From f1e8f8f43ffac3dc511f9e40f387678af5509eba Mon Sep 17 00:00:00 2001 From: rahul0216 Date: Tue, 26 Nov 2024 15:08:50 +0530 Subject: [PATCH 1/2] Minor update to analytic rules - Updated analytic rules to handle case where certain columns are not present --- .../Analytic Rules/DeviceRegistrationMaliciousIP.yaml | 4 ++-- .../Analytic Rules/HighRiskAdminActivity.yaml | 3 ++- Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml | 4 ++-- .../Analytic Rules/NewDeviceLocationCriticalOperation.yaml | 3 ++- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/DeviceRegistrationMaliciousIP.yaml b/Solutions/Okta Single Sign-On/Analytic Rules/DeviceRegistrationMaliciousIP.yaml index 39333451b41..955d816dcbe 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/DeviceRegistrationMaliciousIP.yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/DeviceRegistrationMaliciousIP.yaml @@ -32,7 +32,7 @@ query: | let ThreatInsightEvents = OktaSSO | where eventType_s in (ThreatInsightOperations) | extend SuspiciousIP = actor_displayName_s - | project TimeGenerated, debugContext_debugData_threatDetections_s, client_userAgent_rawUserAgent_s, severity_s, outcome_result_s, eventType_s, displayMessage_s, SuspiciousIP, transaction_id_s; + | project TimeGenerated, column_ifexists('debugContext_debugData_threatDetections_s', ""), client_userAgent_rawUserAgent_s, severity_s, outcome_result_s, eventType_s, displayMessage_s, SuspiciousIP, transaction_id_s; DeviceRegistrations | join kind=inner (ThreatInsightEvents) on $left.client_ipAddress_s == $right.SuspiciousIP entityMappings: @@ -46,5 +46,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: client_ipAddress_s -version: 1.1.0 +version: 1.1.1 kind: Scheduled diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/HighRiskAdminActivity.yaml b/Solutions/Okta Single Sign-On/Analytic Rules/HighRiskAdminActivity.yaml index 8c52969ebaf..fe8cd1cfad0 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/HighRiskAdminActivity.yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/HighRiskAdminActivity.yaml @@ -27,6 +27,7 @@ query: | | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', ""), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d, authenticationContext_externalSessionId_s; let HighRiskEvents = OktaSSO | where eventType_s in ('policy.evaluate_sign_on' , 'user.session.start') + | extend debugContext_debugData_logOnlySecurityData_s = column_ifexists('debugContext_debugData_logOnlySecurityData_s', '{}') | where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).risk)).level =~ "HIGH" | where outcome_result_s =~ 'SUCCESS' | extend reasons = tostring(parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).risk)).reasons) @@ -46,5 +47,5 @@ entityMappings: columnName: client_ipAddress_s customDetails: SessionId: authenticationContext_externalSessionId_s -version: 1.1.0 +version: 1.1.1 kind: Scheduled diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml b/Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml index 2fb7023b308..6f82e31d2ac 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/MFAFatigue.yaml @@ -23,7 +23,7 @@ relevantTechniques: query: | let PushThreshold = 10; OktaSSO - | where ((eventType_s =="user.authentication.auth_via_mfa" and debugContext_debugData_factor_s == "OKTA_VERIFY_PUSH") or eventType_s == "system.push.send_factor_verify_push" or eventType_s == "user.mfa.okta_verify.deny_push") + | where ((eventType_s =="user.authentication.auth_via_mfa" and column_ifexists('debugContext_debugData_factor_s', '') == "OKTA_VERIFY_PUSH") or eventType_s == "system.push.send_factor_verify_push" or eventType_s == "user.mfa.okta_verify.deny_push") | summarize IPAddress = make_set(client_ipAddress_s,100), City = make_set(client_geographicalContext_city_s,100), successes = countif(eventType_s == "user.authentication.auth_via_mfa"), denies = countif(eventType_s == "user.mfa.okta_verify.deny_push"), @@ -45,5 +45,5 @@ entityMappings: columnName: actor_alternateId_s - identifier: DisplayName columnName: actor_displayName_s -version: 1.1.0 +version: 1.1.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml b/Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml index 14f7ea77051..15aaa067961 100644 --- a/Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml +++ b/Solutions/Okta Single Sign-On/Analytic Rules/NewDeviceLocationCriticalOperation.yaml @@ -27,6 +27,7 @@ query: | let UserLoginNewCountryDevice = OktaSSO | where eventType_s == "user.session.start" | where outcome_result_s == "SUCCESS" + | extend debugContext_debugData_logOnlySecurityData_s = column_ifexists('debugContext_debugData_logOnlySecurityData_s', '{}') | where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).["New Country"] == "POSITIVE" | where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).["New Geo-Location"] == "POSITIVE" | where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).["New Device"] == "POSITIVE" @@ -56,5 +57,5 @@ alertDetailsOverride: alertDisplayNameFormat: New Device/Location {{Location}} sign-in along with critical operation alertDescriptionFormat: | This query identifies users seen login from new geo location/country {{Location}} as well as a new device and performing critical operations -version: 1.1.0 +version: 1.1.1 kind: Scheduled From 735493f83cba2fe2c8671eb21e37aa5032c98ad0 Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Tue, 26 Nov 2024 19:06:13 +0530 Subject: [PATCH 2/2] Solution packaged --- .../Okta Single Sign-On/Package/3.1.0.zip | Bin 0 -> 51237 bytes .../Package/mainTemplate.json | 100 ++++++++---------- 2 files changed, 47 insertions(+), 53 deletions(-) create mode 100644 Solutions/Okta Single Sign-On/Package/3.1.0.zip diff --git a/Solutions/Okta Single Sign-On/Package/3.1.0.zip b/Solutions/Okta Single Sign-On/Package/3.1.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..6fa9ef11fa97fb6aec08b77c2bbb66a471e119f3 GIT binary patch literal 51237 zcmXt8V~{4nvK`yDZQI6`soD^0t)dT*nb~ay>D8V9ZkaTA9|Nx$bGpFSo0`sO8z@QPX#oRq-csb-%vem?0?OOQ zvZ<>3sZ)-A4~C&;p=N@p@EhmxPJ#lqY*vd?yM2p7Rn0#T#bDvmM+$1N9p@+t5~3UZ9$z`$dPy zNhey_#ULN^+>ic%Yl}h}BFrwTpsZ4xPjQC#iBpP;SQPO~td*D};^OW=2IRINInz2; zui{>~gpjS6rGc>_t1TS{ZOXc2eT@87IcEyQUup$IX2u@$0*;w0h-Y!^*1_j46I@&h zyG34V-lewyPMOlcWU!I!{C*Y~{FWws-IBg$In^VO2^J1lR5Jln;q}%@#Bte6g0eGNC^qkCM1^Ida|m)qV0qDeoFX6n=vJB z%!r%Ztof1}L+W)f@0tn6~_kTjk~*F3CqteK8L9spv?y5QrCbw`FW ze_JK8WU*VvGtvQBSE5}|k-9N+?Y z806{#pGl)fWDTpuV@u~aKv&(P?QZyb6vtsZOKvFX2>@h<+r;W)(0^XEsgBYqnk~%m zir0wWC#QED`eZl3Qjob#nc5}6xQaLGX?zJ{we;7*7V&jPPSf6Cy?uU>>RvJ*Rm{2M zd~4_hG!Crt>bIy*B8q@wppzKUP`aL@$)v8kQ>oBdu^p?D3KO^vNc~ov02rT#^0hZR z$UciAH*^izJ#<%Ts1f12S=%Zf%ljS>M!uYlSs4WAD@K zCNd4Jd!p@I_ePNpt-oOJ%lPYxhPj!L<;F4%byzo!SU^>R<xS}T9f1Q!#`ck7N{E5Z+X9S`qESFsj6_Ulpo-6`V zr`Sp*c){BRJM|Mn6__m1!tHG`6;JQ=@k;)=`TIXNf&X(8_#ZdaIWXnqG0vnv!r&Jq zaj-4e!(CmJ<)~xCl@*U7-b_sgN;)B+T_M|87|J6p{%D24|Bq7m|0sq3k5a4&nSR`V zD0yp7vW(gb4F>6B0lie$A=n9y&Qgbku=nD zygqxcq3=GOOK^iS z$4Xoe3eH1}J%rLWUA-`RkKD04sS|YZ!WxszjM#G5aNXZ3|LfjN0YzzNRC2fxScwx4 z+8xmA?6YdGyF6O?^VNmNUtwf$cRFT30e_V07@-n2noEl|NE8Ld!;Qc z3RCPxNaI!y0R8YaYK@SXGMvZdNSZ5~45CFq>l90ubk^n_G+);zV>g!vDN!xOXn;ms zgYBJiWeL#V$dWt{IUTde>dj(#wk&GK#?NN2qRW>;dsVtnl6yN@o==LJGcXu2;Uul+s1_-Y+8D&qJqIuzqFtdpDw1#;MqSna z0kCKPAMo}MQ2cLIGwD23!z}9(b=nM~57p{&sY|!*3^`Uyou+*pGRNdiFA4$@L|5^P z;ZawNVU6u5dA%LhOgWLwv}uYZZdvYR;{%i?NhYF2>Ud>xZ){U#YUfc`{^&R1(7wg) zq-4IaCRdD7R?JL%(-?bjITmQN5#duzdUzC*KUi~cTV}C59*i{-@{D~u^T+9^1k=m)Vx&7T_c4m zJ!7~bbng#T-2~dF#6OzJy!ZMbyn^4(ObQi)2}~N zEqi0C1sCibsWqIp7q4SVSW(!(XSL95i8g4G( zl5EN?X%@3So>?8B9z1p%Vhg7rLpx3YQ+}3@HpmG!B7{!&oYf(CTZX~|&t}MokYF`_ z7`F{CE}C7rQ*8NHB+UDn3M7ui(!lGz=fF_XFYsTfxS>CPxPr0^xS!WHa&HgV(0B@%qc1jdCNOo73_7uUpP9i_;@NfotsYH-ZP0&iM>- zDGsq(mO}O2y3TMFm)K=0(!tCCa1A)g!5kL;Gb(y&4ZH% zHb`GhUOugXvI5)pr>5vf!dpmQ-n2Ip)i{TUde$ACc`hbUrN%0V3B$5g(-_Wz12k7W zG@2#__l{sTgWVI2Jp`$i9IOk2wXTr`$!%SP!&#+h`KX#u3fv7Qzti+GwUR7;{?xF` zXK!YhlDD9(Z--Jtz?Jf6pJi)6A`Sj}lYQ^;;}bVG(Hp_XxoQFpoq1$BM9@OwjDnDnjo{bAb%)BJGaiXegYIXDt7}5J9lVq zSJ-?OLm|T7SZaWf-3l9J(}p#0!!n#~Fv6ziO9Z}nDj}3D0dS1W({hQX(Q@96LM&lJ z)t1)9V*!yb{=ATf>-ihTnnr!|j`_^VcFgW@)I?T|3_A6p1Mc%0b~yG#gfB<3_gh8v zPh@&xY7BKu8Qc4kBPX-9&vV3bc~ za9lZFLzTcS*`IDfo_vB&kW&@QmA76Tyn=OOOy`-H?@X;qX^2C$s>bPqC36XXFbr8O zT2KX?n1!TeJ32mCI6{tQ6m__JSVdJcM;0=DqT8M#64d-@26w6S5M(?)ZAVsHwECj$ z7H?gItO|^*$|H%&SV#r4HdPOvVNt{=>p0Z%$T$F4Jy}QpnHtzU%_A?*%DWj&u9@s! z1+hBc-vXnex7lUf+s?+dZ?wO5xzrG4)^K9Hy`lAgk)Q0~pB_aZ>Coc9HOw%sSFz0D zq-DFHPT4xtK)|W1bUvH@)Do}IyZ7%nZm)E0d%Ub-71dp&z+(Kd0_m)d-I!(K%v3`N ziMYW5g$sj`?48}N{J@~UZGiRc`Qb)z6%>Hdk~}6=o_|c;9jj@U?YT@W zZy+rR04Y4*lU*x@Oj6;h+mct-Ov?ScC;94NJ3c#L0CzDNWiE^sOW*PP2?+zF{*M+w zOssxSj1%?dmDKA%194Wn_zFgbJUn^aT47MHo%%WrO5)fwsf%2ZUDQc|2SK|NTE4}4|F7cyZHU@tnRWL^*Di@H{RL3nUb z5shb(@q5`n#?nPv|3=Va$gS`2w_gd!YyHH5&h~k^(r2tk(2%^oF)t<@p{~{K1vrmk zffx3Yg$`+m_6nxF(?^OyYJE68ZAU**JRm;8(_p023qcZ}twh+eN5@3H@r1o5<=#GO z%$hG^^NcnZP(hpjh@$2V>6~!pk=UB^=~cs(3D-TL*`UK^v z41SHZ(ac}=W$E0Vj!rP>)GH;~!dhf3y^ItYf~m$81oTIkHKW_`eqr#Z6z=L6lOz!r zgwiCr0SXIcKOWIxWI&Hs=x_Az$N25~1sTQp)=bNqg8GqWpYa?6BCv~q zBf7&AXAF8uwn<~cTb#k3fi_8iw@DVS9cWuFZWK&rBjFP6R8$z$vXIb-nq&V>hNg+$#q#rmM>ej^dmQF1rO*q45wYY=y}l+~bJ=J@@%I9+kF$Jl9HwS*OB%)PP`XfXHG>c= zJR1wOb#mE-5yM@Kw+Er%Wn{ZN&H=;4FDAAt-{lI>o1IY93{nttU=TA5hoR1l;1hv9 zD~{eE5((_~{ukks6}<_pyS_NnZh1d*?&&%eYfTpg;MM3Z2Tj`qwh`%{%=ZJ_JfZ?2 zv+a~is5n4y!M>w_h}1jed(3Uf_)2T!6VS!#z!-d#xW#drRIL zax~JgHCHf%pK4N^LS&bl^HP}Cp37G5~z)qI2KUy>)#y z7pbrJLym=M5(ZwY!OjF~=r2M*YSoFQ2a0m)oXG#I3(^qLbgrzf26s23?mHH^dUSk1 zT+|}2^@4T_^RF35m$&u6E#}dsbIG)OzG+ExanE1li?jo;Ik$BCSlurxT}(yVi3Gh^ z-SM3czxd`IB!I z*d?e#>-I2=cGA|=ze4I%EhXsk#@#T(3&;l+bjxw*5&>d_ig}PEwg#0oMg37;1j-#c zw|{Zv(mBwcp!#R-#%4wqQF>V|nM#W)W3%CYN>X5Sm@RNv35S;pOPb+1VPqJJpIu$J zoaeJHB~9_~h%SBfw_ViAcd69xXmqvO)~?hq#qZSD8c^5R?KKbuQ9)^HMQc%0+z80j zp$r3GlduiH6MBXfMG(A%2kJw;^gm@>&c4YnQbm?H8^k93qis#c(4K!2k)wK~SLo=;Z&>GpF^xU?Pnc&jW09N3OFN;i-!zP$^zTUC2ngziu^w`9FBgOoPcuG9;IV{q9V6Y@24T;J6 zJOY7#@kk2Sv_iZYdwwU&@mC@xMRo`^=Kq3Z4IwJrrC7O9&IAF$-gk@2743nw6Pbyi z>s)X9E3bc$JYGpofOAHk!uJg>>f;&0VH-QNwT$qZg~;(-8E#sQTU%c3EE-O5f7LcL z%~T`2{8jn_E}30;*lTQnZjZPRi(eQO?Yl{G8o|21zgCqU!V(O#``ViJ+KPFt){U?3 z6Dp@y%2n}*cK#9zKZgxhfc5KH+r@NmagcSt&;5XFuJL))+Hj@K#hdW#Q@miIsR#Ep zjtN?c0=HWQi#y)yF!ayZz!*Y*UMORqhF2r)tvet%T$));fsU96u-zs$cJYBHk0GH(g78mR}5#g{tpl{#3| z5B>h6%TM-;vZCm}i>n!BUj+Mi1V)OLska1Y4<(jZ6X5Tr6|ILd13%CoT1|0Nz5JhF z6Ij8PhAD1~C0j6DkTro_q8qdXOR*G4DRmMS1!7B@sk$u`1nAe)o+?4UT6ST{ zkNNviyruYG({EVUG`KuYv}`UZSoSqV+YFQLC=^GDq7SZFpSp|iSJaaw<5GsA8Ct|A z=^F#%RnvvJcUQA>MtV&Yw^yGc!DfDdsrf$;JPq65nWJl0i)Kh72WPCu0SWV6w1+;_ zx8eh{Iv-a0nAB+F$frVSHBw%^kJd3?7Baq9yO_ZdB`-i7wBQ9o!%;JlooYACs%3DV zVj#ykXjFm+V{h0J{I|Rz8yiO)Vqp3L1O>L|trEXDSPXBcV+qTTi0MHTaT|HUpZ$?= zh}NEQBs{wK;X(VT-T2cg9y9f|!ZU6$D3c-0DurwK-cS;+;tyH@HO|0!P0FjBhpn^ zXufO1UZeh+b?>JQ2OcQZA$6;p4HPm1Aq8z7J7~8WIAV}Vu)7Jp#>b<&Q%OvEUQ0p3 zlrjFMF^M}@pWV`Z=g6E-@kQhuhQ|p6SA9aXGpD#C^7uXOZxKVY`uqW_lZ!y;7d=n? z$Hm*gEj_-VUagB~5V$c6XOl^c(u&S1;MihuPIPk?&t(pea;E-GK^)gkeX|#KfGMv+Nf9L>&wLnx&#?6;S~MP6SXXfhIU{(#VDcQ0Q~*cYG!+ zsQ&U$>k2q=wOdpOmgrE;>Nj7*#znSiX~V{U4qo&~1;*;lu%i7wZ!l3evvGhA@!=Bp1Yn+fnzK<6e8C-DINk)RJb}=H2Am?SdY%@xg>p>Ox~6*rwKi9m!50N} z!qD+DpEX8S81yo8@nkWrIBsZ6c5ad&?0;*jS`JoF>jPteD{Ou@bcghHR+Xa|zB9nt7KVB(^^ zZXHni$bAp^dGjmc3_{ZBw(%^Z#gax#o;nnAmJ9|eFDHnnU2Pysr*TL%xE~|qn>{l~ zt;HZO?EhA#{5v46c(tY@w~q5N{K*x;Fk@Mgyp-j^g!ZRgQnuOXgd2oG-x@^6*nIE; zfd~;p_w=)+8eg~q<6Uz}19!4LBIlnfl)WQqKKmk8pIm>fAs+NE>UOs-THm-yjsC0i zzF1$26=J*%xlg4l-V{6svGZEW9bi+uJjUEB@os>e&uG4ge|mpE*Y3&WJ25hb*yhNc zi9Zv ze$IDrI{xk+0c2Ugx0O(YN3QG*|Y+rFUb2B>-#_DGknL2#2Dk z$9x)DdeYY#EH5-X_}uMph|lZo`Yf%)$0r~V)R1NZGKu=>FlFx$%Kl+%41+AX zqTjGqS5H2E?#dBkT57N-JY=0465keY_2N9M`Epr;M}ylm!ZA+DA-4>_yi&vVki&qC z@Pxy^Rbt!K=8)Oo`|bIAQG3ZDCGJw;@jAst>vr6JYs+PO%ki;k7ISxP#=x&IXY-#X z^Kcs<<}@0gAw<>UnsD6OYIDWsei@tj0^QzHX`P&O1kxCP!_7MOd+1Tb+~sY%*wl$S z1YlZu(vGYfZ18li9$Zm*|4Y1(Ho9}^6jZPD4ENTZw-ZIDb_6_3`Q5>DgL{obAn;@M z@7($0^Su`SDcz%9YvcI!=vDfZgtmt{X<1 zF{7gWRHem(A-dKOC<>-5$}I(l;81$~>H=lI*=()4T1Y=}Qng2|TJKCdh0-5^*o{lf zXE(J!;~5&*@6H{1vq3Xjyw`XZaKGln4h19d;ht?ENRGD)Dut0{d>j#Z)jT|ruPFAj zjkg6|s4EG1!WU3A?B0_kkpsr=2+dCFF4>_v4W?kj3OR%?kmO?TyO{;Sa1uzKjOdOq zj30`2Xe_R^#sXfaqRF=fK5f6-E6mdgTsJ?c!Z{6Ot~m3ad&2^E>!_Zw$xchpiljka z&!oGZi+6H97-bgC_Ebzd5(+ie^LPmo7yh&=SD7^oeU5kpF!8$(+UsHQ`@THWR+LMo z4LWoj%36nKV7)y0_#l9K_~IL&(Jb)f=>{?M1ygT$PZz9INiUvvusr#;-s5 zulZ}IH%-g!P({C8dI1q}rE?MA7eg@7E^%Mw@t;@|jJXpjUcIA{g1G)C))I^UiM8U6 zJDLEIMAQF>HEC9^>8=ppg?ebK zU#HaqV}R7?z2_}My8lXN_eY=FUv?iX8`rDLOcmOz12IFf$%(&31h{D*%P?@9a^aM? zfH89%a6MM-oUK^XIWo%iHfN577POOB1owl15qz~@KkeovsP8NPm2P?D&`j1@IdVYl zCs6u=4~M2+@evfe#MTf$>3>b3DR@n0-ldvN-T|f>SfpH-YohS=s2;2tP3)z)f3harWqnlWd1An?C zn`I+MSjmU3XH&J_K$!t0$Aeq9QhQU*EFh*bc?+ZijC~}u%OHSaOj?0xjh%oh3*tab z*g?WM#?DWfzerw3SRbuCBMX|am1O<4XL(MN_@5_QyP6{zaSGXA6Ki>?MCL$ypt2Df zS0ZgVbg9{^XM;Hdl5=_kU6888G7IlLE@J)9We#~i!H-)^`ZIzByjK_-3fvA!iMurl z)`3EdZQS!2Uuf}=j_w@79!2)%NYh1x?k$CNs$Ne2Rcqsc}yB3KnQ z9rthM8*lV1Y8wsW$KqG7#q}*wx-^68U6{p3(Vr9D@k%!5r<)(CTu8sTos&8k^{uyi z8$(Mz#h|1A>7Xl;XseIDgis2yXXB)89vS=NfAiu)kHGn4{v(12DO^PIF#X5_uG?i& z4?q695qSU1?L(b)?Cabnu_+feJA`3%*YJ~$T8)5g%y0VfyZ-pWIVw$ssyD2pKRMJ) zA;+}aoabGO^~u3!)7Q6~LwcV{2)`#eFt}+iH)@)mM|j$SSPIGexu|b4edpIFJW-p+ zM53Rk#1!0LMeYmZd|yX{J1A-N&*!}5goOH$;std;f_t*Wm@glVveRSmK($$uiP(|f zRtfCBh31JEZuI73Rwq&b*siq zU95qo&4Y~<1rX+1SiG4q;CXnW zR8}MtA)b^Ra@0_uQ@GygdUA6$+M4nIBZUwBHsaF z8Hoj zZH^rE!U_2^2(*B*n6jWLl8!hY(pFmF!ZCp9 z|5ei^grcJzX&Fy}(f4!#9k~mo6YcNLEOG-=-+p;qO32^sISrzO{&TG}Kc-O)Jg~m_~76--neK_&QJeWu_554&cJHdF$ zXz*G;gyn!GPfO!6coiGe6*w-lXRNuk7&*FO#JfAIGeo>QT!#vqP1q2ngIK~U^kL^N zOy8Q+gB54Y9w7+LMAvjOfHy#9hLW%^$b$vyk-`A;1Y=Oe1%nZ?6j#?GCi()+%WN#l z%N(ZAA1?cJ{;_;QGYBH4$czwWc!I#y8J)|NX8&ih9}MP_vRb@T50#zAMiVKROp7OJ z3X49R@_b_io`qhQiS)t|HIw#t*0ghnDiCmpzbBTM3ieJ&cpS+OgDrmXD|pdkFQ7rB z00#{ewgT38JZ_>Iy(fBLmr8VMek1Z7#6N1t0|jHcK>8Pn3_EyL)6ASqmu5OTow9OS z(wAq;33XY83#|Oyz$`!|eAl_1So|~Yj7YY_wr9io>shbf=u+8+P84-y8Ad8>Iz;aG zhMmp^Xu^t9{})=JEOxYk5T9pBv5DL-NHkzPn(`CXt#ZyBiN@hzoj)xmHvK4lQwijZ zA59DF1&jwVGuyL>!?3Gp8zbc{I+2}l*f%OAl(Guetlgn8v)zFyC?F1IdpF?YTzmPT zMlB`@2X-+C6)j~!LVoD&Y2zSS^nf*;VlCFAx-BR&QX8VdHcNJSh+RUqsdX%=93rT# zr35$Av3qce_EBO2z*Nc2f9+V{_>^2HNWnK#w_x97le|kkiPhV}HKN`d)8FMauks38 zJbm}MX@XnAN(zfhIN!E4xb5$5yNNImo~)8l1|iA6jGeCJ=Kwt}o;RKu+yt5v_z^(j zyoBFDuIHKsi8)#r9pVg`rg#e-KZJF9k$W>1_4(>>!Kj*qFXFsL@9YH@{qCg9DvJJH zC38>U(iJR>Vq6B1`05=B972w6r810* z=HeJ8s-W_irC&zcb^xlTdkRaSu>7niXE4baN3+^wj()uugB4fx#k7$Ae6jx zX^-9vJpf6XR3s*u3vV3$d);1D_=O0LdvP0FXXE7yhj|GaUiG;c@I9wgY`jZjz4Wau{(Enwb&kwETH_>?os)4Rj zhH27jkby=QORWr=B>m_4cair(ExN1n1(W)o?y4+ER4ekQyw+>~M8ccr1#=4eUuLwV zsxUC6?*Yw6jy#F7!@tnsVUWV#A+89=m|Ta7NQ7VRn30yPptQgqmeq3oqtWSpQ^AxHis`|g`lE$7@0cv% z|LQr@s#w0MOyz`_uM=gRe1(kU9uEfq0idhOcb~SU`I5tP(1@QbB?jhtO4; zmmu2=l*-NV3DTB>amf<%Ri_@hU;WF(!X*QWzIJW`h7I@k(1~3&qDoKY`|s7a#RR53 zSu(;Q{0O{Vmbro3)Ti4*TR5TQ+cjX-ti*c)@xTxmBvy!T&VZ86nv_q|b8yg!ps=0{ zR^t-1Rvrvhq79hCM6zOYJw>lORYVXwY3z@t% z#`nTz@6cL&c~Rn~^bDf~D6nFwQjZXZr*Ty= zbq3)_RdJw0M(_71i#-P4a;}Yl>+rNKA>>X8wDeVECkM_9;6@aw0<=wP6N}aX9#m5Z z>1Y+~=7b5OpoVSOGSE*;C2<%Xq#n7I*_cM&jEBCa>{Y-jITnjXiX>ruV?7Mme+#N87fi%BuZu4ofH<+8k#3k* z@Co4=SHKhTOYmzw$I~KeO;XQ9kT*j0g-tx@cF5^{hS9f=&dF2onTZb$EaH8eHVUO< z@y{ld062H`mkE6#{~(Q^!q&vfkIw(@{^Pi)LR?;ch)y6Ayc^*5uf1_}aM*S}%y&rA z8LOsVDRD0VIGrU=ymI3mfVTeF* zlT1Kx4kP_0sH1KL;ct)zPwvfwn?}Z+s~DpO`ZlU)U!p-SvNtsV$9@9f)o5&TSfY)F zz+UHIzXP?NFmf3jgF-XO9SCxGvj;0(20TRLna!rGe@Vt(3-bO=a=6y>cP}K}AaH@a zbU&l4hb%gZUAb0tCZxnyWi<&d=g&~c9lyoQ30#5>^HU1@dE?1oHt|I}DHewJ@tOY9%;o zHqpiz3SRINc}TtsKMwxqW1Oabz^e_@_oD(!b5#v5{C1<+^PHF`)$!hR683Q}zw79( zpxR8<%AuTkY+3?Fs=MaxrBLE(h28S(|H){i6ccyJ~OytW;tJ^H$|) z-^Ea#PoL?Dp*2=l^EPl%e&%IDBu<*7?wP&1Pm1mBUbkNr?G0Lg^9y|@RMxx9qdxZ< zn1lZP#D&4Eg;0nem0?fd$Av(OAAW`(_KFWaZhO#+3bP3!Vf0E!{GfAo$Z*?;_1pj{ z_$>CVRH5isFYp)V?W;a{wZE$jZsPD|)wIz2!)~G*d8&Q)Xg#n&;3Mht-J-@c-0$7m z`%&foG|$&R!~Bh!^P_;_AZO&$~9A>0|^0n&=H=N%VTlnf=;3Rqx7l&b~gd!k`U6j1%{pq}k4^Sf)GL^q-p7BGc# z$X#B)6}X-MylLpUv6#1wp6-(3ps4pvnY$j{i}K#8C-ozJ+c0r1=N~7bA>Nc9F-!{l zBD}9Fo>@A3TPYBz-(d6uwbS?NF*_?WNuef8rzZ3zetxb52 zSa?|=l<2*(zjH+2ui57sh5>W)Wu5vMA@kORdY|Nvj2V;fdF5s+zx+eH{-S;+WBzmB zxh?D%zCV@T1V{JGJy7F3HboBIonf*1=)v*ci`%;=M_@-`XoxEDMgHWj&I4rE?&vb$ zKww+@t<$93e`IRhfEAfrwe7&?!IAr|Eyqu6?(NDUSVJfb#caM_PPwd#DDw(BR)QtZ&=C)e>VOS(PKzq4Y|^4HsR$F|D5 zkrtT>jXuR>oI0aCq|K?4>H22~lVitvFC3E1g$IPm(|bq5ldU73e6DRQ!!JpT^}%to zD;eS`QvATb0|1KBH$Dy}mqY8VM=g&h7i889Jl&&D-quiv?nI8GlyewZ5E%oNrK;(f zs)Xcz=aB|kfLzps_s*z=q4cCOmLl6x zwGm`)$t$^E9dZ~r<+^RhO!nBtg_3huVOdXN2fp((C<*w5W)q4W?4H^kH3}#^jHq;p z6xSfxtOsqDS!tPE;ZjZztI+1M7geZv5qD%qYfC5ykf#JdvaJy5PX6XZ%X)vr&|f%( z*}}T-R9cQ?NnH`6B!C2Rm$RFGLEo=AVd7i5Su>DR#Ik6Fy)(i9glh&4^}q5q)8K%` z%GGWpbVLRlh8W4kpF-B=a z78tFm(oehGy@+m@eOdSg=u$t6KJ2W`M&QZ0S4DlyL$s4Wwd9jOb2f>=;rd>m$20GY z?YexO1XqXlX>>A_=D{#mvC?B}%spx9vM3vU!m9Zn2H8i4%tGJS9rG{cF;EudOgCNl z8PUQ>nQsnW6v&6yj()A5M5&J5Sy0@9g?8O07tSFELToU{ zlVQoHlFU?!po$2N6yreDxc?xOi%C5+h6K`625CiUlpXWeRZDUPw1{=WfhK=2L zt{?ewagz^d+p4rxn4BAu66>S7>I1yz$&@vh_p;YaMw0mTO%0Wc@j!c2G%iMmiC=e#7&Q39=a7xx2*P{4Paom1mejksUVXWJ<);66EuKP z1KkKdQNE5I7_Y1d<-yu{vPTu8H$b6_L;Y>psF7>a+_=ZMf3yJ_6IEum(oxQb10}2R z&*QeOp-%%Ilcn*QFh2Y5gT|?iJv1!UF?DfBtE-Buc#E7xePDVyXFj93viHLcU+fPs zJ>G5t`flxrzuKFGDVxM8zig4xg1}RSA4G?_R_EoRtOd(aq;H#aTULEpT!N++0cfrq zE+e5}y@-5vJCXtje?k%e$VL+R3|8~!u*dY$^}ged?obN@ZsAFq`rsfGO0fZzc3B{n z{F*t7GX1X#7NJeFzsq#p$@&|Ec31WB7Xq|2N^PhHn~0L<@~c%r>*SI($uknLAcnf? zn7r~MTe;?X{Yjv~$b~9)j>Wb3tmQy0RUvBzXyULS+VK{^V24MekX9ceClNEw?d`!eYsw(*O^$^hG& zAMFw#2`u2W1_G5>!rTd_WJhV6`SGRuDb75fqkgH*8jES=kl|!r=+Lekpa4Mk5Dl3 z{!Oc6`!;2w5@7Jz?y}%|`|l^(^~?Z%DHAWFb0u$YtX%1zOH??)U(|8J(%g90)yLy2 zx|b0Gf~H=gS|B!3H#Ixw%T++`ThFeYjQ=V+26j&%>ghe{79# zdmR>liW=n%3ilYH-G@Nvcrii!-U=`m;6gYZ2Xn^e&5Cm(7BeDP0)!u(y_$|*t8qkh>0(p@b)0B$5EKAZhE{SBigz%=_BcV8N3ux*<1Dtjjrx~Eeiw`V3vKp52Mu8pmF*FltytcC}o78h;1Oh4316_0$ML10J zJPB!5wOdrHrl6Vqw25oqEh+6m9g{@Ql4}x&t&YFWug8Kq$0COTV1eREXY`sJaLF)- zPp7D?QO0Mu^p2QKslZ>!hM}&~y|jv*wfbfq$_UQ#N>=mheE{bHt-V2#umh z(4-`fPKpyP2j5JLaWR~JDWcHBtZ5qvPrAY?S{|on#odkMM^uWpQ$H0KL^>un+jEOt%d8+_KUQE8DKfd&!N&Diea zwU(DN-ci^3I$$^&VaSuIW?tuS$hck2tlR9Vd9yyJ;!eZU*g!H8fTLPlCePRIRQGJl z=kFs)NPaP9a?_&Z#?dyLq*mz{Q)9OY>M+>u4R0f;uETjsaAO}JZ7Q6QfJF+FLw-wR zb8_PQ?zpO9pzb49%3f1M5RFN)EQk&|Ei5zva`LUCZV2->+PXEE0+wjSIoNs&VoeX@S=1zC1t=xpzt)7Yonwy0=f!W_#H z(My3Ur@o;Xb!Gl??U7tO{3jNKv?So|AP7b%JXQ^P^HQ&$zvg}_u0RC{O6R4spr;63 zjEmS4=l_~E<<vq|+rDd| zimyJCAM^~tgPPkD=B81P|J>lnp?f6J{pD1?!piIC%lN7X2KO;EG7+&E+ za8^t~>FE^UjvLPdUj19qpKJccY4y0idWrGqAr?GWqZ>d26=?stavEz|)i=!`{LJzc#rCAYmFDF+^r37pt@%rkdf*}eQB zig{@Dy@&#T-7xstppRkq+Ka^toONES7fdq3_W?$fKKR-4KEWoxhwwCMNvy7>YR{3h zI4x+9<1vXDsnie{hjiS7^4lere-|CvK)?ka@3i*QxVJ~m{$2bcj|MgBjJ0eM4-+aP zh?rXwr$;}$e0E8uyic=8J8JY>C;HWrS-&aBDK|2CdWA3d@s^$EW=6&2c*YDA4E1bc{yFZy*ISqjgn#PsH&=KG z?OW^x&~HQI-4V_6yaYz5SZM0)e(d zY%VGM<)|0^vCdt#+1_;4n`Zqf!SqI8J;JXuo)?XXZEn1W^r6gl^u8mZ$<>}nwv(@v zyPG_O9v+t0{NIUerpfie`fuM8n85frPb2eNn%Dlv-qpKO>f>(WPP%updnd^1K45P= zE70y=3wr#w$QgHc#vLcn452^r&SG`$ZL7Ou(La`cs~N|=zi3$P#J|9FO)zHRM#y1yueRa!J?PtKCId+H}avXHpz04fS}{y$0+oI2H%y2YRMea zH})aA&N14?QC`+Q6zHP2^X5HT^ZH+%E$}-99uWJoh6ZENF~; z`-NFG+E^5F1I$Ghc0;j7JQ&Uw8YZ)SyHYH-Fx#%ixfc(2xB`21%fd7s!YC$hQrw-~sgbA9vq z?T)A4664am=!C~*WdmdwPV|RVUG~59YLageEkvtZ;1SwRI>%Gv0W4a}ji88Z*oE2& zgP!da@%i3648+5~^zr6ewNtTH=0kgg8^Up?>Np~YKZ^RaIxqz6H?K4-7+-QfaB}Nb z?+}!#UH!n_qlt+kD&7vgRRHZKUCTuc_&4PERl)IhtomPihfV`b?F=ELb{cT3*0ruK zhE#84Q{n(pLf!}vK!d^O&Sz1fO zir2@Og-vDh_(`)1)>$_I#<0jLSgnt5{vZ7Sxnk2jqS(~iZHX`U$MvF?Uf(@~aiyg& zV0}@*gvQE^?~#;him(ch=&2WV<#E>A>s4@l##vvlgtOy|@GN`RS~bCqE91jSAq6J} zh3SJ$|LZdY7cIpb&S46vI3Aq9U+?d;d#Kk(R=bQg$OQzOUU8eIrPK)I&9>(K#*sgG z)inA5iKlWL>gsi*bXWJ%ag;!0dMh%x;Rs9p=lOSM3)YfT4yR=rd>^y!D&6_2%?$ zVcDi+Q@E)Sl5W6J_;yIoIJGU+8Qa6 zE+1HJIKXWncjuxTWe*q@r=KjB_!C`TZ&+c!#Q#zxN5i`G^-e`8Qaj|6yNd$G4VQN$ zlM0sl@qgf_dKZ;St=Idtg$iQb#!=*K&L21r3(cGza>3^vp*ERzajDY z!6*tdr*=qHTn-?Q5z+*(+?_6><c#4nNZynOs_>6UfWVw;rjyRJe;Pi&XK8mvL7V0R<$yIgIXsEpTZjT!lx z_kL!L6_ILNO#SScsp%Oc>nGIF?1PHa2^gZEY{@#NhSDUIJ_@&7Sbe|_Le&pM^o+w& z!J$4ecy-2vpp~VnILBb2?SKI1CcY>)hWQlMVGXgJ^*!Bg(b*1Sx~ie1kad0@uw!f~ zL})=johp|i-_iSGy!dq-Tq}6m*6c#GZ3gGaN2x7h~S5SQSR zYcAON7b%3q_T5n1J_gLX@dUany}KvybHi}2i$A@BQgO!=`stL_jky;M8kmgz-%?i$Er#p3=egCb| zOt;7x6*C(&(}iYwM1y=ZG?R$+;#i3{g)zyQ4k+>djvP-x4vly{nDRp-InJXx$Qdgb zn?c85EnqHkAOuh$GvN!f5D_|(%j>RCm0fublHo(vZ82W&~P*kO|DlimbU;Mccp#X+`YD8$|etlU) zC>w$ZWjBb>S`eZ71Qt_a>+#`VB+}qp<3eu1Gb&~`xR47M%6@!YsE+cRkd*RvDW_B- z=5LA;;fOZl!v~J$9PmafZJ}@81>FI1-la%fS$MGsWuWec+lFt7WL^031#Spboe_jN z1$P9a5l~3z5wVfT7JHu@E)4(UfV6B8PEL^|IaLHHgS>3eo!&+7-_!tZ;MnoIL@ANE zBhWa0>iyuTa()9xeLgrU>${)LzA+r-u}ZxW92LZa7sF8j#NP^zinviS$Zp^$Te%G! zwSl8PARHA{sjLb|#oms8E^sPU2D}nP3(l__f z1xc_b?gc&o=1yT|7uFxDM*&Iod^}L38Tja66G;LxpF8Rv#8!QVD7|JxVbmRt35WaZ-iF|@!-XHbpY|V!mA_NPX^fyUTrJ4!K*iT z^#{bOqbikE@#<(+`sV_v190jZG{-ZAcp>|(I%JEPQY zsWU3(Hz>6WrOtnRlp0AkWnO_waDq1nsm((G35;wu=9`8j(l!K!U^8&G^RkXriHW_~ zjy>~3h{)+`_LN%8UVN~cHQ<uAS`-L;4^MNC9mwLSxWi7k_O*3MdRU zJm_pcN?9w$jI?dtF_2Lr9fQOA9ASIQ;e>8EN3o5IXAB$-&u~AV=tn^swMAiWuFLpY zQ1qP-8EuSac28H~w#B#-!=w-r;}{gnsKQyV7;@k>qxQYz-xZH(37w&F(6<}Xh$o81 zL(@10mimKYM$%3?$L;zkBaAgW((Un$e1^h_2vC3UIRY0ev}1@N;bu1=(>+u?CVDSH zJ&pjH9|9O^3|w!h9TdDu*@g)I4O;-YVG;BUD7G_@CW!f6>JGI9veBb`_VV=(ENV(xTVghSlqY}TrPy-$9EwZn3$yS@LvYYFkTR$tW&12d;0-i@iUE!T*yPKOs(9^tGpoZ;X?AY?R&zCk^7ki*eEb;%|kMM%=3#WH&ge zt=tAD-Qc7j5GReQR93}FV_Sru3mgq#-=_vgSMJxB1xHIE;Am+Bj;;?JZAl7u*=c=i zT+}UaM#a(w7j@yHrH_w`;)e4k+<>GTE`Y7qghWO7jk~EV-VFgp@tnXY&;8De+CDGe zF$B^1ogx_NK7mW_9>5%DdjD>QV(%NRfgk_fe1wL`sz?sKG@#afS>aiLzcCb;k@?h! z2sHmRN5CXV!6yv&I|Zvz`$NEJaMD>{LqUX8H2l`uTP7!}#Bq#@6gBQQ6J2QLP51BkyBm>bc+FvxDeTwA#fn7aXUKOmSJ zRjI5B=EgB&KNpT0z`0M2Yup5x3@FrdCMp5qr8>jf0> zi6q`xjY4SfB4gbrWqkm&835vr^}T}w;{zCoO(uQ7&+TRGbDMm{0H@4mkVP+2g1VVU zj?lg2udV$E@S{;OFg+auce{2LINL`34?6oJnZ&vEjzb=Bi*_)+>a0RoGm$t1G+A+e zWB?Yq(ik4u82~|=K^lxoz`;43wr~)qyrhUo?NH>aXiGt5QsfUahu-;BbD$BFRbR{a zCX;^06nx3?#aA4;U!wIJFGl!NL1fTTGVV!+Jq3u5GKqR!R@#-gTt3jP5xtlamb^i92|v`ROTS{AM^q8m>S?R;8AA;^qF)rW5${q1!lM+ zA&YQubu0QABzT{qRx{c9F!0j zt@bQNz@sES&<-U#Q5=P z6OIdzlU5S;4NI*bUv zgYCB-z$&;q_Tljuzn&j)h8d8u#s z%w+o=l!rSmdTIDS&T)WG@EWi*n(pPEm(?E=xD4N+LqR>pE}epgJ#|4Zm+~D=R0Szd zQ*3+$C4%4?a)zhiI%UYA9HTiPKZ{e*cEpW!G(MxM63gSQ5nlAIy}VPK8qgQq-wgrs zKu~sJT=C2=@4*bYii z_(5$O`3c+KCOyG^0QeU=6lR}_bY^!1*V-mQ!HFe8#v_zZAd}tYg@LL@lc30$=>g{E z`F*a>{4juEK3~`Xf}al%#5)&nJ0hKWV@S|zYw$*xU@#kAj0y&le=A%t@+Q?Fyg>$S zn~_pD9b`o@oh&av^)pXQ|WXIRA}; zYY_*k_(YO_UccvX{DHFQH=NxvYBf4@<#)=jS-YWJvHuwa`MQ`VnaZKgC60lH5F*q_ z^H(>o?|jPtw9Bza84pC&@#za0#dVt0Y<~qdz*)<;4U1x7&AE(xkP4lGT+q|XH;R895rl1KX1E3&hJnk47 zP_Gvu1M5R8V1PYpgf*Gwu!#00i@xhgU?Z1n`?k(mG^|+-Ue$0x(j7cbOV0wE=0(A` zaqhxVnumIGgb{YDb@oT0jdRrxY@4lYBxOR%TB^kOGhC4@>IJJ2QZDi!I)^Xnz(pLg zP>$4|WL^Pw9qD=!*qr6szD;r#^=j6#Rg&OEffpS(^tJ_*;{NUI9vFp@)hGVxMc3Tn zRxB$q;s(^JX;k^?1JYiBL6XI!Xqk80HXa+~Z4cbp)_cq1^D&VE>MqQ(<@QbjZL=%8 zZDt!nXR{n;75Z7PFW^(GCxF9t{^`jOmz1vPzh_BXAe~Nt zowevcI``1;y^X0VvYdhHV?7v!b-oIQJUWC6chraGGIU0F>eLzVMD5KAPV)nub!Jq; z$E1-YFqsdaph*&n)kC$7!#hYyV)(ZqN6}q((7f?wr1=eIP!~DyZPs4xm-fSL}^KuyuTFY`q|9u7p`#~u$oargnlKERE&VV(NQkxJfQD8lj-aa*=A zyZ{4*5xI&akX7fxI#D4zY`@TWYCkFqr>K9 z?eaotHIm6>x$~$UH6OXkeM$$%Ppy1jFDp-bou`_tCi8pAtX%F0^~YAF@uVLzO1Ynb z&$@+ShbvB*y{w)UO4G5dY1~wA@mJ67PCd7`C#TzdDg)%wwETQkNcJkz@;sZ-m0E6E z5mWkLSWMm)*_-<@YGvj^sGVPSb7CvQ<%^Gx?Q!LJHakD8TwFcy4W+wROg8$19X zJR5Q4=cN1$SvG&@_n3ZVcsfbgxnr{!#APs@)^o6TvNO<(Z$bnTR(XA@d_>R#Pu z%bnAy*ym=|+o?Y3KX&Tl=Iwn~IAU7aX;!G`4%OuRT&DYj2j!%4T1&N+hiUH&RAfas zRj;p#Jyq?>m$zkhDmR~JokK?2yKhN)^Q`&MNT)9++1zYA%jS!R6)w}Nu|+MbW(Mu^ zljcM6?0LdJoUy0kLqjWSY^jnvn|DsQ>hSon{mge}pqVM3j?8J8A*_kG}ljMM{O!h_!cRx6KoQ~$X zcB$BB=hCUP*U|Z0Wh|D8HyrzTbdfA+g}obY)_5-T_1692U|hJ}>n2b7P)|3w%!PE{ z%}=lQ%E#BVJe3Q@>)F|~T)dsq@{OD=Ukp#1Bjt)cdOlO9_wA>`Lzf%m9(20Mm9Db$ zZatHKpw+B&25ZK)A|j$A!8kRg;2NEs0Vi zC8j%cu~xr&;@JL!q;coP^U8DQ`KZ;{6Zxa`_06n(bJFFmhNqnoQ)@|dcLa{oCC{eK>+{F^oAb%+WUOmtK^$qP7rj}A&RvV$VXdjP zy46RzJ7k9C`n=3sGPC2kob18r%nvWZY#GBPp30&Z+7@_cy%!!PiB?-YALTZs`=dMS^D16t}(x+9}60N zQRuZ&&D)#K@EU$lZ{JU8P)}WQhldvr`eb@oJ-p@5A08__n;A7zkH>p(e(bv8I6jEQ~G|c-Oh63+U&mCIWI%DTpX4kE_3No^XhCbKR%U@Du++w zt6?&|Cl=JR)=gEJqdj$Jx-IrZI(e&E`vUqG)?{a3jrc^98!| zTszJRS7)PIHkFB>zqRk~=7r1O*PS-N6)%_ z?XEJr2d9(%!^8cY%RX~Ag;PD*ublG5t5)SmRdRBZE43f=Gd((y%vkLc+JC^v1 z%EKgASpyeU@GBfd_bSEaLNTAg21s=Ox8kFKTCxPCZJABy?IOMRf+ z*3Rp_vy*9c^d!s4lk8!&bkx#sSn=>YJ#F;I-GVf%CHJnoox?0&95j@}J-U>-Y1fjM ztbSE$A3l|a+4)m4)hwJ}K20w!uP$bj=Hp{uAvv?Sa#Zw~2)!r57}Bgqd%xjP&;2RY`l&OHuFboE;8((1I88n!Rag?fV?3<~vY znm%q{CQrKTMV4c)^jR}Gl$hzLF+3VPT-?vN3HLar)vlU{ySu{+x_5SZrd+ghG@Ut2 zb%)CAqCRTRN16J~MJmglUyLrE_sXD9sUGzXPaCbqJzS4YN6GVsUU*QeoyV~-l^gBe z;dQ5&trl-f8r?n`JtVW&hevSgb&H4T(+Yi>-Mf;yz4OQXUZ;AMx*B!nLUDFfQO=vS z+uCfFK9&ymhL5+|XLV9ZRU7vw<;m=yzZ-;}ulPvw9+&-N@GviuPzj+)s&$;<*c9N@Ur~TBZnUp7$p(g7msp??XtR%Zv zN5xAe*FOT6Gy499oi;O_UM1bvuC7ng;8411oRv<}G#EXn4zJpD=2nF}6t*y{GeaRG z9Zs&wgG#4a=EQFK__-pKC)w#Kd)w|duAXY;T2+*Kigr_}X<|vJr1xsdV}D9NoSqGP z%ROQf*K;oL^toq(Y&l zJ=YoeLC76lJ~HP=Lcf_hp3_fP{CN&4q;kE(NzJpPy`fytq{cK=ZQo~(wNbC!6=s9I z!wOtTXOr2{`O`IXT6`4l3rERr?lF_8s*iW$tTxP_mz*7z3!DzoQ!nwmS=cXldH#t z)=&8}yAt$D86)b$I!e^wh*rDR8V1R~4d)U|YdbWxl)M*}7^ zy{&L!GXr;7-F{D^t9+p`K1p>OBPgAZx9RrtpbXR_(4DtNSs^8;X=cbjNw`ZG-u8do=q^uAPhI1vZQ!=8L8G2{Ew+B_o+rK88>k<8>ehquYmWB#_7W|`hi<%oY$ zY7!>FY{iPf{qi9XFKz4N-nuv%KG&Rc9IBhG5m#|jvAvgLfYc7D}w zvU{_xeBPbbRQa%yk_z-`sy#c_9#S*0Q@Ot{7kl05*%No$D+?TZqK|trU4hE=<_xY& z&-qF5Id>~D{j(k|&mW{L=w%_F*va8zvNUUsd-Z3zJnAd_+08X8!M%qlUOm9=8-0E{ zyUiD&{Z=_0sZ;U(xk1lQRr;AbdZeqP@`)ss?xB@8&bMGEPOHRIXP zUOYQ|Y!5F7rNf)N{va#aaqB60DNl~artyhXq zSM$zg^YZaZn2CFrV6M+j_AX?peWkbP=7>H!k;Gx@@cg(rlx~Le+O1F+$sLZZ?^WCR z(eXW}-oq`demb1znzKUt=4t}>ArHzRdBkN(x8v4GKjjZ+a=PB5j|xnwz??w?ZzLS) zqvmBNf8J!cqcW@0H9dJ!0j+E|%W(gHd*8agdDK@b>0x@cQM4P4mrGdwSjY_4U`N>D&y4`x|Q?^_RoR!RHh6&8zj}!;9|a z?fZil?>~AC)7$-Y_NLw4|N67heW|INAKdoqO?%xNUJm!)zStRmK5gDiKDAGFU!7|9 zrO`ULT|e1;VOfVy^^L>LpPyduobHUK+sE(rKU^G4hC3e)r-O@&jd$wlm*blk>$dZy zJv}k^^#(A-)}FouyW>;8-+8lfeqvsozd1U2eQBIue0XAGHCJhf`nw_-<^fzdqRAH;(yr^ULJWX??a% zcWJ9Yg_9;`~321^F%*8I{$gI^ZLurF9$dNqb-ugxv%TxQx;c9K?hU|rbKHL2JwJS{ zwchr>ZnQoezin-JpWlF4t(|YYZXP%Nr}pvJtzX*t#^K?cqru2)pG=?XZ(jQ^+qb)u z+tyHTy5{Dg{bq969yzbI_XqyqeB=1VufcfN{qSmMaP;o>=K5lAbk^^D8oqot9$uZF zf85wt-`g$gNZq$TpY}hF)i0lS8dE^VKvBCr`1Rq+P%VtDW}C(+^**#_p^4 z`$vP5liROP_5F*<`g?cSdHrti^yK==_ult^HTIwWJh;(!IxX|V=f>5~4?7#~&Fz(Q zYVGvj46oj|x3}F*XYJLXe|+=KTHASXy>35kZu@8LH`C4G&HMIILv5UNzjn6VhWhm9 z#*5c44qyH{`_jMNIQ-l>y*S$(_SY`=Z#T|=uKS~P^=z~C@%RIz-&|e1-d^+f zr~5~p_4O~4wQa|Fd+~L+(|A2?Uw&||x4yhTI(gCEIk|kh`C`z$`SSDq=TBE>Uv2=v zgBPE!PH(S$pa<=r+`Q_q?dTh4!x!75FWN6%cSjpXr(Juie|zCywf8N{XdJx#Jbb!y z-tJnvH`>L~_Rht*v#(wJ0$R|=jn>YG7y7~V(~Vtc?c=Y}MrYTzn%$kQHTXR4>|c(* zjBVq5af>!)o(t%eX%|KwSTid)sAn*Pd{khf%e62-2SxQH(rhG_iwL1 zzuU229j>o`_~jmdXxpF9E*r1koc>fVZa%#F@b2pC&q+r;9cv9^>%IAP%i0{i)2xH_ zTj%n#`=$A5JUV!LiuPEAW-_imT_J6MsVVd z{Zjf=n{f;PdWwss)=(#AHtKp&`6OKw7wlHv#aA{Ao-}5`CA| zE=iBHV~UptbqfMGGsb7!at?}M&Kg<5Z|ZvOdC8?_jJ`3`a2NLOI-*>>Th1 zFw5)?{Jk3+5?+&?N+PFBn7jD9IpHR=EeUoFUc5E#cELONn+l9-L}}vkqJU1iBpjeC z;dhP&EUIiB-kCL!yApCW#VbSXYEB%49ZQ5CM(2wNOb5N%Nta&QBYLYp>JPU_9^3;HXU<&f%1Pd0< zU#_pra-lE4ZF0YOfiqC-f_Mq0Uou+gP2zjP3I2QmeBh2{(?}jsi04x#GH^CNS<3-` zKcEjuu?T;p@iBJ#fXkhX9Q%H@%{%mc#h$|8dU`u;%DHZnHW!K^78pr9$uyHgW*jmq zK+3avNJg0aX5ai}(j*Lm&rd^nriVJlF-<>S^4@R_&AEih%}{Qxj40tm@50a(Spd|r z$TTBU&AXXV=h$KdlaL=oY7?S{g-Im2lqJ&&z4*T1BtpJ;f8>G2%0U`AK1MG++#hgA z#OG80@EoWBv*p!4_;UvvC!p(lm#3@%l#r=eO)?s!zD{|W1{-_zEOE1jcTZO6d?4fD zG><6JB9kZPy0vS>yHfm;awWO**=Ehp?-$@Ey5L|fn|`HVDWuCc&dELqL-F_HK>oLGkH z84Au)fbehX%JN5)NhZu+7}1UeJ~`$aXn7a{Avh{X)`{GHK_Br=q{+1MW}yz1H!EYv z`|@VZa!mh_y;%r&jdf|k!f$`9TWbbdctlPt1`G6D{ttFwA@>c=j|Xo>7TzF_%b&$~ zvSvfcBl2cN99awI#L8pt-{EPYynYjzSScs)fm&VUfLTiAfj@J!gC$Q;9=Mb9e*H8{ z-r{*`?%(YTu!0=FMID@v*YOMKWf5J!wy9m*uSXotpfFm3>6eU_XzGl6!VH;2VdStt zl#HJ$Vt^UlGc?E6U*0cDf&x6nk;B4KGKz>AffMT76Nbnfl#i!JMX0dIY=tu4zMfl65t1ZyocAtw*XFwRp$Y^+AgY*r{v4{Ca zXVe%1RN2TfCaUYh^ziqBuKnQiEE@^%HY3hL*hE?-*vsYEu;?BMFukLoQhC+Tgzou!MiH3> zMO86nkO8D@`^$F?!zYy|?*&V=5ax{fU=)zD88;5WxqIYvz=tVjvI3CeQwX>B^B>y>PQ>ejRsFJYx)?F}3u28`brTGOk|~Bx~_K3jPbxHV|YNYgp#M&~7x#Xpka< zX?(mk!TI2-D;oK)Xq*zfW2r%pf?tDZq`9LOOS%+^gQZcN%T zn9Zt3jM`Jw_8kYHDKko$VdGN6$Cl!7peO;{(2b7=2{axRZ6{I)nuLYYO$ncv;l^8C zR8c#G)#p>?#G|iepu*}95@OW^Y*kjG=68b@aDe8zeO=J47hea-d()B*t(>=(3;UM~ zdY23MPiOF+#!;Qi^;y`Tc|WkRe@cTW*D%Muf`Y+KQd4=@Ix0z9_Xk7+$yc~foi4qr}6+j1zuB1S9)~AGP0tMAGqFAooA;G zU!7;qexBU{Y{SLux=VLmDe?&o49BIz&UTKX!QmQs&nv2BDKyAS@noi5$(gYEA1r6E zn$!3P{R<^cj)H-UCU54<7?AQ-KQ+eArSZzy9<8 zDs5dS0&)hytAasn<0|lcK(Og!7TL$R|2I*|o0z;uw2uK9PiYbw;#%EeF)`exPQk?bvPSOXe<~t9G2UO7m?2PU{ zdf)&NOpaXKxf8Za1|DF_&6kw2Bpk2_De*M&BZHZKiAc$R;lCu5oY2$uJcXzu8DHgZ zWJ}`W(y(>M&6iiYBy60cPZz`mGw%|yk*};%+3cd5qo5Cq3+eJs(s;;O;;A%5uoa&2 z<3YZ(lQbd<)UGKF8S(lx1u&AYaLuC$XDgOXr^K+Y+?jN8gtgJJ&y4F_iDKshAezJ+ zfD98y9Og<)RVt7;19|SMDlwK6!Z8OtO`puUqrpQTeev+GgaVe-`&Sz!d`9Y;DT7->E$?IYUE zMf~!ObESV1C@1oh%OP<+!^+8aD*jmU$7uJ8Kj!^v#UE#wTzq1Ph0TFAqU$XcYZP^_ zSffPuiZ$l_YQ-97m>jP(_B>dlUHq`_ZdqfIOv!)-H^jBf}p0qldr80VoQAr7+6h2IyEo`OQd=MUmlw#FY}` z*^L(cjw`(0gj3EOkn1U>-I{`rcFz zne`2{JPc{_%e@!e4|jCAtML#1rAlDK$&G!Gd4ESHfj7eg6l^^}GLx!Mo-^w>p6>&? z@L6${G=A0rn2@tE|ir?6-3kotA<==dHIw2c?CM zNOK2m6h39*Q)r$Wyai)33Z4qwJx2D!KOx^@p;Kc7G9>mDyr7y>hiCFDt#&}`@(eZLT@o(DD&zok!mtl$Tv*pl?>j_Yk zt9odUON&E?mDvUr{bKn_T)y-UrNAtmn_*$KP_%0K6En$FJH|rz)lzA(Gg9s0 z9fN|-XYl70jeI}nl13+A5=LOMiX(X2{!X!hvTWc>{zZs8oOFp;$eD4Z6g=ch6(VOa z5%GN=L>~Y4qqhMErtA6n@;H@f_Fz9GoI+u1Fa)4vlMqt&{UQeOn4)+Ire88z3{>Uv z-f$vSWRv}P5Q>62mQ5phg@BN@}Zlzmb)GdBT8<#L!qq@IOIb3l!3rIVOu8RWsbc(S5EcvH#g>7hTl zf**@qiY*mMNF3(B2wV6X>>X^tT*++bDwkP7`tZFQFVWGtazaI5DZU6iC>?Xg8idFq zNBcb}VMYbEay2q+MVq=VSdj23b_b-xvS`6vnXw8FBW|da>K&!TWBJB-B16@vlSx$% zH}irbi`)U=0p(+tx|F0wk1fU_Kr#ckVtR^cYt~c;n+ceVZ~@@_fey10tj3ZTZXM8` z#9lgziiUDrz$wB8{z&z4D}U|@1 z>>C5qHZ#&$*4ihB%3CA#Hg$O2bz;J%!UZHmH!@T`O^pc%x;^zrj%(hgU85)hxtNWK zVGQw5*bU5`>JR=@eRWva<(&9V>_Hqm37~@oeP?Q}<2eI=^_a>!)jG62b2#$72B7r| zZ=!03*PyzJ*8qY-)m2|jE-xgHbI^qB+tymERbOku|0b?+X&P6YE|e0!ebXFUQ~hNI z9l_`8u+`F&m8C{F-!56|V6saqWP~N?jL_PXiPxEWzBBGPwr#+u&ic}d0*?}xy$O(y z?3V!6Z~BgNai}-ZXO^CTAC832G%}zl1=4||Ohi7xRUT^auqW)yDk8LVhqe%oabeo1 zy9fu|PM6`L@up1HRQOHLnYxd)9`hsdyJa9l=u^NNJGm1H}OBYIp%s(apiYK&rQjbav3n4zvpJOmn7S*wr`| z7~dhh+)UWtM!ngrx3}h)q;0-;d_GrUw`X&8jl-1!8<&6U zh{JWsw>Uzwb_i7l)l%qJ<4t~~ED-YtOV)rZY8UFzc$>lrXq$6BFADZFc^`v|_I^*r z39svWBt^LWGMNb5hw$kxieqBtyS};>U7lGuI_>*52ScyvrUwUp&#=<8=HwG6uA@)2 zv{}X*CMIjn&^L$lp}h#5Q5p-j%q)5hnJ3l3m=MOKUb9|b+u-Uop+3Wbgbv-E7#dun zRs<6@%h6~uirTl(Bxm&?+9cXhHztOyd&hQkN7ud?*8n0o?Nfuw%4IkFbx9UWKyTvC z2dGIa%2J9>M%Ny1GB}QChcSyAa(SV;6*mzfq1Rv9uBnXsU_KUb}( zA%|$5c*-~}ND<_`#fFomCohOADv&KIl(3;R?;DCJS$aF3e==+Vez(hCa^d zIQWV=Ob6itUB<(N52u-llZZ%!G25^R7Kqr5n0QNQUwEWpJ;q&F znq1;oVKu1ArHu~NI*qmYa*eJ9BiEbJae+?T53mpIO@)21{A88=^H2wzu|a7P2eHF0 zktd)JlozmND2GCJ`pM`w@T#^aChE;X!XZ>HK)obH3MgC;8_3|4s%)^AtypoJV1I$Ncd<-@=(xQI1@AyMaj4L>XOC)swMkJ`nZAO zAds{veM9Mv;bKMnI90@dVnuw)$xF;|jqwEfJ&r{obMl19JitFsfW-B$=2m?T{MY1J zHUT?ez)5lpzF8E}z`n^5Vxdza0FcnMH#v@|_%6MhBff%lwJq?(2B2JWUEZ_MQ0wk!2q|dDlo(jfl@twa*VneQXh z%$`RQBU1;;aGfqZRp}{-Km{4A%~0X5BQ1=#sDfe6GfsdM_Iv=eA3E3*9{58fz7@y< z&fzsj)bL0sd6Zeh&Qf3CUJ3}Nd*cC5vH+UZvgF>bjm3urvA=tEq z#!qDq9E2u)N7>8?UQ9taeQCq5avjCcdLgbsArHxE;qr7ly!jd1mxzaeAB5B3*}lP4 zk~VM?9<}jzLWa#7!pDj>8RzFQj!5IT%j2a4w%>4=KDkdL!|ow!=}~g&nZ)4kA=4I2 zyXQ_Vqj#lxJu;%9_m)pwbV;jsf{&(pj&0pMk%ABC(IH6!G9Ce*n(FGEOtZ2+*ZPj0 znWwv^sg~7OwTs@=MgEEB|G+!N9rE;}Yb`(do#JOt4GS7&UX6_yIay5^A@rP;K`b#X zJ^2>3aF>33V+;(yItwQPO9d5$(SV6HD52CTq2#``oP(IvtQ`dS5D)->U-jy}SBBqf z6CX-`nk(@je)8|%mT;`;(hu-!$X?N(t^vibPC-~okNWz9hz-nT zT|SqhOM_ssLELDiU8X;9+@7Ioqq=K)7dJgJe9tvB18C2BZ{RxPoLbH9P(v9(Mn=Tz)po~Nkxt__rk>7G$e3fp^MJ+$NBe8?_g|jxI`;5y zooJ%d_ScG!&0R?sm(JM4Ix)ie0SEq^W50a7@lFf?=yJN~Z&}0$-6FJzxXk zw!t=x%|9QM(bG2*Eca`0~0DY98oE)T8P( zI#>soi{_SFx|gO`P&JMD%)%)TXAmQ0DGfk7n~rTM4M~RhNm%tWl5|ck7i8^{dZ?en zl0!%X!QG{{Lgp6=Ok6e%fN<*QyzHJP&t$io2?l1I*;x`l#+;c&Slj{b`%IPuRX;Rm z=Ijy)D4LCJhRZI=TW|&pnpQ^s*isNfBBeUeeGT7NQ4j;tY6J7FAnW5ZpmhG0v<9hg z?*+(6hgZt@LoM4Ac&3df=0O7xvtm?atVfqZO0ddvWz-zV8z8C-@+BY$$P@tZy(v_M zfF%*LM04AK=tHus9R8%TbNG|JzZshlV)o2ImnzOFCbRp?vU=3mW}H0|*%gC+A&YRP zKKvd~=w@7yj2#MpX4P^^pc(lDfaGIkuULYkQ$7urfWs^jW}O~k;xcPZM6b+;>h?Uxa zG?rtWLi+R^@e!D|l; zqu8-2iBqw^{(jLH;vw6BlM4u7FEf;q_9Tbp7b_uN@T9k#G!n^&+)K&XVO5erRe{AT zrd8f`n)JnFML;bP2VZ&sAm_W>cwoucb7nvqy!*iJofO#F5l78kEN@o)<%GRsaHd_b z1)AiIZQGpKww*Va*w)0F*tTs>Jh5%t$;7sE^PO{U)%|xL)voGV`^SE&c2{?=y&C>3 zOYpLN0-}33lO2paTdH(lG#zW_SvbxWvmK#t;)bm~#LH5Ihd6%-!lPVMK0Q8lh=@PH zh9O7|!Y$bZt!ZWlBYl9rngy*Ptc%G>4|5m$z7Gb%BZQB>&tA<#GtCu9nBwiB`TQ3= zZy7wToJOYu5*)<VjO z#FRviXS8B0wKh%glZ6?U>77Hy0}<&Z!hfx|(+LFcF^#tcy6f7@gQN;o;bRr16gjvQ z;i?}JC{hWMN1G1>LwG^^$$Yhpg@X|G+|Z-12oNlnrv?iAq0QAuo~|4_630_}>6n=| znn9K%@@#4M>Ktoy9Zp{oY3LfO$24ddtLI2Xa?}DQ4^_+TOJu59Zd9<@c?eg}wTz+| zCl5uxl+U$LNVNZDv-6vCA&2+!Sp>{OcK1jZdbJoxLs7z%jFQ*khXc$;@RwC>38rKl zN^;QIkG7YEyLD0*<7E}wLxvbA9&i&cX;|lR=Q*URLK^a68U!6tt0?Apg8_ST z*5thz8)+&y%PInvgQ)Js-z}p87)-C-e{h`i24>mN1STHXBou~9uc?H{nOTqb@lT4S zuuwDlXrI=`v)QFX=cP~m+VvlGOOe3K0=F*@ltk?`h0mIJPT^)teEDx8ST3zw*^+>L zU+^#A%p~IbMY#Tuo8*PCu-b3~Xk46NV=hAk@^OERVc_8!C5jMawI@7o;4+z02W|W_ z!siHjT51=06z)+cbrjF0G$|Ljy)^Y`DmtPIO&Yd>(Na2A*3A!SAhi27I;!e)Qu}*0 z>z7jN>v%ya=}+`*X~6pwE7aUmO+ZYx)NpfkE^bArqO%@$Gk0S$+AwQ=sc1RfW;rJ_ z`+U0RSY-L1j*gt2ph1;PMFr{1)Z5U1*!Z=9T$Y1`iPtI9gr(xG`v7SZ@W&9OH1$8# zm1r%Jo&<}FB=f3X$3i&T5pk8eCP3o0r9pS#?pcOw;D8Bi~R?4 zK=lXO%2%Q!Ab%ucQGEp!y#+Q}+(?N+n_N%H(>vby%9|b@SF`@pgm$e@M)l~!)7mz{ zxRP!kbR5kEs6YT@XcQQ&ih!pil|+A$;re1)Ct}yV+tO1IaZo6T;goADO1d=u8od4) zp&L4oDAVugA)5vgklkx6MB-iH28tUy!Q5eQxt1Dolqu@|V8Y}g?3Ah?e2FalvthcB z25TYtN<}+mF10v5@k`3ESrj6CRd%JcBG3$Eb@un+$#?6cY@v*0=^f$LU6#zKQG&04nO?>gsxqv>!aN3s84$Goo`!fA16?Rs-c-i~hx;2UnuJZcub^DLt$$%h>%Y+a@Uy}P)lhsg-{4S7FBB@+r-jD zd_7ycwg(TJW`UpeYgRRX#O*oQcepCiyr=;}LdlzTR{r7PyzhtIuOvE&bgEC1?hY=e zyd8DE!>?kv?>qAb*NMjbgLsMabSs8JY3`KtIr*S4r#!}Jo}U(orp{s|_x5poUZ1hv zJ4xm`xJ->WX&N#+dK0W5GCQE2vORs5$LB*yUqRQs+xEP{Q*FfP-@_~`RF{V~RzDzoR9GM=j z6F=z>&EKTzxIM&5)@5~k+Mb6_>P(mN|5_B+1OP@b6rZFp!*Qoi=SW-U$71&mUpQYu zSOiZ;15*Jq!+`lBf~R0nsD32zAxtCymcujC-!aj(#JN@d87}#IdpQXq|Lrf)*?7fgv8?vR(l; z4mpJ(ga$QZGY%>SDdJB~wbRP|MTF1IZ=WFp3r>OXv(Rv%=h>^+dLR|GIOhw6+?tr zEf{fGo}VV7$~MDDebj=OZS3h!g^>sAeXTy2y_py-#XGi#UHhCPkCMLq*5f7o;*kr` z(72Zle}s=4Z|viXq<`TRJz86}pgy3a5%$-5lH04!v`r;wi%_~YfOBf}WwT+GVr*Bx zgYavx45)H9&Q9-vt4{1qHBb2GZ-PKH`Y&7&E{+@>Y)Py$tGyZaf@nJ6<#x|xiq7x@ zrWc5Xo^aG{brf|vGAWFr3CdBUST=^A*?~@KO_WcO=CJ2O`Cd}8Hlc4qG4RR*V2#^7 zpLF{y&q`S(Us&Qk{v1##~NzF1ru_%M7X4Wl^B@}qAx+fUCx?@5h2F5A2&&3`LDmFxF z;~B3LFOR56>G1bSiz94iq-szrukq4&p_8j3llHo^*d=0?YAlf$0Pn1gXTt@A@hnPv zuw4nKq$X!Z)eKr=dQ9bc-aaN0DN zEWIJWZ*jH7Kz)tbUlF8_9kmepmsAEE5w0zJK;(cnePN3(G6{yA2~{%jyXL`}2}g&r zXi5p|3QC}GB(YCv#?huSV2{%l>@i7TX@(DuI%$^z`k`|I!4E7x zlIc7C#xNTAco^~z>e8>&u|@hMsfB+6;O3ttj@*GBpsdl7?`tUL9&DqL;V}af{xI|1 zL906OIr`o}OYNM7g19Ohiyv(H27pcL=3!@Yr-tGZ6ybJBc|bSYa_P)^pNBTN3)y}SpUi6 z0(C-q2bl+9h{1J=Lzu(apFlkv4mAvTck6E|Vwny$XXV&mGEo;>(*vCk&5|q;&L0SH zu(Lo-YILC1EWxBTd?|>N9)K#YqSBS%7{O&5G|iGLRVkRG23OGtk4#Ux1hWLl!^%7i z{wjgCRBX85VVt2Im&T*>5HOHWiLStj{Nhi*76?}KF#t{DjhQP&xDYQl|QZ^#^TGv?7JvtVt|`ms3azNFv( z@2i?@rgDd&k-N*;Q;j7}p%nPhDecj9=n#e{wugTlwNeD^HU3RS3$@ zU}u)`K&Qt&hLi)Xwq%WF&LFS^ZhLIb;;sTH!^HM1f5oy!0 zA<%wnlVFL#2CNy@2#t^(AiF-b-J-V{t1MS8Px>90~IUpthK?W-*=C9Z(?#md&*qGSJ z*y*K}-*Jc?T>s@=-y@#n^;|rfb?!-d5$ZRzQP>*iW@g5O`d>*4Nv^Yt{JV1?1+LiI zDYHP&yft4jsqE&kg&Iu0q=-0c;lV4MWww=k6x;p{mGit)sfQksZXC7_8q=r#j&?iYs4rxdOzwYH~XP~4sSa296m!R+O~$%$!6$J)eH-u zZ0$75%U?1sAkljI3S8MdbNkEE!o$rV{-cRy{o0$)*mR)nkZ(CCtNc#g*yOa$aQP&q zh>FhnZZ0v>81EgW-p7pN>_5_2{D@I+I^^Y0Y1%yt z0N+oUHlQ_SH0R#8g3WJxzHRKk{CPYpS!Ie-JpqBkJ0DqOcvtj|H5*c8&(DrWvG7m< z#d0$RosGN8T%ownem#wojY>@&k{NuRgbg@{wTZP)es|xwR03B>RcS)czDjxP_v#eK z5u83MjKgu80ApuXN)4rYVs9}0R_V-*(s;usWbQ|5{t#fNh3#7oZ&TD(^6A4!Sjd*P zfTOZ<))vg8;646&n+GX`ephBj>*wBWG5Uq`>CiaSAD(a`m_(3F_k z#q@W|ViwBbOhy$XCz!IaO0@oE$-puGM_ow6JO`FE3vaD-D{Hye9YBtT zOP^cQQYOO}%3{tC6hiDj^)5A;^dpycbz=t^JuISif+l_H;;)#;gm`zCfHlsj9F@PIlS`7%h{f2 z3D=39K}l^1^g>$HC-VeLH-YfO;=p%-+lpu9ej|ZmDYKeMVB<(0w`_dx9?XP0M!sgy z1_i{10$6c)i=;POc#T_1K0mB63O_or>~pA)NfDNqh&3!+qSm*%nrD z;I=|PUJnd}-S5F`%q#$Pi;gM~?n-#6uab5*ypGjv!+CVq_BH)te}xxYUA(X~M@6zN z)(DDN&wm3HtZcRaXt-_#`hbR;DV3Ybmpp^GIzLJHaFq2UwBtM-CXu_=!8wx@5_>G4 zC2Q}D(u2Jgo%~jR)86bRSYx8n`;iZX&{5#cLDV(w4LLY2VV`#qRw3e3mnV`d#$ZH# zs3g>Q(ZFRzZJ##52Y;HIYpQ|{sse&Aiz^2PNnQ03OlC-yK0u0y3EDtD1`b_Q-%`7$ zY#0X6Lf4O@*P*Oh;sd!e$$ch;#RTp|x=u-vcF6M&E5sJ@A}cY*B|_nCa6v;)PZ1g= ziSywpX5+x7d^2@LxFn`sl7Fv5^f?a6YRbL9YGdJ*#4C6!auIP&!8@Fp&S>0}ND67M z1w^DEUvkFDoN{8%yo?ove6IOl{FZed>8KChU;3+Y$*JUxQ04yHuJ)@HSpntjf0Q7J zy~zzX&>ovNOLWIU>FW|jZVMI&w?_YzWy*Q_myu1`L}DP1afSvdR6zX+F7xQbG!l7Q zPv+AU=p`3tv-2+`8W#O5Sx;L$2%3({J;#5^jlZLTJPWuvUt}&=kmnBrL*~BjkC|a4MF!$Q z`Oa$*53n>l&($O7$&mR~339W_9{MA?mZ7602J*SC4Zs~OvqbDMgGX3#B6^n zvq?bKnZJ z!Tz1KhMJ$SxXshxtH8H*f3Lmu&A2%;F*5`peK?zkw{!i<-~&D4lD$$|@6Qt4+$w2~rTN;K$d zbH7t`kC5qWR;JygU-^;ItgkDkj^xtrdh=4bKq0vhYqykSd@$!`waV~kvLSs4}f|xePY5N&oV7J&@-E6zoj6m&b$Z-iDYAm!2bqbKjfARjEPCKVT zH&Gm+z#pmigOTh+)e@=<0?7euf5w?PLBSGJ$qH~3MZSI|#?xf`fo>Y!`#YOg8Y%HY zZ4}dG)LWY-o-^U3;h3@opcYgo$Z{tVCJGA{)iF_UChpe6pd^xco@lBdklE*9Blbr{ z<+ltaH3OOK>Bk`(KQRvO3j*uBm|1%P7dLUNT;Tf*>0SPWf6v((S+0r!4Z3r<#=Bf*9B^sk`H{u9plbvMK&C5_ zj-A*gL|rTK)Bt$`eW=hs20ef($&gg6A+1^7TFRPTxxcAk-%nVyTJVtPe5V71*$bAL zZ>08+I;69b0a88nY;Z(1WW`qqtX6vnq0T=>^XQ-|s))^WC%H&f+U={pj2Bi6WfUQgsX&(WU` z;9ny$Vs8P z`oZ}$6s$~@z}MWq;4Ee8A);iZ@Mw*6R*+TWT8ss~shY(ltHtGv>u#7D(18=w1sgIt z8fw0_`hhByR5d!d!`4QT6Tgy@P>4`N%y`qhhRjcvQkIYWF8}|F>R#0iDhzTHtI1!% zy4A5-byLpQ3$u9}zk6c+9oXkqdbz9dkqWmWzVY5uXa7H|RqPML;2)|i`yGS$r}h-1%_&Q&w>OL|J; zgzLv~ehD#G8V=68ho*yu(@=ndU%f6)EofwWSzXieHK%&vc3cpl#y+bJgE;;&NG>FN zkKE17|Hgdj{Z&?X{}c0>-xb49kJ?g|6-545&tUFkr2u_1Zw%9CFgO^+edtZsaX48f zks#nX5TeqOvKn^m;lzen$=T~wiGr=dMdjwdA#g65GLFq{EYH6jH@RX5}lENyv7ts%Ob~XP~>w zKYp`>FA1)+gE(KE0LPfAX~5NdL%PAggz(F$Di+ z-#Uz1EI{Ex&_2!Fu$KO`Q+Di}SD7#!g@Q(8;zj-+)REunrL9N>H0jWG;R z7F_u2V^jgZsz{%~Z<3;E9Gp1F*!!%nnKFJTW!)TBGf$|YZVe{QK?gH@K>tZ#Dh*(Y zjnjl+UK8}ZCs?er?v=`NOQPor5IS@x7GaZ0mt{TVCWfeDgjtZwB*XTz`rLy4rnA9O zjLIV>g%JFv@Tjwj(i;xD!^oo#wi%QyyC6~X_w^?ns`E(xXZQ3BLk|HeHQv?=!Ki_* zQjP+g1iaGAphJa0e{SZSQclr-+@hZTf_(S2e`t?RvX0oEVQ_+J9PP5~ox`z!Ei!^8 z#4;@$CIh)pgutbnkVAUhS-JNgY6DA>fCJg>)Ay%b4Yl-#_W_p7c^>*p%l)QM#|fCN zTHo96&VZT}8Sh}f_vzqi@?G(UXQIlq?=dupkVva18Igav$R%bTx*T(BL+I771Ks+p zS2%7&6y7$-bEr3AOVT;;`aTD_vAMNswdl6+Y33seI}T%G|@ z(XUgUqn!aeZ7yY7#hCGUt38DAs0m_(mcm0;xk_@c?geBWGf7#1l~g9mm0j(;YvWCB zF5$kv$U~ms3XpRkaSrX`IY8z1qfn2;GcQShJ>Ti}-W|s548Eq64G)FvOb&Uc zbz$7|Z~0y`vFsEjuMw@GYZEAbZQ-w8bX3k`d-C1(;qC7AFVLvl8*HgKZ2*h(xx}T1 zdwoz|cf5WszvybyZ-;Vh&2vh1k1|hZzWj8TKG2Mob}0H4ALBeQsh%^?iOm;0d0c)T zs%=xR*^^vDzAFFj@;HiE5F;?q(;(QibhVzY<(Z5*a5IBTA1JDB`UkvonGksSayo`* z7L)i%Gu&7{mWxPem!Nq_J^&*+AA6CFC@VdkSf1oueyZ=VixeB4sFqY1$x|HQ7QRr zzY5CEhBod$*W2kR<|!QWz9N7uFQoX0LGWKmJ3GI+V~CWVU(jrKla2Vx?^HIM^$1!b zce<`ow2pIP-wHvHP%d6;g&`ILO zw6;P=B1qA6*bQ{6_!B)-2L527bl%!K!%lLa!hEgjRoEo=XbXWP!V%~i15qO9`eUp+ zw(K`7nhZhSVaw)1NH~taE!Y;%If(JY8ouK2^$5u3pZX6UCyQ6YRg8lN|41LL-u5N? zYk(VqnEpmd;OJVMKu^arW(UmUv+&#X@&1WyeK!M?DoBE{h0{=mo1iNXWBaD&UA{Fo z#~k=vap(JOI%q(D3=^tN>-b9oFkwnLU=uYUp_Lae_-fWJ@0iqlRoPYr*CZVdqoZH6bO2ymaO3+ zExehfz$Yf{#k3gZ(|dWl&8V-T?0jhwjuO{!CF-PO-4#QDFx&ZeyM!T;x!-3+;q?l=`(-w8okG+d<|FKb+*?{LQHhl&(MXa`H>VmVI#`Q>>D5jkxT}n zO`gDafNu>r6dwrlph@14cQ1XbHRHfKk)QDkL9#JNb2AZ_C4GRNo9A=Bdp6Ct^7@z& z95~u|WBmIpbNwV+dtr3sB3%Jx7TnF&BD8wm1SXLor+!|4t6BgTA5@z8V38Lw@GXTA zR|5%<98Pigv6=Aei|wriTLhd~kOM0x;xpdkTXc@sQ4v{#*F8_5ZV`ljU8Mu|*X|7l z8%7)L)3-)uyguh5jCeK1ndIKrRj~9)L{9j8uXUm6&KnJhqGDp;?ufRH%iR{2(K}5b{fRy*_Zmft_aW5nnf0lZvg^$G#r7C5qjCAd4kLR-O z*G#eE-CA|68qo0Ai$nvVoKaETZ@CKzGW0?i9u_E?RK189Tqh6@8pn4-cbuB#H$_Yl zPl#%}>G>l>h|)?q8yoMJr%ywYh0~0^+Vp&=xDegB^5#;k^p0|-ZyM|DRr20FgJ@K(!q?Z zx9+3#yk3Bp8!WIee#YXrOSpV4)u%MJ5BYOdk;$-F_Q%$?=@bu-_sr$mt-Gshb#3*M zlQYwL9S zsn^x1y-ClHTwi69iO^eiL)>ESNwTgX4!`hzNIH5kl$(60HR%3W`hr=v7~#iOGVP{w_qE6aJBoiYU$4!Bzgn`3|Wf@<)(ovNOavWK?sV8#YPJ!6!& zD`|9x#tz%6P{sKs;_N&cMcHN%5c`9|=l80429rUF?RrmGo>!(rOBr2^C*h7e)7eYk zx(|-O^v`EI2^`}Meyn)*-oq2Fs+Dow+El96 zs1l6T5iqj^I+ZmC!iH~QP5&CQC`#hesW&e1`##p%TkeI3iAi=#RUPk;_>RRPdTf0R zPLfLLN8?4EI@sKE&gnO|*sNhjbf;YF4Of(5VG47Wg9)$}!4@8;E^oDf{R|Ap0@`!o z(d)w6n#HkLm6d(wKq`tsLDiMmIZ1rCOU{0eBCNBFsNC2nOlk4{Jtz2bAZ%^UQ2rsE1d;mwygT>a=MTE_%S@n8T^$lqhuJF5z_4 zqO?nC<%;Pqzc%V25D$Vi0F?Z()I%(YE~>IW4PGbom!CcL$)3ipe$aE;O?f;z=afOi zBeK+`VN2QO30IPGJabUM3^v%0rzwyuIoTI%JIYslwsD^80xxui=0d#V8-Ghp&#~j< zgboXbT-5gwB_EllgQvt6M5hRhm_f|!v+x<%vT=ANc^sXIfMc-6cPoMsiJt)g1Zh|c zgT^>mT)zN`c>&rq6!ZiOCR&+n%;d89{0@ojU$4=1r=V(aw0OdUFlvebIfO6-JCcrx zF=?7$2*4parV7fE9ry}1&m}?yyYNgreXJ73!2ksJ$yfy3uepEX$--u|-+e~LZ{CS` z?zQ*L81;lh6wdX9EReDR#7;X)>wzd>{Ldzf?f9Rvh9MhofH7|nKTr~q51ZWbg_dRU zU9`$!ANP;5b)*e?YVp+Bl$o_%Y<1{@u){{Ob+}sMwnj#K))NQuYxcq<@xPO`Z{Q<2`6h0@ey`=7mZOPE;)8QnG%nRb~AMp(#^`# z8oBn0wle~t+h8;3&$^#)A6*7|4GVtJ=Ymoxom0v(b?P!lZ$S^?GWD<$Bg{y|$b>6= zeQm9GSrev}RVNe0Hg>>6mHG+O68Ff|)&uFkd!~K$iOgDM zlm7G!M&N-MV|-;(|JF+GVw0uwS>;zJ{!&#yt{~Ewl@;Kgwf!Xs!DKqp6-qQ<$&Vdq z?9I9S{6Ohs@1)qtc3%SuScBK2m`bm-G{apVO6LhG{35EcMA_eE?4fK8NZ#VTMjtPA zrOQ7AtrenVU!aF*0p?lyGa_S7(qhp!UO^%2_ zPa?-jS7El4N=)bAYV{#nTG6+JR~5ulhH;YJ`B|;$)|>9!g%Sp9I5}l=6#T0NaKM#l zaqi(KL=Giko9INPKtd3<`Yg$stz92oP9$6J(-%EhV@XJrV$vPH|8mW!OZa=H_vmlT z6~wFi+>%SrHUFiyJD`9+sQW?pXe?6Iq#!wwJ*raA2mW)1z0>7<<=v%FkU-^mhDfPv zc+EiI8jgGeBkaQBtOYN@=LpwN!xMQr8|5~v zfswy}2Ex1FD;D2S8CJTP$2If>p#0?Z6VI={3epcrcl-Wz+KC}K#)cW!4#nfJ zqB+#ZAt>By57KeXWSgRuU3o7c^m;YXUhp$mBUvgtMd(!QHjNK(1%JFOzE9YGI0Noo zhfplWnBWGC*mP_*8jm_kBe*f`y`MrUjl0k+uunoDOR zKQT^n8vT$=a%!e-8|QOmmTVdY6KoaLXYg%;B$+-P86UNdbd@PaF5(z*kL^vWw)VTr z()T8000MDDgNZSUB{{(QE@$XU@9}R%bay<_@2@0NkbVxXD2Uwq;Ab&rKb5aN^r zUyB@B+E`lFQv*9{?t9!b;)&&N#=_c9NLeMM+ueU$B}~2rgR^Bse#Vhl(-VV2Ubpg6 zBa5qBdL+#dnX_0Ydljiz#H?QvN_6jI-+k0fCbb*6pjd$IlK+dP%7ndd$5^B9FxkOh zSJ2D;@z{b3wT%j|ESwZag(E>?+6DF?wm_g2>BW~!vFIB0)Kjl$BXemOO}UvAg(Tyg zp61w!rC~v8W)}9h>|2k?#yvzA6<4tyYb_jQQPLpka*1af1d-P)0Sb&TA$z-;`>c(k2C@Pr+EXk~GW5xCur&XypHn#9h}&oH)8rN6We7bxI0z6@gQ^^YHVmP=k49&VXkg}^Gr0CeU#3RKEu@6$ z#f5Qkj-chkUU*o`1gNEYGFH8zjv^AI)vBVrE@Dv}KiFU181ooG`gg9LV(j_eDuq8) z6zKD?afMRxuxs{sVVUZZ{EfAyF!-uZ@Bn%Fz30DrsB3r7o^vk6m?jRct~jvY|5GKP zDYdvDMM&yaGX)RX+AlG*={G@q{yIbN3c13Cly8;7>a`XE|NOIrD?#!KK~m>vm3JbV z*0EUk+4;!nQIIF;%f8S}=ENt86EJ*=;1|Wp{UD-C0FY3i6z#qKVRJMl(Od>4;Qy&| zoqG+(lt`e|VG~3cCOoftyx@;6Me3e4aAw6M&m=xIQBzZ+ZrLf+GHd`1lSbVqxf!_P zw@UqmY4$042cH7rxy(IvN1REdBPyR=Hb8}Bh7bb&>b*3uQ`d`}W5Vt%nb{|YAI5`M z;->Xv$2X3%ghB|9R}agi&o0FpWH1U0&D5HZ$L|T!GVD-D` zsc7IHK?lSM zrCbu}Bz3}2f_Un4WaF^;5Ep5DqY;o3aIu&6!zy|BAa`oLoIQZ?cf37bW}n(qJ)1{p z()X{2I^)cqJ?kEzosjNd1r{Y9JAx5#CJrOWG2RUY4H8n`P&TnYATW!}93;v;YR|rIBYrY*aqtcwDmvla@lVDdk*}vWO;aKA;!g@zYF-K3$D-#6A zuOek92Af4;%OH#nB}s#CVOlSio96~|GZ2SgXt_I{BYa|gAS9VJBt4HPO4qig@T-5< z+)4yOW%Dndh>TuPaafR9{QTVep+uN;#B)>Yx0FcH(w#LB=wyA<_w)B! zaRV_mI)4s&g7TG<0m6ac1q40D4u4Rj*Ph7Y4^@^iv$qJhh+nf^@==2kLP#H!7zldaRO84pSyZV6!Qp{X%TUl4%6{G z#SO{K9-*B7Q9xOcl@Jw5)W^b=$G%?Aov675Jzp~)?n*Dc;NrS5x(Jn z|AQ0%FWmndPVf!Cm;7Hi(KlS<8~zagKk$WNRF?$yI+c2kO!az7CE2Bj{^)nC86W>n z+(9)3cQO34T-o6)#UY3 z_dQW;v-J1Z54q2UYswyVW<;e$c^AHUFq;Xmz?Q>}^WuvLwc*iD$N+M&VoLrD_HYQ$ zh!52yTQh^U9Nz#y%A+F*7HUSDp1rM@k0~1_{pCL)1%|_Yn^)S5UH>E1-uR6ybgL#& zXYnD$kr>=)An^3sjN&-9fFPxP_+p-l9i`)b8Tq|P-932Gu`>s#()B^dxiwXz=f(1ehV*Jb0(AgAd zDQ0SBX=mwdX>a$#%E{gisD=OnRX!zd{@*L(M{Vxn4hI4X{vY^%KASpcG3y+dpWQuO zfL&J<-fPnYwodR&%q{78a9-(+8}dOTN@$Dl=2o(BSm{;AHqb|{$Js~e$1KrPvvJn+ zA*WTEwQ>sOgWX-X%c9?3ce&WsKDGg^VIF5F)|1uplZCxKn9kj!~$nqVl zuvlis%E~X0%CBUQx^6@)00f5nYX+Z=W9+fP!4fljZXFPufMmIURUM#zi(ce^AMgZa zsuJSNGUUj$#QT?Xgk44#z*`);u^yqh^>2#1TpCEhsPT z?cq61Nee)k;KK0n%hFi@E>{#C?*Tef!C8~GjvxEdzY;b& z-&C}2jxTjNBEUHVESWJfvHK(WDH_OEt7L+spOLz{hwmy( zP#87Cj=*R!=f=Y6Xo>UV{h8=j>P<>!sUbynPab7D%m-I&O3W`uzrzlR%%VLK=Qo@V zsf8OvJEG*tjVKUjHp@x}uzw7LAcYCSaW;U)F7>aNIKU>AfR~(pqr%0EYVCHr>QWHN zFT`l3)fYtVq;;fytYGFY@X9k#Wql* zPs=dk)tubZ#a9H;F|_56Bj52nP?La=D6-iTd5M!5pHs8s4I7A(1pG1ebmt_!7%n6P z;gc`}m7$M9G|tNdOM$oG#t#oADgUmxv-iV@@Iu5Ld&8;>PdpaI^XfJL)X-kX{2?<>sRvxgx<4*pP-Q5(2+p-OAN+reRUPflgnJK zvjPQ*1CSr7oB5_Uc(W~qtNad z@`i}8_wXBQhkp;(Om6w<`jxX-kxC{z#Vw?^jE)ZAng$AVe}n4ypckz$KVO!!IJw+j z?}vIzucI}KIWa)mnKaDEXzDGuHdw5{J_kkh^d@dm(2QD(P*gL+GjSEwo^y8k;kwej zV#XM}Ch+!8WV_GE<>zKZFWYL76*FBkI-v*@?YuuWH-=>MYs*>ykl$aUwKfea_>7ra zq9&&8LY$Ca5k8^>hu*MLZVaW?QsC7u@X64!b?Uf!38K0WC)$#r{2#hniX{-Qi-A!9 zsD)YX$5{{ejuR8m{t2Q>g%gk=ntG59kD}*6rQ3{dLn#EO#j)tesP_H;gtU0van)-J zBsNReihjab9+0E9W;O=jdkg!{(#mokAC)!xei9?Vg77u*RJta8-3#8v$VyiENi34d z_DuGB^y4FibYrNNtC(t(m+>Y;RK1B3AgRKzm^DS5+S6bVNN0&h!q2No94pk1RvcjC zn%brJaOdYp9uj&IG8uufg1J;dTl)m=IYNSZ3FgFq&Rs~6v+~+6r>$JxJBDOm>K)lu zPMtpOEUZw*O<=S&RO|m1s31ejGU6>oG4%G6Y^Tj)ii2-=qn*2M1-nPnjLmTyCfeR^ z?_OSi>-y_|AMR2Z5p--3>Of|mR|mYXLmHWKzOtJ#U_PetNMY=R%oP;I~4LsSQv7f3f2P=GPXwB>6f zfD79ie&ScDX&_-45bjSeTcPD7S{ZwW7$3Ui94fncGy0U}My>N1Y-f7C*G{K*E#9M9 zr8mCtS+_q8*QUF8@syQa8tOUX@CaybYP2b_{~{%w9sTCm-W_a`;6j!We6KcDYojt0MGHu!jA!`Fbo2 zm8<#F4$Ga(^2}0Ocb>z!Q%0^H%FjwinaKzm)ppbzM1d}R*9@np*hWH1gMKL+0asXl zqQrJLaN0EB?hj8nWksjXK5I2988jVbEHu>Zp6o^(3sMSl>&{H6%vj11_0whsd9@g= zI6uDpbeh<-Dm5lTt4YbFH$m&iM$KWN0Vr+?`#1e_q{2BN915O+~apoBLL(%|Hx#``)IbO_+?m+wsc_r~?`^4-iFBP?|?2T5MMb734-;6bR<0v8O@ z(oE`RXj!rE3{3|L)Cx-6?DVvNL&V@gaPO>^N5sDLbRLxa)3pO*4&U;zAB;gUaALMc z1%TyE!+zoY@GO;&$$Fn;3d~6G0WkMZzscUpwFypN8kx&)f1XC~S2iQpFjDP!U@{yS z#FyfOgkP_N-B zn*~tIV5|%p5e8Wp1375|a~W6p$k{z)T_BTL}@>L*8B*b^PW`-CHOo)G4$Op?k3pqN_1+aXL+1dstO>ZyT+MZGQkAti=w`NjJc@P{@KMbqY9q1@9Ohs5Rs4v8lAW96E?thKV?lhF#W2*0|ujE90as^Z0+Eis7}WhUc< zW~>cFnFSzup@ng}e#oyvE&>(kaQW(B?wdS#WY6iciinukm(8hQc+ux2t5$x{2K;)% zIhN@Zx#LYVqo~21+rB`an?A7F;!QeCLJ*D9Au}Q;I{`uP8JcCYbFC{O^vZQ5E& ztfGZvDQ!kph$Q9bDm9U{TDy$0C>1TwX}@J&H`gOAkBNw-$)hHZp%IzKY?8T*EH>qp zlt+}u%H?-|{ca!br+dzabIzA@zW=`*8c_WRHhl1sM@wBRCW9q>oX0fQwVOGj6BR#9$VD*K3w5HFb}bCx=b!;*ARI?#DPtqNCVU@v3>{V zCRM0GdUuPMr`&|Tc!B=~wxi*3R9Z(<=;wa&53(;AW>si$Yc@AsXSXp7ZV^PtyumDp zNEQbUv-UED-oVEjf;#`48e2Ua{$dm5<72MQ7{ts;b>7BjanjApWt2P98k!z) zY8U*uT`B66ma^-74Za&2n8y45aH8+4cv#5q)&0wqTX4T?niWL1^0MH-2iyFH`NM+`9Nv6D+)L+!T_(t*E|UV9D0Ru7{kLVd%Zkmp*Qov%_bX)r%hiW zHx`pl5cQXO%Vs$jDk7^OPDE@Q@^viNcvx-Pwt#}>8%ME4bXa>XMIL!s2>+}(wBvZE zOMV!}9ayTFyI8ZHBa{objiV{sSA`zbtrafSR@S}{#hrQI_rq4)@u{!bsvau&YK4Dq zgu`EF&MM>8_z(5Q9WsF#CQw>89wBhv0^pvzt)v;lTH~DNhtel8q~6$$c?^5`QSx3< zS8@qw!4u1td&{Cr19c1HeeBkSqHiGeT|2Kuz8meN=lLIoJF0CVfh*J-ct+Q)n@KqW zMY?zIR!%GEVrlM6A>k@&vrWxJ2j|2SlR72g?wmoUuLn8vBMV4nv%k1Zh$rpz+IyhHdl zq_;JmstvCcS+$Ew`X5EA3-dk5bb8Il7$AC`y`*4 zh<3I`tkZbGF;e7_{9%SW1=7`xM9DRUUvk*QC06C$ zbJD0xzFSm{e?|Fv{%;wwNDQe(_f&4c7zbYl!y{f^>WLp?`})U3J;r} zk{IxU30w7@3rh&8!4A0$gwf!To?_wh1y|un)n=Z%uF0H>%-B;B($W@{?vvH#6X){s zzyeNHQdibk{S*gBdT)u7#)zm?9(cGnH8`YU@^CAq*wgOp9Z^1Hybn!|@VD#v&96U0 znp&iS!$~azCzqgBDVrY<3Qv5Qm@#Ae98E}E8U;LSdfCI=s(yt%$%-C`D9ONXY|A^H z1wlFKiF(2$BHFEU_piyQ_HEILcpl=FVQ@^7jwA<-Y}Y?aRa~a@D*8dcoo_bYExJ15oW(EWvt)AN*A#If3?u{DC`o>-`|H_-N z@f2ivC2iFqqr_y_wQm{$7AJ}!aU1>SJ546yU6W${55=mn9=Eay-}Oz0E{5DlNpvp1 zorl$y{)m*N17gZ+??OkGK7MM_R$0KiSk|0qiKvZDOzE6`;{`5D~smCpCP zj~~v|8GtCb^Qv`{Cau?X?_Mbd^K0;|B}r~3<$ik2)LXL%N5hS GGW`uLvwE=r literal 0 HcmV?d00001 diff --git a/Solutions/Okta Single Sign-On/Package/mainTemplate.json b/Solutions/Okta Single Sign-On/Package/mainTemplate.json index eae49f17781..554fd70032a 100644 --- a/Solutions/Okta Single Sign-On/Package/mainTemplate.json +++ b/Solutions/Okta Single Sign-On/Package/mainTemplate.json @@ -55,7 +55,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Okta Single Sign-On", - "_solutionVersion": "3.0.10", + "_solutionVersion": "3.0.11", "solutionId": "azuresentinel.azure-sentinel-solution-okta", "_solutionId": "[variables('solutionId')]", "analyticRuleObject1": { @@ -87,32 +87,32 @@ "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','78d2b06c-8dc0-40e1-91c8-66d916c186f3','-', '1.1.0')))]" }, "analyticRuleObject5": { - "analyticRuleVersion5": "1.1.0", + "analyticRuleVersion5": "1.1.1", "_analyticRulecontentId5": "41e843a8-92e7-444d-8d72-638f1145d1e1", "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '41e843a8-92e7-444d-8d72-638f1145d1e1')]", "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('41e843a8-92e7-444d-8d72-638f1145d1e1')))]", - "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','41e843a8-92e7-444d-8d72-638f1145d1e1','-', '1.1.0')))]" + "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','41e843a8-92e7-444d-8d72-638f1145d1e1','-', '1.1.1')))]" }, "analyticRuleObject6": { - "analyticRuleVersion6": "1.1.0", + "analyticRuleVersion6": "1.1.1", "_analyticRulecontentId6": "c2697b81-7fe9-4f57-ba1d-de46c6f91f9c", "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c2697b81-7fe9-4f57-ba1d-de46c6f91f9c')]", "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c2697b81-7fe9-4f57-ba1d-de46c6f91f9c')))]", - "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2697b81-7fe9-4f57-ba1d-de46c6f91f9c','-', '1.1.0')))]" + "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2697b81-7fe9-4f57-ba1d-de46c6f91f9c','-', '1.1.1')))]" }, "analyticRuleObject7": { - "analyticRuleVersion7": "1.1.0", + "analyticRuleVersion7": "1.1.1", "_analyticRulecontentId7": "9f82a735-ae43-4c03-afb4-d5d153e1ace1", "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '9f82a735-ae43-4c03-afb4-d5d153e1ace1')]", "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('9f82a735-ae43-4c03-afb4-d5d153e1ace1')))]", - "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9f82a735-ae43-4c03-afb4-d5d153e1ace1','-', '1.1.0')))]" + "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9f82a735-ae43-4c03-afb4-d5d153e1ace1','-', '1.1.1')))]" }, "analyticRuleObject8": { - "analyticRuleVersion8": "1.1.0", + "analyticRuleVersion8": "1.1.1", "_analyticRulecontentId8": "e36c6bd6-f86a-4282-93a5-b4a1b48dd849", "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e36c6bd6-f86a-4282-93a5-b4a1b48dd849')]", "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e36c6bd6-f86a-4282-93a5-b4a1b48dd849')))]", - "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e36c6bd6-f86a-4282-93a5-b4a1b48dd849','-', '1.1.0')))]" + "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e36c6bd6-f86a-4282-93a5-b4a1b48dd849','-', '1.1.1')))]" }, "analyticRuleObject9": { "analyticRuleVersion9": "1.0.0", @@ -234,8 +234,6 @@ "parserVersion1": "1.0.2", "parserContentId1": "OktaSSO-Parser" }, - "SessionId": "authenticationContext_externalSessionId_s", - "_SessionId": "[variables('SessionId')]", "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ @@ -248,7 +246,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "FailedLoginsFromUnknownOrInvalidUser_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "FailedLoginsFromUnknownOrInvalidUser_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -367,7 +365,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "LoginfromUsersfromDifferentCountrieswithin3hours_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "LoginfromUsersfromDifferentCountrieswithin3hours_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -477,7 +475,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "PasswordSpray_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "PasswordSpray_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -587,7 +585,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "PhishingDetection_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "PhishingDetection_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -658,8 +656,8 @@ } ], "customDetails": { - "Location": "Location", - "UserAgent": "client_userAgent_rawUserAgent_s" + "UserAgent": "client_userAgent_rawUserAgent_s", + "Location": "Location" } } }, @@ -714,7 +712,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "NewDeviceLocationCriticalOperation_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "NewDeviceLocationCriticalOperation_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -731,7 +729,7 @@ "description": "This query identifies users seen login from new geo location/country as well as a new device and performing critical operations.", "displayName": "New Device/Location sign-in along with critical operation", "enabled": false, - "query": "let timeframe = 1h;\nlet RiskyOperations = dynamic([\"policy.rule.update\",\"policy.rule.create\",\"policy.rule.delete\", \"policy.rule.deactivate\", \"policy.lifecycle.update\", \"policy.rule.modify\", \"policy.lifecycle.create\", \"policy.lifecycle.delete\", \"policy.lifecycle.deactivate\", \"policy.lifecycle.modify\", \"network_zone.rule.disabled\", \"system.api_token.create\", \"system.api_token.revoke\", \"application.policy.sign_on.update\", \"application.policy.sign_on.rule.delete\",\"user.mfa.factor.deactivate\", \"user.mfa.factor.reset_all\", \"system.mfa.factor.deactivate\", \"user.mfa.attempt_bypass\"]);\nlet UserLoginNewCountryDevice = OktaSSO\n| where eventType_s == \"user.session.start\"\n| where outcome_result_s == \"SUCCESS\"\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).[\"New Country\"] == \"POSITIVE\"\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).[\"New Geo-Location\"] == \"POSITIVE\"\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).[\"New Device\"] == \"POSITIVE\"\n| summarize by timekey = bin(TimeGenerated, timeframe), actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, authenticationContext_externalSessionId_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d\n| extend Location = strcat(client_geographicalContext_city_s, \"-\", client_geographicalContext_country_s);\nlet RiskyOperationsObserved = OktaSSO\n| where eventType_s in (RiskyOperations)\n| where outcome_result_s == \"SUCCESS\"\n| summarize by timekey = bin(TimeGenerated, timeframe), actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, authenticationContext_externalSessionId_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d;\nUserLoginNewCountryDevice\n| join kind=inner (RiskyOperationsObserved) on timekey, actor_displayName_s, client_ipAddress_s\n", + "query": "let timeframe = 1h;\nlet RiskyOperations = dynamic([\"policy.rule.update\",\"policy.rule.create\",\"policy.rule.delete\", \"policy.rule.deactivate\", \"policy.lifecycle.update\", \"policy.rule.modify\", \"policy.lifecycle.create\", \"policy.lifecycle.delete\", \"policy.lifecycle.deactivate\", \"policy.lifecycle.modify\", \"network_zone.rule.disabled\", \"system.api_token.create\", \"system.api_token.revoke\", \"application.policy.sign_on.update\", \"application.policy.sign_on.rule.delete\",\"user.mfa.factor.deactivate\", \"user.mfa.factor.reset_all\", \"system.mfa.factor.deactivate\", \"user.mfa.attempt_bypass\"]);\nlet UserLoginNewCountryDevice = OktaSSO\n| where eventType_s == \"user.session.start\"\n| where outcome_result_s == \"SUCCESS\"\n| extend debugContext_debugData_logOnlySecurityData_s = column_ifexists('debugContext_debugData_logOnlySecurityData_s', '{}')\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).[\"New Country\"] == \"POSITIVE\"\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).[\"New Geo-Location\"] == \"POSITIVE\"\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).behaviors)).[\"New Device\"] == \"POSITIVE\"\n| summarize by timekey = bin(TimeGenerated, timeframe), actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, authenticationContext_externalSessionId_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d\n| extend Location = strcat(client_geographicalContext_city_s, \"-\", client_geographicalContext_country_s);\nlet RiskyOperationsObserved = OktaSSO\n| where eventType_s in (RiskyOperations)\n| where outcome_result_s == \"SUCCESS\"\n| summarize by timekey = bin(TimeGenerated, timeframe), actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, authenticationContext_externalSessionId_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d;\nUserLoginNewCountryDevice\n| join kind=inner (RiskyOperationsObserved) on timekey, actor_displayName_s, client_ipAddress_s\n", "queryFrequency": "PT1H", "queryPeriod": "PT1H", "severity": "Medium", @@ -787,8 +785,8 @@ } ], "customDetails": { - "Location": "Location", - "SessionId": "[variables('_SessionId')]" + "SessionId": "authenticationContext_externalSessionId_s", + "Location": "Location" }, "alertDetailsOverride": { "alertDescriptionFormat": "This query identifies users seen login from new geo location/country {{Location}} as well as a new device and performing critical operations\n", @@ -847,7 +845,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "MFAFatigue_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "MFAFatigue_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -864,7 +862,7 @@ "description": "MFA fatigue attack is a cybersecurity threat where attackers exploit user exhaustion from multi-factor authentication prompts to trick them into providing their MFA details thus compromising their own security. The query identifies MFA fatigue attempts in the Okta data. \n Ref: https://sec.okta.com/everythingisyes.", "displayName": "MFA Fatigue (OKTA)", "enabled": false, - "query": "let PushThreshold = 10;\nOktaSSO\n| where ((eventType_s ==\"user.authentication.auth_via_mfa\" and debugContext_debugData_factor_s == \"OKTA_VERIFY_PUSH\") or eventType_s == \"system.push.send_factor_verify_push\" or eventType_s == \"user.mfa.okta_verify.deny_push\") \n| summarize IPAddress = make_set(client_ipAddress_s,100), City = make_set(client_geographicalContext_city_s,100),\n successes = countif(eventType_s == \"user.authentication.auth_via_mfa\"),\n denies = countif(eventType_s == \"user.mfa.okta_verify.deny_push\"),\n pushes = countif(eventType_s == \"system.push.send_factor_verify_push\") by TimeGenerated, authenticationContext_externalSessionId_s, actor_alternateId_s,actor_displayName_s, outcome_result_s \n| summarize lasttime = max(TimeGenerated), firsttime = min(TimeGenerated),\n successes = sum(successes), failures = sum(denies), pushes = sum(pushes) by authenticationContext_externalSessionId_s, actor_alternateId_s,actor_displayName_s, outcome_result_s \n| extend seconds = lasttime - firsttime\n| where pushes > (PushThreshold)\n| extend totalattempts = successes + failures\n| extend finding = case(\n failures == pushes and pushes > 1, \"Authentication attempts not successful because multiple pushes denied\",\n totalattempts == 0, \"Multiple pushes sent and ignored\",\n successes > 0 and pushes > 3, \"Multiple pushes sent, eventual successful authentication!\",\n \"Normal authentication pattern\")\n", + "query": "let PushThreshold = 10;\nOktaSSO\n| where ((eventType_s ==\"user.authentication.auth_via_mfa\" and column_ifexists('debugContext_debugData_factor_s', '') == \"OKTA_VERIFY_PUSH\") or eventType_s == \"system.push.send_factor_verify_push\" or eventType_s == \"user.mfa.okta_verify.deny_push\") \n| summarize IPAddress = make_set(client_ipAddress_s,100), City = make_set(client_geographicalContext_city_s,100),\n successes = countif(eventType_s == \"user.authentication.auth_via_mfa\"),\n denies = countif(eventType_s == \"user.mfa.okta_verify.deny_push\"),\n pushes = countif(eventType_s == \"system.push.send_factor_verify_push\") by TimeGenerated, authenticationContext_externalSessionId_s, actor_alternateId_s,actor_displayName_s, outcome_result_s \n| summarize lasttime = max(TimeGenerated), firsttime = min(TimeGenerated),\n successes = sum(successes), failures = sum(denies), pushes = sum(pushes) by authenticationContext_externalSessionId_s, actor_alternateId_s,actor_displayName_s, outcome_result_s \n| extend seconds = lasttime - firsttime\n| where pushes > (PushThreshold)\n| extend totalattempts = successes + failures\n| extend finding = case(\n failures == pushes and pushes > 1, \"Authentication attempts not successful because multiple pushes denied\",\n totalattempts == 0, \"Multiple pushes sent and ignored\",\n successes > 0 and pushes > 3, \"Multiple pushes sent, eventual successful authentication!\",\n \"Normal authentication pattern\")\n", "queryFrequency": "PT1H", "queryPeriod": "PT1H", "severity": "Medium", @@ -961,7 +959,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "HighRiskAdminActivity_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "HighRiskAdminActivity_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -978,7 +976,7 @@ "description": "The Okta risk engine auto-assigns risk levels to each login attempt. This query identifies admin operations originating from events associated with high-risk profiles.", "displayName": "High-Risk Admin Activity", "enabled": false, - "query": "let AdminActivity = dynamic([\"iam.role.create\",\"iam.role.permissions.add\",\"user.session.access_admin_app\",\"user.mfa.factor.suspend\", \"user.account.privilege.grant\", \"group.privilege.grant\", \"system.api_token.create\", \"user.session.impersonation.grant\"]);\nlet AdminOperations = OktaSSO\n| where eventType_s in (AdminActivity)\n| where outcome_result_s =~ 'SUCCESS' \n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d, authenticationContext_externalSessionId_s;\nlet HighRiskEvents = OktaSSO\n| where eventType_s in ('policy.evaluate_sign_on' , 'user.session.start')\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).risk)).level =~ \"HIGH\"\n| where outcome_result_s =~ 'SUCCESS'\n| extend reasons = tostring(parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).risk)).reasons)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d, authenticationContext_externalSessionId_s, reasons;\nAdminOperations\n| join kind=inner (HighRiskEvents) on actor_displayName_s, client_ipAddress_s, authenticationContext_externalSessionId_s\n", + "query": "let AdminActivity = dynamic([\"iam.role.create\",\"iam.role.permissions.add\",\"user.session.access_admin_app\",\"user.mfa.factor.suspend\", \"user.account.privilege.grant\", \"group.privilege.grant\", \"system.api_token.create\", \"user.session.impersonation.grant\"]);\nlet AdminOperations = OktaSSO\n| where eventType_s in (AdminActivity)\n| where outcome_result_s =~ 'SUCCESS' \n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d, authenticationContext_externalSessionId_s;\nlet HighRiskEvents = OktaSSO\n| where eventType_s in ('policy.evaluate_sign_on' , 'user.session.start')\n| extend debugContext_debugData_logOnlySecurityData_s = column_ifexists('debugContext_debugData_logOnlySecurityData_s', '{}')\n| where parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).risk)).level =~ \"HIGH\"\n| where outcome_result_s =~ 'SUCCESS'\n| extend reasons = tostring(parse_json(tostring(parse_json(debugContext_debugData_logOnlySecurityData_s).risk)).reasons)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_userAgent_browser_s, client_device_s, client_userAgent_rawUserAgent_s, client_ipAddress_s, client_geographicalContext_country_s, client_geographicalContext_city_s, displayMessage_s, outcome_result_s, outcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), debugContext_debugData_threatSuspected_s, client_geographicalContext_geolocation_lat_d, client_geographicalContext_geolocation_lon_d, authenticationContext_externalSessionId_s, reasons;\nAdminOperations\n| join kind=inner (HighRiskEvents) on actor_displayName_s, client_ipAddress_s, authenticationContext_externalSessionId_s\n", "queryFrequency": "PT1H", "queryPeriod": "PT1H", "severity": "Medium", @@ -1032,7 +1030,7 @@ } ], "customDetails": { - "SessionId": "[variables('_SessionId')]" + "SessionId": "authenticationContext_externalSessionId_s" } } }, @@ -1087,7 +1085,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "DeviceRegistrationMaliciousIP_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "DeviceRegistrationMaliciousIP_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]", @@ -1104,7 +1102,7 @@ "description": "This query identifies Device Registration from IP addresses identified as malicious by Okta ThreatInsight.", "displayName": "Device Registration from Malicious IP", "enabled": false, - "query": "let Events = dynamic([\"device.enrollment.create\"]);\nlet ThreatInsightOperations = dynamic([\"security.threat.detected\", \"security.attack.start\", \"security.attack.end\" ]);\nlet DeviceRegistrations = OktaSSO\n| where eventType_s in (Events)\n| where outcome_result_s == \"SUCCESS\"\n| extend oktaDeviceId_ = tostring(parse_json(tostring(parse_json(target_s)[0].detailEntry)).oktaDeviceId), NewDevice_osPlatform = tostring(parse_json(tostring(parse_json(target_s)[0].detailEntry)).osPlatform), NewDevice_osVersion = tostring(parse_json(tostring(parse_json(target_s)[0].detailEntry)).osVersion), displayName_ = tostring(parse_json(target_s)[0].displayName)\n| extend Location = strcat(client_geographicalContext_city_s, \" | \", client_geographicalContext_state_s,\" | \", client_geographicalContext_country_s)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_ipAddress_s, displayMessage_s, outcome_result_s,\noutcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), column_ifexists('debugContext_debugData_threatSuspected_s',\"\"), client_userAgent_rawUserAgent_s,client_userAgent_browser_s, severity_s, NewDevice_osPlatform, NewDevice_osVersion, eventType_s, Location ;\nlet ThreatInsightEvents = OktaSSO\n| where eventType_s in (ThreatInsightOperations)\n| extend SuspiciousIP = actor_displayName_s\n| project TimeGenerated, debugContext_debugData_threatDetections_s, client_userAgent_rawUserAgent_s, severity_s, outcome_result_s, eventType_s, displayMessage_s, SuspiciousIP, transaction_id_s;\nDeviceRegistrations \n| join kind=inner (ThreatInsightEvents) on $left.client_ipAddress_s == $right.SuspiciousIP\n", + "query": "let Events = dynamic([\"device.enrollment.create\"]);\nlet ThreatInsightOperations = dynamic([\"security.threat.detected\", \"security.attack.start\", \"security.attack.end\" ]);\nlet DeviceRegistrations = OktaSSO\n| where eventType_s in (Events)\n| where outcome_result_s == \"SUCCESS\"\n| extend oktaDeviceId_ = tostring(parse_json(tostring(parse_json(target_s)[0].detailEntry)).oktaDeviceId), NewDevice_osPlatform = tostring(parse_json(tostring(parse_json(target_s)[0].detailEntry)).osPlatform), NewDevice_osVersion = tostring(parse_json(tostring(parse_json(target_s)[0].detailEntry)).osVersion), displayName_ = tostring(parse_json(target_s)[0].displayName)\n| extend Location = strcat(client_geographicalContext_city_s, \" | \", client_geographicalContext_state_s,\" | \", client_geographicalContext_country_s)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by actor_alternateId_s, actor_displayName_s, client_userAgent_os_s, client_ipAddress_s, displayMessage_s, outcome_result_s,\noutcome_reason_s, column_ifexists('debugContext_debugData_logOnlySecurityData_s', \"\"), column_ifexists('debugContext_debugData_threatSuspected_s',\"\"), client_userAgent_rawUserAgent_s,client_userAgent_browser_s, severity_s, NewDevice_osPlatform, NewDevice_osVersion, eventType_s, Location ;\nlet ThreatInsightEvents = OktaSSO\n| where eventType_s in (ThreatInsightOperations)\n| extend SuspiciousIP = actor_displayName_s\n| project TimeGenerated, column_ifexists('debugContext_debugData_threatDetections_s', \"\"), client_userAgent_rawUserAgent_s, severity_s, outcome_result_s, eventType_s, displayMessage_s, SuspiciousIP, transaction_id_s;\nDeviceRegistrations \n| join kind=inner (ThreatInsightEvents) on $left.client_ipAddress_s == $right.SuspiciousIP\n", "queryFrequency": "PT1H", "queryPeriod": "PT1H", "severity": "High", @@ -1210,7 +1208,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "UserSessionImpersonation_AnalyticalRules Analytics Rule with template version 3.0.10", + "description": "UserSessionImpersonation_AnalyticalRules Analytics Rule with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]", @@ -1328,7 +1326,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Okta Single Sign-On data connector with template version 3.0.10", + "description": "Okta Single Sign-On data connector with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -2564,10 +2562,6 @@ "type": "string", "minLength": 1 }, - "innerWorkspace": { - "defaultValue": "[parameters('workspace')]", - "type": "string" - }, "connectorDefinitionName": { "defaultValue": "Okta Single Sign-On", "type": "string", @@ -2616,7 +2610,7 @@ } }, { - "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/OktaDCV1_', parameters('domainname'))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', '{{innerWorkspace}}/Microsoft.SecurityInsights/OktaDCV1_{{domainname}}')]", "apiVersion": "2023-02-01-preview", "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", "location": "[parameters('workspace-location')]", @@ -2684,7 +2678,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AdminPrivilegeGrant_HuntingQueries Hunting Query with template version 3.0.10", + "description": "AdminPrivilegeGrant_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", @@ -2769,7 +2763,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "CreateAPIToken_HuntingQueries Hunting Query with template version 3.0.10", + "description": "CreateAPIToken_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]", @@ -2854,7 +2848,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ImpersonationSession_HuntingQueries Hunting Query with template version 3.0.10", + "description": "ImpersonationSession_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]", @@ -2939,7 +2933,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RareMFAOperation_HuntingQueries Hunting Query with template version 3.0.10", + "description": "RareMFAOperation_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]", @@ -3024,7 +3018,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "UserPasswordReset_HuntingQueries Hunting Query with template version 3.0.10", + "description": "UserPasswordReset_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]", @@ -3109,7 +3103,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "NewDeviceRegistration_HuntingQueries Hunting Query with template version 3.0.10", + "description": "NewDeviceRegistration_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]", @@ -3194,7 +3188,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "LoginsVPSProvider_HuntingQueries Hunting Query with template version 3.0.10", + "description": "LoginsVPSProvider_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]", @@ -3279,7 +3273,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "LoginNordVPN_HuntingQueries Hunting Query with template version 3.0.10", + "description": "LoginNordVPN_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]", @@ -3364,7 +3358,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "LoginFromMultipleLocations_HuntingQueries Hunting Query with template version 3.0.10", + "description": "LoginFromMultipleLocations_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]", @@ -3449,7 +3443,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "LegacyAuthentication_HuntingQueries Hunting Query with template version 3.0.10", + "description": "LegacyAuthentication_HuntingQueries Hunting Query with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]", @@ -3534,7 +3528,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "OktaCustomConnector Playbook with template version 3.0.10", + "description": "OktaCustomConnector Playbook with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -4797,7 +4791,7 @@ ], "metadata": { "comments": "This OKTA connector uses okta API to perform different actions on the user accounts.", - "lastUpdateTime": "2024-11-07T18:58:15.778Z", + "lastUpdateTime": "2024-11-26T19:04:56.357Z", "releaseNotes": { "version": "1.0", "title": "[variables('blanks')]", @@ -4829,7 +4823,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Okta-EnrichIncidentWithUserDetails Playbook with template version 3.0.10", + "description": "Okta-EnrichIncidentWithUserDetails Playbook with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -5188,7 +5182,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Okta-PromptUser Playbook with template version 3.0.10", + "description": "Okta-PromptUser Playbook with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -5639,7 +5633,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Okta-ResponseFromTeams Playbook with template version 3.0.10", + "description": "Okta-ResponseFromTeams Playbook with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion4')]", @@ -6146,7 +6140,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "OktaSingleSignOn Workbook with template version 3.0.10", + "description": "OktaSingleSignOn Workbook with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -6242,7 +6236,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "OktaSSO Data Parser with template version 3.0.10", + "description": "OktaSSO Data Parser with template version 3.0.11", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserObject1').parserVersion1]", @@ -6370,7 +6364,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.10", + "version": "3.0.11", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Okta Single Sign-On",