4R6lQ?&)Mr5MNXG`tyKwEO&&1G&UKx8oX{iXRU3}0uk#n}`kGF@Ds)FnFH8B1%(u^S4|##^bQZbCi*-AB zS)aaiCkj|)H2d7nJ<=JTsmkMr8IwtO>Y1xmT57Yohty2Z7xjrcmRENvsW^R|vH9m~ zAll_7eC|YPA?nW|OA=B9?FN=K3b%@soV~FjnVO{Bj0wG6;&>lQc{k-PPJB-+AOsa+ok8{!bP{U zym?_Cy9I$AUFp-VOqT$2eYgSp((C#B;x+pyF}<5EEw5+N8P`1n<20HV7s>ppG40k~ z<-(+=@HY?lBMHbJqBxiV@r}N{UOk>)0R63WJyDn9^J|@6U#s*hTV2rQN#RP8^3Ooa zo1XuF_O5(6aiqz=ih|gPo(Z}e+klPdujMfJ4aVU4zL*e_0D+LO4z7tWV&7rkaGzvV zr4s>CmY~7iLqP5I~geVM8AiDj;oeOkY5n!Q@@<4stJ(H^(a zR>kP+LTbEe^>l5Vt`sG4beCxrY9nbd+Pu6AkK;v?WlGUpBRMWiS!JrHuv&SvNz_)4 zjltVo&qHSNFqUT@Qty-cSS$0H)#AR?N#`Hw)FWNdKk&vvUK`hX&19=av-xL6OTTEb zVwS7N+i{w`OAkj}On#x8Or`iVm{;N}ZTq16W&V+irr)-sVY$rk+3J9iYWcO&rQ4J3 za+PjRqrF^;p0ujt?WQ{_zO<5j`7y1nV;}DylY4118s`#suk6csk?%M8av|O*%{t3% zJ)fz+DluMpe(RRgo!t90)_Gy*WJ^vLlVV&MFUPq`CN=N3?>CFLbo05;X2d1;kl)6e z$&4VBqHLm+oW2!P?bJkjYSePAS$;82wMyD(HcQm#_MoxJ#6@Y4)|z~djp?6achMJp zbi56R*>a-S` zU{+7s~p`U(y{X0V_eTZ2Zdyl?N)o! zO{zGU4)Pmyk>0GInrk+DmszUGN|&E4dYOk>wqFw-r-e>&%0Gxkda)5T7&RAe41!}r8Pt5JDKDE+do)m<-9yl>pAQL*v<_`&oNrBb;%nkea} z7G=vt^(DQ1UTh!6?7hq< z+I+m~^x-LElRXQj3+r!s6J?N)mn%<4|L~Wb@XqBIn(Ly}E>J(Dxmv-x2h&>nT zx$3Cd+`dQI+-woA%j0aZHi|aaD^;lvKVrG)G{0d}*$2MWkFBPyR6^ctS5jL@4a?(I zJ^l0~C#Ac>XxP})gu7H`9T%hbPii+^){^5*Jzb5_v1aEz`zXig=roZjW=by~-NA61 zDD|`LSvNTz-Ys+6L~j~bCvm!)e0XiN^l$FvwozWqicfcHPRmuZ@%UhI_asS`+50#Z zD{ARwOIkk;>eXhZlWHz2$;_y;8BFW_w^etr(G4DD-d64HTGjKQTys+x-lf&Itk+%UAm2XsVa)2+td4R((p%dQy&=edt-xYvLi*%CPx$ zH1RCmy?#s**=JR_@1#1ys6Wr(6WIgw(f9b_Lnv`Coz7LzL?*&$@BjEkxMuZ+cA+8G>ISi zFGU-gw;}~iet%6-zaK#bO%FF|b%G?uj+DXs_6{wG*(LDytAj@T`>;r~z@Zs3cee6b zy8!j1PaiU}OmB|NcpK|dtj3%uLpR-Li6s)F7kq4aAJY`H8}@JXSBd?P??TgAT?k+{p8A%NY&N*%F81=#g*mj%R1~Y+dXV9rj z?y?P@HR`0$u10+M6Htr|fu(dX7YGA<9{A!Y7@g=0c69|#je zjqC(nE_hj7Fba%OF@_}^BD)3z^MX)82MzHZCKpA-sTIaJVQxjc#&CI?a3ZxgW)?^G+#Qi=gX6U%m>UL=ERA^K=q8fA z@}xNqW+KgV5Jg7lk-B3?O^#8hhC_5P4anOnz~$Ht=I9UOg)|o;JWQ^O3(|lRL*inq z4`T(xVjYmZ5++9Va2Ylp1|y6Q42D1w3K5+b4C6L2=$8W`SN{NpMMPjc=F(92a?Ob( zUT4_UaQ&31q0RNy=`<7@2t?Wlxs8EwAK8WIDFjl*Ync^5f_WkG(FcTi9SAs9Tregr zoK5gRmXPWp+C$o^93}t)H=>BlG13y^E@IY5z;fp9fn~u3K=DUp9eTK)aX7@2rGJQ= z04BoIKSUQ8ICj5=2>@vX)5fcbI{*gr2PzU!!1vcazx1=see?`jv~#lN&^g(oiw~we zOP2d!LKr<{znm7qZv;mvH}@C}bUMP0{O&?%On;$%+5+YU{E zqZN)aZYjX{^DOn-E54!4xx8*CJ3g`|=c)rYkE?^27=`TCdl$P|biBVu7TRq!3p0>L z>)UFUfAO=~e9AQaxop42Y8E!0aW841=bXaKO#c$gS|{{{UuY4_g@QFN4;1t(E@0v1 z8{;lGbSg6R0Qt4nvs^1#r$O=yt!C{kWPP$lERxTC;=Bekk>)mt2=W_5p;`&iK@VrA z)dX_LQXWKspP#r8NQ00wC=lVFc#-qE>oi}K&$m)@{bgSr6}<3EHpBH#SolT#hd)!w6hVF&-K8^W%|) zaUYydJKv6I9ARjixWI}N_feC{gOpuqFf$}JM2y?KNIrefVuq{QVD`@*fI7xF3ywhG zK+^Gj9&|_M(MY18NMgDGid*vvdjH#SZfM)K%&D3z;unYJs3h`h|BB?eZ}>a|_pb=0 z1kGQCkEpi*^p6NYns^IAw-6LSw-9uO5M;k7ea0XZ^h))PRR1t!I|7RKk3i{cx72&N zg`QjJF@796^ym?TQ~!cY#oywO%|IM~Fv`}G#sqtR3A?Pxv^S6KsXSQ7r*z|Bhun4> z9NHn{877RKVxLu{R=hgVeY48V7tRkQ+4;A?i?i>(6}qAkR+KvSg7yyA&5t|9$p*!b z_v5|_Kv7jV>%>8jJ-oGMCi^^YY?gH)8}uGAE^k3Qlq4Odz+K8NHx3f-X^PT_qHMd- zGQJ_i&Uk1%oXm%y&26F9phQ36oq_lLvxeF+dVStEPWlZHPO;13~)rAYOZ6O z`@c{rfmxqHP$ax6!8bR7R0%BdsdH5G+PVUc4kzTO#!YlakTLI~voaTS@PTJEftCaJ z;U2mkk1}+-Wu=jyGb=s*%O9Qc=y?h{rsSXWu$;gJ?K=L+^B!mjB@Ujq`Ro(S_@(Bv zv%1@m4R_tKM%`Hel0a?0;u98(VOMfg|&$a1q!Te;;9#xx^gl&G+t7DBpWj>Dw*T7Q-zc zzn~evR6dSl74?7r^S@M@Wz7J2Lg1x!AtJZ3S3ZziIAf&MbwnwCSGtARD@Fo9h`mMF zBgH>uggyL=kY6``zW8&k9EQXZ>RPM%R|ob}#+QNrgn_?X6?9Q}76Nqw^DE|zZq=*l z&9Pp`0RS8;$g^J12Y6=EM>L~KKa&p#YOWAj`)&7t4|&@mk2?&(UEIz=;PY-gFnVs+ zFzT`xph~UrZKwg3OVz8yMdAYeFDG_HYdtmCwGNE!=H7A)5`6x9JG4s(}KJ$d=vZ)_@GrO+UautOQgH zfsxL|5ha3whv`HEvh%2;~h(cG2{T`9GlVBxCM8JBA zMUe?Fs>INo)Fg;bXcj~fS`egF7*3bw!1;!KBAJ2MCvX2CmqFIT26?-c0U)UyphL8X zRMEY@kNYNx3<3p7lslH3z?Fm77Ew5X(CwTs7*808H~;8ECo~D76Pg9l%|8Z}@zTvd zdWl3iuVUDRLD}II;Z4iX8#NQsD~dG@j&Cwf4I z05yYZwHL$fhzsEdC=*!Z%4b~B@h0QSnY?*C#gCEb)D)6x3Jp3m`0&8s-YKdVTR(1a` z8e?VyUty!SvvJ3Xaq;^ZCt?gOFY_I<^VQzv<_kd&9WV2Rx=EvTUcWE+uqm4ROFZX( z4vkwc^fdYQ9vV^nAdVfE&f@T7W$*`;$@~M7II`;<&SEq8ZU&G6*T_O~tC3&K@WYZ& zbLrv2C^)qSbA!wM6#oA126i!#VR5n5hp~cT;qWV$SHlGK$fiTCttglg#s>yNAc;GO z&I^VSe|TUVM&#-r!03YrjK^Hkza_aQx|QX6s4(WmG9ux{G7dIwGhp0-lNY!UNR<<2 zPyq5>R||o|#0A3<<*pQ)QKeXTfbuzVJtuH#*W+Q;1GHl_@Ju)KCG%rk3%mx@73e^ zfft=UqwNN*@r*1f(n$T@uwor8lthIePgEtQ_w|{wpczhyS-FZ5(*p&~(ki{*yr_Hh z^djcCeYksg_;z=X{w!o}$#bg%ELKnW^G`++8Cw0#1&3YzH&p7&?_a;f9DO@xQ`^dZ z`D#k|f)*o~^kSi8HAR)?SxFQ*w5#*mm#-9>O8iY(=<(5AlaBgkC`q#tdylL6^1Dt4 zB7ERS1`4HmbU2Vq>{M|ud5ECN9*5bTh*->7tHeIsdRN>d#@tO%U`*I4}4IL2YrdjKxQtf|Bv89#@tps_DH zYK5hq-2;y(Wz8w?YJ`7Epp2p|P~ryHhRRAZic&rR+nSle|9fr^CPtbcVbZ(03^5xW zAIGj=RTs)1v6xxM_uV=|xH9*DcU@`3_C$Lq=|gEg=Zs4!BHf7|t{atZ8qKB}qX6Xy z3MHYQhTOiM80e!K9e|`*el+56>P_RET`witS%v;HM$&Y#-@Pcf)(+9(X4Cz}zun(| zdq{NeQ-8!C|41gjr{anCJyw~+*=Ai*4|^5&@Vx(icfc#z-?)cQ9UbtxW?ct@WTb>r z23nx3TD?U)nafTCx&Gts*1A_@X7re=_;>=VOz*HSvd6Ufdyicfcijpnhgj=4iX7w% zbRupZ(@%HsJ|>sG@$YxL&2x%Jw|FZA4n4y13KCp*xl+I4W))3YVl~E3OK-tFW%(0$ z38Ih1W%e_xkJ&@!l)T2&)5^hITNwBAn)tW7#KFAA$!88&Vu|i7I0iM*!wwP=L1L`S zC?bD4pXBa5$SShS$Z`u#WR-@vJE9|ha%~zlq17HR-;6tVzqVf=ddG$N#c&-?^61nw!Y z=>*XI0&HWUKW4MQc3s3)(4{HW+&e+ z5o!Bk_CeirUZNR*b<+T55?7Gg$Yz!;dOPpLT=D(v=w!;&7Hy}@9>k#9sUn_hp#Za6!g{t zPvHG26bc)|6Qa48f7J$36u&x;n|tJ+j-qI0PLjYWa}2dsloP-{*dgLvMj`@``imnZ z>6|ECq|$OlqZ(Zp<$5ek#g4Js72+nT-&I33E?+^*S_mXZ646kYxMb^aGA3_A0?Mt@ zdj?Byn?xoq%@{pPuu1dC}#4qW-Y%bkbw5chNXqE-%UN z?VW#q*rG>Gx30;b8GFT_u@Bp?$3fVtKJ@iBLN+p%n+OF3ynAkimp+@tHuIv@MoUdE zjWRRG*=%%QLW!4d1|m zHX9ih{~h*|=?^bHQ|bYd zfig%g0Pz<^ePDE@793?0(phEBvQhHHA84;q_JDW9GDy^Iv-?Td6jo5Tg(oSb;Tqeb z$3K*9(R<{kfzeXx7MQEUG#*w=-G;c^Z)!yptb&H!IJN_d71pd8zgun^mnf)jhh6Qq zX^9n8w^g`TZGy5;JZn=yMR000#%MYa6!?yX=ph71%L+0qjK3bo-rD(6YAJiso<27) zY10)0D>(=Y){%vDv`?uFuoB6w9dW_m~-aq64Y$|ml58n_?^$BxxOu{$HH7VktoI7MUF*8vlRLx0^NcOVxUlX7L{@q z9iq*oiuGfinWwYfij_Dz=hI{f6wIQe)_FN5ZX6u%kr@UI9oZQN9C=fCm?0LE9s_YOSzpcrG zt>TqpsxmBVtK_q7TA0;Z-M+FSsW{X5Rn^InIq_SjP3GduzW9vU%lzNopCKy^32JN? zIEA(K9Qg>9!7CkeCfG`0FyNjJficPM+i(P@wn)|4)$Fmt=Zt$SO|6wkWxY7kh9q^* z_f3*K?Z*NrWTs5EA6XHm?vs8Hmh{K(ss(@fLO%k%iMhqblJ|S-e3Q9r!SiavjS(u&vKU;Dq%A*#W^&;ETjTv5U-@wdFE4tWUAMSm#XEk zI96qOs7h$OdR$dqr>R~{c?*Dfo$G*}{Q*ElzsmE#mS@kU2KnLL!Tc93zQ(?RtQSX8M zC4Oxi{K5$bSy{;LBD}VbO&Aub+$Ic5y)Y~)=;<8`qNY}G@dnw52m=V8LImDV2K; ztaBHP#}3miS>(ggnLywS5Frnaw>U15Edj-NoE&bFD2K=)`wCjFlRy)ErqOB9#_94o zV*Q+uD3%Gk*-rx}_@w(dAfL!f=r#+dKrh70FwF=O$5<*M^qNHqK-IZ4PBM;e%lXj{ zVT<(%pco?PqkrFWKD_naICO5JyX$REVV-~Mk74s^!NqgD3*$wDq&=FEX-L}i)LqjJ zn`FOjrqM?~Y(vy#*kRj6FI~}(uZ}9zfeUioqszU$r}$4fqL9y2c;zIYC{JIPx@MQ% z%Js8*Y^EkQfsN!cf7if9MR}zd*hnQ3sR9|<#~qnJu2E^MHR2kT>e}rqxy!f=%{Yn) zidjSj7(94fqy5}WY~mWRk!Sp|UR)!BVUuZ!o4Yvf{~ZT0+Aq+Nvyvc2*`%troz;cu z5fO{pg6|a@FxUqgm%ckmoa`it8Dgk0V&zv3EgKjI82ZM5=V0TT57bjyy9TgXjg^Co z@MZngg>VyZsvv0PDPMNc6bb*kh&P28Ue$aG1?F!*v&e4ZS>>nW?;Ouc`o6!;(}2it z0)M{>{IWFRY{GeM!gYS`i@S9B( zxBOFe(5wp7O%yjfWZXn?lb(5z%|24eCW@N{kzgr;=^k!|y}p}}VUs^#(0C1(Ea@;{ zXK74$W7i#)TqJN@&ka2o*I+zLEJlU>)ud}t&xXE5VVg}y6kb8pHEee&k=LYXPsTuN zQdwHgd+N|&XxiXUiuh`!=uTOKz>9d3j$NBp0oN+J92equRd%L~z*f{XU*O8?7vwDe&KNXUdC}J}u_L7#U zGG|;kcnqU9jkrOnAQK_rx+x%2FR)ry%bTX6_;TeJg`rB(r_F6u{wR)e=O5FAuBFU0 zAp9-~hSt}v_|rJeRXhp3_r9A@i_S|w3`U`I9wh;II-I6+F-xYwAc$s(^KzCtuRl$3 z*(_$=W?JD{nea#VF=+405rd%*PE9vYOXrU+c^&J9uwr{xkQIGK`V^KIChHEXM6YX*S*aiTn@Rw!nz z!!EcB*mO{9nOFtmVzGmbi>w!YtXGXb#x2RTg7lepTdKJ+)!dp^$I~4Lm>t&IFW# zsk16mLi9;`KlYEW8p9||n@R8&A)iin`su3i{B-QQF=GU%N+*PmVB^3jK#)rD8y^@y zCJkj<1$~|L^xV{+7KF?QAONszQ5wWqDDkz6cc+f)O#;I6`q7Mnfi`#wD8T0?A4%bx zU;@`IgYec*(qIHPPlmIY6p#53?2HI@ds9tGc}`jRA*E%b2+9iCO-_B2f>La@HY!+* z-aPUK(h&{CcflygZm}LtR9PdeTTZw;`WROa3t7x(4);8NOvY}r3^MkaBjIVpoSiRi z&Uh`rwt+@@9ew~DumZp2cf8iV}A|+&G|R`q7vu3W`E0>4Fx?!lQ8MB@51Q<8t8!lrCI75OZ8f z1W^qjcBjyG8qfUf+m~G{*iSJp$AzCN8fG~=3KPkn&*fLNTCwp`%UMy3@u_K_Kbn5{ zBlmYUaTQBcu7QFft#VGdZloV#R%aHEX$^jMaKLw=fc%v-i8kiZ(}TV@@>`*wwpq-F zgs^wGjJ*G()8>D)x}E*K{LQ8|w9}e~Ba6XgSa~sV$7Epo3SZQpuC;4&7kKFnZQPxu zk*e)4g*v$c*J>OTPmT4|6Q-h;pfIwTBtd`dLmY6jDw6;_f4FsdWP1h^nbW_={p`hO z`-4-7f9u21W};p>!o66h0gT^4YFoe}Q?$7-=RXU1YfT@w zg8hnh*J>UgZsH{Q%%Xt@0>AjId^&33O)f7*U8K{W?H#?)KpFw5L0alByH5F0k34(35&@(9=7B_xuZi22WLv_xUo&bhN73)8 zMHAmEv7<%w?A24Xg%{2J7VW8JRa&qS6U1g+S5axlV`^w|5LXW2IqKjlM-4Y%wk+CHY?$Ucc9Wz2w2*#| z1xs%WJ;{2y_>=x|y(_9;@pCH`B2&d0%Iim2QR`yXp9IyUbwz_+(rWL1)`6&)IzDae zzx>W8Z3!$lPup#m*$fA6>?N%r68AazhbDZ%`1h!l1s`7**-hAiGX5 z4gBh>I_0M^kOF=cE}<79g6V_umLD5)GJP7!O*9*O)L{)~R)*1b^=-%PS?q|MPvJ{gEvdKrQkMmKT6w-{P8y#T^fWlT%@)@XrS<<&G5ASk6h3sI|6C^ zIrC$S^a$D07>SU7N}^za_iRbRVg`*x%oAL8Cs{yS-)W_GD}RHYD;wmg>#|xSqF;Z9 z_B@9v7I9~fgP}jTCjw|2#qS=M$So$p2DYMm8_6*f`ypQdv-9styB%=e1^>x^Z z1<>CJ{h2EmxtC!*7dbV~Io{c@8nhzPqFrzxU7pVFxRJS@!MQv%0|!I$fAlDOgzV7W zHF3x6`UxJg4AOg^sDK`BGhAY?25FNfcX>SB#6}FXu;w{AtHU?cB8DGVlOcB@_GLn+ z8Uo!nl26y_gpoZ7+a43LF6expCy9QQoO~4L#n~c$w5a7U^A|-<&pEj`IoEpwH%Evz zM~D>9Dom6W#z;G?vm>=%d@q)Xm3Y1DWs zv`^D5Iivh-5`*Y7uVvia_L8jOrjEY0vNW&Ndr|dhZW}j<{Y3+Jr7&Hgf9O8xM{lV( ztZmZzH!KXDx}Z8lWBH}3Ba8T`meEl+>Da3pTtas4uaP!o4xHVjW5<@4u;44qh+;|% zlLIB2r1S469eV}Wh0XOLFjp7)+io$G7;BsOKx%QlF;(R5(JthIn_}@*;YAToN=T6* zu4TGNX|_b(w9@*NlWKM$qoyjUrl`UtN4}Dpq(Qq|(khj5Qf}>XJm7ImAXylke%(%{ z;~?Euq+C4n_OV%lyh`*n2dXDS^;LObb3Leo?hov9$ZFg8Sdm0l6tYXis_lbv2d$9x zu_E`cRE)1NI$AG+a5VPG|3+c+ovubM4U{}R`2@ZS%1}W8Y+Wz4l{49E1|_oB=SD=8 zO#8vGwDk6)aZaO{)Nm^%Sd5G{{vx0AUR{Y`c5DMS_{pK1NTNXdXyyB`gr26=@WVmH zcHAI*nlOL>Qa5N+7`?d8Q8LR{V#*XLs_KbS<>sr}pe)HwlK~4Jv3MS> z2xYmilP3F|C532LaIqtqO(t%95AkrA$$^f(RhmVzKgRx_vmgmHIouna7F`62hK|5P zCnP$20)y)N4$VnS#yE`wI?XWBEK@O!%#&LoLX0t%N(kQ(%9(@b?MmY$$S z1s`s$pPZjLAN~85^Wm-U#-Vc)-Cb{UPT~2t{unmV79t8^Jqj!EQ=4&-&}9$oJ3J;i_iRhns^Sxc0Y ze4;!OQR2F{J|M$#E6whs^Scc!U|kf3A=bco|K0Y_Z$3?*+JcZJ|@Bsw$KTUe73A z$aUD}aDkR^X}tTzG(L;ScD(M-6{1}+XJ181Z{8gF>dgjKBPtdw4J=rouH9ysOBly+ zisO?Yk45wrHcp=NOggJv)?4;zlJ~OSlIbf7NO;p1Q-1)fe2O@wo+C8Nd__$z zvc?Dh6M+bZo#jp2R;%>Yvs5swNqQHkwiSvOUwcYW1xrDWnxw_en4wn3DvA||Pg6>9KDSwG#K>lubY9Vh+$|F2`Sk$jKpJr6Sv{n=njD3-*MfOFP?Xc_*s0V4N&9 zT(3YE2L*C+s?FbmXE6Ry-dR-X)XQ_L+Hn}|T`WJNI!fyf5!c&- zK@GtP6}+v&wSinzn1ge!f@WcRlR2cybloU>%JQv)HX~-CcIygjcfNVF9?#$YKs4R# z7|Bhaz&b!UUSF@VdHPp%`c+>596U^iJWDMfgdj2>*vH!Yd~{wt~tX!V)VEsriNEeW^L^|L@?bdAy1Xvi&$ay=HN?pcGStq?c!|E?OUarp`+ zl!ZWYBz+8JwM%|yVoctIE}WNC)>;6Ey5AEH*?Rw%hC4>|SYT!LA8uu6a&n%D+-hYG z!8~qQ8NIBz$~9pob=7Lz1fJ)IO-_>Bvcid%TQ1&(pm~4^6cMV4dWeedH0|Y+vny+6 zK1EV~6vcSAC}B1+o4&+$eOAUIg*2eTrLtGG5%A+i>iHAe?|qW`laqvq4x!@Er=nqv z-BEm>>->=Y!N&R8pW|fRd>!cyLKWLD`hILU5M(mJMSC4WZwjLZF3&Is14eynZdKEy zsgmm{n~{v2jJ*ralMO><>=Z*8l#HHmvuRIFYEHG0Qxvj0ZE$LX#W!k2YwHowyWNh zq~fc-;K1g@hP)atqFD-mZ*N`rkhhP5kieCtJ-Dg_G^Rx<-B>EFe$?a?HZWMQh{{xT zg^P%>4^o%ML8uP-@pobY_VIW!ZsD_8Y@335=$M5L!)k|qsKmV?yAt$N+}+b)Fka;o zKPphe%(}4DA_+Dz@B{6phsU=}$YsgSu&65CH0E{d@dO0eJ;P9@= z=qrVUTQEaq9UWm46>b>?Gr62ch2zn7<_ZgE6|=`K9MY2F!(GghDU0{XJwi@1ixDS8 zm$_m-)rqM#XW|B)#t#@yj7j`{OB6}`xME?^xMfC$3NY=!lEJ7Gi%ZTiD6W&$X@KV# zbmoqVrAi1TPsl@Jz=Ni}b5!BLiqF@}WU}0-Zsl&~AdTX)+6i#fS?+)XWSQ>jOc5ur z-(pbt%Q^DOBdI?}-*VKV__-!r*#lJXb=t8CZuwTwn=k=#4LxSZE{nyBD zaG@3Tl_)6iX!X2DTtR9Q9~?xJsXI_c*3Z~0crRL~NKWbk5fRC*Z(4GBJ-?0a>^jDR%j@@56mF$VbhaA+#DZH6;W6}j zVA88&7nYnb)-+I;5cwT7o`PI89VThtWVy5)uv$X2kq8wMVB-59Z&3s!dU%9ai0-CM zcGIUln~o#b!#hKV?M}B1VKbVvcoWO3M7>JU?m^SFFzz|y2k3lfJ0T3*551i^=6$h_ zXW_$iO}3Ljqsx{?G=iq0_yAjZ zs^Z+aepLq%3Z>bp1fA+w#RZJqlyh)bQf7)m<1u>(XMCK~(8) zI))%W7232tZWU@}81U|AohoV#!m=_lWYdSTia?CxA!qel}sKV|lesltwh{{lEY7e{pCNf6}*EKUNuNsZsA#xTtG;q?A9_ zERH|5Ssj1uSl)6@jq}IA2>D}Ti2RYS9n6fU$@x<{RZb;5^|A70T|1Gl!f>8=z4N8& zM7!o#jd2&HkHu6Qi!8ctF>XNhwjTGB+Muc61qGeYyv8*d!yIG7dK;eb4e$hut4RE* zbJavknC)>e^auBYvETM7UJ1Ol8HL467>g{4WYPLjiz)=g<_#z2`L9W^^+$%)HuSoo z*D89A5v{&ea=oDTSF1~oSdSBHg&Enr5;ZBe?jW(!hHf`>TSd1FTdiinVg`&wmPD|> zahHiTHB^yo=72FTLrtQsKTxc;A=?evR*|j1SgU!km;+-G6X8~UHWnmvaE<_Gj|*t-6#EsE&1tEqNG+bRx75eWvCSZaz^@w zMQBtPG=_;ZyP^~^Am0Xrwtr-2Ko$=5m^)KqqL*w#$6CwUIpBh2eE?bIgbu~nizDTL zeF67Kwu^UOY1lnehmJ!J@8sJF%q(CLfvynBhe&sXRYBZCxZsa#hnHIMQgGnW>)`MS z4m?0UGP=BQ&WhiG4QL8yPF@a>mqU<^C55JP(^ugN((b2sfYHSv16)ck~h)qLJa;l7# z)rcvh0!-Rmi8<^uj41l$X=UcgKPENE(*zCXPqLTGMfX6d7w16poEq^E%R5Jc7sUXS z>s&wgmuPtj3%klkV^G1fMDn$+TYW2(sisa?ngH^t(s!iyrFl#n7r+{(KyR0o>-Ko%Q(i*b2G1TTlFh3M z-Db<78X{XQZ6B07XoW03go|iALyoB=S+T|_6uWnWZ^2Wt$gO z^+c)C`KmT3OS02s(S=936DU+~<4z#|yv_}{AsBgS9WtAoxbzz_r4Ef8XvxA|yEq4G zg^_`sI0>X;bRcU;&U%tYXi~X&cS>7zm?MN5W8_33Za>qje{uW z-O{%>E~2HU@=`c6LWMDwf_w5pD`Vg(w!?1A`OyzSMgW7Rb8>#>eDv>I&WE?Y8;8zK zba%bYS%l}``eWEVTX0<(uT*={AZd?gU^i&fbRkVQY!ZQ?nMNP|upQlk?CjsQcM247 zU7WHkIM`)CStSuPI*=5$dvv+C_Z0v6S81kwW)o9R@`*CzRH!mw(c(27G1)h`RC(;j@ z*%QHN@R7*EKUYWxyv*-vMk)4r_PqcXuPw9*RaJ!=!Rr|X3%L&47B28=s5IXFV&2b1 zq&i;r=L(^&nDHCfLX$J-H-sgZI5KaQsKDNAP&Ke(!P5AG1?t-Eh6nO)$WV);m7tPE z6c;v5o-0|Jsj}j--`qP;DlVDAQcw*665jO1)E~eqb#gP2&oix5bcAY|uc*mk-1y*s zA`ro_-)D-vTBom`rGjNmQoKO7tsjgL`d1hb2jDxapqElH^3In*QdyL>!ui%5(z({h|ncRqn$K_MmANItWIq@~<_sJHOBh1i#bETb z1tR>pL|}!$^n?T_K}rPHT_Q7%2@o;-Nd(D0L52fA9F?%osK(B%o%_NMsusB?6n`*wJE_?UgWCaZ=zE!7Fxf`7p}3@@K}!=r=8 zgF$nDIP5eJ9urRI4))#Vq33yn$AiPYC+^`Kc=-xlx-#x{$)A(iI1T9GqYU}}oDpKg zN?TYS7|R6gI{0oE|A7D!_xKz4_ltK|SK+^jN5-+|BN#6D=3R!R}EZK9=?o>y&uugmrLzKUdfE1IZdYvA2Sx&=~VH^w?X(Z zhaK6l3D2Ml1vW#@HU|E9oK0ZDqOo4OeNplfaz~~4VTq4#1@k-cCP5e^Y3%aApp9hK zmnu{H#F#Sd*uUgiXfEif`!?J&a86*;O@gE_bm)rB!tw?@osO9=Q8C)m*OiW?Vh-}7 zl0VHkiPt$yLtG$8*4fWv*>X4H;b8xXd(eN<9PS^vWFy}9oBiR@e)H(y(ZNCIsCzW* zAI-t=q(y==T7~VnxP%f{3W;8H=7|oHC{8gY8Y|S33OQ~vSQXQ!4WRHt1S(WbJ~1TB?YVn}B4A`W z&xq`4QBYeZvwolrflwfyvEPN_K&L{G+OM1%iu?y-p2k7K$SFu(|2cEVmr-ur3S^?+ zg*uP&3}WBFAaWFIAQ4n~V2TKpFcb#gK`WtLtwm5dPGwA{!4sNhjHucyj_1jSBIspCHAEuSHaV^VryW&O0W{`5mWXOziG5S7Y{S3lMy}{zN z+$@B!j6^pfUn9AJiTf#-%qCzlz}r<}`YIR&FnXj4_W4arJz3&g_X~M|YGC?`Ivs>+ zLwP{@@IibLH2&t~?Co#wUo-k1M-&5aA4B3S6u0IdRxI)p-YH*Bsi%xXT}G)p&T}Xf?~cJm3fFwH?U-m_ zta=(voz5PV#p-&FbV&=oaR~`~PL4k%ysK}JJ)vO)zm4L+%Tt+P4np}U@R4lFWInQQ zW+S8_@27~&&zCPuaM|$14PRUpUnKvYM$`L;XOH<4xcIYo8@Rp6(EZxXQeu);+>z!h zv}KRKyg6}Ba=`y>d89OP^E1iaRWaXPW&kK~3)Sn4(Pf{qhvKD*d?n! z9ruRuZy5jX!!Z8umj4&D^W%rn%{9z@qoHpY(i{w_n!_kqQWXdLMi|m6IMIr1;7j05 z5?3l4(xr10JN2bb%;D!dl1VoC1{u&a@K?ZqKq&hgu%ERi`27u~D=B?p8RYvQd>12s zY$*RbqWstNG$NsZf}e2NTtKUNxLLm~j1Wi@erFPfP^@X9)AzWVEOgq2R+mGo>!DK5L6GxG=&Cblw1>j+zC!<{uQla&nSxdFdmZte zy6QEu(mE5vZnXjNp=hOa2F;pYx*I~7n^4MI_>G&;Jv?U)FArr=7wu}PkvVO%vn(5O zd@yp{Y+s8~W#s`djg(q>j=S!WFsiSi;pCelo(*-ZA9c*LxvY?)m~)QPR50Au?PT1I zNB$)H5!=@+>Pb5wskf9PoCaNtQ7ygslXqjUH@)u8b^b{9ugWIfqg|s#m-VILSs-Q9=1M5bUD&i?|g2aG1UPY6gacr+*EJqvSu zaakCL9c~>0wJV1Md0vO|5SBl@QHgfK&)I#8&F9G#Y5g;`2vrh>@cbNk!ykjSgy7X?w zGTL}}E@G>Kt&arSUW6~#Tjl+`MOR_XdHh;2_Zl9D zhjAQOlgHn6pIHOx$sF^U9FP(kSe(?z>8&q^gi|M)pwd@owy62}Qj65G-zX|-YSJ66NlGin!a)iI}-IQZ3`}@2o z!@Q>g$9iv_`=z55Aj=FfqYTYu!DIoRe6>mTMxKBJn`HSj=(Ml|8U%xGW_`?;@e5}S zZAnCFo-y9gr{m-+t53(tmlqR*ER>G3kd@=bXWsPB z{{3+=e+(bk4`kCGMQ_NS1EhBhCj@%%rj^`|esH8FkH7yc9|T^4M<|}XlF~FDU*PG9 z*1JC3{`zoDi=Fa3bcV7F)y^i69*EDgq8y{%<4&vlgM*vv~BQQHXKV${H|6GAy%C- zIyEgho7AqG)UKirOX#gqyHeEvSFCaJ>nqK;7D)h`qd!2)-sxL)H&~qG`76fybop2{ zEz}qX*$*toA$aS9CWp;_$iNa-xJl+%laKSdKUc8v`O{(X*7ZppdG%t!(l`}K9j)uu z*nW7eZ!4+e6z=86mz$K1t4!&5@y-E`=bYnYe^<#IDgJ21FzL)*V}+?4RhZqQLo1`R zsHM;xJA3L}iM44rac_O^!iUpXzAB64yd)(WFlvhar8|Pw|5GU#7Z~$PLI-z{r2G_2 zFez8M7{U&T`b1@4_3oat7i4nZ1+yHmW|TFDvk=XFC*#0PB!W>EMpF(H8v7{@s0XBV z>;Rv0ws)M*S0Vp$+aZGO6fNqY$YH4F?W@pH8PA_mkHT*DndVo2O>O0h&)MXuJ_pJ+ zQ?$J0-Yfkj`M2k652#=BBK4;|@2MBf2M@W|d-?9}L)u`SG#t#cdc*~3pN zr0UW|THvpzC!R-Ge4_jc$M;W0@K-;M?vf%#mP$pYW@7j5H}OMN^sgu^jNkM7vk`|6 zf4~-AC`0+cFVrfP|0Y@6<=10>NphPdyzstlPjQvt$Y6P8kK-*w;mEcP zd4Ffs&&4Zqb+*^Dn(zG)8B4wvvJdk4)$Ks6dU@Z65@+}`UqrF_15y(PcQTzytV$^b zux{TaxTH>?~LBJ$1r7Vvc_3KaQr^neb#JW#4Z#SB4b@8}0whZQc#9ofXZr=R$= z=!Fo@v@h}{PFMkb11O&ym#UH1nkrmgDb}F}+%%O?fI;LFvpe&KVW6nnBtm)U2!wyJtawNgnzx@ECQE+%1~kdTNV#0)DxFq{m@ z-%gMWXMg>5e++l;a!UFx6QJn-iS%?8ejzovhQGa|ISj##2j{Ypsi7>I8FIU-ɟ z7@Fv#@qP%Slfli3W%2L|4o+1-;p!+kIyR>**l7!DOwymVV0J&_Q45W2T6|a75}AXb zSopf!xY0V7^S#ew`OaGy^>*-_VLN9Mt?k;UwNLqXqhr6q?5FXo7_7;xvcaie-&=2a z3}EBb{|=n`CcY~F+<1#^y~PIBQ1lg-Im2=s5@xS49cZzbjnCM!rZs2db(ZHZ*7%$( z{9N@MXmdNS^j=e?vuas5QP(+T<&@euqw3V$IHSyEH_oVyGiu|E+Bl=i-!{&ujWfz( zque;7HqNMxGiu|E+BlWs2*LTQ{&N~cr7{A%N5(m0nSOQx`6 zF3;9f7s=*Q!Pf}1pcya1@Z)$mMOx~K>UK+u(R>7zk%AT_;KUMrne}`&rex;>t3F*sM zfU2;#hU2DSNH-w8h-4}2`^;0@Q+B{)~tNL{E7BYn1v=pS9U9 z=b1lweu)8>Chon{_nl|1a})c+<1FNc`_XMp2uEW>;AEJ545PacRk!4-@f?3S^yjm- z`y2uT5NRVMP(w=O6ao(LStaanOhizhNQ^^2rl0)@>3v9qKL~%F8Q!z@ z^!ZgtKp^8(4Daslt`&WxIT!%@z)wU*i?iKKV74K`$8*IR&}a%cSPm3=H55*ZDUXmq z2I>slsmpvJWay+xBH5Y-2I}?*>_2TU8qDAl7%p5pNN$_SeKL+lO`Hrr1R^5ibw%g~ z)DIw{1f5q5%%B+JEWxS1q0*Iea(>nlGshSIw~$cg_#O&oEnND8n~-RhBSI^r72nIy zLz;TBd}5MP_aiClI^uHny#sGa*TZN$j_z8(2mA!#ypzvc8vG&+;NjIiwVx>IsHmk8?;!6Q8B@28&tW0ZnNwJ zY*_(XQcj9J4Ur&2hU-?OT#Cto)kup5YhiOCs7y>&8H2k z+y?2c$)b8hag%UM()J0IbAF-aoS!Z)&*>ewj7K@0ehg-lq|HU_ zr2QY!Exh#a#0cK-Z{@z)(KwH8Y=Atbhs1V>w9gAsxkUch$v*N+&YI5{nJ5hg&ifhJ zv86IcS(%?^A;v=auNhIUa)mm3S*cTuYUEHDAp_?C5(p;h(MuyZC+xa7!2OKwbj%c| zpL0|)w{MB07&;SRe{P>B-3kIn%>B2XKj)ehOq$@Gs(H?drBzgIb(JSB`2Mc-{qsQ- z3tBk;t*Z{`7W^!jjGQDMNYfI#cP$z%YL=ZNKs?7qrvGj7+2!$}!1|iBfo+S3Jy#9q z4x(L=whtdoKarm|KJX3k`?;m0u0Iko)kKD=sIn2mMXhgN49|;i`iLjhkxnWioRp8N zazx=QGyxWxZx739(b;7cp`IwDx%sV8H035#M|J39K6<+vSh|bC(p?`|_7{a^e|=y% zSQM6n^?~KlqOd$#A6OnQ3d`g5f#q;fSPs_*mZL>sIa&mkeCVkfu=H{P0k!r`){F+4 zTpP>SVwMdKdjq0)z5PZ7S+TKsfn+Mvf8mMCIxyZy73Y)*WE-dwA0tGA!$pp)VrJhWnfMp?>V7ai=lL-{CEF=>w7nXW5fdZC=WP;_w zQcosOz_O4`uv}Q4EDFn$^?{|cwpgPXH(5O}22A3=HpXT{j@s72seNCcQ4p7S`GOjCeik-;yt=g&X*_kJ=Z zQmy|6(+9Ydg%)6;yPQB!>Xmn0?%xS;bJ&*^}5a$mX1tTchyrs^s_IUjBKPn`VqG;-krSP$$>A!%m2&(U)Gr`bEsA9oK8q1nx)fON<)PH&;Rk| z{{v7<0Rj{N6aWAK2ml6hepkBK8k;E)008?^000*N0000000031AOHXW00000V{&C- zbY)d(L}g}aZfSIBZ*DGXb8l`?O928D02BZK00;n6bADIShj31>xc~rrJq7>~00000 z0000103ZMW0A3IP0BvDuZd7G$aBN|8WiD!SZ*EXa1qJ{B000620sw>n002D700000 DBPZ?D diff --git a/Solutions/Okta Single Sign-On/Package/createUiDefinition.json b/Solutions/Okta Single Sign-On/Package/createUiDefinition.json index 5474b9ade8f..97afeddac95 100644 --- a/Solutions/Okta Single Sign-On/Package/createUiDefinition.json +++ b/Solutions/Okta Single Sign-On/Package/createUiDefinition.json @@ -117,7 +117,7 @@ "name": "workbook1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked" + "text": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked." } } ] @@ -261,6 +261,20 @@ } } ] + }, + { + "name": "analytic9", + "type": "Microsoft.Common.Section", + "label": "User Session Impersonation(Okta)", + "elements": [ + { + "name": "analytic9-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "A user has started a session impersonation, gaining access with the impersonated users permissions. This typically signifies Okta admin access and should only happen if anticipated and requested." + } + } + ] } ] }, diff --git a/Solutions/Okta Single Sign-On/Package/mainTemplate.json b/Solutions/Okta Single Sign-On/Package/mainTemplate.json index 463aa15174e..e13708adf43 100644 --- a/Solutions/Okta Single Sign-On/Package/mainTemplate.json +++ b/Solutions/Okta Single Sign-On/Package/mainTemplate.json @@ -28,29 +28,19 @@ "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" } }, - "subscription": { - "defaultValue": "[last(split(subscription().id, '/'))]", - "type": "string", - "metadata": { - "description": "subscription id where Microsoft Sentinel is setup" - } - }, "resourceGroupName": { - "defaultValue": "[resourceGroup().name]", "type": "string", + "defaultValue": "[resourceGroup().name]", "metadata": { "description": "resource group name where Microsoft Sentinel is setup" } }, - "apikey": { - "defaultValue": "Enter apikey value", - "type": "string", - "minLength": 1 - }, - "domainname": { - "defaultValue": "Enter domainname value", + "subscription": { "type": "string", - "minLength": 1 + "defaultValue": "[last(split(subscription().id, '/'))]", + "metadata": { + "description": "subscription id where Microsoft Sentinel is setup" + } }, "workbook1-name": { "type": "string", @@ -64,60 +54,73 @@ "variables": { "email": "support@microsoft.com", "_email": "[variables('email')]", - "sessionIdValue": "authenticationContext_externalSessionId_s", - "_sessionIdValue": "[variables('sessionIdValue')]", "_solutionName": "Okta Single Sign-On", "_solutionVersion": "3.0.1", "solutionId": "azuresentinel.azure-sentinel-solution-okta", "_solutionId": "[variables('solutionId')]", - "analyticRuleVersion1": "1.1.0", - "analyticRulecontentId1": "884be6e7-e568-418e-9c12-89229865ffde", - "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]", - "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]", - "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]", - "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]", - "analyticRuleVersion2": "1.1.0", - "analyticRulecontentId2": "2954d424-f786-4677-9ffc-c24c44c6e7d5", - "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]", - "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]", - "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]", - "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]", - "analyticRuleVersion3": "1.1.0", - "analyticRulecontentId3": "e27dd7e5-4367-4c40-a2b7-fcd7e7a8a508", - "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]", - "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]", - "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]", - "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]", - "analyticRuleVersion4": "1.1.0", - "analyticRulecontentId4": "78d2b06c-8dc0-40e1-91c8-66d916c186f3", - "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]", - "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]", - "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4'))))]", - "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId4'),'-', variables('analyticRuleVersion4'))))]", - "analyticRuleVersion5": "1.1.0", - "analyticRulecontentId5": "41e843a8-92e7-444d-8d72-638f1145d1e1", - "_analyticRulecontentId5": "[variables('analyticRulecontentId5')]", - "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId5'))]", - "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId5'))))]", - "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId5'),'-', variables('analyticRuleVersion5'))))]", - "analyticRuleVersion6": "1.1.0", - "analyticRulecontentId6": "c2697b81-7fe9-4f57-ba1d-de46c6f91f9c", - "_analyticRulecontentId6": "[variables('analyticRulecontentId6')]", - "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId6'))]", - "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId6'))))]", - "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId6'),'-', variables('analyticRuleVersion6'))))]", - "analyticRuleVersion7": "1.1.0", - "analyticRulecontentId7": "9f82a735-ae43-4c03-afb4-d5d153e1ace1", - "_analyticRulecontentId7": "[variables('analyticRulecontentId7')]", - "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId7'))]", - "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId7'))))]", - "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId7'),'-', variables('analyticRuleVersion7'))))]", - "analyticRuleVersion8": "1.1.0", - "analyticRulecontentId8": "e36c6bd6-f86a-4282-93a5-b4a1b48dd849", - "_analyticRulecontentId8": "[variables('analyticRulecontentId8')]", - "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId8'))]", - "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId8'))))]", - "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId8'),'-', variables('analyticRuleVersion8'))))]", + "analyticRuleObject1": { + "analyticRuleVersion1": "1.1.0", + "_analyticRulecontentId1": "884be6e7-e568-418e-9c12-89229865ffde", + "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '884be6e7-e568-418e-9c12-89229865ffde')]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('884be6e7-e568-418e-9c12-89229865ffde')))]", + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','884be6e7-e568-418e-9c12-89229865ffde','-', '1.1.0')))]" + }, + "analyticRuleObject2": { + "analyticRuleVersion2": "1.1.0", + "_analyticRulecontentId2": "2954d424-f786-4677-9ffc-c24c44c6e7d5", + "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '2954d424-f786-4677-9ffc-c24c44c6e7d5')]", + "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('2954d424-f786-4677-9ffc-c24c44c6e7d5')))]", + "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','2954d424-f786-4677-9ffc-c24c44c6e7d5','-', '1.1.0')))]" + }, + "analyticRuleObject3": { + "analyticRuleVersion3": "1.1.0", + "_analyticRulecontentId3": "e27dd7e5-4367-4c40-a2b7-fcd7e7a8a508", + "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e27dd7e5-4367-4c40-a2b7-fcd7e7a8a508')]", + "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e27dd7e5-4367-4c40-a2b7-fcd7e7a8a508')))]", + "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e27dd7e5-4367-4c40-a2b7-fcd7e7a8a508','-', '1.1.0')))]" + }, + "analyticRuleObject4": { + "analyticRuleVersion4": "1.1.0", + "_analyticRulecontentId4": "78d2b06c-8dc0-40e1-91c8-66d916c186f3", + "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '78d2b06c-8dc0-40e1-91c8-66d916c186f3')]", + "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('78d2b06c-8dc0-40e1-91c8-66d916c186f3')))]", + "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','78d2b06c-8dc0-40e1-91c8-66d916c186f3','-', '1.1.0')))]" + }, + "analyticRuleObject5": { + "analyticRuleVersion5": "1.1.0", + "_analyticRulecontentId5": "41e843a8-92e7-444d-8d72-638f1145d1e1", + "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '41e843a8-92e7-444d-8d72-638f1145d1e1')]", + "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('41e843a8-92e7-444d-8d72-638f1145d1e1')))]", + "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','41e843a8-92e7-444d-8d72-638f1145d1e1','-', '1.1.0')))]" + }, + "analyticRuleObject6": { + "analyticRuleVersion6": "1.1.0", + "_analyticRulecontentId6": "c2697b81-7fe9-4f57-ba1d-de46c6f91f9c", + "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c2697b81-7fe9-4f57-ba1d-de46c6f91f9c')]", + "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c2697b81-7fe9-4f57-ba1d-de46c6f91f9c')))]", + "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2697b81-7fe9-4f57-ba1d-de46c6f91f9c','-', '1.1.0')))]" + }, + "analyticRuleObject7": { + "analyticRuleVersion7": "1.1.0", + "_analyticRulecontentId7": "9f82a735-ae43-4c03-afb4-d5d153e1ace1", + "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '9f82a735-ae43-4c03-afb4-d5d153e1ace1')]", + "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('9f82a735-ae43-4c03-afb4-d5d153e1ace1')))]", + "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9f82a735-ae43-4c03-afb4-d5d153e1ace1','-', '1.1.0')))]" + }, + "analyticRuleObject8": { + "analyticRuleVersion8": "1.1.0", + "_analyticRulecontentId8": "e36c6bd6-f86a-4282-93a5-b4a1b48dd849", + "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e36c6bd6-f86a-4282-93a5-b4a1b48dd849')]", + "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e36c6bd6-f86a-4282-93a5-b4a1b48dd849')))]", + "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e36c6bd6-f86a-4282-93a5-b4a1b48dd849','-', '1.1.0')))]" + }, + "analyticRuleObject9": { + "analyticRuleVersion9": "1.0.0", + "_analyticRulecontentId9": "35846296-4052-4de2-8098-beb6bb5f2203", + "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '35846296-4052-4de2-8098-beb6bb5f2203')]", + "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('35846296-4052-4de2-8098-beb6bb5f2203')))]", + "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','35846296-4052-4de2-8098-beb6bb5f2203','-', '1.0.0')))]" + }, "uiConfigId1": "OktaSSO", "_uiConfigId1": "[variables('uiConfigId1')]", "dataConnectorContentId1": "OktaSSO", @@ -128,75 +131,64 @@ "dataConnectorVersion1": "1.0.0", "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", - "dataConnectorVersionConnectorDefinition2": "1.0.0", - "dataConnectorVersionConnections2": "1.0.0", + "dataConnectorCCPVersion": "1.0.0", "_dataConnectorContentIdConnectorDefinition2": "OktaSSOv2", "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]", - "_dataConnectorContentIdConnections2": "OktaSSOv2", + "_dataConnectorContentIdConnections2": "OktaSSOv2Connections", "dataConnectorTemplateNameConnections2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections2')))]", "dataCollectionEndpointId2": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", "blanks": "[replace('b', 'b', '')]", "TemplateEmptyObject": "[json('{}')]", - "huntingQueryVersion1": "1.0.0", - "huntingQuerycontentId1": "5309ea6b-463c-4449-a3c4-2fc8ee0080ee", - "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]", - "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]", - "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]", - "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]", - "huntingQueryVersion2": "1.0.0", - "huntingQuerycontentId2": "c5134bac-044d-447a-a260-d1d439653ae7", - "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]", - "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]", - "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]", - "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]", - "huntingQueryVersion3": "1.0.0", - "huntingQuerycontentId3": "96fb9b37-e2b7-45f6-9b2a-cb9cdfd2b0fc", - "_huntingQuerycontentId3": "[variables('huntingQuerycontentId3')]", - "huntingQueryId3": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId3'))]", - "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId3'))))]", - "_huntingQuerycontentProductId3": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId3'),'-', variables('huntingQueryVersion3'))))]", - "huntingQueryVersion4": "1.0.0", - "huntingQuerycontentId4": "18667b4a-18e5-4982-ba75-92ace62bc79c", - "_huntingQuerycontentId4": "[variables('huntingQuerycontentId4')]", - "huntingQueryId4": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId4'))]", - "huntingQueryTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId4'))))]", - "_huntingQuerycontentProductId4": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId4'),'-', variables('huntingQueryVersion4'))))]", - "huntingQueryVersion5": "1.0.0", - "huntingQuerycontentId5": "38da2aa3-4778-4d88-9178-3c5c14758b05", - "_huntingQuerycontentId5": "[variables('huntingQuerycontentId5')]", - "huntingQueryId5": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId5'))]", - "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId5'))))]", - "_huntingQuerycontentProductId5": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId5'),'-', variables('huntingQueryVersion5'))))]", - "huntingQueryVersion6": "1.0.0", - "huntingQuerycontentId6": "4355f601-1421-4ac4-b2ce-88f0859cc101", - "_huntingQuerycontentId6": "[variables('huntingQuerycontentId6')]", - "huntingQueryId6": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId6'))]", - "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId6'))))]", - "_huntingQuerycontentProductId6": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId6'),'-', variables('huntingQueryVersion6'))))]", - "huntingQueryVersion7": "1.0.0", - "huntingQuerycontentId7": "f262fc3a-0acc-4c8b-9a73-fdc09f55fff2", - "_huntingQuerycontentId7": "[variables('huntingQuerycontentId7')]", - "huntingQueryId7": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId7'))]", - "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId7'))))]", - "_huntingQuerycontentProductId7": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId7'),'-', variables('huntingQueryVersion7'))))]", - "huntingQueryVersion8": "1.0.0", - "huntingQuerycontentId8": "708c33ec-22a2-4739-b248-c14919500cdd", - "_huntingQuerycontentId8": "[variables('huntingQuerycontentId8')]", - "huntingQueryId8": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId8'))]", - "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId8'))))]", - "_huntingQuerycontentProductId8": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId8'),'-', variables('huntingQueryVersion8'))))]", - "huntingQueryVersion9": "1.0.0", - "huntingQuerycontentId9": "37381608-bcd7-46bc-954e-1fd418023c26", - "_huntingQuerycontentId9": "[variables('huntingQuerycontentId9')]", - "huntingQueryId9": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId9'))]", - "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId9'))))]", - "_huntingQuerycontentProductId9": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId9'),'-', variables('huntingQueryVersion9'))))]", - "huntingQueryVersion10": "1.0.0", - "huntingQuerycontentId10": "6a9199ec-bc32-4935-9f82-4aa848edb3fc", - "_huntingQuerycontentId10": "[variables('huntingQuerycontentId10')]", - "huntingQueryId10": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId10'))]", - "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId10'))))]", - "_huntingQuerycontentProductId10": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId10'),'-', variables('huntingQueryVersion10'))))]", + "huntingQueryObject1": { + "huntingQueryVersion1": "1.0.0", + "_huntingQuerycontentId1": "5309ea6b-463c-4449-a3c4-2fc8ee0080ee", + "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('5309ea6b-463c-4449-a3c4-2fc8ee0080ee')))]" + }, + "huntingQueryObject2": { + "huntingQueryVersion2": "1.0.0", + "_huntingQuerycontentId2": "c5134bac-044d-447a-a260-d1d439653ae7", + "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c5134bac-044d-447a-a260-d1d439653ae7')))]" + }, + "huntingQueryObject3": { + "huntingQueryVersion3": "1.0.0", + "_huntingQuerycontentId3": "96fb9b37-e2b7-45f6-9b2a-cb9cdfd2b0fc", + "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('96fb9b37-e2b7-45f6-9b2a-cb9cdfd2b0fc')))]" + }, + "huntingQueryObject4": { + "huntingQueryVersion4": "1.0.0", + "_huntingQuerycontentId4": "18667b4a-18e5-4982-ba75-92ace62bc79c", + "huntingQueryTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('18667b4a-18e5-4982-ba75-92ace62bc79c')))]" + }, + "huntingQueryObject5": { + "huntingQueryVersion5": "1.0.0", + "_huntingQuerycontentId5": "38da2aa3-4778-4d88-9178-3c5c14758b05", + "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('38da2aa3-4778-4d88-9178-3c5c14758b05')))]" + }, + "huntingQueryObject6": { + "huntingQueryVersion6": "1.0.0", + "_huntingQuerycontentId6": "4355f601-1421-4ac4-b2ce-88f0859cc101", + "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('4355f601-1421-4ac4-b2ce-88f0859cc101')))]" + }, + "huntingQueryObject7": { + "huntingQueryVersion7": "1.0.0", + "_huntingQuerycontentId7": "f262fc3a-0acc-4c8b-9a73-fdc09f55fff2", + "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f262fc3a-0acc-4c8b-9a73-fdc09f55fff2')))]" + }, + "huntingQueryObject8": { + "huntingQueryVersion8": "1.0.0", + "_huntingQuerycontentId8": "708c33ec-22a2-4739-b248-c14919500cdd", + "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('708c33ec-22a2-4739-b248-c14919500cdd')))]" + }, + "huntingQueryObject9": { + "huntingQueryVersion9": "1.0.0", + "_huntingQuerycontentId9": "37381608-bcd7-46bc-954e-1fd418023c26", + "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('37381608-bcd7-46bc-954e-1fd418023c26')))]" + }, + "huntingQueryObject10": { + "huntingQueryVersion10": "1.0.0", + "_huntingQuerycontentId10": "6a9199ec-bc32-4935-9f82-4aa848edb3fc", + "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('6a9199ec-bc32-4935-9f82-4aa848edb3fc')))]" + }, "OktaCustomConnector": "OktaCustomConnector", "_OktaCustomConnector": "[variables('OktaCustomConnector')]", "TemplateEmptyArray": "[json('[]')]", @@ -235,22 +227,20 @@ "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", "_workbookContentId1": "[variables('workbookContentId1')]", "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", - "parserName1": "OktaSSO", - "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]", - "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", - "_parserId1": "[variables('parserId1')]", - "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]", - "parserVersion1": "1.0.0", - "parserContentId1": "OktaSSO-Parser", - "_parserContentId1": "[variables('parserContentId1')]", - "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]", + "parserObject1": { + "_parserName1": "[concat(parameters('workspace'),'/','OktaSSO')]", + "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'OktaSSO')]", + "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('OktaSSO-Parser')))]", + "parserVersion1": "1.0.0", + "parserContentId1": "OktaSSO-Parser" + }, "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName1')]", + "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -259,13 +249,13 @@ "description": "FailedLoginsFromUnknownOrInvalidUser_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion1')]", + "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId1')]", + "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -284,16 +274,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -304,22 +294,22 @@ ], "entityMappings": [ { - "entityType": "Account", "fieldMappings": [ { "columnName": "AccountCustomEntity", "identifier": "FullName" } - ] + ], + "entityType": "Account" }, { - "entityType": "IP", "fieldMappings": [ { "columnName": "IPCustomEntity", "identifier": "Address" } - ] + ], + "entityType": "IP" } ] } @@ -327,13 +317,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 1", - "parentId": "[variables('analyticRuleId1')]", - "contentId": "[variables('_analyticRulecontentId1')]", + "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion1')]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -358,18 +348,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId1')]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "contentKind": "AnalyticsRule", "displayName": "Failed Logins from Unknown or Invalid User", - "contentProductId": "[variables('_analyticRulecontentProductId1')]", - "id": "[variables('_analyticRulecontentProductId1')]", - "version": "[variables('analyticRuleVersion1')]" + "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName2')]", + "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -378,13 +368,13 @@ "description": "LoginfromUsersfromDifferentCountrieswithin3hours_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion2')]", + "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId2')]", + "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -403,16 +393,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -423,13 +413,13 @@ ], "entityMappings": [ { - "entityType": "Account", "fieldMappings": [ { "columnName": "AccountCustomEntity", "identifier": "FullName" } - ] + ], + "entityType": "Account" } ] } @@ -437,13 +427,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 2", - "parentId": "[variables('analyticRuleId2')]", - "contentId": "[variables('_analyticRulecontentId2')]", + "parentId": "[variables('analyticRuleObject2').analyticRuleId2]", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion2')]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -468,18 +458,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId2')]", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", "contentKind": "AnalyticsRule", "displayName": "User Login from Different Countries within 3 hours", - "contentProductId": "[variables('_analyticRulecontentProductId2')]", - "id": "[variables('_analyticRulecontentProductId2')]", - "version": "[variables('analyticRuleVersion2')]" + "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName3')]", + "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -488,13 +478,13 @@ "description": "PasswordSpray_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion3')]", + "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId3')]", + "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -513,16 +503,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -533,13 +523,13 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { "columnName": "IPCustomEntity", "identifier": "Address" } - ] + ], + "entityType": "IP" } ] } @@ -547,13 +537,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 3", - "parentId": "[variables('analyticRuleId3')]", - "contentId": "[variables('_analyticRulecontentId3')]", + "parentId": "[variables('analyticRuleObject3').analyticRuleId3]", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion3')]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -578,18 +568,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId3')]", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", "contentKind": "AnalyticsRule", "displayName": "Potential Password Spray Attack", - "contentProductId": "[variables('_analyticRulecontentProductId3')]", - "id": "[variables('_analyticRulecontentProductId3')]", - "version": "[variables('analyticRuleVersion3')]" + "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName4')]", + "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -598,13 +588,13 @@ "description": "PhishingDetection_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion4')]", + "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId4')]", + "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -623,16 +613,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -643,7 +633,6 @@ ], "entityMappings": [ { - "entityType": "Account", "fieldMappings": [ { "columnName": "actor_alternateId_s", @@ -653,16 +642,17 @@ "columnName": "actor_displayName_s", "identifier": "DisplayName" } - ] + ], + "entityType": "Account" }, { - "entityType": "IP", "fieldMappings": [ { "columnName": "client_ipAddress_s", "identifier": "Address" } - ] + ], + "entityType": "IP" } ], "customDetails": { @@ -674,13 +664,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId4'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 4", - "parentId": "[variables('analyticRuleId4')]", - "contentId": "[variables('_analyticRulecontentId4')]", + "parentId": "[variables('analyticRuleObject4').analyticRuleId4]", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion4')]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -705,18 +695,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId4')]", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", "contentKind": "AnalyticsRule", "displayName": "Okta Fast Pass phishing Detection", - "contentProductId": "[variables('_analyticRulecontentProductId4')]", - "id": "[variables('_analyticRulecontentProductId4')]", - "version": "[variables('analyticRuleVersion4')]" + "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName5')]", + "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -725,13 +715,13 @@ "description": "NewDeviceLocationCriticalOperation_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion5')]", + "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId5')]", + "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -750,16 +740,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -772,7 +762,6 @@ ], "entityMappings": [ { - "entityType": "Account", "fieldMappings": [ { "columnName": "actor_alternateId_s", @@ -782,38 +771,39 @@ "columnName": "actor_displayName_s", "identifier": "DisplayName" } - ] + ], + "entityType": "Account" }, { - "entityType": "IP", "fieldMappings": [ { "columnName": "client_ipAddress_s", "identifier": "Address" } - ] + ], + "entityType": "IP" } ], "customDetails": { - "SessionId": "[variables('_sessionIdValue')]", - "Location": "Location" + "Location": "Location", + "SessionId": "authenticationContext_externalSessionId_s" }, "alertDetailsOverride": { - "alertDescriptionFormat": "This query identifies users seen login from new geo location/country {{Location}} as well as a new device and performing critical operations\n", - "alertDisplayNameFormat": "New Device/Location {{Location}} sign-in along with critical operation" + "alertDisplayNameFormat": "New Device/Location {{Location}} sign-in along with critical operation", + "alertDescriptionFormat": "This query identifies users seen login from new geo location/country {{Location}} as well as a new device and performing critical operations\n" } } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId5'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 5", - "parentId": "[variables('analyticRuleId5')]", - "contentId": "[variables('_analyticRulecontentId5')]", + "parentId": "[variables('analyticRuleObject5').analyticRuleId5]", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion5')]", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -838,18 +828,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId5')]", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", "contentKind": "AnalyticsRule", "displayName": "New Device/Location sign-in along with critical operation", - "contentProductId": "[variables('_analyticRulecontentProductId5')]", - "id": "[variables('_analyticRulecontentProductId5')]", - "version": "[variables('analyticRuleVersion5')]" + "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", + "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName6')]", + "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -858,13 +848,13 @@ "description": "MFAFatigue_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion6')]", + "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId6')]", + "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -883,16 +873,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -903,7 +893,6 @@ ], "entityMappings": [ { - "entityType": "Account", "fieldMappings": [ { "columnName": "actor_alternateId_s", @@ -913,7 +902,8 @@ "columnName": "actor_displayName_s", "identifier": "DisplayName" } - ] + ], + "entityType": "Account" } ] } @@ -921,13 +911,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId6'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 6", - "parentId": "[variables('analyticRuleId6')]", - "contentId": "[variables('_analyticRulecontentId6')]", + "parentId": "[variables('analyticRuleObject6').analyticRuleId6]", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion6')]", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -952,18 +942,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId6')]", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", "contentKind": "AnalyticsRule", "displayName": "MFA Fatigue (OKTA)", - "contentProductId": "[variables('_analyticRulecontentProductId6')]", - "id": "[variables('_analyticRulecontentProductId6')]", - "version": "[variables('analyticRuleVersion6')]" + "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", + "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName7')]", + "name": "[variables('analyticRuleObject7').analyticRuleTemplateSpecName7]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -972,13 +962,13 @@ "description": "HighRiskAdminActivity_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion7')]", + "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId7')]", + "name": "[variables('analyticRuleObject7')._analyticRulecontentId7]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -997,16 +987,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -1017,7 +1007,6 @@ ], "entityMappings": [ { - "entityType": "Account", "fieldMappings": [ { "columnName": "actor_alternateId_s", @@ -1027,33 +1016,34 @@ "columnName": "actor_displayName_s", "identifier": "DisplayName" } - ] + ], + "entityType": "Account" }, { - "entityType": "IP", "fieldMappings": [ { "columnName": "client_ipAddress_s", "identifier": "Address" } - ] + ], + "entityType": "IP" } ], "customDetails": { - "SessionId": "[variables('_sessionIdValue')]" + "SessionId": "authenticationContext_externalSessionId_s" } } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId7'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject7').analyticRuleId7,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 7", - "parentId": "[variables('analyticRuleId7')]", - "contentId": "[variables('_analyticRulecontentId7')]", + "parentId": "[variables('analyticRuleObject7').analyticRuleId7]", + "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion7')]", + "version": "[variables('analyticRuleObject7').analyticRuleVersion7]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -1078,18 +1068,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId7')]", + "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]", "contentKind": "AnalyticsRule", "displayName": "High-Risk Admin Activity", - "contentProductId": "[variables('_analyticRulecontentProductId7')]", - "id": "[variables('_analyticRulecontentProductId7')]", - "version": "[variables('analyticRuleVersion7')]" + "contentProductId": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]", + "id": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]", + "version": "[variables('analyticRuleObject7').analyticRuleVersion7]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleTemplateSpecName8')]", + "name": "[variables('analyticRuleObject8').analyticRuleTemplateSpecName8]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -1098,13 +1088,13 @@ "description": "DeviceRegistrationMaliciousIP_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion8')]", + "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId8')]", + "name": "[variables('analyticRuleObject8')._analyticRulecontentId8]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", @@ -1123,16 +1113,16 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "OktaSSO", "dataTypes": [ "Okta_CL" - ] + ], + "connectorId": "OktaSSO" }, { - "connectorId": "OktaSSOv2", "dataTypes": [ "OktaSSO" - ] + ], + "connectorId": "OktaSSOv2" } ], "tactics": [ @@ -1143,7 +1133,6 @@ ], "entityMappings": [ { - "entityType": "Account", "fieldMappings": [ { "columnName": "actor_alternateId_s", @@ -1153,16 +1142,17 @@ "columnName": "actor_displayName_s", "identifier": "DisplayName" } - ] + ], + "entityType": "Account" }, { - "entityType": "IP", "fieldMappings": [ { "columnName": "client_ipAddress_s", "identifier": "Address" } - ] + ], + "entityType": "IP" } ] } @@ -1170,13 +1160,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId8'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject8').analyticRuleId8,'/'))))]", "properties": { "description": "Okta Single Sign-On Analytics Rule 8", - "parentId": "[variables('analyticRuleId8')]", - "contentId": "[variables('_analyticRulecontentId8')]", + "parentId": "[variables('analyticRuleObject8').analyticRuleId8]", + "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion8')]", + "version": "[variables('analyticRuleObject8').analyticRuleVersion8]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -1201,12 +1191,127 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId8')]", + "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]", "contentKind": "AnalyticsRule", "displayName": "Device Registration from Malicious IP", - "contentProductId": "[variables('_analyticRulecontentProductId8')]", - "id": "[variables('_analyticRulecontentProductId8')]", - "version": "[variables('analyticRuleVersion8')]" + "contentProductId": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]", + "id": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]", + "version": "[variables('analyticRuleObject8').analyticRuleVersion8]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject9').analyticRuleTemplateSpecName9]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "UserSessionImpersonation_AnalyticalRules Analytics Rule with template version 3.0.1", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject9')._analyticRulecontentId9]", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "A user has started a session impersonation, gaining access with the impersonated users permissions. This typically signifies Okta admin access and should only happen if anticipated and requested.", + "displayName": "User Session Impersonation(Okta)", + "enabled": false, + "query": "Okta_CL\n| where eventType_s == \"user.session.impersonation.initiate\" and outcome_result_s == \"SUCCESS\"\n// Expand the JSON array in 'target_s' field to extract detailed information about the event\n| mv-expand parsed_json = todynamic(target_s) // Unpack and understand the details from the 'target_s' JSON array\n// Enhance visibility by extending columns with extracted details for better analysis\n| extend TargetUser_id = tostring(parsed_json.id), \n TargetUser_type = tostring(parsed_json.type), \n TargetUser_alternateId = tostring(parsed_json.alternateId), \n TargetUser_displayName = tostring(parsed_json.displayName), \n Target_detailEntry = tostring(parsed_json.detailEntry) \n// Project event details to gain insights into the security context, including actor and target user information\n| project TimeGenerated, actor_alternateId_s, actor_displayName_s, TargetUser_alternateId, \n TargetUser_displayName, TargetUser_type, TargetUser_id, \n eventType_s, outcome_result_s\n", + "queryFrequency": "PT6H", + "queryPeriod": "PT6H", + "severity": "Medium", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "Okta_CL" + ], + "connectorId": "OktaSSO" + }, + { + "dataTypes": [ + "OktaSSO" + ], + "connectorId": "OktaSSOv2" + } + ], + "tactics": [ + "PrivilegeEscalation" + ], + "techniques": [ + "T1134", + "T1134" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "actor_alternateId_s", + "identifier": "Name" + }, + { + "columnName": "actor_displayName_s", + "identifier": "DisplayName" + } + ], + "entityType": "Account" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject9').analyticRuleId9,'/'))))]", + "properties": { + "description": "Okta Single Sign-On Analytics Rule 9", + "parentId": "[variables('analyticRuleObject9').analyticRuleId9]", + "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject9').analyticRuleVersion9]", + "source": { + "kind": "Solution", + "name": "Okta Single Sign-On", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "tier": "Microsoft", + "link": "https://support.microsoft.com" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]", + "contentKind": "AnalyticsRule", + "displayName": "User Session Impersonation(Okta)", + "contentProductId": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]", + "id": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]", + "version": "[variables('analyticRuleObject9').analyticRuleVersion9]" } }, { @@ -1619,7 +1724,7 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), 14070676)]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -1630,45 +1735,10 @@ "contentKind": "DataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorVersionConnectorDefinition2')]", + "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": {}, "variables": {}, "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorVersionConnectorDefinition2')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "Microsoft Corporation", - "email": "support@microsoft.com", - "tier": "Microsoft", - "link": "https://support.microsoft.com" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorVersionConnections2')]", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, { "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", "apiVersion": "2022-09-01-preview", @@ -1680,7 +1750,7 @@ "id": "OktaSSOv2", "title": "Okta Single Sign-On (Preview)", "publisher": "Microsoft", - "descriptionMarkdown": "The [Okta Single Sign-On (SSO)](https://www.okta.com/products/single-sign-on/) data connector provides the capability to ingest audit and event logs from the Okta Sysem Log API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform and uses the Okta System Log API to fetch the events. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.", + "descriptionMarkdown": "The [Okta Single Sign-On (SSO)](https://www.okta.com/products/single-sign-on/) data connector provides the capability to ingest audit and event logs from the Okta Sysem Log API into Microsoft Sentinel. The data connector is built on Microsoft Sentinelג€™s Codeless Connector Platform and uses the Okta System Log API to fetch the events. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.", "graphQueriesTableName": "OktaSSO", "graphQueries": [ { @@ -1792,9 +1862,44 @@ } } }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "tier": "Microsoft", + "link": "https://support.microsoft.com" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, { "name": "oktassov2-ccp", - "apiVersion": "2021-09-01-preview", + "apiVersion": "2022-06-01", "type": "Microsoft.Insights/dataCollectionRules", "location": "[parameters('workspace-location')]", "kind": "[variables('blanks')]", @@ -1890,12 +1995,12 @@ "outputStream": "Custom-OktaV2_CL" } ], - "dataCollectionEndpointId": "[[variables('dataCollectionEndpointId2')]" + "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]" } }, { "name": "OktaV2_CL", - "apiVersion": "2021-03-01-privatepreview", + "apiVersion": "2022-10-01", "type": "Microsoft.OperationalInsights/workspaces/tables", "location": "[parameters('workspace-location')]", "kind": null, @@ -2245,7 +2350,7 @@ "isDefaultDisplay": false, "isHidden": false } - ] + ] } } } @@ -2254,7 +2359,7 @@ "packageKind": "Solution", "packageVersion": "[variables('_solutionVersion')]", "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorVersionConnectorDefinition2'))))]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", "version": "[variables('_solutionVersion')]" @@ -2271,7 +2376,7 @@ "id": "OktaSSOv2", "title": "Okta Single Sign-On (Preview)", "publisher": "Microsoft", - "descriptionMarkdown": "The [Okta Single Sign-On (SSO)](https://www.okta.com/products/single-sign-on/) data connector provides the capability to ingest audit and event logs from the Okta Sysem Log API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform and uses the Okta System Log API to fetch the events. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.", + "descriptionMarkdown": "The [Okta Single Sign-On (SSO)](https://www.okta.com/products/single-sign-on/) data connector provides the capability to ingest audit and event logs from the Okta Sysem Log API into Microsoft Sentinel. The data connector is built on Microsoft Sentinelג€™s Codeless Connector Platform and uses the Okta System Log API to fetch the events. The connector supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security event data into a custom columns so that queries don't need to parse it again, thus resulting in better performance.", "graphQueriesTableName": "OktaSSO", "graphQueries": [ { @@ -2391,7 +2496,7 @@ "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", "kind": "DataConnector", - "version": "[variables('dataConnectorVersionConnectorDefinition2')]", + "version": "[variables('dataConnectorCCPVersion')]", "source": { "sourceId": "[variables('_solutionId')]", "name": "[variables('_solutionName')]", @@ -2410,7 +2515,7 @@ "dependencies": { "criteria": [ { - "version": "[variables('dataConnectorVersionConnections2')]", + "version": "[variables('dataConnectorCCPVersion')]", "contentId": "[variables('_dataConnectorContentIdConnections2')]", "kind": "ResourcesDataConnector" } @@ -2421,7 +2526,7 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), 1691618401)]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -2432,8 +2537,18 @@ "contentKind": "ResourcesDataConnector", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorVersionConnections2')]", + "contentVersion": "[variables('dataConnectorCCPVersion')]", "parameters": { + "apikey": { + "defaultValue": "-NA-", + "type": "securestring", + "minLength": 1 + }, + "domainname": { + "defaultValue": "Enter domainname value", + "type": "string", + "minLength": 1 + }, "connectorDefinitionName": { "defaultValue": "Okta Single Sign-On (Preview)", "type": "string", @@ -2449,16 +2564,6 @@ "dataCollectionRuleImmutableId": "data collection rule immutableId" }, "type": "object" - }, - "domainname": { - "defaultValue": "domainname", - "type": "string", - "minLength": 1 - }, - "apikey": { - "defaultValue": "apikey", - "type": "string", - "minLength": 1 } }, "variables": { @@ -2473,7 +2578,7 @@ "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]", "contentId": "[variables('_dataConnectorContentIdConnections2')]", "kind": "ResourcesDataConnector", - "version": "[variables('dataConnectorVersionConnections2')]", + "version": "[variables('dataConnectorCCPVersion')]", "source": { "sourceId": "[variables('_solutionId')]", "name": "[variables('_solutionName')]", @@ -2492,8 +2597,8 @@ } }, { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'OktaSSOv2')]", - "apiVersion": "2022-12-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', 'OktaDCV1')]", + "apiVersion": "2023-02-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", "location": "[parameters('workspace-location')]", "kind": "RestApiPoller", @@ -2542,7 +2647,7 @@ "packageKind": "Solution", "packageVersion": "[variables('_solutionVersion')]", "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorVersionConnections2'))))]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", "version": "[variables('_solutionVersion')]" @@ -2551,7 +2656,7 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName1')]", + "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -2560,7 +2665,7 @@ "description": "AdminPrivilegeGrant_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion1')]", + "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", "parameters": {}, "variables": {}, "resources": [ @@ -2594,13 +2699,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 1", - "parentId": "[variables('huntingQueryId1')]", - "contentId": "[variables('_huntingQuerycontentId1')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]", + "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion1')]", + "version": "[variables('huntingQueryObject1').huntingQueryVersion1]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -2625,18 +2730,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId1')]", + "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]", "contentKind": "HuntingQuery", "displayName": "Admin privilege granted (Okta)", - "contentProductId": "[variables('_huntingQuerycontentProductId1')]", - "id": "[variables('_huntingQuerycontentProductId1')]", - "version": "[variables('huntingQueryVersion1')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName2')]", + "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -2645,7 +2750,7 @@ "description": "CreateAPIToken_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion2')]", + "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]", "parameters": {}, "variables": {}, "resources": [ @@ -2679,13 +2784,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 2", - "parentId": "[variables('huntingQueryId2')]", - "contentId": "[variables('_huntingQuerycontentId2')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]", + "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion2')]", + "version": "[variables('huntingQueryObject2').huntingQueryVersion2]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -2710,18 +2815,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId2')]", + "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]", "contentKind": "HuntingQuery", "displayName": "Create API Token (Okta)", - "contentProductId": "[variables('_huntingQuerycontentProductId2')]", - "id": "[variables('_huntingQuerycontentProductId2')]", - "version": "[variables('huntingQueryVersion2')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName3')]", + "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -2730,7 +2835,7 @@ "description": "ImpersonationSession_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion3')]", + "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]", "parameters": {}, "variables": {}, "resources": [ @@ -2764,13 +2869,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId3'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 3", - "parentId": "[variables('huntingQueryId3')]", - "contentId": "[variables('_huntingQuerycontentId3')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]", + "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion3')]", + "version": "[variables('huntingQueryObject3').huntingQueryVersion3]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -2795,18 +2900,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId3')]", + "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]", "contentKind": "HuntingQuery", "displayName": "Initiate impersonation session (Okta)", - "contentProductId": "[variables('_huntingQuerycontentProductId3')]", - "id": "[variables('_huntingQuerycontentProductId3')]", - "version": "[variables('huntingQueryVersion3')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName4')]", + "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -2815,7 +2920,7 @@ "description": "RareMFAOperation_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion4')]", + "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]", "parameters": {}, "variables": {}, "resources": [ @@ -2849,13 +2954,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId4'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 4", - "parentId": "[variables('huntingQueryId4')]", - "contentId": "[variables('_huntingQuerycontentId4')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]", + "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion4')]", + "version": "[variables('huntingQueryObject4').huntingQueryVersion4]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -2880,18 +2985,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId4')]", + "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]", "contentKind": "HuntingQuery", "displayName": "Rare MFA Operations (Okta)", - "contentProductId": "[variables('_huntingQuerycontentProductId4')]", - "id": "[variables('_huntingQuerycontentProductId4')]", - "version": "[variables('huntingQueryVersion4')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName5')]", + "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -2900,7 +3005,7 @@ "description": "UserPasswordReset_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion5')]", + "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]", "parameters": {}, "variables": {}, "resources": [ @@ -2934,13 +3039,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId5'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 5", - "parentId": "[variables('huntingQueryId5')]", - "contentId": "[variables('_huntingQuerycontentId5')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]", + "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion5')]", + "version": "[variables('huntingQueryObject5').huntingQueryVersion5]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -2965,18 +3070,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId5')]", + "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]", "contentKind": "HuntingQuery", "displayName": "User password reset(Okta)", - "contentProductId": "[variables('_huntingQuerycontentProductId5')]", - "id": "[variables('_huntingQuerycontentProductId5')]", - "version": "[variables('huntingQueryVersion5')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName6')]", + "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -2985,7 +3090,7 @@ "description": "NewDeviceRegistration_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion6')]", + "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]", "parameters": {}, "variables": {}, "resources": [ @@ -3019,13 +3124,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId6'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 6", - "parentId": "[variables('huntingQueryId6')]", - "contentId": "[variables('_huntingQuerycontentId6')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]", + "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion6')]", + "version": "[variables('huntingQueryObject6').huntingQueryVersion6]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -3050,18 +3155,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId6')]", + "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]", "contentKind": "HuntingQuery", "displayName": "New device registration from unfamiliar location", - "contentProductId": "[variables('_huntingQuerycontentProductId6')]", - "id": "[variables('_huntingQuerycontentProductId6')]", - "version": "[variables('huntingQueryVersion6')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName7')]", + "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -3070,7 +3175,7 @@ "description": "LoginsVPSProvider_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion7')]", + "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]", "parameters": {}, "variables": {}, "resources": [ @@ -3104,13 +3209,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId7'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 7", - "parentId": "[variables('huntingQueryId7')]", - "contentId": "[variables('_huntingQuerycontentId7')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]", + "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion7')]", + "version": "[variables('huntingQueryObject7').huntingQueryVersion7]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -3135,18 +3240,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId7')]", + "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]", "contentKind": "HuntingQuery", "displayName": "Logins originating from VPS Providers", - "contentProductId": "[variables('_huntingQuerycontentProductId7')]", - "id": "[variables('_huntingQuerycontentProductId7')]", - "version": "[variables('huntingQueryVersion7')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName8')]", + "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -3155,7 +3260,7 @@ "description": "LoginNordVPN_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion8')]", + "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]", "parameters": {}, "variables": {}, "resources": [ @@ -3189,13 +3294,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId8'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 8", - "parentId": "[variables('huntingQueryId8')]", - "contentId": "[variables('_huntingQuerycontentId8')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]", + "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion8')]", + "version": "[variables('huntingQueryObject8').huntingQueryVersion8]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -3220,18 +3325,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId8')]", + "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]", "contentKind": "HuntingQuery", "displayName": "Sign-ins from Nord VPN Providers", - "contentProductId": "[variables('_huntingQuerycontentProductId8')]", - "id": "[variables('_huntingQuerycontentProductId8')]", - "version": "[variables('huntingQueryVersion8')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName9')]", + "name": "[variables('huntingQueryObject9').huntingQueryTemplateSpecName9]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -3240,7 +3345,7 @@ "description": "LoginFromMultipleLocations_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion9')]", + "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]", "parameters": {}, "variables": {}, "resources": [ @@ -3274,13 +3379,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId9'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 9", - "parentId": "[variables('huntingQueryId9')]", - "contentId": "[variables('_huntingQuerycontentId9')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9)]", + "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion9')]", + "version": "[variables('huntingQueryObject9').huntingQueryVersion9]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -3305,18 +3410,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId9')]", + "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]", "contentKind": "HuntingQuery", "displayName": "Okta Login from multiple locations", - "contentProductId": "[variables('_huntingQuerycontentProductId9')]", - "id": "[variables('_huntingQuerycontentProductId9')]", - "version": "[variables('huntingQueryVersion9')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]", + "version": "1.0.0" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('huntingQueryTemplateSpecName10')]", + "name": "[variables('huntingQueryObject10').huntingQueryTemplateSpecName10]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -3325,7 +3430,7 @@ "description": "LegacyAuthentication_HuntingQueries Hunting Query with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion10')]", + "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]", "parameters": {}, "variables": {}, "resources": [ @@ -3359,13 +3464,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId10'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10),'/'))))]", "properties": { "description": "Okta Single Sign-On Hunting Query 10", - "parentId": "[variables('huntingQueryId10')]", - "contentId": "[variables('_huntingQuerycontentId10')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10)]", + "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion10')]", + "version": "[variables('huntingQueryObject10').huntingQueryVersion10]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -3390,12 +3495,12 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId10')]", + "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]", "contentKind": "HuntingQuery", "displayName": "Okta login attempts using Legacy Auth", - "contentProductId": "[variables('_huntingQuerycontentProductId10')]", - "id": "[variables('_huntingQuerycontentProductId10')]", - "version": "[variables('huntingQueryVersion10')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]", + "version": "1.0.0" } }, { @@ -4670,7 +4775,7 @@ ], "metadata": { "comments": "This OKTA connector uses okta API to perform different actions on the user accounts.", - "lastUpdateTime": "2023-11-24T18:36:54.834Z", + "lastUpdateTime": "2024-01-16T12:09:51.660Z", "releaseNotes": { "version": "1.0", "title": "[variables('blanks')]", @@ -6033,7 +6138,7 @@ "kind": "shared", "apiVersion": "2021-08-01", "metadata": { - "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked" + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked." }, "properties": { "displayName": "[parameters('workbook1-name')]", @@ -6048,7 +6153,7 @@ "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", "properties": { - "description": "@{workbookKey=OktaSingleSignOnWorkbook; logoFileName=okta_logo.svg; description=Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.2; title=Okta Single Sign-On; templateRelativePath=OktaSingleSignOn.json; subtitle=; provider=Okta}.description", + "description": "@{workbookKey=OktaSingleSignOnWorkbook; logoFileName=okta_logo.svg; description=Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.2; title=Okta Single Sign-On; templateRelativePath=OktaSingleSignOn.json; subtitle=; provider=Okta}.description", "parentId": "[variables('workbookId1')]", "contentId": "[variables('_workbookContentId1')]", "kind": "Workbook", @@ -6077,6 +6182,14 @@ }, { "contentId": "OktaSSO", + "kind": "DataType" + }, + { + "contentId": "OktaSSO", + "kind": "DataConnector" + }, + { + "contentId": "OktaSSOv2", "kind": "DataConnector" } ] @@ -6101,7 +6214,7 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", - "name": "[variables('parserTemplateSpecName1')]", + "name": "[variables('parserObject1').parserTemplateSpecName1]", "location": "[parameters('workspace-location')]", "dependsOn": [ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" @@ -6110,12 +6223,12 @@ "description": "OktaSSO Data Parser with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserVersion1')]", + "contentVersion": "[variables('parserObject1').parserVersion1]", "parameters": {}, "variables": {}, "resources": [ { - "name": "[variables('_parserName1')]", + "name": "[variables('parserObject1')._parserName1]", "apiVersion": "2022-10-01", "type": "Microsoft.OperationalInsights/workspaces/savedSearches", "location": "[parameters('workspace-location')]", @@ -6138,15 +6251,15 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", "dependsOn": [ - "[variables('_parserId1')]" + "[variables('parserObject1')._parserId1]" ], "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", - "contentId": "[variables('_parserContentId1')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Backward Compatibility Parser for Okta SSO')]", + "contentId": "[variables('parserObject1').parserContentId1]", "kind": "Parser", - "version": "[variables('parserVersion1')]", + "version": "[variables('parserObject1').parserVersion1]", "source": { "name": "Okta Single Sign-On", "kind": "Solution", @@ -6171,18 +6284,18 @@ "packageName": "[variables('_solutionName')]", "packageId": "[variables('_solutionId')]", "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_parserContentId1')]", + "contentId": "[variables('parserObject1').parserContentId1]", "contentKind": "Parser", "displayName": "Backward Compatibility Parser for Okta SSO", - "contentProductId": "[variables('_parsercontentProductId1')]", - "id": "[variables('_parsercontentProductId1')]", - "version": "[variables('parserVersion1')]" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]", + "version": "[variables('parserObject1').parserVersion1]" } }, { "type": "Microsoft.OperationalInsights/workspaces/savedSearches", "apiVersion": "2022-10-01", - "name": "[variables('_parserName1')]", + "name": "[variables('parserObject1')._parserName1]", "location": "[parameters('workspace-location')]", "properties": { "eTag": "*", @@ -6204,15 +6317,15 @@ "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", "dependsOn": [ - "[variables('_parserId1')]" + "[variables('parserObject1')._parserId1]" ], "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", - "contentId": "[variables('_parserContentId1')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Backward Compatibility Parser for Okta SSO')]", + "contentId": "[variables('parserObject1').parserContentId1]", "kind": "Parser", - "version": "[variables('parserVersion1')]", + "version": "[variables('parserObject1').parserVersion1]", "source": { "kind": "Solution", "name": "Okta Single Sign-On", @@ -6240,7 +6353,7 @@ "contentSchemaVersion": "3.0.0", "displayName": "Okta Single Sign-On", "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation", - "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Okta Single Sign-On (SSO) solution for Microsoft Sentinel provides the capability to ingest audit and event logs into Microsoft Sentinel using the Okta API.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n

  1. Azure Monitor HTTP Data Collector API

    \n
    2. \n

  2. Azure Functions

    \n
    3. \n
\n

Data Connectors: 2, Parsers: 1, Workbooks: 1, Analytic Rules: 8, Hunting Queries: 10, Custom Azure Logic Apps Connectors: 1, Playbooks: 3

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Okta Single Sign-On (SSO) solution for Microsoft Sentinel provides the capability to ingest audit and event logs into Microsoft Sentinel using the Okta API.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n

  1. Azure Monitor HTTP Data Collector API

    \n
    2. \n

  2. Azure Functions

    \n
    3. \n
\n

Data Connectors: 2, Parsers: 1, Workbooks: 1, Analytic Rules: 9, Hunting Queries: 10, Custom Azure Logic Apps Connectors: 1, Playbooks: 3

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", @@ -6267,43 +6380,48 @@ "criteria": [ { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId1')]", - "version": "[variables('analyticRuleVersion1')]" + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId2')]", - "version": "[variables('analyticRuleVersion2')]" + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId3')]", - "version": "[variables('analyticRuleVersion3')]" + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId4')]", - "version": "[variables('analyticRuleVersion4')]" + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId5')]", - "version": "[variables('analyticRuleVersion5')]" + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId6')]", - "version": "[variables('analyticRuleVersion6')]" + "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]", + "version": "[variables('analyticRuleObject7').analyticRuleVersion7]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId7')]", - "version": "[variables('analyticRuleVersion7')]" + "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]", + "version": "[variables('analyticRuleObject8').analyticRuleVersion8]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId8')]", - "version": "[variables('analyticRuleVersion8')]" + "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]", + "version": "[variables('analyticRuleObject9').analyticRuleVersion9]" }, { "kind": "DataConnector", @@ -6313,57 +6431,57 @@ { "kind": "DataConnector", "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "version": "[variables('dataConnectorVersionConnections2')]" + "version": "[variables('dataConnectorCCPVersion')]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId1')]", - "version": "[variables('huntingQueryVersion1')]" + "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]", + "version": "[variables('huntingQueryObject1').huntingQueryVersion1]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId2')]", - "version": "[variables('huntingQueryVersion2')]" + "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]", + "version": "[variables('huntingQueryObject2').huntingQueryVersion2]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId3')]", - "version": "[variables('huntingQueryVersion3')]" + "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]", + "version": "[variables('huntingQueryObject3').huntingQueryVersion3]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId4')]", - "version": "[variables('huntingQueryVersion4')]" + "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]", + "version": "[variables('huntingQueryObject4').huntingQueryVersion4]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId5')]", - "version": "[variables('huntingQueryVersion5')]" + "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]", + "version": "[variables('huntingQueryObject5').huntingQueryVersion5]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId6')]", - "version": "[variables('huntingQueryVersion6')]" + "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]", + "version": "[variables('huntingQueryObject6').huntingQueryVersion6]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId7')]", - "version": "[variables('huntingQueryVersion7')]" + "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]", + "version": "[variables('huntingQueryObject7').huntingQueryVersion7]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId8')]", - "version": "[variables('huntingQueryVersion8')]" + "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]", + "version": "[variables('huntingQueryObject8').huntingQueryVersion8]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId9')]", - "version": "[variables('huntingQueryVersion9')]" + "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]", + "version": "[variables('huntingQueryObject9').huntingQueryVersion9]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId10')]", - "version": "[variables('huntingQueryVersion10')]" + "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]", + "version": "[variables('huntingQueryObject10').huntingQueryVersion10]" }, { "kind": "LogicAppsCustomConnector", @@ -6392,8 +6510,8 @@ }, { "kind": "Parser", - "contentId": "[variables('_parserContentId1')]", - "version": "[variables('parserVersion1')]" + "contentId": "[variables('parserObject1').parserContentId1]", + "version": "[variables('parserObject1').parserVersion1]" } ] }, @@ -6412,4 +6530,4 @@ } ], "outputs": {} -} \ No newline at end of file +} diff --git a/Solutions/Okta Single Sign-On/Package/testParameters.json b/Solutions/Okta Single Sign-On/Package/testParameters.json new file mode 100644 index 00000000000..8282fac44bd --- /dev/null +++ b/Solutions/Okta Single Sign-On/Package/testParameters.json @@ -0,0 +1,46 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "resource group name where Microsoft Sentinel is setup" + } + }, + "subscription": { + "type": "string", + "defaultValue": "[last(split(subscription().id, '/'))]", + "metadata": { + "description": "subscription id where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "Okta Single Sign-On", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } +} diff --git a/Solutions/Okta Single Sign-On/data/Solution_Okta.json b/Solutions/Okta Single Sign-On/data/Solution_Okta.json index 718e48795b8..edee999d2a1 100644 --- a/Solutions/Okta Single Sign-On/data/Solution_Okta.json +++ b/Solutions/Okta Single Sign-On/data/Solution_Okta.json @@ -11,7 +11,8 @@ "Analytic Rules/NewDeviceLocationCriticalOperation.yaml", "Analytic Rules/MFAFatigue.yaml", "Analytic Rules/HighRiskAdminActivity.yaml", - "Analytic Rules/DeviceRegistrationMaliciousIP.yaml" + "Analytic Rules/DeviceRegistrationMaliciousIP.yaml", + "Analytic Rules/UserSessionImpersonation.yaml" ], "Data Connectors": [ "Data Connectors/OktaSingleSign-On/Connector_REST_API_FunctionApp_Okta.json", From 0459db7ff290827afef9ba96e2a84c2ec3fc09f2 Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Wed, 17 Jan 2024 16:23:56 +0530 Subject: [PATCH 14/14] Update ReleaseNotes.md --- Solutions/Okta Single Sign-On/ReleaseNotes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Okta Single Sign-On/ReleaseNotes.md b/Solutions/Okta Single Sign-On/ReleaseNotes.md index 9cb22f1e92a..ceaf3712a0a 100644 --- a/Solutions/Okta Single Sign-On/ReleaseNotes.md +++ b/Solutions/Okta Single Sign-On/ReleaseNotes.md @@ -1,3 +1,3 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------------------------| -| 3.0.0 | 10-10-2023 | Manual deployment instructions updated for **Data Connector** | \ No newline at end of file +| 3.0.0 | 10-10-2023 | Manual deployment instructions updated for **Data Connector**
New **Analytic Rule** added (UserSessionImpersonation.yaml)| \ No newline at end of file