From f57f327e383daa8806bc266a0c785ed58c5f4cf8 Mon Sep 17 00:00:00 2001
From: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:29:37 -0800
Subject: [PATCH 1/7] Release 1.2.0 MERGE INTO MAIN  (#101)

* Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file

* Upgrade ELK stack to 8.11.1 (#86)

* Update ELK to 8.11.1

* Pull images before starting cluster

* Pull images before deploylme

* Upgrade versions in the live docker compose upon upgrade

* Pull new images before deploying new stack

* Globalize version variable

* Adding the following:
 - get_latest_version function
 - pulling version from this function
 - old password reading text update to reduce confusion
 - print statements in upgrade from 1.0 -> 1.2
 - sleep so it doesn't fail if docker does a slow removal

* Update the version in dashboard_update.sh

---------

Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com>
Co-authored-by: mreeve.snl <mreeve@sandia.gov>

* Changed ELK Stack from deploy.sh update to deploy.sh upgrade

---------

Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com>
Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com>
Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com>
Co-authored-by: mreeve.snl <mreeve@sandia.gov>
Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com>
Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com>
---
 Chapter 3 Files/dashboard_update.sh      |   2 +-
 Chapter 3 Files/deploy.sh                | 154 ++++++++++++++---------
 Chapter 3 Files/docker-compose-stack.yml |   6 +-
 docs/markdown/maintenance/upgrading.md   |  93 +++++++++-----
 4 files changed, 157 insertions(+), 98 deletions(-)

diff --git a/Chapter 3 Files/dashboard_update.sh b/Chapter 3 Files/dashboard_update.sh
index c00e276c..646fa614 100644
--- a/Chapter 3 Files/dashboard_update.sh	
+++ b/Chapter 3 Files/dashboard_update.sh	
@@ -8,7 +8,7 @@ if [ -r /opt/lme/lme.conf ]; then
   #reference this file as a source
   . /opt/lme/lme.conf
   #check if the version number is equal to the one we want
-  if [ "$version" == "1.0" ]; then
+  if [ "$version" == "1.2.0" ]; then
     echo -e "\e[32m[X]\e[0m Updating from git repo"
     git -C /opt/lme/ pull
     #make sure the hostname variable is present
diff --git a/Chapter 3 Files/deploy.sh b/Chapter 3 Files/deploy.sh
index 11504851..cfc78118 100755
--- a/Chapter 3 Files/deploy.sh	
+++ b/Chapter 3 Files/deploy.sh	
@@ -3,38 +3,45 @@
 # LME Deploy Script        #
 ############################
 # This script configures a host for LME including generating certificates and populating configuration files.
+
+# Put the latest version number here
+
 DATE="$(date '+%Y-%m-%d-%H:%M:%S')"
 
 #prompt for y/n
 prompt() {
-  if [ -z "$1" ];
-  then
+  if [ -z "$1" ]; then
     str="Are you sure?"
   else
     str=$1
   fi
 
-  while true
-  do
-   read -r -p "$str? [Y/n] " input
-   
-   case $input in
-       [yY][eE][sS]|[yY])
-       return 0 #true
-   break
-   ;;
-       [nN][oO]|[nN])
-       return 1 #false
-   break
-          ;;
-       *)
-   echo "Invalid input..."
-   ;;
-   esac
+  while true; do
+    read -r -p "$str? [Y/n] " input
+
+    case $input in
+    [yY][eE][sS] | [yY])
+      return 0 #true
+      break
+      ;;
+    [nN][oO] | [nN])
+      return 1 #false
+      break
+      ;;
+    *)
+      echo "Invalid input..."
+      ;;
+    esac
   done
 }
 
+function get_latest_version() {
+  #TODO: eventually have this pull from github
 
+  #return:
+  echo -n '1.2.0'
+  return 0
+}
 function customlogstashconf() {
   #add option for custom logstash config
   CUSTOM_LOGSTASH_CONF=/opt/lme/Chapter\ 3\ Files/logstash_custom.conf
@@ -48,12 +55,12 @@ function customlogstashconf() {
 
 function generatepasswords() {
 
-  elastic_user_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
-  kibana_system_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
-  logstash_system_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
-  logstash_writer=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
-  update_user_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)
-  kibanakey=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 42 | head -n 1)
+  elastic_user_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 32 | head -n 1)
+  kibana_system_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 32 | head -n 1)
+  logstash_system_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 32 | head -n 1)
+  logstash_writer=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 32 | head -n 1)
+  update_user_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 32 | head -n 1)
+  kibanakey=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 42 | head -n 1)
 
   echo -e "\e[32m[X]\e[0m Updating logstash configuration with logstash writer"
   cp /opt/lme/Chapter\ 3\ Files/logstash.conf /opt/lme/Chapter\ 3\ Files/logstash.edited.conf
@@ -98,21 +105,20 @@ function setroles() {
 function setpasswords() {
   temp="temp"
   #override temp password if overwriting an old docker container
-  if [ -v OLD_ELASTIC_PASS ];
-  then
+  if [ -v OLD_ELASTIC_PASS ]; then
     temp=$OLD_ELASTIC_PASS
   fi
 
   echo -e "\e[32m[X]\e[0m Waiting for Elasticsearch to be ready"
-  max_attempts=180
+  max_attempts=25
   attempt=0
   while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' --cacert certs/root-ca.crt --user elastic:${temp} https://127.0.0.1:9200)" != "200" ]]; do
     printf '.'
-    sleep 1
+    sleep 10
     ((attempt++))
     if ((attempt > max_attempts)); then
-        echo "Elasticsearch is not responding after $max_attempts attempts - exiting."
-        exit 1
+      echo "Elasticsearch is not responding after $max_attempts attempts - exiting."
+      exit 1
     fi
   done
   echo "Elasticsearch is up and running."
@@ -177,7 +183,6 @@ function zipfiles() {
 function generateCA() {
   echo -e "\e[33m[!]\e[0m Note: Depending on your OpenSSL configuration you may see an error opening a .rnd file into RNG, this will not block the installation"
 
-
   #configure certificate authority
   mkdir -p certs
 
@@ -406,6 +411,11 @@ function initdockerswarm() {
   fi
 }
 
+function pulllme() {
+  echo -e "\e[32m[X]\e[0m Pulling ELK images"
+  docker compose -f /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml pull
+}
+
 function deploylme() {
   docker stack deploy lme --compose-file /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml
 }
@@ -421,7 +431,6 @@ get_distribution() {
   echo "$lsb_dist"
 }
 
-
 function indexmappingupdate() {
   echo -e "\n\e[32m[X]\e[0m Uploading the LME index template"
   curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_index_template/lme_template" -H 'Content-Type: application/json' --data "@winlog-index-mapping.json"
@@ -482,7 +491,6 @@ function pipelineupdate() {
 '
 }
 
-
 function data_retention() {
   #show ext4 disk
   DF_OUTPUT="$(df -h -l -t ext4 --output=source,size /var/lib/docker)"
@@ -609,12 +617,10 @@ function configelasticsearch() {
   curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_all/_settings" -H 'Content-Type: application/json' -d '{"index" : {"number_of_replicas" : 0}}'
 }
 
-
-
 function writeconfig() {
   echo -e "\n\e[32m[X]\e[0m Writing LME Config"
   #write LME version
-  echo "version=1.0" >/opt/lme/lme.conf
+  echo "version=$(get_latest_version)" >/opt/lme/lme.conf
   if [ -z "$logstashcn" ]; then
     # $logstashcn is not set - so this function is not called from an initial install
     read -e -p "Enter the Fully Qualified Domain Name (FQDN) of this Linux server: " logstashcn
@@ -651,7 +657,6 @@ function zipnewcerts() {
   zip -rmT /opt/lme/new_client_certificates.zip /tmp/lme
 }
 
-
 function bootstrapindex() {
   if [[ "$(curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200/winlogbeat-000001)" != "200" ]]; then
     echo -e "\n\e[32m[X]\e[0m Bootstrapping index alias"
@@ -670,18 +675,18 @@ function bootstrapindex() {
 }
 
 function fixreadability() {
- cd /opt/lme/
- chmod -077 -R .
-
- #some permissions to help with seeing files
- chown root:sudo /opt/lme/
- chmod 750 /opt/lme/
- chmod 644 files_for_windows.zip
-
- #fix backups
- chown -R 1000:1000 /opt/lme/backups
- chmod -R  go-rwx /opt/lme/backups
- 
+  cd /opt/lme/
+  chmod -077 -R .
+
+  #some permissions to help with seeing files
+  chown root:sudo /opt/lme/
+  chmod 750 /opt/lme/
+  chmod 644 files_for_windows.zip
+
+  #fix backups
+  chown -R 1000:1000 /opt/lme/backups
+  chmod -R go-rwx /opt/lme/backups
+
 }
 
 function install() {
@@ -725,13 +730,12 @@ function install() {
 
   read -e -p "This script will use self signed certificates for communication and encryption. Do you want to continue with self signed certificates? ([y]es/[n]o): " -i "y" selfsignedyn
   read -e -p "Skip Docker Install? ([y]es/[n]o): " -i "n" skipdinstall
-  read -e -p "Do you have an old elastic user password? ([y]es/[n]o): " -i "n" old_elastic_user_pass
-
+  read -e -p "Do you have an old elastic user password from a previous LME install? ([y]es/[n]o): " -i "n" old_elastic_user_pass
 
   if [ "$old_elastic_user_pass" == "y" ]; then
     res= false
-    while [ ! $res ];do
-      read -e -p "PASSWORD: " OLD_ELASTIC_PASS 
+    while [ ! $res ]; do
+      read -e -p "PASSWORD: " OLD_ELASTIC_PASS
       prompt "confirm password \"$OLD_ELASTIC_PASS\""
       res=$?
     done
@@ -792,7 +796,6 @@ function install() {
     echo "Not a valid option"
   fi
 
-   
   if [ "$skipdinstall" == "n" ]; then
     installdocker
   fi
@@ -802,6 +805,7 @@ function install() {
   generatepasswords
   populatelogstashconfig
   configuredocker
+  pulllme
   deploylme
   setpasswords
   configelasticsearch
@@ -828,8 +832,8 @@ function install() {
   #prompt user to enable auto update
   #Deprecated
   #promptupdate
-  
-  #fix readability: 
+
+  #fix readability:
   fixreadability
 
   echo ""
@@ -853,7 +857,7 @@ function uninstall() {
   read -e -p "Proceed ([y]es/[n]o):" -i "n" check
   if [ "$check" == "n" ]; then
     return
-  elif [ "$check" == "y" ];then
+  elif [ "$check" == "y" ]; then
     echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration"
     docker stack rm lme
     docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt
@@ -883,7 +887,7 @@ function upgrade() {
   crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab -
 
   #grab latest version
-  latest="1.0"
+  latest=$(get_latest_version)
 
   #check if the config file we're now creating on new installs exists
   if [ -r /opt/lme/lme.conf ]; then
@@ -947,6 +951,7 @@ function upgrade() {
       echo -e "\e[32m[X]\e[0m Recreating Docker stack"
       docker config create logstash.conf /opt/lme/Chapter\ 3\ Files/logstash.edited.conf
       docker config create logstash_custom.conf /opt/lme/Chapter\ 3\ Files/logstash_custom.conf
+      pulllme
       deploylme
       if [ -z "$logstashcn" ]; then
         read -e -p "Enter the Fully Qualified Domain Name (FQDN) of this Linux server: " logstashcn
@@ -954,8 +959,34 @@ function upgrade() {
       zipfiles
       fixreadability
 
+    elif [ "$version" == "1.0" ]; then
+      echo -e "\e[32m[X]\e[0m Backing up config file to: /opt/lme/Chapter\ 3\ Files/backup_config "
+      sudo mkdir -p /opt/lme/Chapter\ 3\ Files/backup_config
+      sudo cp /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml /opt/lme/Chapter\ 3\ Files/backup_config/docker-compose-stack-live.yml
+
+      echo -e "\e[32m[X]\e[0m Updating elastic to 8.11.1 "
+      sudo sed -i 's/8.7.1/8.11.1/g' /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml
+      sudo docker stack rm lme
+
+      echo -e "\e[32m[X]\e[0m Sleeping for one minute to allow Docker actions to complete..."
+      sleep 1m
+
+      pulllme
+
+      echo -e "\e[32m[X]\e[0m Deploy LME"
+      deploylme
+
+      echo -e "\e[32m[X]\e[0m Copying lme.conf -> lme.conf.bku"
+      sudo cp -rapf /opt/lme/lme.conf /opt/lme/lme.conf.bku
+      sudo sed -i "s/version=1.0/version=$latest/g" /opt/lme/lme.conf
+
+      echo -e "\e[32m[X]\e[0m Copying dashboard_update.sh -> dashboard_update.sh.bku"
+      sudo cp -rapf /opt/lme/dashboard_update.sh /opt/lme/dashboard_update.sh.bku
+      sudo sed -i "s/\"\$version\" == \"1.0\"/\"\$version\" == \"$latest\"/g" /opt/lme/dashboard_update.sh
+
+      echo -e "\e[32m[X]\e[0m You're on the latest version: $latest!"
     elif [ "$version" == $latest ]; then
-       echo -e "\e[32m[X]\e[0m You're on the latest version!"
+      echo -e "\e[32m[X]\e[0m You're on the latest version!"
     else
       echo -e "\e[31m[!]\e[0m Updating directly to LME 1.0 from versions prior to 0.5.1 is not supported. Update to 0.5.1 first."
     fi
@@ -1010,10 +1041,11 @@ function renew() {
 
   populatecerts
   echo -e "\e[32m[X]\e[0m Recreating Docker stack"
+  pulllme
   deploylme
 }
 
-function usage(){
+function usage() {
   echo -e "\e[31m[!]\e[0m Invalid operation specified"
   echo "Usage:    ./deploy.sh (install/uninstall/renew/upgrade/update)"
   echo "Example:  ./deploy.sh install"
diff --git a/Chapter 3 Files/docker-compose-stack.yml b/Chapter 3 Files/docker-compose-stack.yml
index 0fb59abd..25d893d7 100644
--- a/Chapter 3 Files/docker-compose-stack.yml	
+++ b/Chapter 3 Files/docker-compose-stack.yml	
@@ -5,7 +5,7 @@ version: '3.9'
 services:
 
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:8.7.1
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.11.1
     environment:
       - node.name=es01
       # - discovery.seed_hosts=es01
@@ -65,7 +65,7 @@ services:
     # depends_on:
     # elasticsearch:
     #   condition: service_healthy
-    image: docker.elastic.co/kibana/kibana:8.7.1
+    image: docker.elastic.co/kibana/kibana:8.11.1
     environment:
       SERVER_NAME: kibana
       ELASTICSEARCH_HOSTS: https://elasticsearch:9200
@@ -101,7 +101,7 @@ services:
       retries: 120
 
   logstash:
-    image: docker.elastic.co/logstash/logstash:8.7.1
+    image: docker.elastic.co/logstash/logstash:8.11.1
     environment:
       XPACK_MONITORING_ENABLED: "false"
       PIPELINE_ECS_COMPATIBILITY: v8
diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md
index cf50737f..253c9202 100644
--- a/docs/markdown/maintenance/upgrading.md
+++ b/docs/markdown/maintenance/upgrading.md
@@ -6,23 +6,30 @@ Below you can find the upgrade paths that are currently supported and what steps
 
 Applying these changes is automated for any new installations. But, if you have an existing installation, you need to conduct some extra steps. **Before performing any of these steps it is advised to take a backup of the current installation using the method described [here](/docs/markdown/maintenance/backups.md).**
 
-## 1. Upgrade from 1.0.0 to 1.1.0
-To fetch the latest changes, on the Linux server, run the following commands as root:
-```
-cd /opt/lme
-git pull
-```
+To Upgrade to the latest version from Release 1.1.0 to Release 1.2.0 [go here](#5-upgrade-from-110-to-120).
 
-To manually update the dashboards, see [How to update dashboards](/Chapter%204%20Files/dashboards#how-to-update-dashboards).
+## 1. Finding your LME version (and the components versions)
+When reporting an issue or suggesting improvements, it is important to include the versions of all the components, where possible. This ensures that the issue has not already been fixed! 
 
-Additionally, to fix a potential file permission issue present in v1.0.0, run the following command on the Linux server:
-```
-sudo chown -R 1000:1000 /opt/lme/backups
-```
+### 1.1. Windows Server
+* Operating System: Press "Windows Key"+R and type ```winver```
+* WEC Config: Open EventViewer > Subscriptions > "LME" > Description should contain version number
+* Winlogbeat Config: At the top of the file C:\Program Files\lme\winlogbeat.yml there should be a version number.
+* Winlogbeat.exe version: Using PowerShell, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64") and run `.\winlogbeat version`.
+* Sysmon config: From either the top of the file or look at the status dashboard
+* Sysmon executable: Either run sysmon.exe or look at the status dashboard
 
-See [Directory permission issues](/docs/markdown/reference/troubleshooting.md#directory-permission-issues) for more details.
+### 1.2. Linux Server
+* Docker: on the Linux server type ```docker --version```
+* Linux: on the Linux server type ```cat /etc/os-release```
+* Logstash config: on the Linux server type ```sudo docker config inspect logstash.conf --pretty```
+
+
+## 2. Upgrade from versions prior to v0.5
+LME does not support upgrading directly from versions prior to 0.5 to 1.0. Prior to switching to CISA's repo, first upgrade to the latest version of LME published by the NCSC (v0.5.1). Then follow the instructions above to upgrade to v1.0.
 
-## 2. Upgrade from v0.5 to 1.0.0
+
+## 3. Upgrade from v0.5 to 1.0.0
 
 Since LME's transition from the NCSC to CISA, the location of the LME repository has changed from `https://github.com/ukncsc/lme` to `https://github.com/cisagov/lme`. To obtain any further updates to LME on the ELK server, you will need to transition to the new git repository. Because vital configuration files are stored within the same folder as the git repo, it's simpler to copy the old LME folder to a different location, clone the new repo, copy the files and folders unique to your system, and then optionally delete the old folder. You can do this by running the following commands:
 
@@ -45,12 +52,13 @@ sudo cp /opt/lme/Chapter\ 3\ Files/dashboard_update.sh /opt/lme/
 sed -i "s/dashboardupdatepassword/$OLD_Password/g" /opt/lme/dashboard_update.sh
 ```
 
-### 2.1. ELK Stack Update
+
+### 3.1. ELK Stack Update
 You can update the ELK stack portion of LME to v1.0 (including dashboards and ELK stack containers) by running the following on the Linux server:
 
 ```
 cd /opt/lme/Chapter\ 3\ Files/
-sudo ./deploy.sh update
+sudo ./deploy.sh upgrade
 ```
 **The last step of this script makes all files only readable by their owner in /opt/lme, so that all root owned files with passwords in them are only readable by root. This prevents a local unprivileged user from gaining access to the elastic stack.**
 
@@ -81,7 +89,7 @@ The rules built-in to the Elastic SIEM can then be updated to the latest version
 
 
 
-### 2.2. Winlogbeat Update
+### 3.2. Winlogbeat Update
 The winlogbeat.yml file used with LME v0.5.1 is not compatible with Winlogbeat 8.5.0, the version used with LME v1.0. As such, running `./deploy.sh update` from step 1.1.1 regenerates a new config file.
 
 **Your client may still authenticate and push logs to elasticsearch, but for both the security of the client and your LME setup we suggest you still update**
@@ -91,33 +99,52 @@ To update Winlogbeat:
 2. From an elevated PowerShell session, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64\") and then run `./uninstall-service-winlogbeat.ps1`
 3. Re-install Winlogbeat, using the new copy of files_for_windows.zip, following the instructions listed under [3.3 Configuring Winlogbeat on Windows Event Collector Server](/docs/markdown/chapter3/chapter3.md#33-configuring-winlogbeat-on-windows-event-collector-server)
 
-### 2.3. Network Share Updates
+### 3.3. Network Share Updates
 LME v1.0 made a minor change to the file structure used in the SYSVOL folder, so a few manual changes are needed to accommodate this.
 1. Set up the SYSVOL folder as described in [2.2.1 - Folder Layout](/docs/markdown/chapter2.md#221---folder-layout).
 2. Replace the old version of update.bat with the [latest version](/Chapter%202%20Files/GPO%20Deployment/update.bat).
 3. Update the path to update.bat used in the LME-Sysmon-Task GPO (refer to [2.2.3 - Scheduled task GPO Policy](/docs/markdown/chapter2.md#223---scheduled-task-gpo-policy)).
 
-### 2.4. Checklist
+### 3.4. Checklist
 1. Have the ELK stack components been upgraded on the Linux server? While on the Linux server, run `sudo docker ps | grep lme`. Version 8.7.1 of Logstash, Kibana, and Elasticsearch should be running.
 2. Has Winlogbeat been updated to version 8.5.0? From Event Collector, using PowerShell, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64") and run `.\winlogbeat version`.
 3. Is the LME folder inside SYSVOL properly structured? Refer to the checklist listed at the end of chapter 2.
 4. Are the events from all clients visible inside elastic? Refer to [4.1.2 Check you are receiving logs](/docs/markdown/chapter4.md#412-check-you-are-receiving-logs).
 
-## 3. Upgrade from versions prior to v0.5
-LME does not support upgrading directly from versions prior to 0.5 to 1.0. Prior to switching to CISA's repo, first upgrade to the latest version of LME published by the NCSC (v0.5.1). Then follow the instructions above to upgrade to v1.0.
 
-## 4. Finding your LME version (and the components versions)
-When reporting an issue or suggesting improvements, it is important to include the versions of all the components, where possible. This ensures that the issue has not already been fixed! 
+## 4. Upgrade from 1.0.0 to 1.1.0
+To fetch the latest changes, on the Linux server, run the following commands as root:
+```
+cd /opt/lme
+git pull
+```
+
+To manually update the dashboards, see [How to update dashboards](/Chapter%204%20Files/dashboards#how-to-update-dashboards).
+
+Additionally, to fix a potential file permission issue present in v1.0.0, run the following command on the Linux server:
+```
+sudo chown -R 1000:1000 /opt/lme/backups
+```
+
+See [Directory permission issues](/docs/markdown/reference/troubleshooting.md#directory-permission-issues) for more details.
+
+
+## 5. Upgrade from 1.1.0 to 1.2.0
+To fetch the latest changes, on the Linux server, run the following commands as root:
+```
+cd /opt/lme/Chapter\ 3\ Files/
+sudo ./deploy.sh uninstall
+cd /opt/lme
+git pull
+cd Chapter\ 3\ Files/
+sudo ./deploy.sh install
+```
+
+The deploy.sh script should have now created new files on the Linux server at location /opt/lme/files_for_windows.zip . This file needs to be copied across and used on the Windows Event Collector server like it was explained in Chapter 3 sections [3.2.4 & 3.3 ](/docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector). 
+
+Then reboot your Client computers & Windows Event Collector. On Windows Event Collector open services.msc as an administrator and make sure the winlogbeat service is set to start automatically, and is running.
+
+
+
 
-### 4.1. Windows Server
-* Operating System: Press "Windows Key"+R and type ```winver```
-* WEC Config: Open EventViewer > Subscriptions > "LME" > Description should contain version number
-* Winlogbeat Config: At the top of the file C:\Program Files\lme\winlogbeat.yml there should be a version number.
-* Winlogbeat.exe version: Using PowerShell, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64") and run `.\winlogbeat version`.
-* Sysmon config: From either the top of the file or look at the status dashboard
-* Sysmon executable: Either run sysmon.exe or look at the status dashboard
 
-### 4.2. Linux Server
-* Docker: on the Linux server type ```docker --version```
-* Linux: on the Linux server type ```cat /etc/os-release```
-* Logstash config: on the Linux server type ```sudo docker config inspect logstash.conf --pretty```

From 8c17d25d33c768c98dd532c1bdc6f05a4e3138f8 Mon Sep 17 00:00:00 2001
From: "Grant (SNL)" <108766839+rgbrow1949@users.noreply.github.com>
Date: Fri, 15 Dec 2023 23:42:53 +0000
Subject: [PATCH 2/7] Delete Chapter 4 Files/dashboards/user_security.ndjson

---
 .../dashboards/user_security.ndjson           | 42 -------------------
 1 file changed, 42 deletions(-)
 delete mode 100644 Chapter 4 Files/dashboards/user_security.ndjson

diff --git a/Chapter 4 Files/dashboards/user_security.ndjson b/Chapter 4 Files/dashboards/user_security.ndjson
deleted file mode 100644
index ed23157c..00000000
--- a/Chapter 4 Files/dashboards/user_security.ndjson	
+++ /dev/null
@@ -1,42 +0,0 @@
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-28T13:44:13.391Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-28T13:44:13.391Z","version":"WzIxNDMsM10="}
-{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzNiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzNywxXQ=="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"user.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"user.name\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"UserDashboardUserList","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"e8f983d0-860b-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzOCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Filter Users","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Users\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Events\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"a71b5fa0-860c-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e8f983d0-860b-11ea-a720-c7a0431f179d","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzOSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0MCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0MSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0MiwxXQ=="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0MywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0NCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0NSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0NiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0NywxXQ=="}
-{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0OCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI0OSwxXQ=="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1MCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1MSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"title":"Security - Network connection country pie","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.geo.country_iso_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Network connection country pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"9a7600a0-8ba9-11ea-b494-03608db93b61","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1MiwxXQ=="}
-{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1MywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1NCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Logged on user\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security - Network Process List\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1NSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"query\": {\n    \"query\": \"\",\n    \"language\": \"kuery\"\n  },\n  \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true},\"title\":\"Overview - Processes with unusual network activity\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"245778d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1NiwxXQ=="}
-{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","source.ip","source.port","destination.ip","destination.port","network.transport"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_non_private_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1NywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1OCwxXQ=="}
-{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","hash.imphash"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Process Spawns","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI1OSwxXQ=="}
-{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"2e276480-ec16-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2MCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"60553d40-ec18-11e9-befc-81397a291157","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2MSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2MiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2MywxXQ=="}
-{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or  \\\"get\\\"  or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2NCwxXQ=="}
-{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2NSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2NiwxXQ=="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2NywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2OCwxXQ=="}
-{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI2OSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI3MCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI3MSwxXQ=="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI3MiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI3MywxXQ=="}
-{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI3NCwxXQ=="}
-{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},\"panelIndex\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},\"panelIndex\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"acae805a-1f8b-4298-99e6-9624fdc45fee\"},\"panelIndex\":\"acae805a-1f8b-4298-99e6-9624fdc45fee\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter users\",\"panelRefName\":\"panel_acae805a-1f8b-4298-99e6-9624fdc45fee\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},\"panelIndex\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},\"panelIndex\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},\"panelIndex\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},\"panelIndex\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"13240516-125d-434d-8929-d9a334308aa6\"},\"panelIndex\":\"13240516-125d-434d-8929-d9a334308aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_13240516-125d-434d-8929-d9a334308aa6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\"},\"panelIndex\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_4b488bfa-a881-46c9-933b-ed762dfb6884\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\"},\"panelIndex\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d6bc214-21e6-4f94-b4df-94585768f0d1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},\"panelIndex\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},\"panelIndex\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"3b38696a-cc17-47fb-91f4-96884a7262de\"},\"panelIndex\":\"3b38696a-cc17-47fb-91f4-96884a7262de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_3b38696a-cc17-47fb-91f4-96884a7262de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":17,\"i\":\"c7fa573d-ea88-4f5f-aabe-40c9878d97e0\"},\"panelIndex\":\"c7fa573d-ea88-4f5f-aabe-40c9878d97e0\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connections by country\",\"panelRefName\":\"panel_c7fa573d-ea88-4f5f-aabe-40c9878d97e0\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":17,\"i\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},\"panelIndex\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":24,\"h\":15,\"i\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\"},\"panelIndex\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_85d08841-be8d-45e6-8d57-e79d3e63b315\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":87,\"w\":24,\"h\":15,\"i\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\"},\"panelIndex\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_d6e81b2b-664b-480d-9e79-0146110b5b40\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":102,\"w\":48,\"h\":10,\"i\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\"},\"panelIndex\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cf6d87aa-3642-443d-8535-ffc445bb0de8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":4,\"i\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\"},\"panelIndex\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7d0f621-25db-4fc2-b342-de3356d27d22\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":116,\"w\":48,\"h\":14,\"i\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\"},\"panelIndex\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_8dba12cb-b13b-4885-be71-4f0b80b741a1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":10,\"h\":15,\"i\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},\"panelIndex\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":130,\"w\":20,\"h\":15,\"i\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\"},\"panelIndex\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_57e03c45-07da-4b09-84ad-8f536cbdbb58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":130,\"w\":18,\"h\":15,\"i\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\"},\"panelIndex\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_6286154f-2b14-43a6-a3a5-9e85cf465162\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":145,\"w\":48,\"h\":16,\"i\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\"},\"panelIndex\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_376ac409-1f80-4cc4-a94f-71431233ffc1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":161,\"w\":48,\"h\":14,\"i\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},\"panelIndex\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":175,\"w\":48,\"h\":4,\"i\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\"},\"panelIndex\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb24e6b0-f665-4798-8540-31d38b4b78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":179,\"w\":24,\"h\":15,\"i\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},\"panelIndex\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":179,\"w\":24,\"h\":15,\"i\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\"},\"panelIndex\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_5b06e280-9804-408b-b8c5-c75f21bb7d00\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":194,\"w\":48,\"h\":4,\"i\":\"05382728-1306-4e59-b08e-d899afdf22b3\"},\"panelIndex\":\"05382728-1306-4e59-b08e-d899afdf22b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05382728-1306-4e59-b08e-d899afdf22b3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":198,\"w\":12,\"h\":14,\"i\":\"ba231616-e45f-4299-87a6-56f785c53354\"},\"panelIndex\":\"ba231616-e45f-4299-87a6-56f785c53354\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_ba231616-e45f-4299-87a6-56f785c53354\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":198,\"w\":12,\"h\":14,\"i\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},\"panelIndex\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":198,\"w\":24,\"h\":14,\"i\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\"},\"panelIndex\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_af3a8a33-8efa-422f-b024-f2c4a158586f\"}]","timeRestore":false,"title":"User Security","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"e5f203f0-6182-11ee-b035-d5f231e90733","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"cb956d23-9d5b-4af8-becf-a2d2d108b5f7:panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"d962c0d4-f80a-426c-9a1b-43e2fb6296f2:panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2","type":"visualization"},{"id":"a71b5fa0-860c-11ea-a720-c7a0431f179d","name":"acae805a-1f8b-4298-99e6-9624fdc45fee:panel_acae805a-1f8b-4298-99e6-9624fdc45fee","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"669e458b-ac6a-41d1-b3e2-945a0c8571bd:panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"b5483ec3-77b5-4e4c-b532-32ce796aa1de:panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de","type":"visualization"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae:panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f:panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"13240516-125d-434d-8929-d9a334308aa6:panel_13240516-125d-434d-8929-d9a334308aa6","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"4b488bfa-a881-46c9-933b-ed762dfb6884:panel_4b488bfa-a881-46c9-933b-ed762dfb6884","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1d6bc214-21e6-4f94-b4df-94585768f0d1:panel_1d6bc214-21e6-4f94-b4df-94585768f0d1","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"5db1345f-28a0-43fd-9cd2-d51e9349cfad:panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"dc8de60f-b44b-4e88-9f4c-603ebc8be78b:panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"3b38696a-cc17-47fb-91f4-96884a7262de:panel_3b38696a-cc17-47fb-91f4-96884a7262de","type":"visualization"},{"id":"9a7600a0-8ba9-11ea-b494-03608db93b61","name":"c7fa573d-ea88-4f5f-aabe-40c9878d97e0:panel_c7fa573d-ea88-4f5f-aabe-40c9878d97e0","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"8053a0e5-33e4-46d0-adcc-5baa505a07e4:panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"85d08841-be8d-45e6-8d57-e79d3e63b315:panel_85d08841-be8d-45e6-8d57-e79d3e63b315","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"d6e81b2b-664b-480d-9e79-0146110b5b40:panel_d6e81b2b-664b-480d-9e79-0146110b5b40","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cf6d87aa-3642-443d-8535-ffc445bb0de8:panel_cf6d87aa-3642-443d-8535-ffc445bb0de8","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"e7d0f621-25db-4fc2-b342-de3356d27d22:panel_e7d0f621-25db-4fc2-b342-de3356d27d22","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"8dba12cb-b13b-4885-be71-4f0b80b741a1:panel_8dba12cb-b13b-4885-be71-4f0b80b741a1","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"d91877f5-6b32-4f10-b31c-a7dfc609b37e:panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"57e03c45-07da-4b09-84ad-8f536cbdbb58:panel_57e03c45-07da-4b09-84ad-8f536cbdbb58","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"6286154f-2b14-43a6-a3a5-9e85cf465162:panel_6286154f-2b14-43a6-a3a5-9e85cf465162","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"376ac409-1f80-4cc4-a94f-71431233ffc1:panel_376ac409-1f80-4cc4-a94f-71431233ffc1","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"570dff9d-ac96-4d3b-a4f3-a81e09fce159:panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"fb24e6b0-f665-4798-8540-31d38b4b78cb:panel_fb24e6b0-f665-4798-8540-31d38b4b78cb","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a:panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"5b06e280-9804-408b-b8c5-c75f21bb7d00:panel_5b06e280-9804-408b-b8c5-c75f21bb7d00","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"05382728-1306-4e59-b08e-d899afdf22b3:panel_05382728-1306-4e59-b08e-d899afdf22b3","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"ba231616-e45f-4299-87a6-56f785c53354:panel_ba231616-e45f-4299-87a6-56f785c53354","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931:panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"af3a8a33-8efa-422f-b024-f2c4a158586f:panel_af3a8a33-8efa-422f-b024-f2c4a158586f","type":"search"}],"type":"dashboard","updated_at":"2023-11-22T14:34:50.676Z","version":"WzI3NSwxXQ=="}
-{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":41,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file

From 6553dde31699fd4cabc6ed448a1c62e854a087a2 Mon Sep 17 00:00:00 2001
From: "Grant (SNL)" <108766839+rgbrow1949@users.noreply.github.com>
Date: Fri, 15 Dec 2023 23:43:04 +0000
Subject: [PATCH 3/7] Delete Chapter 4
 Files/dashboards/security_dashboard_security_log.ndjson

---
 .../security_dashboard_security_log.ndjson    | 32 -------------------
 1 file changed, 32 deletions(-)
 delete mode 100644 Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson

diff --git a/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson b/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson
deleted file mode 100644
index 98e0ee10..00000000
--- a/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson	
+++ /dev/null
@@ -1,32 +0,0 @@
-{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzNiwxXQ=="}
-{"attributes":{"columns":["event.code","event.action","winlog.logon.type","user.domain","user.name","host.name","winlog.event_data.LogonProcessName","winlog.logon.id","winlog.event_data.SubjectUserName","source.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4MiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Vis_sd_security_log_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Vis_sd_security_log_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"e5245110-e8e8-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4MywxXQ=="}
-{"attributes":{"columns":["host.name","process.parent.executable","process.executable","winlog.event_id","winlog.event_data.TokenElevationType","winlog.event_data.MandatoryLabel"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code: \\\"4688\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4688_process_creation","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"781b09e0-e8ea-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4NCwxXQ=="}
-{"attributes":{"columns":["winlog.user_data.SubjectDomainName","winlog.user_data.SubjectUserName","host.name","event.code","winlog.user_data.Channel","event.module"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1102\\\"  OR event.code:\\\"104\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_1102_security_log_cleared","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"8c100710-e8eb-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4NSwxXQ=="}
-{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:2\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_2","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"beaefbb0-e8ee-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4NiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_2_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Logon created for user\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"logon created locally\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_2_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"0222a210-e8f0-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"beaefbb0-e8ee-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4NywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"type\":\"phrase\",\"key\":\"winlog.channel\",\"value\":\"Security\",\"params\":{\"query\":\"Security\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"winlog.channel\":{\"query\":\"Security\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"vis_sd_security_4624_picker","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1570446686972\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Computername\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"title\":\"vis_sd_security_4624_picker\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4OCwxXQ=="}
-{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:3\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_3","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"203b2790-e8f5-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE4OSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not user.name:*$\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_3_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network logon created for user\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"network logon by user\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_3_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"666027c0-e8f5-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"203b2790-e8f5-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5MCwxXQ=="}
-{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:5\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_5","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"649fd2c0-e8f8-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5MSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_5_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service account used\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Logon as service with user\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_5_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"649fd2c0-e8f8-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5MiwxXQ=="}
-{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:8\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_8","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"2d636030-e900-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5MywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_8_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Credentials sent in clear text\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_8_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"80125e30-e900-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2d636030-e900-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5NCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_8_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_8_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"3ce572e0-e901-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2d636030-e900-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5NSwxXQ=="}
-{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.WorkstationName","winlog.event_data.TargetUserName","winlog.event_data.LogonType","winlog.event_data.IpAddress","winlog.event_data.Status","winlog.event_data.SubStatus"],"description":"New settings test 9/29/2023 16:44","grid":{"columns":{"winlog.event_data.Status":{"width":221}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4625\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4625_failed_logon","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"0b549610-e902-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5NiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"fefc2830-e904-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5NywxXQ=="}
-{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:11\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_11","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"df7536e0-e905-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5OCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_11_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_11_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"27974a20-e907-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"df7536e0-e905-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzE5OSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_11_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Account logon with cached credentials\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4624_logon_type_11_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"b40a99e0-e906-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"df7536e0-e905-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwMCwxXQ=="}
-{"attributes":{"columns":["winlog.event_data.SubjectUserName","winlog.computer_name","winlog.task","winlog.event_id","winlog.event_data.PrivilegeList"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4672\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4672_special_privileges_assigned","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"03537790-e909-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwMSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4672_special_privileges_assigned_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User assigned special privileges\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User assigned special privileges logged on\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_4672_special_privileges_assigned_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"379f1cb0-e90a-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"03537790-e909-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwMiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.event_id:4625, index=winlogbeat-*, split=winlog.computer_name:10).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwMywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"846ca470-e9ac-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwNCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwNSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"3690c770-e9ae-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwNiwxXQ=="}
-{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_id","winlog.event_data.PasswordLastSet","winlog.event_data.OldUacValue","winlog.event_data.NewUacValue","winlog.event_data.UserAccountControl","winlog.event_data.AllowedToDelegateTo","winlog.event_data.PrivilegeList","user.domain","user.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:4738 and event.outcome: \\\"success\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4738_account_details_changed_AD_to_AE","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"1bdf1a30-e9d6-11e9-92c4-d918939a618e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwNywxXQ=="}
-{"attributes":{"columns":["process.name","host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","process.pid","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"must\":[{\"script\":{\"script\":\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\"}}]}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Window Manager\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Window Manager\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Font Driver Host\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Font Driver Host\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["winlog.event_id","asc"]],"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"103ccef0-ea73-11e9-be68-7f08998695a8","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwOCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIwOSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-28T13:44:13.391Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-28T13:44:13.391Z","version":"WzIxNDMsM10="}
-{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":149,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":124,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":166,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results.  Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":132,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":199,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sercurity log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":24,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":216,\"w\":24,\"h\":15,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Credential sent as clear text\",\"panelRefName\":\"panel_12\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":231,\"w\":24,\"h\":15,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon using cached credentials\",\"panelRefName\":\"panel_17\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":231,\"w\":24,\"h\":15,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon using cached credentials - Logon type 11\",\"panelRefName\":\"panel_18\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":246,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log -  Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":98,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":279,\"w\":48,\"h\":9,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Account Changes - A user account object was changed - event ID 4738\",\"panelRefName\":\"panel_24\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":264,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":82,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:46.461Z","id":"51186cd0-e8e9-11e9-9070-f78ae052729a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"e5245110-e8e8-11e9-9070-f78ae052729a","name":"1:panel_1","type":"visualization"},{"id":"781b09e0-e8ea-11e9-9070-f78ae052729a","name":"2:panel_2","type":"search"},{"id":"8c100710-e8eb-11e9-9070-f78ae052729a","name":"3:panel_3","type":"search"},{"id":"0222a210-e8f0-11e9-9070-f78ae052729a","name":"6:panel_6","type":"visualization"},{"id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","name":"7:panel_7","type":"visualization"},{"id":"666027c0-e8f5-11e9-9070-f78ae052729a","name":"8:panel_8","type":"visualization"},{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"9:panel_9","type":"search"},{"id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","name":"10:panel_10","type":"visualization"},{"id":"80125e30-e900-11e9-9070-f78ae052729a","name":"11:panel_11","type":"visualization"},{"id":"3ce572e0-e901-11e9-9070-f78ae052729a","name":"12:panel_12","type":"visualization"},{"id":"fefc2830-e904-11e9-9070-f78ae052729a","name":"15:panel_15","type":"visualization"},{"id":"27974a20-e907-11e9-9070-f78ae052729a","name":"17:panel_17","type":"visualization"},{"id":"b40a99e0-e906-11e9-9070-f78ae052729a","name":"18:panel_18","type":"visualization"},{"id":"379f1cb0-e90a-11e9-9070-f78ae052729a","name":"19:panel_19","type":"visualization"},{"id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","name":"20:panel_20","type":"visualization"},{"id":"846ca470-e9ac-11e9-92c4-d918939a618e","name":"21:panel_21","type":"visualization"},{"id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","name":"22:panel_22","type":"visualization"},{"id":"3690c770-e9ae-11e9-92c4-d918939a618e","name":"23:panel_23","type":"visualization"},{"id":"1bdf1a30-e9d6-11e9-92c4-d918939a618e","name":"24:panel_24","type":"search"},{"id":"103ccef0-ea73-11e9-be68-7f08998695a8","name":"28:panel_28","type":"search"},{"id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","name":"30:panel_30","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","updated_at":"2023-11-22T14:34:46.461Z","version":"WzIxMSwxXQ=="}
-{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":31,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file

From e0b7b932fe085779d8b385098397f4f7c1051aac Mon Sep 17 00:00:00 2001
From: "Grant (SNL)" <108766839+rgbrow1949@users.noreply.github.com>
Date: Fri, 15 Dec 2023 23:43:25 +0000
Subject: [PATCH 4/7] Updated dashboards

---
 .../security_dashboard_security_log.ndjson    | 27 +++++++++++++
 .../dashboards/user_security.ndjson           | 39 +++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson
 create mode 100644 Chapter 4 Files/dashboards/user_security.ndjson

diff --git a/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson b/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson
new file mode 100644
index 00000000..eb5bbcdd
--- /dev/null
+++ b/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson	
@@ -0,0 +1,27 @@
+{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-12-15T23:20:50.098Z","version":"WzQ2ODkyLDEwXQ=="}
+{"attributes":{"columns":["event.code","event.action","winlog.logon.type","host.name","winlog.event_data.LogonProcessName","winlog.logon.id","winlog.event_data.SubjectUserName","winlog.event_data.IpAddress","winlog.event_data.TargetDomainName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_logs","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-14T16:34:29.705Z","version":"WzM4ODUxLDld"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Vis_sd_security_log_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Vis_sd_security_log_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"e5245110-e8e8-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NTk0LDdd"}
+{"attributes":{"columns":["host.name","winlog.event_id","winlog.event_data.TokenElevationType","winlog.event_data.MandatoryLabel","winlog.event_data.ProcessId","winlog.event_data.ProcessName","process.parent.executable","process.executable"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code: \\\"4688\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4688_process_creation","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"781b09e0-e8ea-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-14T17:42:07.056Z","version":"WzQwMTAzLDld"}
+{"attributes":{"columns":["winlog.user_data.SubjectDomainName","winlog.user_data.SubjectUserName","host.name","event.code","winlog.user_data.Channel","event.module"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1102\\\"  OR event.code:\\\"104\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_1102_security_log_cleared","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"8c100710-e8eb-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NTk2LDdd"}
+{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:2\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_2","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"beaefbb0-e8ee-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NTk3LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"user.domain\",\"negate\":true,\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"type\":\"phrases\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}]}}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_2_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_2_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logon created for user\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"logon created locally\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T17:15:54.129Z","id":"0222a210-e8f0-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"beaefbb0-e8ee-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-14T17:15:54.129Z","version":"WzM5NDUyLDld"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"type\":\"phrase\",\"key\":\"winlog.channel\",\"value\":\"Security\",\"params\":{\"query\":\"Security\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"winlog.channel\":{\"query\":\"Security\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"vis_sd_security_4624_picker","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1570446686972\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Computername\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"title\":\"vis_sd_security_4624_picker\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NTk5LDdd"}
+{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:3\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_3","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"203b2790-e8f5-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjAwLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not user.name:*$\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_3_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_3_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Network logon created for user\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"network logon by user\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T17:17:18.070Z","id":"666027c0-e8f5-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"203b2790-e8f5-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-14T17:17:18.070Z","version":"WzM5NTA1LDld"}
+{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:5\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_5","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"649fd2c0-e8f8-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjAyLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_5_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_5_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Service account used\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logon as service with user\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T17:19:26.725Z","id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"649fd2c0-e8f8-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-14T17:19:26.725Z","version":"WzM5NTk0LDld"}
+{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:8\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4624_logon_type_8","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"2d636030-e900-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjA0LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_8_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_8_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"User\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Credentials sent in clear text\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T17:28:51.847Z","id":"80125e30-e900-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2d636030-e900-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-14T17:28:51.847Z","version":"WzM5NzUyLDld"}
+{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.WorkstationName","winlog.event_data.TargetUserName","winlog.event_data.LogonType","winlog.event_data.IpAddress","winlog.event_data.Status","winlog.event_data.SubStatus"],"description":"New settings test 9/29/2023 16:44","grid":{"columns":{"winlog.event_data.Status":{"width":221}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4625\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4625_failed_logon","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"0b549610-e902-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjA3LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"fefc2830-e904-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjA4LDdd"}
+{"attributes":{"columns":["winlog.event_data.SubjectUserName","winlog.computer_name","winlog.task","winlog.event_id","winlog.event_data.PrivilegeList"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4672\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_security_4672_special_privileges_assigned","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"03537790-e909-11e9-9070-f78ae052729a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjEyLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4672_special_privileges_assigned_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4672_special_privileges_assigned_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computername\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"User assigned special privileges\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"User assigned special privileges logged on\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T17:36:41.525Z","id":"379f1cb0-e90a-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"03537790-e909-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-14T17:36:41.525Z","version":"WzM5OTE1LDld"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.event_id:4625, index=winlogbeat-*, split=winlog.computer_name:10).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE0LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"846ca470-e9ac-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE1LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE2LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"3690c770-e9ae-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE3LDdd"}
+{"attributes":{"columns":["host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"script\":{\"script\":\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\"}}]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Window Manager\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Window Manager\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Font Driver Host\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Font Driver Host\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"timeRestore":false,"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"103ccef0-ea73-11e9-be68-7f08998695a8","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-14T17:38:15.880Z","version":"WzM5OTg1LDld"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjIwLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjQ2LDdd"}
+{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":151,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results.  Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":169,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":117,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sercurity log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":201,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log -  Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":234,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T17:42:45.616Z","id":"51186cd0-e8e9-11e9-9070-f78ae052729a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"e5245110-e8e8-11e9-9070-f78ae052729a","name":"1:panel_1","type":"visualization"},{"id":"781b09e0-e8ea-11e9-9070-f78ae052729a","name":"2:panel_2","type":"search"},{"id":"8c100710-e8eb-11e9-9070-f78ae052729a","name":"3:panel_3","type":"search"},{"id":"0222a210-e8f0-11e9-9070-f78ae052729a","name":"6:panel_6","type":"visualization"},{"id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","name":"7:panel_7","type":"visualization"},{"id":"666027c0-e8f5-11e9-9070-f78ae052729a","name":"8:panel_8","type":"visualization"},{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"9:panel_9","type":"search"},{"id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","name":"10:panel_10","type":"visualization"},{"id":"80125e30-e900-11e9-9070-f78ae052729a","name":"11:panel_11","type":"visualization"},{"id":"fefc2830-e904-11e9-9070-f78ae052729a","name":"15:panel_15","type":"visualization"},{"id":"379f1cb0-e90a-11e9-9070-f78ae052729a","name":"19:panel_19","type":"visualization"},{"id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","name":"20:panel_20","type":"visualization"},{"id":"846ca470-e9ac-11e9-92c4-d918939a618e","name":"21:panel_21","type":"visualization"},{"id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","name":"22:panel_22","type":"visualization"},{"id":"3690c770-e9ae-11e9-92c4-d918939a618e","name":"23:panel_23","type":"visualization"},{"id":"103ccef0-ea73-11e9-be68-7f08998695a8","name":"28:panel_28","type":"search"},{"id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","name":"30:panel_30","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","updated_at":"2023-12-14T17:42:45.616Z","version":"WzQwMTE2LDld"}
+{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":26,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
diff --git a/Chapter 4 Files/dashboards/user_security.ndjson b/Chapter 4 Files/dashboards/user_security.ndjson
new file mode 100644
index 00000000..ecd315c4
--- /dev/null
+++ b/Chapter 4 Files/dashboards/user_security.ndjson	
@@ -0,0 +1,39 @@
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjQ2LDdd"}
+{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-12-15T23:20:50.098Z","version":"WzQ2ODkyLDEwXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjQ4LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjUyLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjUxLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjUzLDdd"}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU0LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU1LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU2LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU3LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU4LDdd"}
+{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU5LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjYwLDdd"}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjYxLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T00:48:41.405Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T00:48:41.405Z","version":"WzQyODI3LDld"}
+{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjY0LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T00:59:54.342Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T00:59:54.342Z","version":"WzQzMDU4LDld"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T23:06:32.574Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T23:06:32.574Z","version":"WzQ2NTkxLDEwXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T23:11:33.789Z","id":"245778d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T23:11:33.789Z","version":"WzQ2Njk4LDEwXQ=="}
+{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-15T23:22:04.795Z","version":"WzQ2ODk2LDEwXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjY5LDdd"}
+{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-15T23:29:54.199Z","version":"WzQ3MDQ3LDEwXQ=="}
+{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"2e276480-ec16-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjcxLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"60553d40-ec18-11e9-befc-81397a291157","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjcyLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjczLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc0LDdd"}
+{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or  \\\"get\\\"  or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc1LDdd"}
+{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc2LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc3LDdd"}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc4LDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc5LDdd"}
+{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgwLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgxLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgyLDdd"}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgzLDdd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njg0LDdd"}
+{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njg1LDdd"}
+{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},\"panelIndex\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},\"panelIndex\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},\"panelIndex\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},\"panelIndex\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\"},\"panelIndex\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter users\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},\"panelIndex\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},\"panelIndex\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"13240516-125d-434d-8929-d9a334308aa6\"},\"panelIndex\":\"13240516-125d-434d-8929-d9a334308aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_13240516-125d-434d-8929-d9a334308aa6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\"},\"panelIndex\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_4b488bfa-a881-46c9-933b-ed762dfb6884\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\"},\"panelIndex\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d6bc214-21e6-4f94-b4df-94585768f0d1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},\"panelIndex\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},\"panelIndex\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"3b38696a-cc17-47fb-91f4-96884a7262de\"},\"panelIndex\":\"3b38696a-cc17-47fb-91f4-96884a7262de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_3b38696a-cc17-47fb-91f4-96884a7262de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\"},\"panelIndex\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_85d08841-be8d-45e6-8d57-e79d3e63b315\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},\"panelIndex\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\"},\"panelIndex\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_d6e81b2b-664b-480d-9e79-0146110b5b40\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\"},\"panelIndex\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cf6d87aa-3642-443d-8535-ffc445bb0de8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\"},\"panelIndex\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7d0f621-25db-4fc2-b342-de3356d27d22\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\"},\"panelIndex\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_8dba12cb-b13b-4885-be71-4f0b80b741a1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},\"panelIndex\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\"},\"panelIndex\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_57e03c45-07da-4b09-84ad-8f536cbdbb58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\"},\"panelIndex\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_6286154f-2b14-43a6-a3a5-9e85cf465162\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\"},\"panelIndex\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_376ac409-1f80-4cc4-a94f-71431233ffc1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},\"panelIndex\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\"},\"panelIndex\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb24e6b0-f665-4798-8540-31d38b4b78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},\"panelIndex\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\"},\"panelIndex\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_5b06e280-9804-408b-b8c5-c75f21bb7d00\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"05382728-1306-4e59-b08e-d899afdf22b3\"},\"panelIndex\":\"05382728-1306-4e59-b08e-d899afdf22b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05382728-1306-4e59-b08e-d899afdf22b3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"ba231616-e45f-4299-87a6-56f785c53354\"},\"panelIndex\":\"ba231616-e45f-4299-87a6-56f785c53354\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_ba231616-e45f-4299-87a6-56f785c53354\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},\"panelIndex\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\"},\"panelIndex\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_af3a8a33-8efa-422f-b024-f2c4a158586f\"}]","timeRestore":false,"title":"User Security","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T23:35:09.866Z","id":"e5f203f0-6182-11ee-b035-d5f231e90733","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"cb956d23-9d5b-4af8-becf-a2d2d108b5f7:panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"d962c0d4-f80a-426c-9a1b-43e2fb6296f2:panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"b5483ec3-77b5-4e4c-b532-32ce796aa1de:panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"669e458b-ac6a-41d1-b3e2-945a0c8571bd:panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"b693e539-d72a-496c-bbaf-31c22eeb78c2:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae:panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f:panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"13240516-125d-434d-8929-d9a334308aa6:panel_13240516-125d-434d-8929-d9a334308aa6","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"4b488bfa-a881-46c9-933b-ed762dfb6884:panel_4b488bfa-a881-46c9-933b-ed762dfb6884","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1d6bc214-21e6-4f94-b4df-94585768f0d1:panel_1d6bc214-21e6-4f94-b4df-94585768f0d1","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"5db1345f-28a0-43fd-9cd2-d51e9349cfad:panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"dc8de60f-b44b-4e88-9f4c-603ebc8be78b:panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"3b38696a-cc17-47fb-91f4-96884a7262de:panel_3b38696a-cc17-47fb-91f4-96884a7262de","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"85d08841-be8d-45e6-8d57-e79d3e63b315:panel_85d08841-be8d-45e6-8d57-e79d3e63b315","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"8053a0e5-33e4-46d0-adcc-5baa505a07e4:panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"d6e81b2b-664b-480d-9e79-0146110b5b40:panel_d6e81b2b-664b-480d-9e79-0146110b5b40","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cf6d87aa-3642-443d-8535-ffc445bb0de8:panel_cf6d87aa-3642-443d-8535-ffc445bb0de8","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"e7d0f621-25db-4fc2-b342-de3356d27d22:panel_e7d0f621-25db-4fc2-b342-de3356d27d22","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"8dba12cb-b13b-4885-be71-4f0b80b741a1:panel_8dba12cb-b13b-4885-be71-4f0b80b741a1","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"d91877f5-6b32-4f10-b31c-a7dfc609b37e:panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"57e03c45-07da-4b09-84ad-8f536cbdbb58:panel_57e03c45-07da-4b09-84ad-8f536cbdbb58","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"6286154f-2b14-43a6-a3a5-9e85cf465162:panel_6286154f-2b14-43a6-a3a5-9e85cf465162","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"376ac409-1f80-4cc4-a94f-71431233ffc1:panel_376ac409-1f80-4cc4-a94f-71431233ffc1","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"570dff9d-ac96-4d3b-a4f3-a81e09fce159:panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"fb24e6b0-f665-4798-8540-31d38b4b78cb:panel_fb24e6b0-f665-4798-8540-31d38b4b78cb","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a:panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"5b06e280-9804-408b-b8c5-c75f21bb7d00:panel_5b06e280-9804-408b-b8c5-c75f21bb7d00","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"05382728-1306-4e59-b08e-d899afdf22b3:panel_05382728-1306-4e59-b08e-d899afdf22b3","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"ba231616-e45f-4299-87a6-56f785c53354:panel_ba231616-e45f-4299-87a6-56f785c53354","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931:panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"af3a8a33-8efa-422f-b024-f2c4a158586f:panel_af3a8a33-8efa-422f-b024-f2c4a158586f","type":"search"}],"type":"dashboard","updated_at":"2023-12-15T23:35:09.866Z","version":"WzQ3MjczLDEwXQ=="}
+{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":38,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file

From 851aec3d0fc6eb1f66f6008137c7f7ae44576fad Mon Sep 17 00:00:00 2001
From: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com>
Date: Mon, 18 Dec 2023 11:09:22 -0800
Subject: [PATCH 5/7] Remove elastic user password prompt from deploy.sh (#107)

* Remove elastic password prompt and condition in setpasswords()

* create displaycredentials() fnc, link troubleshooting.md documentation at end of script

* update deploy.sh to link to changing elastic username/password in troubleshooting.md
---
 Chapter 3 Files/deploy.sh | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/Chapter 3 Files/deploy.sh b/Chapter 3 Files/deploy.sh
index cfc78118..9be81a64 100755
--- a/Chapter 3 Files/deploy.sh	
+++ b/Chapter 3 Files/deploy.sh	
@@ -103,11 +103,7 @@ function setroles() {
 }
 
 function setpasswords() {
-  temp="temp"
-  #override temp password if overwriting an old docker container
-  if [ -v OLD_ELASTIC_PASS ]; then
-    temp=$OLD_ELASTIC_PASS
-  fi
+  temp="temp" 
 
   echo -e "\e[32m[X]\e[0m Waiting for Elasticsearch to be ready"
   max_attempts=25
@@ -121,7 +117,7 @@ function setpasswords() {
       exit 1
     fi
   done
-  echo "Elasticsearch is up and running."
+  echo -e "\n\e[32m[X]\e[0m Elasticsearch is up and running."
 
   echo -e "\e[32m[X]\e[0m Setting elastic user password"
   curl --cacert certs/root-ca.crt --user elastic:${temp} -X POST "https://127.0.0.1:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$elastic_user_pass"'"} '
@@ -729,17 +725,7 @@ function install() {
   echo -e "\e[32m[X]\e[0m Configuring winlogbeat config and certificates to use $logstaship as the IP and $logstashcn as the DNS"
 
   read -e -p "This script will use self signed certificates for communication and encryption. Do you want to continue with self signed certificates? ([y]es/[n]o): " -i "y" selfsignedyn
-  read -e -p "Skip Docker Install? ([y]es/[n]o): " -i "n" skipdinstall
-  read -e -p "Do you have an old elastic user password from a previous LME install? ([y]es/[n]o): " -i "n" old_elastic_user_pass
-
-  if [ "$old_elastic_user_pass" == "y" ]; then
-    res= false
-    while [ ! $res ]; do
-      read -e -p "PASSWORD: " OLD_ELASTIC_PASS
-      prompt "confirm password \"$OLD_ELASTIC_PASS\""
-      res=$?
-    done
-  fi
+  read -e -p "Skip Docker Install? ([y]es/[n]o): " -i "n" skipdinstall 
 
   if [ "$selfsignedyn" == "y" ]; then
     #make certs
@@ -836,6 +822,13 @@ function install() {
   #fix readability:
   fixreadability
 
+  displaycredentials
+
+  echo -e "If you prefer to set your own elastic user password, then refer to our troubleshooting documentation:"
+  echo -e "https://github.com/cisagov/LME/blob/main/docs/markdown/reference/troubleshooting.md#changing-elastic-username-password\n\n" 
+}
+
+function displaycredentials() {
   echo ""
   echo "##################################################################################"
   echo "## Kibana/Elasticsearch Credentials are (these will not be accessible again!)"

From 4038c264c3eb45d8b88a92e5a36196ad9d3fc425 Mon Sep 17 00:00:00 2001
From: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com>
Date: Mon, 18 Dec 2023 14:54:24 -0500
Subject: [PATCH 6/7] updated upgrading.md for release 1.3.0 and fixed link in
 chapter3.md (#117)

Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com>
---
 docs/markdown/chapter3/chapter3.md     |  2 +-
 docs/markdown/maintenance/upgrading.md | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/docs/markdown/chapter3/chapter3.md b/docs/markdown/chapter3/chapter3.md
index fce520b4..a62ddcc0 100644
--- a/docs/markdown/chapter3/chapter3.md
+++ b/docs/markdown/chapter3/chapter3.md
@@ -244,7 +244,7 @@ Figure 5: Winlogbeat Service Running
 ## Trusting the certs that secure LME's services
 
 Theres a few steps we need to follow to trust the self-signed cert: 
-1. Grab the self-signed certificate authority for LME (done in step [3.2.4](docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector)).
+1. Grab the self-signed certificate authority for LME (done in step [3.2.4](#324-download-files-for-windows-event-collector)).
 2. Have our clients trust the certificate authority (see command below).
 
 This will trust the self signed cert and any other certificates it signs. If this certificate is stolen by an attacker, they can use it to trick your browser into trusting any website they setup. Make sure this cert is kept safe and secure. 
diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md
index 253c9202..78ac8242 100644
--- a/docs/markdown/maintenance/upgrading.md
+++ b/docs/markdown/maintenance/upgrading.md
@@ -6,7 +6,7 @@ Below you can find the upgrade paths that are currently supported and what steps
 
 Applying these changes is automated for any new installations. But, if you have an existing installation, you need to conduct some extra steps. **Before performing any of these steps it is advised to take a backup of the current installation using the method described [here](/docs/markdown/maintenance/backups.md).**
 
-To Upgrade to the latest version from Release 1.1.0 to Release 1.2.0 [go here](#5-upgrade-from-110-to-120).
+To upgrade to the latest version from Release 1.2.0 to Release 1.3.0 [go here](#6-upgrade-from-120-to-130).
 
 ## 1. Finding your LME version (and the components versions)
 When reporting an issue or suggesting improvements, it is important to include the versions of all the components, where possible. This ensures that the issue has not already been fixed! 
@@ -144,6 +144,21 @@ The deploy.sh script should have now created new files on the Linux server at lo
 
 Then reboot your Client computers & Windows Event Collector. On Windows Event Collector open services.msc as an administrator and make sure the winlogbeat service is set to start automatically, and is running.
 
+## 6. Upgrade from 1.2.0 to 1.3.0
+To fetch the latest changes, run the following commands as root on the Linux server:
+```
+cd /opt/lme/Chapter\ 3\ Files/
+sudo ./deploy.sh uninstall
+cd /opt/lme
+git pull
+cd Chapter\ 3\ Files/
+sudo ./deploy.sh install
+```
+
+The deploy.sh script should have now created new files on the Linux server at location /opt/lme/files_for_windows.zip . This file needs to be copied across and used on the Windows Event Collector server like it was explained in Chapter 3 sections [3.2.4 & 3.3 ](/docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector). 
+
+Then reboot your Client computers & Windows Event Collector. On Windows Event Collector open services.msc as an administrator and make sure the winlogbeat service is set to start automatically, and is running.
+
 
 
 

From cdf08f423d3664f2ac68a31eeb86c7cac6255790 Mon Sep 17 00:00:00 2001
From: Connor <107427279+causand22@users.noreply.github.com>
Date: Mon, 18 Dec 2023 21:06:41 +0000
Subject: [PATCH 7/7] Rearrange sysmon dashboard  (#115)

* updating sysmon dashboard

* adding line change from clint's old pr

* Add .gitattributes file to exclude the testing folder from releases. (#105)

* updating sysmon dashboard

---------

Co-authored-by: mreeve-snl <mreeve@sandia.gov>
Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com>
---
 .../dashboards/sysmon_summary.ndjson          | 23 +++++++++----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/Chapter 4 Files/dashboards/sysmon_summary.ndjson b/Chapter 4 Files/dashboards/sysmon_summary.ndjson
index 40f0a82a..c44c40e4 100644
--- a/Chapter 4 Files/dashboards/sysmon_summary.ndjson	
+++ b/Chapter 4 Files/dashboards/sysmon_summary.ndjson	
@@ -1,12 +1,11 @@
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_summary_image","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_event_summary_image\",\"type\":\"markdown\",\"params\":{\"markdown\":\"![SysmonSummary](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQAAAALQCAIAAABAH0oBAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7P1JcBx7fucJ1mVm6qiLNDrMjNWh1SaT5lCHVlupTzq0prPmJDNlaepW2Sa1mazVh1pkLXWrVFkvU7m+hfvO9/j4+Ehi37mTAEisJPYdiH3f931Fzs/Dg0GP7x8AQTKIjd+PfQwZEfiFIyIQRPrnuYf7P/sNIYQQQgxsb/8mX6xWt7cLpar8j3ytVLeLpWq5sl0qa18bF4pl7VuNMbmL3LF294r+Vb+l/t3Xi9LvK19L5fqi9OU3xvSf3lgIPB6Z1OZfL0S+Ni7oj+fNot72ePRFaQ9AW4Jm7QI+noLyePRb4PHo9208HrmqPh65IzwebVE7Pp6aR+fx6MvZ+fHUFvX6pda+1hduWMgOj0dfMjye0puFaL+p1wsxLkq/V/3xqAvZ/fHoM8aFyNcdHk+5Pqb/dONCtn/zGxnW/5l4I/nvHjn/yzdrf3d55e8ur+7hf76+bnKn5S67LV8u68uU706sRL64a/qy3fx/XFnV/T+vrr3Fa3V/fGP9Z7c25cL5XqvFmzF50hMr0bGlyOxmLBQvyPL1V0B/NfRfvf4AarfUv6u/SV6/IPXXWXsr7vD6vLl7YyHaV/27jUXV7qsvp3H1zULqj2eHRe3weGoL2f/jka/1hdS+yrx81R9G4/HI1/q35B2if91pIdrX2nf1heg/WltCTX1RjW/JmAw37oiP5/UP0ucbD6NxwbgQ7etOC9G+Ghai/e06mo+n+uaC3GhcVOOO6qJkRr7KvfSvjSXIPeWCcSHaV8Mdm74aH49hIY0LcmNjUfpPND4qXMg+Xh/9644Lka/Ghez4eGBRjTu2/PHI7QxgQgghhBCyL5KZkvTk07nghV4rhK7q31/R/MnNDXcoV7//LnhCuQfTgfPd1s9ubOw3fV93r+6Pb2yMLoaXrcnptXru6sj6LiHHC3nT6u/bXKEiUVe7TYNv5lbBACaEEEIIIXtRLFVdwdyzudDpTvNbN/nq3duw7Zm7/Hq7MeCP5u3+7OhC+Jffb71f9/70u81f3THdfOicWosyD8hxp7q9nc6VE5lSPF3yRfLBWCGRLhXLVfkHmC1U5PJu/5TIO8EAJoQQQgghu7JmT319z/5fv1mH0AWhext+98hZX5ABmy8zsRL5ss3042/W36N7xR/fWO8b98lyHP6sYSPZcSWTL0vk1K8cSZheB0ChVJXKle6Vd7Vo92dD8YIzoF2IJosSxiX+FloBA5gQQgghhOzM2FLkH66tQeuCULyg3P3elF/W6fPFSq5Qka/ecP5UR/1Tvhi6qkr6/uqO6dd3TcvWpNRC/VEef/RPKh5l7L6sxZNhBn8k5M0s/zQkcSWAJXe3XGlfJC8N7AnnHAHtlY+liqls+eO9/pXqdiZX/kQCmwFMCCGEEEIQqy/T88IHrWsUQhfU+7bhP93c+PWdrV/d3pKvcvn/vPrOm3x/Iku4a+oc9UhLi/VHecSobv/mpCZENl9xBXPVPbe2R5LFqbXow1fB0cXwvClh9mSk2cR8UTtoln54qvroSadYrsJ/oNmuHdFK38O5sbVfbtTKM1/2hvMSuu5QTgLYE8rZfBm5Rf4NylezOyMBHEkU5eUtFD/Wf/SRB7bpTH8ivyAGMCGEEEIIqSOFE00WpV7+6btNKF5dCF0QulcVQxdUuvfzNtO3D53dz73SAPLAjvgKusTMyEJ4zZ6UTpSH+oGP9Qju2i0NPL0e80Xz9esG5Pm2D3t++t2m0Yt9NvGbe47bT1zfP3bdeuTqeeGd3YzPbcUlj4PxglRirlipL+I1oXhhxZZctCQC0QIkt7zC0ofJTKl+/TCQZ7rHfwiobm/nCpVwohiIFSSDGzemsmX9k7165WZre0Nk8hXJWgldcdOVkq/y2mozwZyMSfpavZkNZ8rhz0oJyxOXJesLbDnyjEqvH+2JhwFMCCGEEEI0/NG8pOZPb27+H1dwt2cIXVUIXRBDF2yO3l/c3jrTbbnQaz3XY302H8rmK3tveDxSyGu4bE1K2DiDuQ/8WK/0oTz3+pUjgAT9nCnxi9umdUeqfpMBqbvP28yN9P2nPf3Zra1ffG86223tfeGTt9zjmeCLpcjL9dj4SvThy+AXbWZ97Fy39clsaHQhPLIQHl0My8y9Kf+v7phuPXK+2ojJjVNr0UVzYsGckNc8mS3XH4p2zq1tyUhJx3TuzY0fiLYRu/Y+1PtWvwzIS6SHrvzuNpxp+SrvAcldSXp5PHJBstbizUjKyoVoUtuoa/ZkbL6M2ZOWR2vxZFzBnLSufJV5CeBNZ3rLlZavNl9W3lryvvrQ/6xCGMCEEEIIIUSIJIpftZuhe0UIXRBCF8TQVW1O33+4ttY16pUVfQk/bdtgoXJMt0pJpHz4I5d2CsYKUkpHp3mk7h6+CvqjO+yCLtV3qtPSSNwdle7dW5gHf3ZrL6/fc4wtRySJZzbjbcMeqeuff791ZcAu2Ty9HpPb665GJ1ejiXffhizvRnmO2UJFalYaVV4KyVH9w9vyXpWUle8mM1r9SujKSyTJqh/FSlLW5E5bfVrcihLAVq9WvJK7Ur/SvZuulFSuHrrOQE6+6w5qH/2Vu2/WbhdlTK7GUrUzPpMPgwFMCCGEEPJJI6vyowvhL9qa6hdCF4TQVcXQBZu7V/zHr9dvP3HPbcVL5ZOzfq/v5iqBtOPWwv0gFR2IFo74fwWQJJOu6x3z/fL2rgULoQvCMAihqyqhu4e/2Mm7T91PZoKPXgUfzwQHJ/19477+Cd/wfEh8Nlf7Oh8aXQxLu6ZzZelbrXKL2n+RkeiVvtXPVCQ5ql+Opoq+aD5S2+1ZGlhucYdyEr3SwPrey3JVXiJ98++6Q0tZ+a6WvrUNvFr6vv4qVWzzaYUs99W/yo2iXJa7yEJiqaLewMVS9RP5yG7LYQATQgghhHyiyBq8rOt/adjwC6ELQuWqYuiCSvf+w3XtqM5PZ0Oy9n/y9u0MxgvhhJYrUkQf+OykfCTG6leOGNJsZ3bZ9guhC8KwKoQuCKELQvHu4O29/OUdk3i+13Zl0P71fefNR67h+fCGM231ZbXtwPmKhLGYzGrKhUhSq99QXAtgGZDWld+XpKy0rnwrnChIJMtArXJTeu4umBNyQbJWLstrqAewtq3Ym9Gi15k2e7TDX+kZLAuUG+VtIO8oeTulstpPlH+/2UKlInnOEH4XGMCEEEIIIZ8cmXxF/7DlfrpXhNAFMXTB5uj9L9+sX+q3DU76XyxHVu1JaYb6YzpxSJno2+iK5Q/dcdXkzqzaU0ezc4Ym/Uq4YuuCMA9C6IIQuqoYuqDSukb17t3DKwP2zlHvsjUpNesN5/V9kuUXrSdxMlOSHpYAlne1KNUqAaxflWr1R7WjW2mh+3rDryxnzZ6S6HUEtC29Wgy76xmsh7FMSgB7wnm5XW7xhHO6Mu+N5OWC9HAmd+RPonXEYAATQgghhHxClMrVeVPiTKflwzf5YuiqKukrBTK6GE5mylxjPzHMbMYkO2vhiqELGitXFUIXNCbujjZVrqrSuiCELvirZr9oM1/ss13otUn8L1mSc1txeRFmt+L6Z4OlhF3BnBSvUzI1nJcAlje8vq1YGljfmVnKVr6uO1IbTi2AZV5uX3Ok5Ba5KhdW7dq3pIGtvowzmBNtvqy2wNonis2ejK8WwJGkdn5gMV88TseKO1wYwIQQQgghnwSSvrIO/e0D58Hv6nyu2/r1PYd0Qihe4Naqk4RE1/RaVJoQWtcohC4IoasKoQti6IJK6IIQuqAxendxy+itx86JlciKLekMageskvoNRAtaAGfL+v7wcovNp23R1Rq4tqVXinfJkpAb5d/msi0p3St3nzfF5atksMxYvBlHIOuLage1tvu1DwbLBbnRXtsvOprU9ogWa5ld4qeC9wMDmBBCCCHk5JMvVgYn/P/49Tq0rlGoXFUMXVDpXvFin21yNSqr/vIA6g/lE2bvU8juh+0POKRWa0nlyrNb8Z4XPulAKF5dCF1VCF0QQhfE0H3tr++YznRatK9dFmhdoxC6YHPi7mhT9xr99d2tL9vM/eO+8eWI9Kq283O6lM5p2349Ie0UR1uutC+Sl4KVuNV2eHZqDSyXJWslbkX9qsWjbRBetiZlxlw7PZJ+o1yWbJaFyFdnIBeMFWTJEtvawbfYwPuDAUwIIYQQcsJZs6cu9Fohd41C6IIYuqASveKNB84HLwOji2F2bwNpV8kYKZ/69fdCFnK4hSMPwObLdj/3Xe63Q/E2hNAFIXRBCF1VKF7w8zbt9MLy9VyPFaJXhNBVVUIXxNw1KtUNXh9yPJsLBeMFCeBMvhKI1g6C5dQ+8esMaAeC1hrYpfWtfJVb9FMfSfHqnwTWhmtfpY3lNRf1W2QJ+l2klqV+I8liNKWdhEk/Ppb8oPqvSkHfUFy/8gnDACaEEEIIObHIKvXdZ26JWCheXWPlqmLoqirdK/7yzlbfmE9WyuuPgBiIJovSLXIhW6iY3JkP2ZabK1SCscJH3Rosb57ptdjTudCLpYgoAbZiS7YPe37x/fts8oXQBaFyVSF0UaV1QQhdUAldEFsXhO41+vldU+eoZ24rLr+sWLrkCuYkbiWJ3SHtY72SuxK3Dn/WF8nruzc3PuIrr7a1dhBpeZ/IZUttw6+o7TL9+tBZYiiu7WIt7ytZghiIaYebln990rr6Rw2KpWoqW5bl6Afukttrv9sWox8JrH7lyMMAJoQQQgg5mchq8akOM0SvCKGriqELKtHb8KsOs82X0de8D5F87ZSt9StHCXlgUj5yQR5e75hPQki//T2Q3oilSh+pOqRnFsyJs931kxvpfftFm1lqsJG7DRuJu6MQuqoQuiCGLqiELgihCzZX7o5i6xqF1kXvvvFMl+XakP3OU/foYlhiWKI3EC1I68qbQVrXGci6aseLNnvqm3y1z/36ta3Boiecl2yubTTWDpQl0SsDUrOSwRLD8l1/tCBjMq/dt3ZA6VC8KG8t/fTR2Xzl3nTg8UxwyZL4SPUrVLc/dN/+g4QBTAghhBByApGV7Ev9toPpXt2LvVZZla//+MNAalDfPVguFEva2v9RQx5eY59waeCDr3R5AIVSVUIokihKOEl9SURJld2bCgxO+MUHLwMWT+bBdKDWrti6Ro2Vu6MQuiCELoihq6q0rlEIXVCpXFVsXaMYuqqG9FX9ot30Zbu567nn1UZMXvw1R8rq0/ZklsqVjpW4FU1u7UBZ+ud+5UbpXptP20FaKlfbQboWwPqkfFfCWH5lMiOXpahlaVK/UtfpXFn/pS9aEs/mQuMr0U3nCTzb9nvAACaEEEIIOVEEooWhSf8/XFvbZ/pi6IJK6KJXZQmrUr/SVPVHcEhUP/IBoqQo8sWq/AgxW6hITB6jnJDuld6Wxy/PYsGcuD7kON1pkZKEahW/aDND64IwD0LoghC6qk2Vq6q0rlEIXVUldEFsXaNYuapK6xr9vA093Wk+32u9OmgfW47MmxJmjxa98o9XP8KzJLHUrCSupK8krnxXetgZ0ApZLm84tYNFS/TKjEk/oLRHO1uSL5IPJ4qheFFqWS7IG7W6vb1sSz5fDM9uxT/2BxPkX8TR3PMCYAATQgghhJwcZP34l7e3WtC9IoQuWOte8dqgfcmSyO5+6J2TgaRuqVyVjJRnKurb3I7F6r6OxIm+k2qlsh2IFaSmOkY8X99zXOqzvQ5XDF2wkbg7CqGrCqELYuiCSuuCELqgErogti6IoQsqrWsUolf1izaz7s2HrqFJ/+Ckf8malKwNxgrBuLaJfsudlqv6B4a1/Z9rW4BlRm9jUd9rWr4rv9NkthxLlSR0ZV4aOJPXTritH/sqlSt/7DOQSb0vWhL1K80Y9304dBjAhBBCCCEnBH80LzEAoauKoQtC6IKvu1f8ybcbt5+4ZE29/uM/DSQiRMlIyWDp4fqtLUKWLIv9qJ3SWLg8hWK5uu5Ine22QusahdAFoXJVIXRBDF1QCV0QQhdUQlcVW9cohi6otC4IoQs2ulf12wfOR6+C4uOZ4MuNmDOgfQxY/28W0rRaEru0Q2HpHwaWr1avtulYildmJEGjqWIoXnD4tWNo+SL5aLIo76hIoqj+x5rK648MtApZWqG4878IeQxH5wDUDGBCCCGEkBPC8HwIWtcohi4IoatqSF/xizaTrIXrB9ohLeRjdPUeSLRIPt156n6n7hUhdEEIXRBDV1VpXaMQuqBSuarYukYxdFWV1jUKoQtC66p+2d7kpT5b13PvyHxYuleUxPWGtXMIy2V9z2e5oO8sLRdsPi2V9auekHbELFGGpYfldulnuWD8jIAkseRx/cqBIH8uMvn6J5MPEQYwIYQQQsgJ4dGrIESviKELQuWqNnev+MVd06NXgUP/xO8J5l23AGfylT3O/rof4unS1UHHftIXQheE0FXF0AWV1jUKoauqhC6IrWsUK1dVaV2jELqqELogdC/4Rbv5XI/1bI/15iPn88XIzGZc3+dZQjecKErEStxq+0I7tcNHy43Sxs5A/bzBG86UL5KXt4eEsc2XMR4cTn7pcsf6lQMhmSmtWJO7bSU+MBjAhBBCCCF7UaluR5JFWXdsnLTmY3+U7r15MvMmgDF0VSF0QaV7//H62tkuy8v1WOgDTt5DPgblSgv2ZV13pCQyIXcbQuiqQuiCGLqg0roghC6ohC6IrQti6IJK6xqFylU1Vq4qhC4o3bujZ7osNx44H74KmmunUJLilX+S8lVyt+7rvaO13aRr+0gnMqVArPB8MeypnYVLR/6y5Q+2ReUvZ7ZQMW6FPhQYwIQQQggheyErayvW5NxWfHYz7grmzLXVyqNZwE9ntQDG0AUhdEGle8XPvl2/88S16UrHUtzqe2JJ58pftJlOUPeK2LpGMXRBpXVBCF0QQheE0FWF4gUbY6c6LLceu57MhuZN8VVb0urLOALaeZL09H0TwD5ts7DU8u0nrmVrslCqtvajv8cOBjAhhBBCyF7IyqIzkE1lyw5/dsEUf7URs3oz9e8dMZ7OhjB3G0Loqird++Nv1q8O2PStRoe+0ea4sF07FdNR3UVgLyqV7bvP3PtMXwhdEENXVWldoxC6oFK5qti6RjF0VZXWNQqhC0LoqjbadUchdEEYNnqu23q53za6GJa/VHZ/1qJ9YDi9ZElop0dyp6WK5avZnZG/YNFk0RvOR1OlT7mBGcCEEEIIIXsRTmjnFCmVq5FEccWWXLQkZA3ySK08ZnLlNXvqwXTgbJf1w7tX9+e3NmWlWZ41y3c3pBj1C8Vy1eLNSGx4I9rBeBOZ0pHdSX5vBib8ELoghK4qhi6otK5RCF1VJXRBbF2jWLmqSusahdBVhdAFoVdBCF1VmAe/6qh7ttvSPux5PBOUt6LNpzWw/BOWP1bOgLZ3tHy1+WonUqpVcTp3+AejOiwYwIQQQgghuyIxY/FkoqmiJ6wdWkac2YxtOFP1bx82klmTK9HP75r+s5ayzRorV1UpXqNSMm7DZwWJkCtUAtFCKluWd8LMZvzFUkRy8flieG4r/mQ29MvbW2e6LGv2lITH0Tnf6buyRwAbK1cVQxdUWheE0AWV0AWxdUEMXVBpXaNQuaoQuiCUKgiVqwrzYKN7Va8N2ceWI45AVt6x+tmD9dNW60oGz5sSrmCu8HH+Q40s84j/9x8GMCGEEELIzkjJyLrjpivtCeVkDTJc2wL8ZCZ4dM58K4/nP19fb1X3iv9wbe3ntzbNniO6j/fBUyhWM/lKNl8ZmvJf6LVeGbCf7rR89u2G0Z/UHJr0y/zx3PSrUals37jvaGX3ikrrGoXQBZXQVcXWNYqhCyqtC0LoghC6IJSqKoQuCMMgtK7qqQ6LeL7H1vbM0zfmax/2PHgZnNnQDmHwakP7j3eBWGHBnBiY8EsMF1t9GjN5/2fy5SO+fzUDmBBCCCFkZyR0lywJmy+z7khJALu1k44URhdC3ki+PnF4yApmJFE81/16n2cIXVWldY1K9+r+9Ka253P9Z3ySuII5uz+bzJTFTVf6Yp9NquOb+w5j8cot0hJzW/Hx5ciqPblgSowtRZyBbH0RRx5p3WSmBEcAlnTpGPGc8O4VldY1CqELQuiqNjJ1RyF0QRhWhdAF9e7dTe0sSt0W8eqgfWIlIu9eeWOv2pKRZDGWKhnPjfTh7HG8gEKpehQOwcUAJoQQQgjZmXyxsmhOSPpuudLSwJI6m87UijWZKxzaPq6ZfMURyC5ZkkOT/s/vmrByVZXWNdroXvGrdvOT2aAnfAh7Pmv7TNYvHg4SuuMrUZsvO7ka/bLdIgUowSBKEenFe6rDrF/46c1NqQib73hvIc/kytFk0RjAyWzZHcp1PfdC64IYuqDSukYhdFWV0AWxdY1i5aoqrWsUQlcVQheEUgUhdFVhHoTQBSF0VWFe97tHzjtP3SML2vHtEulSyw9xp+8HIV3ti+QbC5cLDn82kiiGE4WW/8R3ggFMCCGEELIrEpyygugN56fXomv25KuNWDxdqn/vYJFHMrESlTXaf7y+Lr2KoQsqrWvU2L3if/l6/eZDZ+Dw9usulasHv0K8Yk32vPA9ngk9eBmU6P3s282ffrelVy4ogfR8Mdw+7LnYa12yJMKJ430uqGpV2/wbTb0J4GK5+nwpcmXADrnbEEMXVFoXhNAFldAFsXVBDF1QaV2jULmqELoglCoIlasK8yAkq6qxclVhGDzVYT7daZb3c/+4b3gu9HK9xUe217fxFkragQMbHwqQC3KL/EuXMG75rtfvBAOYEEIIIWQv0rlyMFZYd6Rk7U1W3Q5l28WyNXm609KSj/iCEjAjC2FJ0PpP+gRYtaWezoYkvSR6X4vR2/CXd7YmViLy+sRSJX/08Hd9NyIpCxty90muUImlivJ+1q/KcjK5ciBW6BzxSK/ut3tFpXWNGitXVQldVWxdoxi6oNK6IIQuCKELQqmqQuiCMAxCqapC6IIwrCrpu6PSw6MLYbs/25LDvmfzlUb37oj8FdV/kPZH9cD/+DCACSGEEEL2QlbTZC3tsBLRF8n3jfn+yzfr2Lqg0rpGIXp1f35r88F0IJk54Wc6yuQr8gTlZXw8ExqY8Hc/9+3dvT+5uXGp33Z9yPHNfYcE4aYzJWvz9WUdPaRY5KnVr+wbiZMd38/eSP5cjxUrV1VpXaMQuqBSuarYukYxdFWV1jUKoQtC6KpCrIIQuiAMq0KpghC6IAyrQu7u5tUBm/y1kRIOxgt7F+xuyL3k30ss9WbDr0oiXXIGsoXaf7iRsff7QR8CA5gQQggh5CgSThT7J3z/dGsTW9eo0rpGoXgb/tN3m12jnnlTvP6TjgDlynapdYfGkVVwmy8rTqxEb9x3Svp2jnp3614p3p9//2bn5/5xnyeUS2XLxdp/9Tj4tfP9o2860x9k46TE70e1ui1Lc4dyF3p3D2CldY0aK3dHldAFsXWNYuWqKq1rFEJXFUIXhFIFIXRVYR6EUgUhdFVhHoS+3b/XBu23n7ikhFdtyXf6b3/yRsrs+R+M8sXKqj0p7zRXMJs5pHMRM4AJIYQQQo4WnnB+cNIvVYC521BpXaOQu7oX+2xXB+yX+22dIx5XMHe4B6HZkVY9IHl23z1yGXLX6JvubXj3qfvygE0uXOy1ji9HDvEIZzsi+bH3x84Lpap+qur69f2h74MqX/XCT2bL0vySJRd7be/UvSKELthcuarYuiCGLrhL6J7q1A53LL9W+Xq229K4HYTQBaFUVSF0QRgGoVRVIXRBGAahZj/Q9mH3ijUZTe73DdbYvXlHgvHC5GpkxZqYWovKW65+aw2518EcIJoBTAghhBByhNh0pc/3WLF4dZXWBSF6da8N2udNCQkkWd1M58pHMH1bQr5YkSe44UzfuO9sjt6du7fhF22mn9Tqd9OZqi/rKCF9u+FMSdXXrytIwXpCOfn9vtPGalmsdHUio50CR146uSyvXiRRvD7k2Gf6QuiCSuiqYusaxdAFm7u34cU+m/zbudBrvfHA8e1DpwTwuR6LXPhEuleEdm2VpzvNl/ttEq7hBO4aLcm6/z8p3nBO/pWZPWm7P2t2pyF3tYNjtfSETLvBACaEEEIIOSrMbsX/4brSvaLSukaheHWl64Ym/Wv2pKROfeknkWptG+aSJXlt0HGh1/bz7/d1aKuf3Nz4p1ub0r3iT29uPJkJ+qP5lm99koeWzVcysuAPW3K2UNnj0NP61jZ5EaRjG3Hy1o1pMpDMlKV7daWE5aFuOtMXeqwQuiCELqhUriq2rlEMXVUleo1qcdtukg68NmQ3Fq8uhK4qxCoIoQvCsKoxU1UhdEEYVoVebbWmhhd7Lb0vvFOrEZM7rX82vlR+h/P6Sj/LP7RcoWLzZSSA9beu9g+kduHAdr5gABNCCCGEHAnmTPF//Lr5YFdK6xqF4jUqjefcfZvhicHkzvSP+7tf+D6/a95P9+pK9EpKne2yyIXLfbYv20wTK5H6Ej8YaV1Zjy+UtDCXq/mitqH1YP4bhHHTXLG2gXePMpFvGes3lS3Pm+Jnuiy/vIPFqwuhq6qELoita7QpcXdUaV2jxso93WW5fs9+ZdAmJdy4EUIXhFIFIXRVYR6EUgUhdFVhHlRKtbW+6V5V+efTNepZtSfr76e3IZ0cSRQb24rl7eeL5KOpotxu82YKRS195Q0sA/vP6feGAUwIIYQQcvgsW5Nvtv0qrWsUWldVMubxTLC+3BNKMlue3Yx/3mbs3rekr76912jvC28mV57ZjF3stRr3vZSV8kz+fQ7Pk0iXesd81wbttx67pCr1G2W1Xo/hA0N+miecl96Qx7BbTkiTx1Ja/Uquy4spk989ckH06kLogkrogti6IIYuqLRuw1Odu36ytyGELgilqgqhC8IwCKWqCqELwjColGprxdZVfDN8utO8Zm/64IC894Lxgn6EZyPyT0D+TRnfjXLZG85J+qYNh8KKpYpv3Q4sb1348PC7wgAmhBBCCDl8+sd9ELqqELrgf76+9o/X1x69CkrV1Bd6DKlWtd2G9wjGaLI4PB/++p7xg77YukaNxXuu23Kpzya5e77bKvXbWPOW9Wl9b8wGrzZi8+ZE/YqCrM1LMc5sxu9PB54vhidXoy+WInr6/tN3m+LPb215QvvdAv+BeSwFYvVl6ldq5IoVVzAnASxlmy9WMju9nslMWQJYnnilui1j8p6589Tduu4VsXWNYuiCSu4aPdttvTJg23EnZ10IXRBKVRVCF4RhEEpVFUIXhGFVY3x+BCF0QRiue6HHanKn6++qWtZOrESCsUL9uoKxgeFtKd+S9+He/xzkm2v2pNnwE98DBjAhhBBCyOGz4Uz97LtNKF5dCF1Qulf3Z7c2p9eiEHLHjlK56gzk4EOzsta77kit2JKDk/5TnZb9dK9oTF/xxn2HN5xPpEvJTCkUL+y2ni1BGE4U700FJLHmtuKN9XW5XapyzZF68DLw9T3H+R6r3ro7+rNbW5f67BLGNl82kixKtDsCWanNYlk7zI/8dLs/u2pLrtqTFm9mai1q9mQae4eqyCPd49c6uxXvH/cZn06+WM0VtOiVHydFIU8nkys3vi+Tcln/ALC82nJLoRYd0vBv7V5RCV0QW9cohq6qkru6Z2pHcj7fa706aD/TZdnxwM5Quee6rWe6rPL1qw5L48Y9hNAFYVgVShWE0AVhWBWas9VC6IIwrGo632NxBbP6u0tIZLR/YnJBf3cZkX9N+rm7dkTehMY83g13MCv/oOQtu8c/mb1hABNCCCGEHD5SLKc7zfvvXrGRvmLbM/f+NzkeZaT01uypYPzNFiRfJP/wZXCf23tF6N6GowthWZqsZMdSWvBJDO94wlIZ8IRz0qs3Hjh/+t3m2HJEwnt6LSaRKSUGoQv+7NaW6tf3nOLpTst3j1zfPnTeeuSShGvc5Wy3FtJXBuyS/fVHoCDvjcY+n/LwYL1fbtltu5nkhNSvvJiSu419vGVpUrzZgrbraamsbXOTVziZLfeM+U51Ws72WKF4dZXQBbF1jWLlNvt57UO8xtw1qsfttSG7ROYX7doxrvRbjOp9KyV5bdAhFy71268OOuTy5X67fJVX2FiqIISuKsyDUKqgsXJ3FOZBJTVbK4QuCMOqTfO3HzsbW2XlnbjbwZzhTSr/2CWS5b2905v3Lch7+70/Ws8AJoQQQgg5fPLFiqxWvmv3ij//fnN8ObLHdpVjh55n8oIsWZLD8+HTndb9pC/kLnpz8+GroF6Jsuosa94dI56vOiyji2HpWyjhYKwgt7cNe35WOxWQZHCjV3f0Z0r0gjAP/uyW5qZr5706pRBqm2rriSDPQK7qlwE9d0PxQqOWBXkxRbnd7MlYfZlVe/LVRkyc2YxtudPzpvi1Icf5XtuFPpvee/KatKp7RWhdo9K9Nx86L/RaJW7lMcibf8f0/fq+41SnudG6RvXubSg5er7HJhekeE93WoyZuqONxN1RGAahVFUhdEEYBg2R+TFsCtedhHkQht94rtsciOa1t1zthGT628+I/OuDbcLyZpY3bTRVlK/1mw4EBjAhhBBCyJGgb8wHrWsUuldXKs7uf7Pz4QlAUi0QLdh82aHJQAu6V7y5qXumyzq1FpWynduKbzhTkWTx/nRAOkr69lK/7flSxBfJu4K5vnGffuNbu1f8mdK6RmEY1LtX9xffbz2dDe24n3Olilu6nMGcRLuEbjJbllYX3aGcJ5R7uR67NmgXB8b98lzyxap+dKuJ1eiNB86rg/bG53v1XZ0vD9glfY252/D6Pcfnd81K7hrF1jUKrYu+TtwzXZaLfbbG1YaNxG343SNn40O/xuhVhVJVhdAFYVgVYhWE0AVhWFWpzdaKydosDIMwrNi+Jc5uxuQ9LFmr/5cm+ZKvHd55DyR95Z3c2KlB5vXdp43IcmrLaxkMYEIIIYSQI4GkrLTQfrpXt3fMe8BbTj420r1nu62/vG2SeoTQVcXQBV93r1FZrH7hV3dNksHyEyURRxbC/3RLy11JL2m//aSvLGcPYVjVmL4Nf/69tru1/jo0kJww/orl8oYjJQ3/RZtJQlce+fBcSByZD18ZsJ/utEhIy7N4PBN8sRSR7p1YiT6dC+nFK09Z79691fv2u0cuiUlD7jbE1jV6dcD+/WPX5T6blK32SV1N647pK57rsUryGW9p5K7q+R6rvDGMoasKpQpC6IIwrGrMVFUIXRCGVZXabK1KrDYJw6ow32ytexue6zI9m63vZyFIyr71POTyDg8YTsEtd1EPwF4qV/XzJLUKBjAhhBBCyJEgX6xcH7K/NX1/eXvr7lP3wIQvljrGR3sGZB3XGchd6rdD5api6ILNxauq960oNfj9E9eDlwHJTqmvD+9eEeZBKF7w599vSWi92oiZPZliWYuIJUtyaNLfPux5NBPcdKXXHalFS+JCj/Wbew69deW7zxfDz+ZCXaPe3jHf0JS/c9Rzvtd6/Z6jY8Rz95lb7ntvOiA3do565cIp7TS/WLy6SuiC2LpG9bi90q/V73cPNe88cfeP+/rHfJf7tX2SG4mr7fA8aL88oG31lcvyLOQCtK6qsXJVjZmqCqGrCvMglCoIoasK86CSmq1VidUmYVgV5ptt7l5weC6on8ooW6jY/Rl9i64krvZJdWUfh3SuPLsZC8YKjW9tOFNmz74O8gw7VO8fBjAhhBBCyOEjK4hPZoL/+PU65C54bcjuDGj7POOK5HEmkiz2jfn/6dZeeztj6IJK6IKN7t1RKFVVCF0QhkEIXVVJX6OnOi3dz709L3xfdVjkqoSu7tluq74hVFr3TC2Abz3SAl4a+MlscHQx/GIpMrkalfLUN/nqSgz3jfu+feiUC2e68QBXSuiC9cT9ok3r1cbVc92Wr9q1777ZtHvH9KWE7h3TF3fNUsLXhxznuq3SURf7bOd6rI0AbiTlx+5eEUIXhGGw0ai7CaELwjDY3JktV4lVFOZBGG5WaV309WTniNvi1U7NVShW9a278rVY0i7DIdyWLYmvB22uYFZvZsHmy3jCOxwQTgrZ2M+ynPfbL1qymQFMCCGEEHLIyJrc4KQfWtfof/l67b/eWJfOOQoHu9pttTOb145cpV+WNV19xXcPZIXY5M5Itp3pskDuNsTQVVVa1yiELgilqgqhC8IwCJWraoxe1Ub3NpTo/ard3D7ske6VItX79ot2070p/81HTklNUUK3Y8Rz44GzsbH3Yr/t8oC9bdjTiF5RCV3Veuvqyo8712PRL0sJy2P45p5DSk9P39O1C6fatQCWB/ndI5fMNKJXFUIXhNAFoVRVIXRBGFaFWAWNlasKw6pKbbZWQ6nuIAyDMKwIoQvCcM0LPZZNV+qtfwTC8cKDaX9iH6cud/gz6/akXEhly7HacbN8kXz2dTY3aOyALf+74yZi+bPDACaEEEIIOWT80bwkLkSvKNErLXF/OrDuSFlrW1QOHe3QSplydfs3ldqxlOu31lYrI8liLFXSt/BIDOu3q8i9ZOVVhjtHPZC7RjF0QaV1jULoqkKsghC6IAyrQuiCELogRK+uvsPzjfvOwUn/w1dByd3r9xx6AJ/qNP/yjrbRWL8qt99/GZCxa0MOY/FKEksJ7yN9m7oXlL690Gu7+9R954lbAvhKv/1Sn0283G+Tq1cH7BK3+keRpVSNxasLoQsaK3dHoVRBCF0QhlWhVEEIXRCGVZXabK1Yns3CsCrMNwuhC8Kw4rku0/0pn8WTDsYKuULFeDLqBqF4Qcq2fuU1jYhtICnrCeVcgazNl1m1JVasCVmgO5id3YxavWljBhujV/1xOgxgQgghhJBDZnotCukrfvvA6Qxk1U0ch0smX1+RlY4tFKvyNV+sSP1K8cbTJQlgfSC503lQBLs/e33IcanfJmEAxauLoQsqrQtC6IJQqiCErirMgxC6IISuaiN3v5AgvGv6qt3cP+6b24pvudLhRHFoyj++EpGV+3VHang+JJfvTwcevgo8X9I+A7xW+3jwyEJ9L2iJ5LM91nM91vO92mZhuSxxe+epe2jS/1WHpbl4dbF1dbVjSg/Ztc/x3jVL2Urxynvy2qBDove7hy4p3gs9Vm3zb+2IVsbWNQqhqwqhC0KpghC6qjAPGjNVFUJXFeZBJTVbK9ZmszCsCvPNQuiqwjzYPCwZ/M2QTao1kijKHwr5i2H8D2eZfNnuz0STRXlv65uLK9VtdyiXzr35AyJ/bfzR/NRq5MViaGjSe3XAMjDuebURlSSeN8Vu3LctmuPG+bfCACaEEEIIOWQkdM90WRrp++s7W/em/OrpQI4gss6aK1QqtTVXWQeVAE5myo5ANpIs6gM6qWzZ7MlImEluQfHqYuiCSuiCELoglKoqhC4IwyCEriqELtjo3oanOy23H7uWLMl8saq9trVa0P8rg1yQeCiWq4mM9jrLgLywEg9Z7Twy2nb1RLokl+XFlx5esSUljEPxgjecvzbk+PqeQ9p4eD78+ZvDO2uVe6nfdnXQduO+4/KATf9kr+6v72pHdZYUP99jlQuSwXJZ297bZ7vQa/v1Ha1doXWNGhNXVbr6q3ZtQ/FuQqmqQuiCMAxCqapC6IIwDCqp2VqV2kRhHoThZpvDdQdhHoThZq/2W20+/VPBlXCioP1RqG3p9YZzk6uRl+vR2c2Y2Z2OpYqZXPnepM+4WbhQqkroPpsLXB+0nu7YuvXILg3cP+bZcqXmtmJdo67J1fCyJR6MaYuVfxES1fF00ZjZAAOYEEIIIeTwyeQrJndaEmVsOSJJU7/1WCEZHJcAy1ciiaKshuo3bm//Zs2ekoiSVoToFTF0VZXWNQqhCxozdUchdEEYBqFyVSF0QYhesPu5V8JVXsmw4ZU0ImEsVSDFKy+vXJaXPZktS/rKcDonASDvpYy87A9eBuUdZfdnN53p20/cEm/6eXcblSue6jSf7jRfH7J/fU/L3S/aTOe7m85d9FW7+UynRTtic+3jvhKQxtBVhdYF9b49122V5TRyt2GjUXcTQheEYVWIVdBYuaowrKrUZmtVgrNJGAZhWFHp1SZhGIRh1Y66nSNusyetb+aVd6+UsCTx9FrEHczObEQfTPtfLIaWLAkJ4I5hl/St/lYv1Y6IvmJLjMwHH0z7+sY83z92nO0yXegxSQZProQTmZIs0xPKrdoS8pdzxZqIJArPZgMyry9BhQFMCCGEEHKYyOrdyUCeiKyMSoxJhuWL2nbI6fXY7ScuiSLoXhFDF1Ra1yiErirEKgihC8KwKoQuCKELQujuYO2jvOd6rAvmRCxVktcQTotarO0pKi+vvNryOm8402PLkbvPPLrfPXJ9/9jVOeodmPDfuO/Ut/ReG3K0DXsu9NqM3Qv++u6W1K+eu5ckkg0B/Mbm0AUhdEEIXVUoVVCL2w7z1/cdxtxtCMOqUKoghC4Iw6pKbbZWJTibhGFVmG8WShWEYVWYB193r9Fz3aae5+7Hr/zi3afOTWdK/lz4wrmzndoHhkfnQ/p/7nEFszcf2pOZUuNvYyCan1gOT61G5MZQvHC5z3zroX10IWh2p7SWLlXt/sz4cnh4LjC7GZV7yRJu3LPJd+v3b4YBTAghhBByaMgK3m4HdpbOKb3tGKqHTrXadDKSRLoka6iBaGF0MXy+xwrRK2LogkrrghC6IJQqCKGrCvMghC4IoauKoQvWurfhqU5tU600sORBpvlwYtFk8eYjl3Tvii3Z9dz7eZtZPbTVtw+cgxN+KV6p2dotWuK2D7tvP3Gd6pRbmtJX/O6hS+5ysbZj8w4qrWsUQlcVQheEUgUhdM90W+EWmAehVEEIXVWYB5XUbK1KbaIwD8Jws1CqqjAPwjCoRC9qGJYG1v9rzv0p35lO09UBq8WTTue0HZhXbQmHP2M8opW0sff16ZGcgcymUzsidCZXfrkeGRj33Hni6BpxSV1L+urH0Pr+kf1Sr7lxFyMMYEIIIYSQQ0PW1BoBWd3WLovFkrYKp+/mWv/eESBfrGYL2obHBpWqts+z/iFVQep3djP+eCZ4oRfTF0MXVEIXhNAFoVRVIXRBGAYhdFUhdEEMXbC5e3Ulfb9/4pILp7ssvWO+qbWYtO6cKT6xGpXivf3ULcV7ttv65c6HszKd6bLeeuy61N+0vfeLNqlih/xqHr0K3Hzo1G883WnRDnM1qB3LSlJ5x+6VFJeI1b82olds9O1uQuiCUKqqELogDINQqqoQuiAMg0pqtlalNlGYB2G4WUN57izMgzCsCqELwnDNy32WQDQvfzqkgbdcqTOdW1LCxXJVAtgTzvkiOePneCOJgnFvCPlDJH8lo8ni9Fqkc8R1pc/sDmYld+Vvpnwrlio+eunve+G+9ciuNjADmBBCCCHkcJBVvZR2yJaKrOfJmty8KbFqTy6Yta+RRNFQmkeCQlFWTN/kriAPWypdv+yoHcfrJzffpXtFpXWNQuiCUKqqELogDINQuaoQuiCGrqrSvQ3P91ov9GmnLNpNKF6wFqhv0lc81225PmT/7qFTuvrGfcf5nvpHfD+/a/pSWrStOX1fJ648Binkq4N2KSv5Ku2n3w6hC0LoglCqqhC6IAyrGktVFUIXhGHV5tRsuUpwNgnDIAwrKuXZJAyDMKwKoQvCsOKLxZD86cvW/mPf9HrE5E6lc+VFc1wuSwYXipVkpmT2pCV9pWn90bw7lJVmlmDW/+xI7ErfzmxEH7/SjhpYKlflW8lsKRwvSD/L5JIl3vPcDWdaYgATQgghhLSe7W1tA2n9ikJt84V22GQJSFm3m16LDc+Hx1eiU2vRkYXw88XIsjVp9WZkpbBU2d5jOQ0aP06+7HH40w9BfoQ0cP2KgWKpuuVOf/vA+Q7pq7SuUQhdVYhVEEIXhGFVCF0QQhfEylVVctcohK4qtK5iU/c2PN1pvv3Eda7beqZ2ICvVqwP2rlFv2zO3NGQjgM/1WCWuGlchdEEIXdVGo+4ohC4Iw6pQqiCELgjDqs2p2XKV4GwShlVhvlmlNpuEYVWYByF0QRhW/Kp9U/dCj6lj2KVv2k1kShuO5LI14Y/kGzs/S/eu2RP6Z4M3ndphn7dcKXtt72j54ymJu+5Iyu1SwvIHULo3kiikstqx0PW7CzI8sRyWBpYBiWq7L8MAJoQQQghpAVKqmXxFP8apoJ2rJq2dx0hqVNbGoEmlUUV/NL9gTkg9ji1rxTtvSsxuxZcs2oW5rfjESjRX1BYoa4ey8L2jVsbiae0AVK5Q7sA+ORxNFp8vho3pi6ELKq0LQuiCUKoghK4qzIMQuiCEriqGLqi0rlGoXFUldEEsXhByF9WO/KyVnpRkI3cbQuiqGitXtRGo14cc+o8wCqGrCvOgHqi7CaGrCvOgkpqtValNFOZBGG5WqU0U5kEYBiF0VWG+2Ub3gt2jbqlciyc9OOGdWo34wk07P8tfT/0cYOlcWWY2nEmrV9sm7ApmTa6UM5CVrNUntc2/mVKhdlgsuSpVrC9HBmT5L9cjVwfMV/pMDGBCCCGEkBYg614StPr6lnyVFo0ki7FUMRQvBGIFvV9lTU5XLsvtIwvhidXo09nQs7nQ1Fp00ZJ4tRGT7n2xFFm2JSdXtQ3Css4XTRXDu+8Rra8oyk+Un+IO5eRrKFHU1//026WNDSuTrUGejhT7mS7LoXevCKELwjAIoasKoQti6IJK64IQuqASuiCGLoihCyqtaxQqVxVCt+H5Hpu0pVqqF3pt39x3aB9drt0CoQs27rijxkzdUWPlqsIwqKRma1VqE4V5EIabVWoThXkQhlUhdEEYbhZyV/VUzeuDlqnVsPzNtPkyJncqHNfO6yt/aqRj9Z1l5Kp89UW0jweXK9VlS3x2MxpJFDadSX0TsaDvFJ2tbVJOZbWdovXbBenqieXQ3FaUAUwIIYQQ0mJkdW3TmfJG8rGUdlTk+q2/+Y10rN2f1YtUWndsObJgSjx4GRic9Ev0Lpi1LcAvN2LD8yHJ4HlT/Nl8aHQxHIwVGkFrRG6UH5SU5clKX+0URP5oQb6aPRm5iz4jWS4drm8/eStv2cr8mkC00P3cK5mEoauqtK5RCF0QSlUVQheEYVUIXRBCF8TQVVVa1yiELqiEriq2rlEMXVBp3YanOy21jx9brw3Zbzx07mj/hG8PByZ8Q1P+gUm/XFDtfuH79qETlCq+2G/T1U8OvIcQqyCELgjDqkpttlYlOJuEYRCGFZXgbBKGQRhWhdAFYVgRQhfUu9fo94/snlBO/p5tuVKrtoTkq/yJk7858qdJbpE/qtofz6q2U4xcuD/lHZr0umqnEZZvaalc1epX+lkGoqmitLG+L7R8KxjL6//lUWAAE0IIIYS0GMnOaLIYT5f0s7bKLbLuJTc6AtkVW7JUW4eTvpX0fTobejIbfDQTvD8dmNmMjS6EH74MdI54xlci646UKLe8XI/tmKayauiP5j3hfLZ2GC25RX5cNKXtCG34BF1J1L+7B/LwZE1R7qg/2h2Rkh9ZCEv6ft72tvRVWtcohK4qlCoIoQvCsCqELgihC2LlqiqtaxRCV1UJXRBb1yiGbrNnu7S4FbW4feC8+cjZN+7rr3l/2i/VKj6eCcqbTXu/bcS23OkdjSSL762UCSxNXLYl9R8qygPQH4l4T0L6dTm3j3jkAYvXBm2X+m3ne6zN4YqtK57tsl7ut8sF4+SOKrXZWpXgbBKGVWG+WaU2m4RhVZgHIXRBGFaE0AUhesGr/ZbptcjUqvwBTLoC2czrALZ607ObUfmL1+hYeUctmGIv1yPuYNYdysothVJV/vDKsM2XfjCttbHcIn/TpKUHxz3RZP0/CzKACSGEEEJahqRmoyClQqOpovSnFK9c2HCmPOGcrMBJZ6ay5cnV6OhiWBp4disuGfBiKTI8H3q+FJ5YifQ890oGr9lTcpclS2JsKZLJV2RpErrGbbmyIihXN11pUQJD6leuJjIlGZPvyiORNb9grCBrhHK73Kjf3sAY1fLwgvGCcXdBQB7J1UE7hi6otC4IoQtCqYIQuqowD0LoghC6qhi6oNK6RqFyVZXQBbF1wUblftFmkji81GeTxO0c9Wpx+zIgMSnvMb0wJ1ajjfJsdOkev/RDJFfQ9lzQdQSy+mOe3ojJPxm9k+9NB/Q8vvXYdfOR6+qAXYr3XLf1fI/t63uO7x65JPWhdY0qqdlaldpEYR6E4WaV2kRhHoRhEEJXFeabhdAFIXT39mzn1vBc0B/JN/5MyV+2zdqnf+UPXf2m3/zG5NYOiyWpvGSJF2pHTJD3c7lSlTAengusWOPyRpK/k1Or4fHlsL4zTr5YYQATQgghhLQAvTalbI1hKemrb4OV6E1m6x9jk6tWb+bZfEg7uetKVBJ305nS9oiuNfDL9diyVfsA8MhCeMWWlMvSxnKXdK6s7fCc0XZ41hcuyCUJV7s/K53gDuUS8lMyZflZemPLql597je/kYSGAG6Uj+RxJlfecS9rQdY7pcalITF3GyqhC0LogsZM3VEIXRCGQQhdVQhdEEMXVFoXhNAFldAFMXQbft621QjdjhGPhK7UoDTh41ltE+6iRTusmjeck7fEbr/TE0C1uq3nsdmDbSzBPzTp737hvfnICVuMldRsrUptojAPwnCzSm2iMA/CsCqELgjDzULoqkLc7tMznVujC8E1e0L/QIczkHn8yt/7wi0XtDfA9rbYP+Z5MOWd34p2Djufzfr1/z4YiOZtvrT8nVy3JxbNMbmq/0PQd2/ZcCQZwIQQQgghLUDiNhArGHc2lkuy4qUHcDKj7Q4tM3KjrLLru5u+3IhJ906taQ0s3Tu+HHk2F3oyE5QSnl6Pzm7Fp9e042BJBsuKvixYclrW6iSwjXs0S9a6gjkxFC94wnmzJ+OL5BsdLl8LxfoxUVWkkGWVUf8Ucf2m18jtnlDu3pT/XLcFi7eh0rpGIXRBKFVVCF0QhlUhdEEIXRBDV1VpXaMQuqASuqpNuStpdKHX+s0DR18jdGtvHv344Sc+dN8DvY31Pa61g8zNheRFu6/tU+2XJL5e24+6uTw/XCU4m4RhEIYVleBsEoZBGFaF0AVhWBFCF4SgfQ/Pdm49nQnUGjg/sxHVb5QLmbz2960WwO6+F+4FU0zqVzS7U/KXNpIoSPdqpxEuVVdtibmtmJ6+clX+AsstDGBCCCGEkA9C6lHf8gDnH5JVNAnRaKqofVI3lNNLWFbCpHtfLEWeL4Y3nalFS0K6V+pXekZuXDQnxJH50KOZ4JPZ0MxmfHg+rB1EurbAXLGSyVfyxfrnivWvskony3eHcuKaXfvYsASw/FD56foDSNQ+2ZvJNW2a1pFanjfFDXtta8iwN5y/9cj105tK8eoqrWsUQlcVShWE0AVhWBVCF4TQBbFyVZXWNQqhq6qELljbuntX27p7fcjeMeIZnPQNTWvbdSfXtF2XQ/GCvgcBeQ/SubJUsbyMc1vx0cWwvLD3p7WPGbcNu7+573jfJFaCs0kYVoX5ZpXabBKGVWEehNAFYVgRQhds5GtLrJ0o2Nn7Qgvd2i0bs5tRkzuVyGhHOliyxCVop9fCLxaD9ya90sBjS6F5U0yaecuV0neWliSOJrXzJMnfuViqKGHMACaEEEII+SD0BNW3wsk6lqxqS3bq21TlqqylyZq3tgm3qp3MI54umT1pyd0H0wHx1UbsyWxwbDmy6UpLAD94GZgzaacCnlyNSv1OrEYfz4SWrdpxs2SBwdqJjvRdl+XHSdlm89rRtsKJokSvzZfxRwu1bV95VzCnbW3WVvi03aH1zbxywbiBWpA7XuyzTa/H9Kvy8ORnXRmw/frOToe5UloXhNAFoVRBCF1VmAchdEEIXVUMXVBpXaNQuapK6DZ5utN8sc/67UPtqFSSZPdfBkYWQvJmkF90rHYeafKR0P9hyr+aFXtKS+Lakbe6n3v30cNKbaIwD8Jws0ptojAPwjAIoasK881C6ILGav0IbojXBy0j84FFc0yi1xfORRLaAQ7kVyl/CbtGXbcfO54vBBfNcalfVzDri+Qy+bInlJtei5hcKfmD2fgvfQxgQgghhJC3o2w91ZAolQSVyNQOxVzbOpfIaKf/jaaK8IFbSdDa9tuyDMhVkzst9StV+d1Dp7af82p0yZpcd6ZGFsLP5kJSpLNbcQngNbt2iwzL0sqV7U1n2uHP6psB5ZZkRvugr/5xX5sva/Fm5LIsXx6PlLA8hkJtW7F+iyec05bzehOirAzK6qDc/uu7pmuDdrlFSuC7R84d0lcJXRBCF4RSVYXQBWEYhNBVhdAFMXRBpXVBCF0QQrfhqQ7L5X5b27BnaFI73LH2qe/aUZflbaP/NxRyWMg/KHcopx2YutbD8gvqHPV8fc9xsdf69nDVNFauKgwrKsHZJAyDMKwKoQvCcLMQuqpKrLZWLX11L/aapH7DiYL0rTuYHV8KzWxE5Y9wqVyd3YyOLYVs3nQ8XT8coPx9C8cLkyvhieVQLFWUP5vaH8N0KRQvMIAJIYQQQt6CrDzli7UNvK93PNapbmtnHpKMFOVCqbItnWn3ZyU+5apxUnpV6lRujyaLmXzFGcjem/I/fBl4PBO89dj1eEY73+/L9Zik7/hKVG58sRQZq+0aPbYU0XaBrm1JlguekLZpV8pWVuOCsYIsU89dqzcj35USTmbKmVxZhuV2SV/5WfomYsljieTGYbFkgaJMysP4+a3NR6+CN+473il9IXRBKFVVCF0QhlUhdEEIXRBDV1VpXaMQuiDkru6ZLsv1IXvPmLaN99GrwNxWzBHISm7pvwtyNNF7eNGifSRB7+GOEelh+/keS3N/QuiCxsmdVIKzSRgGYVgVQheEYUUIXVAp1db6pnuNXuje6n3hWjTHNxzJ4bng8FwgldX+HUnvGg8ZbXanXIGMzNh9Gbms/2dH+au4Zk+Y3CkGMCGEEEKOHLIak86VG815uOgbUWXVSnJXmjOR1i4bkcjUt8oWSlUpUqlNVzAnX/UbhWLt7ETJrLb5V8JVviv98/BVUKJXP8jz/enA07mQFO/UWnRuKz6yEB6c9M9sxm2+jCzc+OP0/aslbtfsqVV7StJXHo/Ur9mTkSVL0MqLph/aSiZlDV6+a3KnpbfXHdpJlWRS7l5fVg35iS3sXhFKFYTQBWFYFUIXhNBVxdAFldY1CqGraizez+9qZyT69qGzf8I3OO1/Nh9a0X5Z9f3kyXEkli7JP9t5c+LRTPDetL9nzPfNfceFHn3j8I4qvWpUqc0mYVgV5kEIXRCGFSF0QaVUWysWr2J9sve5e2I5LHGr79WyZIk/XwiWK/rHQyrzW9EFU0z+DMrVQDS/aI4VirXzIa2ENhw8CBYhhBBCjh7Sci+WwpJ/Um6SlFJ0h5jBEsDRVFHSN5PXklLCEg52pW/XlfUwuV3f4uqL5OWRS2rqu+fp22llTG6XMJYMnt2KS/FOrNQ/6PvgZVCUFevnixEJYLl9ej3W+LxuQKo7ox3ISn60XMjmK57ap3zlayRRlBK2+bKOQM4ZzOl9LmOFYi25MyUZW7UlpX633Gm5bKl1sr5YmZFHdanPtp/uFSF0QShVEEJXFeZBCF0QKlcVQxdUWtcoVK5qI3q/er1v8+CUX6J3bDmi79isv9rkJFEoVb3h3IIl8XhWO/GSHsP72lNaqU0U5kEYBiF0VWG+WQhdsFGeH00IXRCGNa8NWJ7NBkbng/IXT98jOhjLh+L5DUdSojeZLcmfX/lr7Allly3xh9PeJXNsbCnIACaEEELIkUPWWiR9Jds2nKmX61GJN2/4zb5th4KUraxj1a80I11qctcOWSSJm9S2/ToCWbs/K1Eq8SPpLvUr39UaOF2y+bPyXJKZsjOQk0CSypX6HZ4PP3oVfKg1cOD+dEAa+NlcSJaZK1QkoeWOVm9GFit3lNyVq6K+MVnb4TlbfjobWjAnZFh+ivxo+a6UtjwYueCN5GU5q/akRLIEudSv3ChdLQ0sN44uhK8M2KByVSF0QShVVQhdEIZBCF1VCF0QQxdUWheE0AXrW3rbTBK97SNa9D58FZje4L7NnxylctUfzS/bkk/mQkPTgb5x37cP7Jf6JYbfqV2bh0EYVoXQBWG4WQhdVcjOVguhC8IwWB+b2YjIL6JYqpYr2v4vK9b42FIokigUStrluc3ooinW+czx9aB5cNw9uxFhABNCCCHkCCGdKxlp90lAZrZcaVGybWYz7ovk6xMfDVmR1U+bsRsyIGtXxuMoy0XJTmldqXRnMGf2ZCQ4pVc94VwwXpDOFMOJoi+alwuS0JKpUr/6Ea084fz4cuTxTPDlekzSd3g+JEX6dC4kF2SBkqyyZIneQKwgOb1sTUozh+La1mPJYLmvJK7+GeC5rfjsVlyGRRmW0JUGkzvKpLxo8gJuOrX6lXV0eQyZXFmWdqXf9qvbW6c6LdC6RiF0QShVVQhdEIZVIXRBCF0QQ1dVaV2jELqg3r1nuiw37jsGJv2DU4GJ1ajDn20cXYx8yugxvOZIP5sPDU75e174vhmynes2Q3O+EUIXhGFVCF0QhhUhdEGlNltrI3F3FIZVm+bPdG56wzn9V1AoVoKxfM+oc9EckxuHJjxdI07p3unV8IIp+mIhMDwXYAATQggh5GghkbnhTEnUSVVKPWbylSVLwuxJ17/90ZCVV0nT+pXXSO9KterVm8lrH77VL8uw/G8qW5bHJo9WqlLr1UheLmgbbGvtKg0sRpLaAbFkUv/8p57ZEsAyP7kaHVuKSPc+Xww/ndUCWJL42VxI2lW+K89dTGbLErqytC13esOZlvSVnyIr2fJIZMmSuPLT5YUSJZv17c8S4XIXua/UrzweUe9hbSGu9MW+vbb6QuiqQqmCELogDKtC6IIQuqoYuqDSukYhdFW/bDdfHrB3jmpHb34yG1qzp+SXq71FCNkJ+ZcuATa7Fbs/HRic9H//2HWp11KPTwhdVUOm7iCELgjDihC6oJKarbUpXHcS5kEYfuOdJ/YNR9Idys6sRxZNsbnN6Io1PjIXkBJ+vhCYWg3Ld5Pa38Cc/PFkABNCCCHkaCFhKQk3vRZ7tRGTC1J6EyuRA9gCrCI9nC9qVSyPwbgPtuSr9GSgdlZeyUt5bHJVrO1arEW7zMtVSWSpZQn4eFr7BK+2x3KmrH9AV25ZMCcGJrTjyj58GXz0Kji+EpHml7tPr8fku2IortVvpnbUq2iqOG9KSGyvOVKecE5uSdR2dZbilQCWGBO1rdCBWn4Hc6LcIrmr7fnszcgqePuw51Sn5auOXbf6QuiCUKoghK4qzIMQuiBUriqGLqi0rlGoXNWz3dZbj90SMPemA/KrkReWB7Ii74qk14Yz/WQ2pJ9a6fqg7UynEr2iEqtNQuiqwnyzELqgkpotF5O1WRgGYVixbV083b5+97H96YxPund8KWjzpeXrpZ6t2c1orlDxhLJzW1oVO/wZBjAhhBBCjhZSmlKJUncrtuTYcsTqywRr+w/Xv32ASLVKjctX/XjUOnKLrM42dm/WZqpaD2tbfWvHuJL6lXyV7i2WqxJLMlCpaJuRpVrlW2I0WYwktYNXSdM+mwuNr0Q3XWnJV3mashxtIFWUtJbWaixNGls6dtWmfZo3GCtIGPujeZtPO/izxZPZcKTku5K+5toO2NK9+g7kMiMvoCQctK5RCF0QSlUVQheEYRBCVxVCF8TQBZXWBSF0jX5R29jb9dw3NKUdnVvSRX4L9V8/IR+A/EFw+LMTq9HBKX//uO+b+/YLPa83C+8hhC4Iw81C6KoqtdlalVhtEoZBGFasdS/Y98I1sxF5sRB4sRh8uR55Nut/uRZxBjLSvb0vXKPzAbmRAUwIIYSQo0ipvJ3NVwLRw0nfvZGalSLSYjVdO/1v7aS7gVhB9EXz0dpu0vJd/Xy8+l0StQNBy42SvvKk9NCV4rX7s1K5ckFS1lY7T69M6vsti5LBclWUAelhfQOv3F2vXxmQ4pULksRS455wzq0dGlr7MLAsU149eemu33NA8epC6IJQqqoQuiAMq0LoghC6IIauqtK6RqF1jUr3Xh2w94377k0HZrfi3nCu8esjpOXIv+IFS+Lhy8DQpP/uE9fFHuWjwhC6IAwrQuiCSm22ViVWm4RhVZhvVoleo5f7TKu2xORKeHgu0PfCvW5PyNUnM/7uUdeyJW71pj2hLAOYEEIIIUeRAzjsc3Vb+4hv/co+kIeULWhVGU+XUjntM73SsZK7Ep9yY7myLd+Vb0key7C283Nt72V9z2fJURmWyWTt6M3+aGHDmZavEqvO2gd3JXFXbanHMyEJWlmIya1tv5W7yGVdX0T7ULE3nHf4s/o2Xn2fZ7ldW2ztuNDRZFEWLg9A5uXGp7Mhqdn9d68IpQpC6IIwrAqhC0LoqmLogkrrGoXWNfrrNtNlQ/fKy67/ugk5GOSvh/yLfjwTrJdwrxlb16gSuiCELqikZmtVYhWFeRCGm1VaF309ebHHdPOBbX4rOjIfeDDtnduKPpv1d404TS7tQ8I2b5oBTAghhJBPFH335vqVXahWtyUmtYitnZEoUDvwsrSlzZ+Vy7F0KVw7yLPEpxSvqC9QUllWamOpktSUM6CdIalQ1I6DZa8djyoQLUijTq/HFi0JyVeTO+MJ5+WOcrntmVt6WO4ui5Uf1FCyWZQB/cO9+id+5au+BVh+irYZOVaQHyHD8q27z9znepr2fIbQBaFUQQhdVZgHIXRBqFxVDF1QaV2j0LpG9e7tHfMNTgVebrB7yeFjLOFbj5wXeppLWGldoxC6oJKaLddQqjsIwyAMK0LogjBc82zn5q1HNgngJ698z2b8LxYCG46EmMpqO+YwgAkhhBDyqfDW3DVSKFUjyaLJnV61JUOJorSrXJXQlViVRhWlfuV2KU9RkliaVlat9M2/8jWa1G6XXpXila9yL5lxh7R8tfqykspSxWe6rGPLEYt22qS89G2+WJEZKdhsvn6hUb+SZ3KL3EVyVx6SJK6uLM3kzkiK69uKpZD7x/3/dGurJd0rQuiCMAxC6KpC6IIYuqDSuiDkbkO9e3te1LvXG85ph/Mm5Cgh/+RXbCl972gp4T1OpAShq6rUZmvF8mwWhkEYVoTQBWFYtW39ar9J6nd6NbxsiZndKXcwK6+t/O1lABNCCCHkU2E/ASwTEkQSRY7aCXWlObe3tTMzpXNl+ZaUrWStXNA/9ytdGogWZEzqVG/UYkk7V7Csv0qRSu7Kt+Sr2aPtrqwd+ypR1A+UJbGaypZHF8OjC2H9p8i8fJXqlvqVSWnmaKqofag4krd663s7u4O5VXtSrkoDW30ZiXDJcn2jtCh3fDobOvTuFSF0QQhdEENXVWldo5C7DfXu7X4u3eufXtdOEMruJUcf+UuyYEnoJ1L65r7dWMIQuqBSm61Vqc0mYVgV5puF0AVhWBXm29a7RpwTy6FVWzyhHY2/Kn/JGcCEEEIIIW/Q94sWJUf1WySAJTKlV/WrDSQ4N11piVuHXzsBr/75W1m7ksv6aXgt3syaXTs9by2VC7L6JZmq7ThdO7CzKMOygqtvQM7ktPvKjCxHZoLxgh7A3nBeoneudlZkWbL8uC13WpYsVzec2qZgmZFI9oTzE6vRn9/egtYFoVRBCF0QhlUhdEEIXVUMXVBpXaOQu0bP91o7Rr3sXnKsiSSLegkPTPiuD9pOd2Dx6iqp2VqV2kRhHoThZpVwRWEehGGwff3rIbMvnIuni4vmGAOYEEIIIWQvJIalUbO1fZt19LiVjnUGtONRSe5Kpkqyyo2i3a8d0Urf8Pt8MXL7iVvCWPpW5rVDQMtw7bzBshB9K7HcJVLbj1rS1xPKbTi08/dK00oAm93pTWdKAliWM7UWre3wnF61p1ZsSbmXRK8sUxbuDOYGJvw/+37X+oVSBSF0VWEehNAFoXJVMXRBpXVByN2GX7Sbv7nvGJr0Dy+EXEF2LzkhyN+W6fXY4JS/Y8R9sddyIN0rKsHZJAyDMKwIsQrCMAjDqu1vHJ7ze8M5BjAhhBBCSBN7dNJ2beNwqVyVCj3fY/31XdPlfrv07ZPZkM2X1ZUo1eM2ENX2TJZwlYqTAEvXzmzsj+YTtfMh6ZuCpYT1PZzlFlmvlQvL1qQUr8zL7XKjLEQuSCSvO7STBs+ZElK/lto2501XWnp4w5mS9L1+z/FPtzB6RShVVQhdEIZBCF1VCF2wqXJVldAFIXeNnu+1do56700HFiwJednrvzxCThCFUtXqy+iHy/rmvu1cl0nJzpaoBGeTMKwK881CqYIwrArzoKF7G57t3Hg6648mCwxgQgghhJA3FMtVCd0dkdszee0MwNLAUlZjy5Ev2y2ffbspSoXKKqlk7chCeMWWlO/qR7GyeDM3HzodgWxGAjipBXAyU5KKluXoOz/LjL59WK7KmLP2eWBJZT2SZTn+WkiLskB77czAMr9qT95+6pYClxSE6BWhVFUhdEEYVoXQBSF0QQxdVaV1jULrGv2yw3LrsZubfMknhfyhmN3SNgh3P/de6bcoCfp+KrXZJAyrwnyzUKogDKvCPKhEL3i6ff3WAysDmBBCCCGfOhK9+vGr6td3QZpKj1Ip2ErteFqhePFcj01v4KdzoWy+8vBV8NqQXUpVmlaGg/FCIKad+zdb0MpZbpFO1o4XXTstsFbCtfMJy9JksYl0ST+dr0zKVxmTnyi3y73kFqsvE6kdHGvLnb7Yb4Po1YVSBSF0QRhWhdAFIXRVMXRBpXWNQuuC8mr0jHmHpv2LVu0/Pei/LEI+HUrlqiuYHV4IDUz6vn/sONf9fhuEldpEYR6E4WahVFVhHoRhUAldtHmeAUwIIYSQTx3pTGnLTWdavtZv2gkZk8SVNA3GCpK+cqFQrEq13psKfPfI9eu7pkevguPLkc++3bj9xCXJKkUt3SuV+yZxMyV3MHdlwHal39b2zL3hTEncSujq35IIDye0jwGHEkUpZ3kw8uO2t3+jnUM4V/ZF8mPLkf4J/+dt5hZ2rwjzIIQuCJWriqELKq0LQusarW3ydcka/8hiWNb+ucmXEPlLsmBJDE37e8e81wb3v0FYCc4mYRiEYcXm+ERhGIRhVQhdEIZfywAmhBBCCNGIJrXDUNWv7IQkllSoI5CT+jW5M4FoQVY3pW8lU+XClit9ussiyffLO1tSttGUdlDoUm2HaqlcizcjVx2BrKTvw5eBVxuxvjHf0KTfE85LHsvdJZgDsYLZox1Dyx3KydLkqyxEfqIUcrFcfTIbeqfuFSF0QRgGIXRVjZWriqELKqELQuuCF/u4yZeQvfCEc/oG4Rv3bWc6IFkbKsHZJAyrwnyzSnY2CcOqMA9C6IIwrMgAJoQQQgh5C/pWXOlY7WjPtXMUSZ1Kr2r7Kqe17cDeSD6ZLeeLletD2vGoni+G/dG8DCdqJwResiSs3sy8KX65z3ahx6o3m5SxL5qXhej7RWfyFSlkWaBEb+eo985Ttz+q7T6tnT8pU4L6hVgFIXRBGFaF0AUhdEEMXVWldY1C6IKf3zVdGbDJOv3j2SA3+RLyVmKp4suN2MCU7+4zl2G/aKU2m2z07W7CfLNKbTYJw6owD0LoqsJ8s6drnwEWGcCEEEIIITuj7X5c2zwrFRpOFJOZsjSqpK/dnw1EtUNSSeXKd0vlqq7cpX/M9+s7pp98u/FiKRJJaNtvpZClh7UjV9mS1wYdodoZlfR4k+XL0kJxbUuytjd1RjtPkix205nueu6VJUhXx9KlFVvyV3dMR7l7RQxdUGldoxC6ql+2m288cAxO+sZXIsF4ofbLIYTsC/mDs+ZIDU37u5+7r/SbsTnfCKELwnCzSm2iMA/CMAiVqwrzzTa6tyEDmBBCCCEEKZarUqTJrPbJWylS/bDM2XwlGCuY3GlpMElTaWBRVi7zxUqlul3d3pavM5uxs12WM52WwQm/3Ncd1A7aLJUrV1+ux+SCLFwWq/8Ihz9r8WjnQIqntQ3F0WRxw5lyBLKSxFZfZs4Ut3gzq/bUxV4bxKpRCF1VmAchdEGoXFUMXVBpXRBCF5Ts/6rDcnfYPTDlmzXF5SWq/XIIIe9Mtbpt92cevgr0T3ivD1rOdDT6E0IXbIztohKcTcIwCMOqELogDDcL0WuUAUwIIYQQ0kQmX9lwpj3hvLRrJFk0ezKSrBK3hVJVitQV1LbZyo1SrRLA/mheS9/KdrGkfdx30ZLofeFdsSXDCe0zwM5grnPUK5cl5CTn+sZ9yUx5ej0mbSzlLN+VRZUr23oDy8+y+bIL5oQsZN2Rkh8xtxW/0GuFZG0IoQvCMAihqwqhC2LogkroghC6oLxQ4vkea+eoZ2jav+FMyStf/90QQj4M+ZP1fDk8MOn77pF9zxMIK71qVAnOJmFYFeZBCF0QhhUhd8FTbWsMYEIIIYSQJorl6qYrLeYK2qbdfLG+x7KgV+uKNekMZD3hXLB23GbJY/3svjKwaE7I7XIXCVq5u5TtqU7L5X77z77f+slNrSov9dt/+t3m/elALK193FeiV7I5VTvXkdWXke6V+l2yJNbsqZ4X3rPdFghXEUIXhGFVCF3QWLmqGLqqSusahdAF9e4VL/Xb+sd9D18GrF55WZm+hLSedK48uxWXDG4fdl/oMWawEqtGldpEYR6EYdBYuTsK881C6ILSvQ0ZwIQQQgg5mejtqnfpOyHRZXKnpXIDsUKqtrtyA2ljVzAn33UEtP2iQ3HtOFj+aF7yVe4lPyuR0bblyo3ecN4dysmNd566JX1F6V6JwOdLkZnN+Jluy/RaTHJa+lkWIj9FvsqSPaGcxZuxeDLdz71KuGLrGoVhVQhdEEJXFUMXVFrXKISuqt69n7eZrg3aByd8IwthT1jbV5wQ8lEpFKubrtTQlL9zRM9gJVl1ldpEYR6EYdCYuDsK881C6Koa01eXAUwIIYSQE0i1up3MlIvNu85KEu+nh+Ve0qKr9qQkrhTvtuEe2ql9a4drDsYKUtcSunoDZ/LatmJ9plCqSsduutK+SF7ua/Vmesd8P7+9JQH8q7umF0uRh6+Ccvn6PUckWZQAFuUuyUzJ4c9uudJS13NbcQnC1+GKrQs2EndHIXRBqFxVDF1QaV0QQhfUu1dP31uPXYOT/qnVaCSx15moCCEtp6Tt87JLBivB2aRxUhWGVY2VqwrDzULlqkL0GmUAE0IIIeRkYgzXBnKjKGWrH4kKkDyWapVkdQZz3nBePdGODGhHbC5ph8jS986V9JVbKq+7Wi7IkvVtudFk0R/Na1t0vZnni+GvOszSvQ2lP9cdKbmLzL9cj0n0rliTIwvh6bXopT7tqFcQuqCxclWNlbujELoghi6ohC4IoQs2uldP35uPnJK+s1vxbKGiv4aEkINHz+B707UM7t6C4GwSQlcV5kFj5arCsCKELgitu6MMYEIIIYQceyRH1VjdDWnUTVd61ZbUz2Nk7ORworhsTdp8mUSmJFmrLlNu0fdwlgaWQs7mK8a7S8JJzcpMsVSVkJ5ai67ZU1K5rzZi4vhK5EyX5ee337Trtw+dM5vxe1MBuXx1wC4Dz+ZCF/ts0LpGG/fdTQhdEEIXxNBVVVrXKIQuaOxePX1rZzbyz2xou4LXX0FCyKEif76s3syuGQyhC8IwaKzcHYX5ZiF0QUjcvWUAE0IIIeTYox+BGSiVq6msdn7d+vXXyKSEruSrI9AUwNKusuYn4VqubEvZ6ht4VSR9pYElj2XhmXxFP/uR3C73kiXki9VgXDtF8IotKUE7vR6b3YrPmxKTq9GXG7Gp1eiSJdE56ukY8ZzubDrAlcTt1/cc2uGylOgVjZM7CqELQuiqYuiCSusahdBVxfS9a/rmnpa+8mrwzEaEHEEaGdz7wnu5d/fPBusqsdqkMXF3FOabhdBVhbjdjwxgQgghhJwcpGY94bxEbO3YVNqnc+EoVg1kUiq38SFhSdlVe1LW+aRs5XZPOCe36N8yosezM5iLJIvJjNbA8iOk4sRArCA/2h3K9U/4L/bbns6FJIAnVqMr1uS8Kb5mT0n6Tq9FpY3XHSm5ccGcON9jhdBVhdAFIXRBqFxVDF1QaV0QQheE7hUlfSXyByd9TF9Cjj56Bt/XM7jP/G7dKxorVxWGm4XKVYWmfScZwIQQQgg5KlS3f1Nq2qf4nanUdlGOJIr5YjVX2GEr7m5LD8ULy9akdKl+SOdMrmw8XFahWC3UUlmWL11tcmdWbFoty71Mbu1gV4FoQXpYL+GZzfjYsnaoZwldmy9j82Wn12KPZ4KPXgU7hj3yU+a24g+mAxMrUYnkkYXw/enA6U5LC7tXhNAFMXRBJXRBCF0QoldX0vfaoH2A6UvIcaORwT0vPPVDZCm92qSxclVhWBFCF4SUfT8ZwIQQQgg5ZKQtM3ntfEWxlHYOoXTtpLgf1MG7ID2cLexc2Mls2RvOS9BWKtuywle/9TXRZFEelX45li5tudMSt/rm4mLt7EfGZRZrh3R2186WJDOLZm3/59mtePdz71cdZuneeVNifDn6dDa0YE44AllJ4vO99c/9QuiqQuiCELoghq6q0rpGIXRBKF6jVwZskr4vliI8wjMhxxdXMHtv2tf+zHWuYxOqVdNYuTsK881C6IJQsB8oA5gQQgghh4w7lFt3pryRvMmTkfSVgLT5spnXwdlCjBt1gcZhnI3IPGxDrlS31+wpaTlPOC/NnM1XjPtRG5GnIH0r6ft0LvTwZbBz1Hup337jvnbE47HlyPhKdGYzLm3c88J3tlvbERpCF4TQBSF0VTF0QaV1jULoqkLuGr08YBucYPoSckKoVrflb/XQlO/7R/Yz+qZgY+LuaHPoghC6qtCuLZEBTAghhJBDplCqpnPaqYOcgZyUUjhRXHekYqmSuiW2JciS5UfsEcMNcoVK0RDAmXzZ6stI1m6505l8pXau4NSGM+WL5BvbhwVpZvkRI/Phu8/c3z5wji6Gh+fD3c99Vwcdt5+4+yf8T2ZCcovUb/dzL4QuCKELQuWqYuiCSuuCELogtC54vsfaP870JeQEUihWF8zxwUnf10MWzN2GSusahcpVhWRtrQxgQgghhBw+EpDu2olzA7GC2ZNZs6eMSdla4umSN5zf8RhXglS3/nFfFSnbRKYkX2UgWTvZrzuYkxiWpek5LcGczJQd/uzMprbD85UBe88LX9szjxTv+HL0/nRAbqmdEin+dDbUOeqB3G0IoasKoQti6IJK6IIQuiCErupXHebO556HrwLBWEF/3QghJ49soTK5Gumf8F0ZMO+ze0Vj5apCqbbaVV0GMCGEEEIOmUp1W2JJutcXyVu9GXHNkcoXW3ZuWGlpfUdl4+bc3ahub+9nbHtb62F/VHvAsiIol6V+pYc3nKkNZ7pz1Huq03K22/r9Y7dE7+V+e8eI90yXVW6Z24o/Xwx/2W6G6NWF0AUhdEEMXVWldY1C6IJQuTu59Xnb1nePnYNTPos3U3+ZCCEnmliqODwf6h3z7nDSYIMQuqBSqq213r0NGcCEEEIIOXzKlW1nILdiS67ZU/5owRvJ17/RCiRTt1xpXzSfypYlU+WWQvN5g+VGZzC3n52iAYlquZcsdtOVlscsMTxvSsxsxoemAneeuiV3rw46fnnb9LNbW3JZ+vZSn+3VRuzGfYcxekUIXRBCVxVDF1Ra1yiErqoSuuCW7pUB68Ckb8mSKO3jPx8QQk4S8tf1wUt/x4gbjo8FoauqxGprxfTVZQATQggh5EhQrW4nM2UJ0XSu3PJDQOeL9U/z6kuWcJVOk8v6sa9cwdzsVvy9y83m007tu2hJ6B8Jfrkek6uji+HP295s5v35ra3zPdZz3VapX2naQ+9eEUIXVEIXrHeveLbb3Dvuk+f78fZaJ4QcfSzezL0pv3Z8rA4MXVAp1daKxdssPwNMCCGEkKOERKl01HtsjFWRRYl66KrIrfp+y9FkcdOZlgZ+152updj1H+GL5OdNicczoSVL0uROy+XaGYCzN+47pWM7hj2yUjg46b8yYJerb+1eEUIXxNAFldAFIXRBJXRV36Tvl23mtmHP/Wm/L9rKLfaEkGOK/FGdM8UHJnxX+swQvWJzprZcCF3V+iQDmBBCCCFHCwngQvFDd6OVOk1ld2nf18gPSmRKNn9WClbM7nJYrN2QStcXn8yWny9GJlej0r1zW/FXG9oW4GVrcmw58vBlQK6OzIe/vqft9gyhC0Loghi6qkrrGoXQBZXKVX3TveLnd7duPHAMTvk2namPdLBuQsgxJZYqPpkN9rzwnO/ePDrd25ABTAghhJAjQaW2QVXI1Y4pVbvt/ZFF7RFm+aKWxhKuUqrZQiWSKNp8md22AMuA5/VxnlXk0W660gvmxPRaTBpYAnh2Kz6zGZ9YiT5fDG84U/3jvi/aTNC6RiF0VTF0QaV1jULoqiqhCzZ1r+6FPuvAhG9mM/bh/52CEHJSsXgzg/UzBmOCtkgIXRCG38gAJoQQQsiRoFLR9kl+182w+6dY0nZ41i+nc+VUruwIZB+8DGw604VSVepXfrS6xTiSLE6vx0zuzI4BLAuU1h1fiazZU9LSi+ZE7SxHsSVLQmK4ttuz7effY/HqQuWqYuiCSuuCELqgErogRq/u6U5zz5j36XwoluLZfQkhb6FQrM5sxgYmvFf6TFChHyCELgjDqjwIFiGEEEKODBKgu52D971phKsEcDxdkguZfGXRoh2r+cWSFq7jy5Fla1LaW01cmZT6nViJ5nbaOFwsVyV6JXen1qLzprjUryxHuvfJbHB0IfztQ6dUKESvLoQuiKELKqELQuiCSuiqYvQ21PZ5nvY7g9n68yeEkH0QSxUfzQS6nrvPdW0oObp/IXRVYR58M8kAJoQQQsjJQRJavm7XjqSlt7S+Ybl+ubrtjeQlU6Vp9X2V502JJYu22dbqzfij2seAGxms7SOdKQfjhR3rV1bpXm7ExpYiL9djU6tRWZTJnV6xaQEsXf3oVVDd8AuhC2LoqiqtaxRCF1QqVxVz1+i5bkvfuG98NcJ9ngkh74f8hRyc8n330PaOe0S/CdddhHkQhjUZwIQQQgg5ThTL2hmM6lea0bu3Wt0ulqqZfEU/2a98le6VDM7ky1vu9Mh8eHotKtErGaxvv100SwMnpYfDiWIorinDcsfdPvSrY/Zkns2Fpte1z/1Or0cXLYkNZ0oCeMGckEW1D3skWffTvWJT5aoqrWsUQldVCV0QW9for++Yvrhr+v6J6x6P80wI+WAKxar8zewf3+ce0RiuzcIwCMNNMoAJIYQQcpyQOhXrV2obdSV3pVf10/xK/UroxtOlVK4sY4FYYWYzZvdn/dG8tO7YUkQ/R9Fs7VjN0qsv12NSv+LUalQCOJEuxVIluRBJFvUF7kYoXpCQnliJvFgKy32leyWqrd6MdHXbsFvf/AuhC2LogkrrghC6oBK6ILYuKOkrXuix9k/6PuQMyYQQAsgf2IevAu3PXGd2PkA09mqzMKwK802erskAJoQQQsgRJZOvhBJFids9kJlgvOCPFiQ+tcNIb/9G6ldaVKJ0ej0mjaofmVkCVdJ305mW2/vHfS9rZyrS03duKyGTcrvNl80XtQNl+SJ5WcjeW4BdwdyiJWH2pGc346MLYfkRkr5rdu2YzxC6IIYuqIQuCKELKqGriq1rVO9ebcNvm6ljxPPwVVBWVetPmBBCWkS1ur1iS/ZrpwtubArGWFVsJO6OwnCTevc2ZAATQggh5IgiLfrWD51K9EqvRpNFyWBPOOcJ5aRdF82J8eWIpKkU6YZTOzizvtVXGli+3p8O1D76mzS5M3K7fqNE7PRazObLpLJlqb69t3nmixUp3qm1qKzDSWMPz4fk7nL5yWwIcrchhq6q0rpGIXRBpXJVsXWNNrpX9/KAbWDCv2rnCX4JIR+RWKr48GWg/Zmz9qlgrNbXGitXFYZRSF9dBjAhhBBCjjfZ2nmD88Wq3Z91B3OZfNkfzY8uhldqm2QXLYmt2nl69Y29EsMbzrR0r+6rjbiUnlyQfB1bikgDS/1qHyTe3pbF7rjxORArTK9rh3qWAJZQ7Bjx9I75RhbCXc+9F/ts0L0ihi6otK5RCF1VJXRBbF2j0L3iV23m7hfeZ3OhREY7XDYhhHxUXm8K9l7p22puVwhd0Di5g1C8IAOYEEIIIccYaVSpX/laKFUD0cJSLXcnVrRP5y5bk+LcVnx8JSqhq1WuVfvQr9mTmTcl5IJ8V+ZlUvJYbpTvyuVgrJArVDL5SjS1w8eA88XKC62ToxvO1JI1+WgmKA3cP+57PBNsYfeKELqgErogti4I3av7zT2HPBeTO11/qoQQciDom4LbtE3BO34q2Ci2rlEIXbAxxgAmhBBCyElAqnW1thPy6EJ4ak07wNWmK/1qQ6vcRe3IzInZzfimMz29ph8KK147/JV2LGiJYYlkCT8ZHpcAjheSmZI7lJN1sni6JA1s3A4cSRYlgPXtyXpdjy6Gbz50Xuitb/vF0AWV0AUhdEEldFWxdY1C8TY83WnpG/ONLUeyhR1O+EQIIR8bfVPwwITv2qBZiV7xTb6qQuiqwjwDmBBCCCHHg9LuJ0ASpFqfL2oHeRZnNuP6Aa6m17USXnekpHslg+Vb0q61DwNryu1yWWakY+Vbk6tRyeBMrpzOlWOpklzQL8tXPYJL5e1Vu9a9ckfR5svK5fZhzy9vmzB0VZXWNQqhCyqVq4qtaxRyF7w+ZB+c9DmDWf1lJISQwyKWKj56FewadZ/r2Hhr94oQuiAMN2QAE0IIIeR4kNX2TC7Xr9QolqqifjmZKY8uhFftKQnaseWIXNYzWEr15XpMulcq9/FMcGYztuVOb7rSG87U1Kq+p7S217RclQs2XyaeLvmjeSnh6TXt5EaOQDZX2y4qCewN519uaKdNsngzMqDXL4YuqLSuUQhdVSV0QWxdoxC6ql+0mzpHPcPzYYl8/TUkhJDDpVrdlj/j/RP+a4MmCNeGELogDKsygAkhhBByXMkXq42TFUmmzpsS+pbeVxvaRl3tY7oWbavvvEnbw1k7N9Ja9PlieM2ekrKdXo/q5+81e7T6HZz0f/fIKX7/2HWxz2Y8i++dp26pxK7n3hsPnE/nQlZfZnYrPrsZvz7kwNxtqLQuCKELKqELYuuCELroXc0LvdaBSZ+saOqvHiGEHB30TcG1TwW/2Q4MoQs2xnb17oouA5gQQgghxx5912jp4U1nenwlMr0ek6bVd1SWAF61JeWqtK6EsVxYsSWlhJet2oeEJYwt3oysaUnx6ja6V2x75nm5Efui3dy45dqg/dlc6Kt28+lOi8Qkdq+otK5RCF1QCV1VbF2jTZWrWute8Ys20/dPXPdfBmQVU3/1CCHkqFGtbi9aEv3j3ks9G9C6IIYu+Lp7GzKACSGEEHIIGI8s1SrKle1QvBCIFqRvp1aj+hGw9CNd1Tb5apuFJ1ej86b49HpULusfD5YMlgvfPnA2Krfhnafu0cXw949dUsji3afuX0rHQvHqNocuCKELKpWriq1rFENX9XX6iqe7tONdzWzF9/g0NSGEHBGCscLApP/mAytEr4ihCyrd25ABTAghhJBDQD3D0IeTyVes3ky+WAnGCya3djKk2c24xZPRu3fRnBhdCNeqWDsitP55YLmqN/DIQvirjjdbeiUUL/bZvmw3Xx2w97zwXuixdj/3rtlTVwftrepeUQldEFvXKFauqqF7db+57xia8vN4V4SQY0ShWJU/3V3PPec61t/evaJSvE22MYAJIYQQckgUS9VK9e0bgnfcVmy8sVzZ1rdnyo3ZfCVXqEhdB2MFidul2mmBV6xJcXpNO+TVoiUhHbtiS0oSS/fKVXHVnhxdDEvufvvA2TvmG5z0P5kJ6luMN5ypyZVo54jnxn3n3Wfu/XSvCKELKqELYuuCGLqg0r3iV+3m7hfe4fmwrErqLxohhBwjNp2p/gnflb4tzN2GELpg2xsZwIQQQgg5HPJFPKrzjqg761a3tx3+bDRZlAuyhEKpfigsuSoXpKszuXI4UZSC1T/oKw287kgNz4ekh19uxCR9n9fO5asfDeuFdlrgxJI1+c19Z/+4T5Y8s6GdK1jC2OLJ6DMPpgPSlh+4yVcJXVVsXaNNlauqRG/DC73W/gm/rD7qrx4hhBxHYqni/Zf+24/tZ9rfp3sbMoAJIYQQcmhU97EFWKVYrsZSpUiiKAmt5nEqqyWxrCpJ2b7aiM1uakds3nSmJWVX7fUzA0vuLpq1cwJPrUW1LcC2pETvQu0g0jKjbzc2ezIbztST2dC3D5ySkdC6RiF0QaVyVbF1jWLoqirF2/CLNtOdZ+5Hr4I83hUh5AQgf/Dlb3jvmPdC1zq2Lqh0b0MGMCGEEEKOOuXKdnWnPaHV+tV3h9Y3CEeSxTmTlr6SsiZPRqo4ECtI9JrcablRqnhiJSq5KyUsoSsZLLX8eCY4taodH2velJB7SQl/c98BudsQQldVCV0QW9coVq6qkrtGP28znem29I1rx7t6v//KQAghRxNnMDs46bs2YMLoFZXcbbI2wwAmhBBCyFFH2rXy+ny/grSwnsPZQkVvXUFuyeTKuWKlUcrSzMlM2ebLbrrSa46UJ5yXALZ4MxLAogTw1FpUQnfZmpTWXbOnns2Fni+GpYen12Pi5Gr08oBdShK6V4TQBZXQBbF1QQxdUGldo/JodS/22WQF0RPK1V8LQgg5QaRzZfmL3THs0naH3l/3NmQAE0IIIeSYkS9W9KNn6dGrb+GUQs43H+EpV6hEk0VHIOsK5tyh3IYzpVk7ObAE8Ko9ObESXTBrR8CSAF6xJZ/MBIfntQaWy+MrkW8fOlvavSK2rlEMXVBpXbCRvuKtx9ppfhOZUv2FIISQE4f85Z83JfrGvBe617F4Gzanry4DmBBCCCHHBineWKooWds4fHSxVJXSy+Qr+lUjsnok34qlSlLC4qYzbfVmxpYjk6vRJUtixZqUGJYb9SNdPXgZeDwTHJjwP18Kz27Frw6+2fYLoQsqlauKrWsUQ1dVaV2jxu4VT3WYu1/45DmqO4cTQsjJwxPKDU7qR4d+S/c2ZAATQggh5NggAZzKlvOv93OubmtbfcU9PuaazpXlLvF0SVo3FC+YPRl3KGf3Zxdqn/J1BXOSuyML4e7nXgngwUm/XO4d80lbQuiqKqELYusaxcpVVVrXKHSv7rkey8CEb83Boz0TQj4hEpmSfnRoCF3V022aDGBCCCGEHBvgUFjSvXufSVgGktlyMFaQAHYGsnJZX0C5sr3u0A4KPbYcGZryP5sLvViKSPoOTPgv9dt+tWf9KqELYuuCGLqg0rpGoXiNfn3PLk/EF8nXnjchhHxClMpV+QPeNeqpfyR4p+5tyAAmhBBCyOHQHLP7QoJ2j429u5EvVqPJYiJTyhcryUxZjKWK+keCbz12db/wji6G24c93z9xQ+saVUJXFVvXKIYuqLQuCLlr9Mt2U/uI5/FMMJ17+0mVCSHkpLJqS/ZPeC91b+zYvQ0ZwIQQQgg5HErlHc9t9FGoVLUjQstPdASyvkg+kizObMZebcSezoVGFyODk/7P28xQvA2V0AWxdY1i6KoqrWsUWhf8os18utPa88L7cj2695ZwQgj5FJA/7wMTvusDJoheowxgQgghhBxv9rNNOF+sSgAXSlUxX6x4wnmzJ9M56u0d88nXLzssEL2iErogtq5RrFxVpXWNQuiqSvqKl/psfeM+iyddf5KEEPLJk8qWH77y33niON3e1L2n7i7rMoAJIYQQcozZ3v5NqbzfjZ/a4bK2t9O58qo9NbYceToXGpjwf9HetO1XCV0QWxfE0AWV1jUKlauqd6/uzYfOoUl/NFWsPzdCCCE1KtXt6bVoz3PP+c71Rvc2ZAATQggh5CQjxaufE0ja1x8tSP36o/nRxXDnqHdkIfzl6/pVQlcVW9cohi6otC4IoQsau1f8qt3cMeJ5NhfKF3c4+RMhhBDB5Er1jXsv9WADM4AJIYQQ8kkgAVwsV23+7LP5sKTv0FTg+j3HB27yxdBVVVrXKIQuCN2re6rDzA/9EkLIfgjEtI8EX+7dYAATQggh5JMjk68kMqWZzfijmeC3D53XhhxK6xrF1jWKlauqtK5RCF1ViN6G57qtfePeRWuy/pQIIYTsifzZ75/wXevfYgATQggh5PhRrmz7Ivl4ulS/vjsyqe/53CAULyxbky+WIlcG7EruNsTWBTF0QaV1daVdrw85oHJVja2rerFP6tdn82Xqz4cQQsg+SGXLQ1O+b4ZMDGBCCCGEtIztbe3TtvUrH418sWL3Z7P5t3/2VQ1ghz87shC+3L9b/WLrGsXQBZXiNXqp3/ZFu+l0pxlytyGELvhlu+b1IfvgpD8Qy9efDCGEkH0j/6/x4KX/5gMLA5gQQgghrUENzkNBO8qzkuFySyZfmV6LXeyz7bN7v2gzXb9nP91pwdYFldw1qvftxX5bo3WNQuiq6ukr3nrsujftT2Tevt2bEELIjsj/Qz2eCdx+YmcAE0IIIWRf5AqVWKq445GHM7nyzGbMGcjWrx8ShVI1lS2rG6KTGXl48eY9n7F4jUrZnum03HnivtxvO9dtbSpeXaV1jULoil+0m64O2t9cVVrXaKN7xa86zHeH3Y9ngvvZ6E0IIWQPKtXt54thBjAhhBBC3kK5su0O5vrGfKc6LB0jnnCiGE+XoqliOldOZkrRZNHkTg9M+BbNiY+/E/ReyMrNjrthW32Z19t+sXVBY+Weajdf6rOJb25UWtdoo29VJYDP91ohdEFj9+qe6jB3jXrHliNHYdM6IYScAOT/JhjAhBBCCNmLbKEyPB/+2a1N8Wy3Rb5eHbR/c9/x9T2HfJUefjIblEiT+j30LcA74ghkv7nvhNAF3yTuaz+Xpr1jOt1p0QK4OXRVIXdBCF0QorfhmS7tgM/z5kT9aRBCCGkFDGBCCCHkGFMoVcuVj7LV1R3KTa1FX23Ehib9Er2/+H7rq3azZKFewro//35zYML3YimSypblLodyZlr96e+25XnDmbrUZ4XcbWgsXvGLu+bz3dazXdZz3dabD5xyVeL28oDtdJfFmLsNIXRBCF1VKF6j53qs/eO+LVeq/jQIIYS0CAYwIYQQclyR+i2WWr9zrCOQ7Rjx6Bt7G37VYb7YZxMbt/z8+y1RJpesyY8U4XtTKlcz+Uo8XQrFC3KhfqsBhz97cZf6hfTV/bJN2+dZ6vfKgF2eqSSunqnG6BUhdFWNlatqDF3VL9rNF/qs/RM+dyhXfxqEEEJaBwOYEEIIOa5I/bb8M7eRRLFt2N2o3IYXeq3ilQHbmS7LqU7LuR7r1UG7ODTp33SlDyWAi+VqqaJ96DeVLcvl+q2v8Ufz1+/Z99O9b6z17fle6+V+2+0nbrksT/PyQH0XaKhcVQhdEEJXVdJXvD5kH5jwRVPF+tMghBDSUhjAhBBCCNGQnN5ypaX9IH0b/vz7LenAs91WPYB7XvgmVqLjK9EFcyKZKX+MBpaslcLX1cnkK7nC24+HHIwVpCSleL/QulTbtCt+JZ3Zpu3FvWP3NrzYp521yHjLtSH7hT6rsXWNqqF7utNivLq3evfqfnPPfm/azwM+E0LIx4MBTAghhBCNh68CUrl61MmFs92W012WM10WKV5R3+HZaNuwZ3g+/HQ2NL4cmVqLmtzpUrnFDax3b7W63ajrbKFSeltphxPFF0vh54vhqdWoOL0W07/qt8xtxa8POXZMX1B/Kb7sMH9z33F1yH6q06zfottIXPBUh+X2E/eFXhuELmjsXt1vHzkfzQR3PMsUIYSQVsEAJoQQQogWme21PZ+/ajdL+p7rsV7qt9186PzukUs83Wn5vM1srN9f3jFdHdD2fx5bjvij+XSunMlXWrI/9m6nMlKRKXUncKnf4fnQy/WY1Zux+bIWj/bV7s9uudKzm3GbL+MK5l5txLpfeL/qwA/3inKjPPHvHjmv37PLiyBX9dw93/vmslTuV+2Wb+47jd3bUOL2TJflfI/VmLsNIXob6vXL0x0RQsjHhgFMCCGEHBuk9j5SI8liO0c9jV2df3G7HrpXB+3tw57TXZbbT90SgdKE2oeBe6xnuyxtzzzecD5fbNnjkfTN5iuxVGnHI1rpyEzjWNOZfNkXyRcMhwGTq3eful8sRtYdKSneFVtyYkXb9rtqT0n0ylXp4U1nWqJ9dis+PB++8cDZSF8p2yuDNvHqkPbZZonVKwO2s91S/jtv8pUGNl41Vu6OQvEavfPM/WSW9UsIIQcBA5gQQgg5Nkj7tTA4ge7nXj16jf7qjvaZ2NtP3N8+cF7q07YJfz3kuP3Y9ehVUGqzfs8WIQuMJovaFuCdTqekb+qVL/om32LtENCNqzqOQFYemJ6+y9akvufzkiUhuStX12pVPGeKT6xGX27E5rbiM5vxF0uR3jGvnrjneixftNdzt6GxclWhclWhdUEZuDvsfr4UaVQ9IYSQjwoDmBBCCCEaOwbwL2qer234/fqe41y3VTsKdId5aNJfv1uLkL4NxQtwMGeJ20y+XChq8QuHhvKG8xZPxnhALMlmWYIrmDO5tb2dH88ERxbCG86UxZtZMCfGlyNyVb5OrkYfTAd6x3xSxS/XY9PrMZmE6BUhdFWNlasKoQvqM191sH4JIeSgYQATQgghRAMCWE9f8Ys208Ve2/Uhh3y9/dh1qc92bdC+5UrX79Y6jNtydUqVbQla/bhQUsL6BW0/8Mr2piu9bE0m0qVGPfoiebM74w7l5FvSvdK3+o7Q0sOvNmJPZkPP5kNPZ0PDCyEp3ocvA1Nr0YnV6LDcOBc63/vmIM8QumAjcXcUQle1MSn12zninV6Lsn4JIeQgYQATQgghRKOrFsCN7m34+V2TeHXQLg38ZDZo82UjyQM6S60kcWN3aLngj+ZT2XK2oJ0JKZktGw8HLW0s3btqTy1ZEhK9m870lltLX1Eujy6EpXKfL4WlhCWDx5YjC+bE5Gr0xVJELrcNuy/0WSF0wUa47iaELgjDev3Kg6k/ekIIIQcFA5gQQggh2uGU700FrgzYoX7Fi722y/22Gw+covRk/Q4fk91OKSzdK0oVp3Nl44ZTiWGrN2PxaG44U+sOLYNnN+PSwGZPZs2RksvSui83Ymv21LO50LwpvmhJLFkTckFuP9XRdDgroxCuqhC6IAzrnuowd79g/RJCyOHAACaEEEI+deLp0sCE//qQ48Z9p7Su3r2/vmOSWquFnOkXt7cevAyksvWdkD82b90rWBq4sb90sVyV0JXolQZetSelbOWyFO/4SmTTlZ5YjcoFqWIJzoevgqOLYcngZWtiwST1q02e6955268xWVWNlasKw0alfnteeFftqfqjJ4QQcrAwgAkhhJBPmlyh8mIpcmXA/s09hzSwdK8WwLe3TndZLvXbtJMe9WmntJWGrN/hiJHMlCV0t8Ta3s7yddmW1E50tKkd7XlqLaof/3l6LSrl+WgmKIU8vRYTJYk7R7wt7F4R5sHTneaeMdYvIYQcJgxgQggh5JPG4s08fBl4PBOUPrz12HW223J10P7LO1oD68rl6fWYfhaio0BVHsrrx5LKlk1uLXpfbsQmV6P6Ps/zprh+ECx52JK7C2ZN/aRHEyvR0YWwTEqFSjZf6rfvp3tFCF0QhsGvOjT1+l13sH4JIeQwYQATQgghny6RRFGa8NGroATw7ScuCeCLfTZj/X7eZhpdDGeaT0F0uMiDSWRK+vmQY+mStK50r4Tuq43Yii0p1jJYOxD01FpUu+pK68fH2nSmX67Hns2FZjbiJnemf9x3rkfbuL2HELogDKvq6duoX277JYSQQ4cBTAghhHyiRJLFF0uRBy8DXc+9naOeu8/cX99zNNJXlMabXI3CCXgPkVS2HIwVYqliKF5IZsqFUnXdoR3yyu7PSvFavBlp3dmt+JIlId1rcqen12IPXgYfvgwOTfpvPXLdnw7cmwp899DVN+b7/rELYtWosXJVYVi10b26pzq1o16xfgkh5CjAACaEEEI+RRyB7LcPneLIQnh0Mfx8MSx9+P0T16V+2y/vmMTP28wzm3GZPAr7PstjkPo1ezK+SF6CXD9KVjhRnN2MS/HafNnN2vl+Fy0JubpqS+rFe+OBs/Hh3v3s6gyhqwrzIHSvrtRv56hXHpX+RAghhBwuDGBCCCHkk0Ny8UKfVd/M+819x73pwKNXwc5Rz9VBx1edFqnfcz3WeVOiPn0EKFW24RjU6Zz26V+rNyMNLN274UzNbcXl8tRatHfM907dK0LogjAMQvEa1euXZzwihJCjAwOYEEII+YSIJosL5sTVQXtjP2fx8zbz6S7LqS6LxN7FPps08OPZUP0ORxVPOLfl1rb6Pl+MDM+H+8Z814cc14YcX99zSJQeQPeKkLvgqQ5L2zP39Fq0/ogJIYQcARjAhBBCyKdCKF749qHzl3e2bjxwSKHpuzobvTJolxjuG/cFY4X6fQ6cQqkaT5em1qKPZ7TT9tp8mUS6lM1XSuWqvhG4ur2dyVckfZesyZmN+NUB+1cdlsbG3v2kL4QuCMOqxspVle7VlfqVOH/rOY0JIYQcJAxgQggh5FNh0ZL4xe2tX981dz33fvPAebHPdnnADg0sN7pDufodPjLStMF4IVeoSNkmMiX5Klnb9dxzVetwk+65HqtcvX7PIel+bch+477z1mPX1/ccl/vtl/rt57qtrepeEeZBCF2w0b26d1m/hBByJGEAE0IIIZ8KT2ZDkrhSelK5v7prkoA8021tpO+vakpeftRsyxcrEr1brvSLpYhU4vke652n7ttPXLefuuSClGQjfY0aK1cVSlXVWLmqMAwaK3dHIX3F7x66nsyFWL+EEHIEYQATQgghnwQWT+bXbU27PZ/qtHzeZta7V/dyv93my9bv0GpKle0td3pw0i/RKz/613dNIoQuCKGrCrEKQuiCMKwKoQtC9DaU+n00EyyVtdMUE0IIOWowgAkhhJBPgtmtuLF+RWP6ime7rY7A+9RvufKWTZ25QsXmy4wshKVpT2r36n5z38H6JYSQowwDmBBCCDn5bG//5uGr4I7d2/DakENKtX6Hd0EWvmZPrViTmXylUKxGksVYqjhvSkytRcWX67Hu515Jx7d2rwihC0KpghC6qjAPGitXFUJXVWau37MPTvmN52oihBBy1GAAE0IIISecSnX70UwQcldx61SHeXL1nc/Zky1U7k8HJC+lb7975BKvDdlvPnTqW3obQuiCELoglKqqsXJVYRg0Vu6OQuiCjbFL/da+cV82z/olhJAjDQOYEEIIOcmUKttP50JK7hrdavhlu2nRkqjf823ki5Vkttwx4oHWNQqhC0LoqkKsghC6IAyrNtp1RyF0QRg+12PtHfdFk8X6S0MIIeSowgAmhBBCTjKheOF0p0WJXvFN9xq9Omj3RfLqEYy3t7WP8mZyZW84b3ZnXm3Evn3olGEoXl0IXRAqVxVKFYTQBWFYFdoVhNBVhXnxbLe1d8znjeTrrxQhhJAjDAOYEEIIObFUq9sDE/79dG/DX98xnWo3P5sLWTyZYKyQypaTmXI6V162Ju88dXeMeC722SB3G0LoqkLoglCqIISuKsyDUK0gVK4qzDc83WnuGfOaPen6K04IIeRowwAmhBBCTiwr1qS03z671+gXd81nuywXeqxX+u1f33NI957trp+4aEchdEEIXdCYqTsKoQvCMAi9qgqhC8IwKPXb9dw7Z9rvTuOEEEIOHQYwIYQQcjJJZctXB+0QuiB0L6qELgihC0LoqkKsghC6IAyrQqyCELogDKueqtn2zP1iOVJ/uQkhhBwHGMCEEELICUTqt33YDbnbEENXVWldoxC6IFSuKpQqCKELwrAqlCoIoasK86Devbq3HrkezwTVD0sTQgg5yjCACSGEkJOG2ZP57qETolcXQxdUWtcohK4qhC4IpQpC6KrCPAilCkLlqsI8aOxe3a+H7IOTPOUvIYQcPxjAhBBCyIliy5WWZmth94oQuiCELgilqgqhC8IwaMzUHYXQBWEYhOhteLnP2jfmS2XL9VecEELI8YEBTAghhJwcfNH8qc439YuhCyqhC0LoghC6qhCrIIQuCMOqEKsghC4Iw6pQvEbP91h7X/hC8UL9FSeEEHKsYAATQgghJ4Tq9nbvmPft3SsqrWsUQheEylWFUgUhdFVhHoRSBSF0VWEehNZVPdet1a8rmKu/4oQQQo4bDGBCCCHkhFAsVy/32bB1jSqtaxRCVxVCF4RSBaFyVWEehFIFoXJVYR6Eyt3NM53m7ufeTWeq/nITQgg5hjCACSGEkBOCJ5w/22XF6BWV1gUhdEEIXRBKVRVCF4RhEEpVFUIXhGEQ+nZvT3eaO0e9rzbj9deaEELI8YQBTAghhJwQHr8KHlj3ihCrIIQuCMOqEKsghC4Iw6oQt/vx1mPX8Hy4/kITQgg5tjCACSGEkJNAoVhte+bZT/pC6IJQuapQqiCErirMg1CqIISuKsyD0LT793K/dXDSXypX6681IYSQYwsDmBBCCDn2bG//5tlcSOoUWtcohK6qsXJVoVRBqFxVmAehVEGoXFWYB6Fm39Xz3dbuF95oslh/rQkhhBxnGMCEEELIsUcC+MYDJxRvQwhdEEIXhFJVhdAFYRiEUlWF0AVhGISOfT9Pd5q7X3gc/mz9hSaEEHLMYQATQgghxx4J4O8euVrYvSLEKgihC8KwKsQqCKELwrAqROyHeHfY/XIjVn+VCSGEHH8YwIQQQsixRwL4m/uOQ+9eEeZBKFUQQlcV5kFo1w/363v2RzOBSnW7/ioTQgg5/jCACSGEkGNPdXv7/nQAWheE0AWhVEGoXFWYB6FUVSF0QRgGoVpb5cVea9+4L5uv1F9iQgghJwIGMCGEEHISSGRK7SMeiF4RQheEUlWF0AVhGIRSVYXQBWEYhF5trWe7zD0vvKF4of7iEkIIOSkwgAkhhJATQrZQGZry76d7RYhVEEIXhGFViFUQQheEYVWI1VZrOt1p6hz1rNiT9ZeVEELICYIBTAghhJwcsvnKN/ec0LpGoVRBCF1VmAehVEEIXVWYB5VSba2mhrefOF8sh+svKCGEkJMFA5gQQgg5ORRK1VuPXBC9IpQqCJWrCvMglKoqhC4Iw6BSqq31TffqXu63Dk76S+Vq/QUlhBBysmAAE0IIISeHULxwddC+z+4VIXRBGAahVFUhdEEYBpVSbbmYvuL5bkvPmDeVLddfTUIIIScOBjAhhBByclixJT98ky8Mq0KsghC6IAyrKqXaWjF6G57uNHW/8Dj82fpLSQgh5CTCACaEEEJOCOXKdt+4D2LVKISuKsyDUKoghK4qzINKqbZWzN1mtZm7z9wvN2L1l5IQQsgJhQFMCCGEnBBK5eq1QTtUqwiVqwrzIJSq6qU+2zf3nJC7DWEYNDTqxxBCV7U+ebnfem/KX6lu119KQgghJxQGMCGEEHJC8IbzF3ptxnaF0AWNk6pQqqqNxD3dqdm4qgvDYKM8P5oQumDT8Nkuc+8LbzRZrL+OhBBCTi4MYEIIIeSE8HgmqLcrhC7YSNzdhFgFIXRBGFaF+Gy1ELogDNftGPGs8ay/hBDyacAAJoQQQk4IQ1N+aF0QQheEUgUhdFVhHoTmbLUQuiAMN/nNffvTuVD9FSSEEHLSYQATQgghJwF/NP/tQycUry6ELgilqgqhC8IwCLXZaiF0VWEeNF3otfSO+fLFSv1FJIQQctJhABNCCCEngYmV6CfTvSKELgjDYH1MO+/Rc48nnKu/goQQQj4BGMCEEELISeDlRmw/3StCrIIQuiAMqyq12VobibujMKzaNH/nqXt6nec9IoSQTwsGMCGEEHISGFkIQ+iCUKoghK4qzINKarbWpnBVhGFVmNe81G8d4nmPCCHk04MBTAghhBxvpOJebcTOdluheHWhVFUhdEEYBpXUbK1YrYowD8LwG892mXpeeCM87xEhhHx6MIAJIYSQY8z29m8cgeypTktLuvdCr+1Cj+3KgB2GQSU1Wy4ma7MwDMKwYvtWx4ib5z0ihJBPEwYwIYQQcoxJZcudI579py8UL/jtQ2fnqGdgwn+qE++oq9Rma1VitUkYVoX5Ztu3dL+5Z+N5jwgh5JOFAUwIIYQcY0LxwqU+2wd2r9iYPNttOdOFez4rqdlalVhtEoZVYb7Z192re6HHzPMeEULIpwwDmBBCCDnGLFoS53qs0KtGIXRBGAaV1GytSqyiMA/CcLPN3at7umOr+7nHFczWXztCCCGfHgxgQggh5LgSSxV3q18IXRCGQSU1W67Sq03CMAjDikr3Nrz5wD6+Eq2/doQQQj5JGMCEEELIcSWdK/eN+5rbFVvXqHFyR5XabK1KrDYJw6ow36ySu012mM73WLjzMyGEEAYwIYQQcozxhHMXeq0QuqoQuqCSmq1VidUmYVgV5puF0FV9Pdk16rb7M/VXjRBCyKcKA5gQQgh5HyrV7Xyxsr1dv3qIPF+MQO42hNAFldRsrYZM3VmYB2G4Wahc1eb560O2J3OB+utFCCHkE4YBTAghhLwPqWzZHcrlCoe/S60nlPv6nrO13Xu6E295F5viUxGGQRhWhNAFYbjm2S5T93NPJl+uv16EEEI+YRjAhBBCyPtQ3d4WK9UjsAn4N78ZX9Y2AkPoqiq1ubOX+mzf3HPoF852SVHjwC5ieTYLw6ow3yyELgjDzbaPuNfsiforRQgh5NOGAUwIIYQce9yh3OV+G+RuQyU19+v1Ifu57rcGMAZnszCsCvPNQuiqwjzYvnWl3/Lgpf+I/HcKQgghhw4DmBBCCDkJTK5GW9W9+1OpTRTmQRhuFipXFebB12NnO03dz93xdLH+GhFCCPnkYQATQgghJ4EJQwArtflu3nzovHHfcVE7uDR+q6YSnE3CMAjDio3E3VEYBmG4fevOE+eShTs/E0IIeQMDmBBCCDn2lCvbt5+4lNp8H68O2DpGPOe6LcpxsJTgbBKGVWG+WaVdm4RhVZivebHXMjDu5c7PhBBCjDCACSGEkGOPP5q/2LfbBtt3Uz/w1fUh+437jmuDdkxNFO+uCPPNKtWKwjwIwwZPd2x1j7pD8UL9BSKEEEJqMIAJIYSQY8+rjZhSnh/kmU7z2S7tKzbnG5vmFWG4WaVXUZgHYVi1Y+vWI8fUarj+6hBCCCGvYQATQgghx56ZzRYGsBKcTcIwCMOKUKogDIMwrNpR93yPqfeFJ188/FM0E0IIOWowgAkhhJDjTbW6/WIporTou6oEZ5MwrArzzUKpgjCsCvPg6+5t2DXqdgWz9VeHEEIIMcAAJoQQQo43Vm9mH2fr3U2lNpuEYVWYbxZKVRXmQRgGle7VvT5kHZkP1l8aQgghpBkGMCGEEHK82XSllSM2v1WlNlGYB2G4WShVVZgHYVhVid6Gpzu3ep67eOJfQgghu8EAJoQQQo431e3tYKzQNepRMnVHleBsEoZBGFaEUgVhGIRhVSV3m6zNfP/IMbcVq78uhBBCiAIDmBBCCDkJDIz7lF41qgRnkzCsCvPNGjNVFYZVYR6E0AUNk+e7TH1j7lK5Wn9FCCGEEAUGMCGEEHLssXozZ7t2/BiwUptNwrAqzDdriM+dhXkQhkEIXVWYb99qf+Y0uZP1V4QQQgjZCQYwIYQQcuyZXI2+Q7hqGodVYbhZpTxRmAdhWBVCF4Th117qM9+f8tZfDkIIIWQXGMCEEELIsefleuM8wEpwNtlI3B2FYUUlO5uEYRCGVSF0QRgGOza7Rl2heL7+chBCCCG7wAAmhBBCjj2ZfKXtmQub840Quqow3yzUJgjDqjAPQuiCMKz4Vfum+PWQZWwxVH8tCCGEkN1hABNCCCEngVVbEssTK1cV5ptVahOFeRCGQQhdVZhvVu9e3TOdW93PXZl8uf5CEEIIIbvDACaEEEJOAoVStX3Y/bo/IXRBQ6aqKrWJwjwIw6oQuiAMN2vs3obfP7IvWeL1V4EQQgjZEwYwIYQQckJ4+DKgtK5RJVZBJTibhGEQhlUhdEEYVoTobXiue6v3hatS3a6/BIQQQsieMIAJIYSQE8L96d0CWOlVo4bOvD5oPdN8Cw6rGodVIXRBGFaE3AVPtW+2P3O4Apn68yeEEELeBgOYEEIIOSE8wC3ASqwaVWpTvNpvCGDjsKrhXjsIoasK881C6ILSvbqXek0PeOojQggh7wIDmBBCCDkh9I/73q97m4R5EIZVIXRBGG4WQle1kb7i6Y7NrhFnPF2sP3lCCCFkHzCACSGEkJOAzZc5171n/SrB2SQMgzCsCqELwrAihC5o7N6GXw9axhaD9SdPCCGE7A8GMCGEEHLsKZWrvS+8WK26Sm02CcOqMA9C6IIwrAihC0LxGj3dsdnNzb+EEELeHQYwIYQQcuwxudO4+VepTdQ4rArDIISuKsw3C6ELQuvuaG3zb6D+5AkhhJB9wwAmhBBCjj1PZoP7Clexkbg7CsOqELogDDcLoasKlbubtc2/Dm7+JYQQ8h4wgAkhhJBjz8h8CGoThdAFYVgVQheEYUUIXRD69q1y8y8hhJD3hgFMCCGEHG8KperDl35ozroQuqowD0LogjCsCKELQtbu0zPc/EsIIeQDYAATQgghxxuHP3umU0lZCF0QhkEIXVWYbxZCF4SgfVdvPuDm30+deDK9uGpxuPg2ICcHeUu31vpyyU4wgAkhhJDjjcOfedOfELpgY2w3IXRBGG4WQlcVUvY9PNu51TVs5+bfTwdp3dHJpc++vPWnf/F3f/SDv/m9P/7R7/zhD/+v/89/bVRu/OFf/eSv/uNXMsYqJscReZ//3/5f/194Y3+gdqe/vnSiwAAmhBBCjjGV6vaTmQCGLqjEKgqhC8KwIoQuCBH7IXLz7yeCdOyZaz0SvXru/l/+Hz/YpzIs9/rbz65INteXRciRRwL4nd7n+5EBvAcMYEIIIeQYk8iUrgxYsXgbKrHaJIQuCMOKELogtOuHe7Zzq3vUnsmX68+cnEQkXH/4Vz/RN2HBCv07KXeXeJYS3t7eri+akKMKA/iAYQATQgghx5h4unR1wNbK7hVhvlkIXRCqtYV+/8g2b4rWnzY5cSyuWqRXpVphPf4DlQV+2/ao/jMIOZIwgA8YBjAhhBByXKluby+a46c799e9IoQuCMPNQuiqQq+21rOdm92j9nyxUn/m5ATxkdK3oaTFH/3gb262P67/PEKOGAzgA4YBTAghhBxXMvnyjft2KNUdhNAFYVgRQheEUm21G7rfP7Jy8++JpP/hxP/9//1vYN39Y6hncCyRqv9gQo4MDOADhgFMCCGEHFdS2fKFHjP06hshdEEYVoTQBZVSba317tXl5t8Tiaz0/+1nV1q+3r+3v/fHP1pYMdcfASFHAwbwAcMAJoQQQo4riXTpYq8FwhVDVxXmm4XQBZVSba1N3duQm39PHrLG/2/+l5/CKvvBKKXR92C8/jgIOQIwgA8YBjAhhBByXIkkCk1bgCF0wcbYTkLoqiqx2loxehvWNv/auPn3JLG4avlv/4f/GdbXD1KJjdNXu+uPhpDDhgF8wDCACSGEkONKOle+3GfB0AWV1gUhdEGlVFsr5m6z2syNe+bptWD9CZPjj8MVOJgP/e6t9AZPkkSOCAzgA4YBTAghhBxXMvnypd0CWAldEEIXNDTqxxBCV7U+ebpjs3vEFk8X6k+YHHNkRf+//9f/G6ypH6LcF5ocBRjABwwDmBBCCDmWVLe3XcHs+R7zO6UvhC7YKM+PJoQuCMOb1wZMYwtcjTs5HNbnfndTqoPHxCKHDgP4gGEAE0IIIceScmX7/rTvdGcLuleE8my1ELogDL+xa9jmCWXqT5gccz778hasox8Ff+cPf8hzI5HDhQF8wDCACSGEkGNJqVy988QJoasKoQtCcLZaCF0QhtHLvVsPp1z1Z0uOOWeu9bR8Fb9V/ulf/B0/DEwOEQbwAcMAJoQQQo4lmXz55gM75G5DCF0QUrPVQuiqwjxYH+t8ZnP4uGnuJCDr97/zhz+EFfQj5Wdf3mIDk8OCAXzAMIAJIYSQY4nDn7nabz1K3Ss2EndHYRhsGj7ftdk/aq9U2SQngaO587PR3/6DP2cAk8OCAXzAMIAJIYSQY8nsZmyf3Ssqtdlam9pVEYZBGK7b/sRicsXrT5UcZxyuwBHf/KvLjcDksGAAHzAMYEIIIeT4kS9Wukbch73JF6u1WRhWhfk3nu3c7B62yHOsP1tynPnbz67AqvnR9Lf/4M/ZDORQYAAfMAxgQggh5PjxfDEErWtUSc3Wir2qCPMgDDfbti7efmBZ2IrUnyo5zhyXzb+6f/kfvuRGYHLwMIAPGAYwIYQQcvy4N+WD6BWV1Gy5Sq82CcMgDCvW0lc8077Bzb8nhuOy+VeXG4HJocAAPmAYwIQQQsjxY2jSe4Dpq8RqkzAMwrDi6+5t+PXg1tiCr/48yTHn9/74R7BefsQ9fbW7/tAJOSgYwAcMA5gQQgg5fgxMaAGs1GZrVWK1SRhWhflmle7VPd2+3jNsiacK9edJjjOLq5aWr9Z/bP/8Lz/jXtDkgGEAHzAMYEIIIeSYUa5Ue1+4leBslUqsojAPwnCzSvGCV/s2H00768+THHOO/tmPVHk+JHLwMIAPGAYwIYQQcswwu1Pnu01KeX64Sq82CcMgDCsqrdvk67HuYas3lK4/T3LMOXb7P+v2PRivPwFCDgQG8AHDACaEEEKOGWv2hNKfH6IhU3cQhlVhvlkIXbB5+HzXZv+otf4kyTHnOO7/rMtjQZMDhgF8wDCACSGEkOOErJkPzwWUCn0Pm+JTEYZVYb5ZCF0Qhl97+6F5xRqtP09yzLnZ/viYBjD3giYHDAP4gGEAE0IIIceGeLo4NOk93QEt+k5idirCPAjDzULoqsK8wdMdPPvRieLMtZ5jGsAiA5gcJAzgA4YBTAghhBwPosnio5d+pUj3LzZnszAMwrAihC4Iw2Bt5mrfxsisu/5UyfHnr/7jV7BGfoyMJVL1p0HIx4cBfMAwgAkhhJDjweh88EzHlpKmb1UJziZhWBXmmzVWrioMqxqGu4YtPPzVSeKHf/UTWCM/Ri6smOtPg5CPDwP4gGEAE0IIIceASnW7b8yj1OkeKrXZJAyrwnyzhnDdQRhWhfm29fOd630jVnmO9WdLjj/H9BDQuiMTi/WnQcjHhwF8wDCACSGEkGNAKlu+ed+mZKqqUpsozIMw3KwSrijMgzBs8Lt7piVzpP5UyYngWAfwt22P6k+DkI8PA/iAYQATQgghx4B8sdL7wq30qlElOJuEYRCGFZVkbRKGQRhWPN2x3vPMksoU60+VnAh+5w9/CGvkx8jTV7vrT4OQjw8D+IBhABNCCCHHgEy+fH3QqoSrqARnkzCsCvPNKrHaJAyrwjzYXvdy78bTl6768yQnhT/6wd/AGvkxkluAyUHCAD5gGMCEEELIUada3Z5cCb9DuDZN7ijMNwulCsKwKsyDr7u3YedTiyvAg+6eNI51APc9GK8/DUI+PgzgA4YBTAghhBx1SuXq94/sbw9XTWPlqsJws1CqqjAPwjCodK/u2c71nmEzD3918vjTv/g7WCM/RjIeyEHCAD5gGMCEEELIUUcCuO2ZA4OzSQhdEIYVIVZBGAZhWFWJXqM3BjcXtsL150lOEH/72RVYIz9GMh7IQcIAPmAYwIQQQshRp1yptu8cwBC6qjDfLJQqCMOqMA8qrdvk67HeYUs8Vag/T3KCOL4B/N/8q3+3vc1dEsjBwQA+YBjAhBBCyFFH2wL81BjAULmqjcmdbDTqbsI8CMMghK6qYfhSz8ajKUf9SZKTxc32xy1fpz8Y/7v/6X9lAJODhAF8wDCACSGEkKNOJle+cc9a608IXbC5VEFDee4szIMwDELlqsJ8zfYnZqs7Xn+S5GTxMdbpD8b/9F8vM4DJQcIAPmAYwIQQQshRxxvOXR+0KLnbUIlVUCnPJmEYhGFVCF0Qhg2ead/oeWbi4a9OML/3xz+ClfJjIQ8BTQ4YBvABwwAmhBBCjjpPZvxK9OoqvWpUac4mYVgV5kEIXRCGFU+3r1/rWx9f8NSfITmJHMePAf/2H/x5LMGTcpEDhQF8wDCACSGEkKPO41cQwEqsGlVqE4V5EIZBCF1VmG9Wurdh9zMzT/97sllctRy7vaD//C8/4/7P5IBhAB8wDGBCCCHkqPM6gJVYNarUJgrzIAyDULmqMN+ssXt1z3Zs9Axz/+eTz+/84Q9hvfyIy/2fycHDAD5gGMCEEELIkUYqsRbASrI2VIKzSRgGYVgVQheE4WYheo1e69uYXPTWnyE5uRyvvaB/+w/+nNlADh4G8AHDACaEEEKONMFY/tYjG4arqARnkzCsCvMghC4Iw4qQu+CptrWuZyZ/JFN/huTk8jHW7D+en315i/s/k4OHAXzAMIAJIYSQI82WK/UO4Soah1VhGDRW7o7CfLMQuqB0r+7ZjjXu//zpIFUJq+ZHUx7+ihwWDOADhgFMCCGEHGmK5WrvCxek5g5C6IIwrGqsXFUYbhZCV7WRvrpf92+8XPXVnx456cjK/bE4HxI3/5LDggF8wDCACSGEkKPO8KwfmvONELogDKsaK1cVhpuFylWF7m3Y/ZT7P39aHP2NwP/Nv/p33PxLDgsG8AHDACaEEEKONFuu5NV+E8Qnhq4qzIPGylWFYUUIXRByFzzXsdbH/Z8/MY7+RuDTV7vrj5WQA4cBfMAwgAkhhJAjzYMpb1N/QuiCxklVY+XuKMw3C6ELQuju5o3B9Zk1rpl9coxMLLZ8Fb9V/uV/+JKbf8khwgA+YBjAhBBCyJHm0ctaAEPogs2luoPGylWF4WYhdFUhcfe2+5kpFMvWnxv5lDiap0T67/6n/zUaT9YfIiGHAQP4gGEAE0IIIUeax698mLsNlVhFjZWrCsPNQuWqQtnuR33/5/oTI58Y29vbf/oXfwer6Yfrb//Bn88v8w1JDhkG8AHDACaEEEKONI9f+bF7RaVXmzRWrioMK0LogtC07+SNwfXZ9UD9iZFPj1gi9Uc/+BtYUz8spX5774/VHxkhhwcD+IBhABNCCCFHmsEJT2u6V4T5ZiF0QUjZ97Pn2VY0kas/MfJJcnQamAe+IkcEBvABwwAmhBBCji6eUPb6oAVKdQeNlasKw81C6KpCxL635zvXB0a5uyk5/Ab+7T/48xt3H9YfDXkvpNn6H06cudbzt59d+eFf/eRP/+Lv5Hf6O3/4w9/74x/JZbnlr/7jV599eetm++PFVUv9PmQXGMAHDAOYEEIIObrMb0WhV5s0Vq4qDDcLlasK+frh3hhcX9gM1p8Y+bSRBj6szwNzz+cPQWpWoldvXWm2t2abPiPD0smjk0v1pZBmGMAHDAOYEEIIObosW2IQrprGylWFYUUIXRCqtYV2P93i8Z9Jg+3t7YM/LvT/+G/+d5vDV38EZN9IoX325S3p3v1E727q9/3hX/2EbQYwgA8YBjAhhBBydJnbNGwBNlbujjYmdxJCF4RYbbWrZ9pXe55tVqrb9SdGSK2Bv2179N/8q38H6+4fyf/0Xy/zfL/vip6+v/OHP4QX80NkBgMM4AOGAUwIIYQcXV6tR7R8NVauanPoghC6qkqsttZV3cvdqyOvHPVnRYiBA9sU3PdgvP4jyT6QKut/OPHf/g//M7yMrVKS76/+41cOFw8LzwA+aBjAhBBCyNFl0RzD3G2otC4IoQsqpdpa693b8M7DTZMzWn9WhDQjDbywYv7L//AlrMS3Vlm+/KD6jyR7srhq+e//9f/W8ipTlR/x2Ze3PvHfCwP4gGEAHyfsdvtIjV/84hc3btzQL8fj8fq3CSGEnCzSufLdp/Zj3b0Ne59tZnOl+hMjZCc+dgb/9h/8OQN4P5y51tPafZ7f6p/+xd99yr8aBvABwwA+6kjfnjp16k/+5E9+67d+65/twu///u//9V//tSRxPp+v340QQsjxxxXMnOnY2Gf6QuiCSqm2Vsxd8Hzn2uDzrfqzImRPJISEvgfjH6OEv217VP8xZCekxP72sysHsOFX9Y9+8DefbLMxgA8YBvDRxe/3/+hHP/rn//yf1zN3H/zu7/7u3//938sd64sghBBynHEFMue6NiB0QQhdVSVWWyu2brP1sa8H1mbWvPVnRcj+aJTw6avd/+m/Xv4f/83//uGHy+Je0HsgGfZv/pefwit2kP7OH/7w0/ycNgP4gGEAH1Fu3LixxybfvZE7yt3rCyKEEHJscQWz5zp3DWAIXbARnx9HCF0Qhte6nm56gzz6Lnl/9BhuICv37xcM3At6Nw69fnXl1/oJNjAD+IBhAB9FfvSjH9Vb9gOYmpqqL44QQsjxxOJJne/aPD7dK8K85un2tZ6nGzwBEmktf/oXfwdr/PuUe0GrHJH61f2dP/zhwoq5/sg+DRjABwwD+MjRkvoVfvGLX9SXSAgh5HhiDGAIXRCas9VC5arCfJOXelafTtvqT4mQFnGz/fH7NcOf/+Vn3AgMHMxpqPavNPAndcZmBvABwwA+WvT29tb7VeG3fuu3/uzP/uzHP/7x3bt39eM/y+W///u//5M/+ZP6RDPy3fpCCSGEHE/M7tS5zg1oXRBqs9VC6IIwDNbHbt/f2LSH60+JkBbx3s3w23/w559UXL2VM9d6Wl5fH+4f/eBvPp3/TsEAPmAYwEeIfD7/L/7Fv6j3azN//dd/vcehreRbv/jFL+C+DGBCCDnWhOOFb+9ZIHcbKrXZWhuJu6MwrNo03zO8GU/xJAWk9fzwr34CK/37lHtBN1hctRzwGY/2r/x+P5EGZgAfMAzgI8SlS5fq8drMyMhIfeJt9Pb2NjL41KlT9VsJIYQcQ1ascYheUUnN1toUrjsJ8yAMa57rWB0Y2aw/JUJaCveC/nD+P/+/v4cX50j5iRwQiwF8wDCAjxA/+MEP9HY18h4bcu/evfujH/2IJ0MihJDjS7my3T3qPL7d2/Ba79rLZU/9WRHSUj4kG7gXtHA0d342+nt//KNP4T9VMIAPGAbwUSEej6un/P0X/+Jf5PPcbYwQQj45nIHMpZ6tw05fGAZhGD1ds/PJhsufqD8rQlrNX/3Hr2C9f5+evtpdX8SnisMVOLI7Pxv9FPZXZwAfMAzgo8LCwkK9eg382Z/9Wf3bhBBCji3b25r7p1zZ7nhmV4KzhWKsNgvDqjDfpN69DbufrJbKlfoTI6TVcC/o9+azL2/Ba3I0lUo/8b8pBvABwwA+Kux4/GceyIoQQo4v0rGFUiWdK2dq1m/dB4l08cY9s5KdHy7GqiLMgzDcJHSv7oXO1QdjpvqzIuQj8CHl8CkXgrxux2Lzr660+sluYAbwAcMAPircuHGjXr0GLl26VP82IYSQY0WhWFm2xD2h7Lo9YXIlveFsOleqf+9tpLOltic2pT/fW4xVRZgHYRiF6DV6vXd1fsNXf1aEfBy4F/R7cPQ//Wv0xJ+5igF8wDCAjwo7BvDf//3f17/dIux2+y9+8Ysfv+bBgwf1b7wvssBTp07VF/fjH29sbNS/sTt+v1+e7F//9V//yZ/8ye/+7u/Wn+o/+2f/8l/+yx/84Afy8Kampuqj+6O3t7f+43/8492OmK2fKUp+ovwU+Vnyc+Xyv/23/1Zu3P/RwmRSP/Hy7//+78tCfuu3fksuy2O+dOnSRzrkmPyC/v2///fyU4TG8b3lgn6LfEsGPvBT4vt59eRHyK9Mnqn8UP2T6vpjkBfw7t27/Jg6ITuSL1ZWrXGnP2PxpMzulMOfXjLHkpl9NXAiXfy2NVuAMVabhWEQhlFoXVCf6Xi04f3/t/cmwa0cZ77vW3qpjfudZS/cNxzut9Ci+8bpu/Ki/ay7U4Rsv7Ozb0gvQmHfhWx3tLWz5bfQSpZsWTo680xwBDjP8zzP8zzPJIh5Rr+vKpM4hS8LIEiCIED+f/EPuFD1oZAF8sj4MbMy9xzyqgC4Gspquy4mD//y01/f2lHQ//reb9inkeW52XcCQ4AzDAQ4WyCTEXpjhGxNHk4HpvNskUTJw+eH7Fc94cjIiDysQPW/+tWv1JeokF+RmlKD5SsTo64dxfyZnJw8TR5LALWK2iZfYEaKJ0mlwalAl0BvR4ItT30W77///nn/aiA489OjK6LfkOQtoR/op59+Cg0GwEgkGj12Bjb3PVsHnqVN596xz+MLza87dg69siIpVFzavqYYaep5q6lmYcVqWH1cmOiysGJb04wn5X5vAC4GRkGflwv/yeAac7Pv2YYAZxgIcLZA4iF9Ip4kPnleSFFU+aQ9F9Y20h55FgOJGkyulYr6Grlz586ZXcp//OMfZfUpxm7MZ8+epfimVJaoP5xUPMWTkCheslN9Z2fnTNNOBGlwco1XSf7p0bUYu+iTQ5Vp/F0F4AZw4gosbDjHFo9nVk/Wdtz+YHhjz0NKTG4sKxLj9oWsrRcQYO6fSlg9CyuOCxNdNayeghWAQcbAKOhzkSvTXxnz/R99AAE+VyDASYAAZxGm/Wz/+I//eF6rSQI5kjyvAbJEeficxAblxiALksfiUUUrRc7soE6kcGT7phebHPZRkI7++Mc/lsdSg1Q50UDiM7HZbOf9GwGDfoXO9e5JPr1f/epXclfK0LvDgQEwQsY7v+4gDR6aPZxYOt498oYj0WAoIg8nRusBbktdgLl5KmH1LKyYh4kuCys25oF1smd0Q14SAFfJhbs0f3D3l7dwFPRPfvEH9jnkRFq6RuUF3DggwBkGApxFJFKONDqw6VzT5Hjy8Hkw7bI2vWmZnEoePj9nts1U4cjf3nvvPfn8nMQUjj5z1fBTgTzwArcEk3vL118OUmiLxSJPehZp//Qudu0A3FTIdV2e4N6xj9R3c99D9isPnMXhif9h2Zxiqmq4c8aHFbOwYh4muiys2CSWibya6fnVA3lJAFwl5A8XntP4tnnCVbhWZvL7P313U/9aAQHOMBDgLIKUMlEHIJlYWvrWyG1MB7VeQFpSHP9MZzZ9x3fffZc8jXRLDMCemZmhbTHTkqzQuYAA19TUmPobuRmd7eOPPxbzYCXi7t27dNpE9kvXQif/1a9+JebBSgS1SjQvRT7//HP5SjOowXRCI3QhyfuKU7wlmE4lX3BKok+PoE+GLpyOmv5AY2DxagAY/gCZ7/m+tJEtK75qjGKbcWHFalh9XJjosrBik1gmYrE2TtudmB0AZAiMgk6RXLwBWOQGj4KGAGcYCHB2oQqJkU8++eTy0yzRSeTpDJCAycMpo/qh6ZRdpne02mw2edgMks9YI8m45N4EqJ+YqmfUVNYp6tOnNU7kkF9++aXp1bH7e+lnQZXycDzUBnoLWXcWIyMjiVry6aefJur8p/PTRSXycNqfSgNS+fTeeecdKmO/eDv6hNiyQgEDoQG4JMfOwH3r7LnEVQ+rZ2HFcWGiq4bV8xi8V+SrfBLgKXk9AFw9F/a6m31zqUou3gAsAgE+VyDASYAAZxckLcn7J8lPLrk4MMmJPJcBU3dNgumoZlOLVoWKbEoeSwqJ38cff3ymSiX/kwFBCp1IBUlok/ejxjAd2i1INHQ5xR9Top84GXgqvbj08kQj58+8fZo489N7//33k/zNRZ1EWkA/OFkBALgQ/kA4fhIsRTjjEiszDSvmYaLLwop5FO+N5dviiea+ZXk9AGSEf/q3XzEHSDG3ShV+9tGf2eXnUG7qasAQ4AwDAc46kvQHxiCr/PLLLy/cG2xqXKks4RuDDEe+zIA6jppaKI8ZSKVnMnWSK9yZsm2xWGRpYtjMWCqmA5hT/JuC6WvfeeedRB2/ppj+OOi36MyR7ck/vVQUOlH70/tTBuC2Mbt28k3JDLdNHia6LKyYh4kuCys2iWK8ccmfeFExNbW4J68HgIzwH589YA6QYm7VKOicFuCRiQV5GTcLCHCGgQBnIy0tLaQQUiYSQzWkKBe4fdd04G6STk4VtV/X9GbdGmVx4/N2NZ9JEoU7034Fpvf6xjjTfgnyfNO/WZwpsWSJ6idJpHgHb4xE3chnjmy//KdHb236u3reSwAAGClpXeXC+TZMdNWw+rgw0WVhxSZhosuS/zbFjTP7x255PQBkhNbuMYyCPpN/fe837PJzKDd1ImgIcIaBAGcp5E53796VMpEUUi9ylXP1BpMzq8JGHigPn4Xp+GdTUVSHyIopptJIIoVLpfdSkOg+XoIOyaKzMB2HfKYEmvY/n3nbsymmpyK7Tt4Te/lPj6Bi+TIDlxyoD8Atp3lom5unFia6LKw4Lkx01bB6Hia6LAbvjaWkYSr1Wa8BSBcYBX0mF/6IsiHP8+vkZdwsIMAZBgKcvZC6mA5tNeUdfaai5LZjxHSNXDJbeTgpaqtIp03fmgxQVpyS9sGxpgp37949eTgFdnZ25MviOVeXuNrXTSSf64sw/RvHBbr0CfpUTXtik/9ML//pETMzM/KVBs6l0AAARnHLisE/meiyxMrMw0SXhRXzMNFVo3ivyN+LJmo65uTFAJBBLjwK+gYvscPIaQG+qYPVIcAZBgKc7YyMjPz4xz+WVnEW7777boq38pouCJzK3EUkWuqo3UTKZHoP8Jnjcs+FqnBndnuqqP3h5x2qvbKyIl9pIHkvqOmHc+ayT0kw7YlN3omdlk+PUD/Ai/VjAwAIjy/0unZREV0WRVbjw0SXhRWbhIkui2K8cbFMPLKND09tyesBIIOMTi5iFHRyLrxgcjYEPcCpBwKcBAhwbtDS0pKiBr/zzjtsyR9TTD02le5Z065Otj6QEdN1etLowKrCpT6WO4Z6G/B5RdTUZqlt8rAZpiPJUx90rWI6v3fyVXnT8ukR6k/5vN3IAIAYXn/YUr+sGG8siqwawkSXhRWbhIkuCxNdNaeVhXVTW3sOeT0AZBaMgk5OTt8DXFrTKS/jZgEBzjAQ4FwidQ1OZfiu6fjqM0ftqje7Ju8zTDSKm/ZfbKwvIy0Kpw5FvkBP7Hl7QU3nT07yp4RUUEdBJ/800iXA6q/lBT5AAAARCmt9UPPrjq8K0ua9FFbPE1Nc0zDLVcPqLRO2ximPNyCuCIAMc+FR0B/+9ovb0An8k1/8gV14DgWzQKceCHASIMC5R09Pj+kdvIwz+4HVG3SJ5B13JLqqYiW/29Nut6tdzQIyRlLEc633o5IWhUuLv9H7yhefklyATX+I51qMSkVtAyGPmQEBBiCriESjdlcgEIwcOwN/K5w+03spTHRZWDGPIq48THRZWPFpvsqfsDZMyksCIOOsru9iFHQSPvrdX9iF51BuqtRBgDMMBDhXIX1VrcMIaeeZXazqyFWS0iQTSpuOfz5zrmPTsb5G3nvvvVSGbZuSuwJs+uO7wP23Rs57TggwANlDKBx1+0IeX4g2JpaOvypQfNUQJrosrNgkirXGhYkuCytW8m3RREP3zeylAbnChUdB39RVdoxcuIc8G3JT/0IBAc4wEODcxmazmXb6CUgsZV0CTEfhJln59t69e7LoFFJoeSwpX375pTpCmEHGTu1Jot+m5K4Aq399oE9AHrso6g+ISNLHDgEGIHvw+sNHDn8oHKGN/IZlrqx6mOiysGKTKLIaFya6alh9fL7Kl3lkHR+exgxY4DrBKOgkvCioT7trZSY/uPtLCHDqgQAnAQKc8/h8PhJdqR0Kye/pNV0BKJG60BupEksGJQ+fRU9Pj+mEWAx6i08++SR1Dc5dAVZHhl9+kWTTO64hwADkBOFI1OUNOtzB1uGdr4viBj8z0VVjLDaJIqtxYZarhtXHJ+a9seTVTC2tH8qrAuA6uLBO3IZR0FfhWpnJBx9+BgFOPRDgJECAbwKkpqYryhLJJwEmTOXZdOy0xWKRhw2c6w5e0lqSW9PlahkkhylOB5W7AiyLDFxeGtVPg4AAA5ATRKJRcuD+6QN9+ivprkx0WWJl5lFklYeJLgsrjg+TXmNKGieP7B55VQBcExceBX1T5xk2kqNLAd/gHw0EOMNAgG8I5Jam/avf+973kt9Waqq1pssUqcNrLyY51FQ6v9r/qZLKusS5K8Bqd/p5Fx9WoXeU5zIAAQbgWvAFwkOzh1sHKakg2a/XH/b4Qt0Te+SuTHRZ4izXNIqvxoWJLgsrVsJ0l+VLy3hJ/TiZvLwwAK4JjIJOQo7eBnyDjQ4CnGEgwDcHm80m5SOekZERWWEG6bHaJauamOn45/v378vDF4Lc2/SeVSNnroubuwKs1tMPQh67KOqFEPKYGRBgAK6OqRX7g9K5xU2nfJ4A+qrtD4adnqDDHSABnl6x/7WAG68It1w1iqzGxWi5pmH18WGiy0LeK/K3/PHK1ml5bQBcHxgFnYSy2q6cGwX97z//zxv8c4EAZxgI8I3CtFu1paVFHk6A6Y2jbD0etaOYfPi8E1aZsrOz88knn6h2LaD9yVcGyl0BNu2xT95dfyam55THzIAAA3B1TC7bH5bNLW+55PME0De6SCTq9obsrgCZ8MjcoSrAXHRZFFmNi1FxTcPq48NEV01MfUW+KxlrHViW1wbAtXLhgb7P8+vkKW4oF14p6hrz2RevIMDnCgQ4CRDgG4XqIUSSWZ0FpgsCf/rpp/Kwjnqr8Jl3F58L0mBTDyeSTw2VuwJs+sM61z3VKucdVg0BBuDqmFqxPyqbW905Q4AFJMBOT3Bl2/Wscj493ksxWq4aVhwfZrlqmPfG8qxsfGpxV14VANcKKRNTghRzs0dBt3aP/bf/8b/YJWd/brbOQYAzDAT4RmE6ojiV2aTUnkOjCNntdtWsLrxybxJMl2UikvSL5q4Amwp/ilN/mUI/JnkWA8nbAAEG4OpoHtr+a+HUwoZDPjcjHI4GQxFt/mdP0OsP9U3tn+29FMVX42K0XDWsWAkTXRamu2oKaye39k7k5QFwrWAUNIM+kP/47ME//PPP2PVmf27w/M8CCHCGgQDfKExHwPb09MjDiTE1z9jY6WfPnsldp7zzzjuXHKybiE8//VS+h4EktzHnrgCrnyqRyrxfiTCdzyx5/z8EGIArgr6rlbavkay+rFk4OEn2X0u3N3TsDDjcQfp2NzJ/FCe6LIqsxsVouaZh9fFhosvCLDdJShsnnW6/vDYArhuMgo5BivXz//f/Y5eZE/n+jz4YmViQl3FDgQBnGAjwzcG0A5BIZVSt6YLAMRlTxz9fxtOSYzoeO8lsW7krwGT1ss7A986atTsJpv3/yX/6EGAAroj5dcfXRdNCXDf3E04E7fIE7S7Nfv3BcDgS7RrXpoDmUWQ1LkbFNQ2rjw8TXTXMb5Pnq/xxa8O4vDYAsoC/PrJezCtuWJdjjg57Fvn9n7672d2/BAQ4w0CAbw41NTVSPgzcuXNHHj4L1XJFNy+5sTr++cyJtS6DOis1eZo8ppC7AkyYTlp25j3bppj+mJLfPk1AgAG4IiaX7eSu4lbelW2T24DD4ajHFyLvFeobCkci0XgBVmSVx2i5alhxfJjlqmFmm2L+XjRW0zkrrxCALODCXvH9H31wfHLGFO45AX0COTrsWYR+ELdB5CDAGQYCnBWQZ5JSXnJQsSohROpdtaYDaG022/379+WTUy7mSKmjCnCSxZByWoA/+eQTWWrgTGs1xbT790yXhgADcBWQzVZ3bwj7NQowiW4wFHG4tdt9nZ6g3Rlwaasfad2/ontjZO7wsl2+rFgJE10WJrTnzcOSsYHJDf1aAcgWbvMoaNKqHB32HMtt6P4lIMAZBgKcFQjJJPEjIbmYBqsmI0i9q5beVzVP0irVbdgE0ellZmZGvo2BJBNu5bQAr6ysyNJ4ztsJbNr5LzrwZUUCIMAAXAXLW86/F03HBFhMBE3f4Q5OfPt2ny8Q3jrweHyhE1dg79hLAqz3AGvf8IZmD5mvvo3Rck3D6uPDRJeFeeyF86ZqYn51X/8MAMgWXhTU385R0Dk97FnkX37665vRD38mEOAMAwHOCsiUpDfog5bJh8+lwaadt8R5JUSdl1gdVUskX5g3Bl0CNYAu7VxL+5ia/M5Own/DOS3AhDrynKCPPfXpoKnS9Mf0+eefy4rEQIABuApG54++LpyKCfDs2smRw0+uu7bjIgEm9d3c99Aekl6HO0Aa7PaFAqEIvdBEgI2KaxpWHx8mumqYwV4yJfVTR/aENzwDcC1cRi1y1L7oknN62LPI93/0wfD4vLykmw4EOMNAgLMCowAL3nnnHdLRM1WzpaXl3Xffla+Jh6QoyeTJpphOQMVIfYCu8WyffPJJEomNYWryyVUq1wWYfsSm+kp8+umnZ/4dhCzX9OUpth8CDMBVQKJ7v2RG3Mpb2LRMurtz6N068GwfenaOvKS+tL2y7QxHoqS+dleA4guE6YXTK/a3+mq0XDWxMrMwy1XDxDVdsTZMBEPahQCQVfzkF39gbpBivnpYIk+RO5BK5fqwZxFbdYe8pFsABDjDQICzArXrNQb57XvvvUeicv/+fdJdAWkPKWUi9RVcbKCy6UJKRpLcjsugdsrXnHLv3r1EHZvkgepfAQR0HllkRq4LMEEfqXyBAp2Tfo5qFzp9XHThiX5YpMQp9rpDgAG4CshvvymWU0C3DMuvIA53YPfIS8Z7eOJ3eYIbe+6IPveV2xvy+EI+vzYbltYDbLRcNYrrsjDRZWG+mt58lT9qbRgTFwtAVnF7RkG3do/9n//Xz9lV5GI+++LVbbj1NwYEOMNAgLMCdaKpS5KieqmYLghsJJWOXIEqwDHIskiQSPupnbRx9+5deUDhzHG8N0CACdOB0AzSWmqVep82gwpSHz4NAQbgKtg+9MYEuHlwW+y0OwMr267Z1ZOVbefesXdx00H2S95LX/J8gTDpMT0d1ibBUqRXRHFdY5josjBTTXfGRP5eOFrdNi0uFoCs4jJ2kSsWQdd4A4Y9i3z42y9ulf0SEOAMAwHOCnw+n6pPF+bC9kuQ38qzmEGeJutSIPmpUuH999+X50rMzRBggorlyy4B2e+5xr1DgAG4CtZ2XN+UxAR4S+z0B8Kb++6FDcfSpnN1x+X1ax2/FLdXmw2LNuj73uDMQRq9l6LIanoj1VfkfvFo68CiuFgAso2fffRnpgcpJidGQZM+3Yxhz5Tf/+m7WzLxlREIcIaBAGcLdrv98gpE/nOxVWSNJOmNTDIbsymXuaK7d+/SZyJPlJgbI8CEei3ngtqc4vxkMSDAAFwF3RN7unxqiQkwoY951pb/pZAPk/c6PUF6pPgCWlfw2yHQ8aLLYlRc0yimmt7EeW8sj6yjIzOb8lIByDIuPAr6X3766yzvjbwxw56//6MPvnpYctv6fgUQ4AwDAc4uxK2wiWZFSgK9hF6Y+vjkJCSaU5re4lxzUwtIyFUzTM67775rs9nk68/iJgkwQb8A77//vnx9ytBbp/6JGYEAA5B2jp3+x2WzMVk1CjB9ryMHFtvBUETYr8OtTYLl1cdCa0OgDaKrhokui2Kq6Q03XpZXlVgDCWQvlxGMrBUJuqgbM+yZ7PdWzXrFgABnGAhwNkIeS95I+nTnzh3pEwkQ94Xev38/lc7S1Ll37558AwMX0LkYpGd0zjMv51zqK2hpaTGaJ30gF5j9i5zf2LZ33nkn9bm+YpBMGv9yQSc8b4d5jJGRkU8++eTMCcnoLeiHcjH1FaTl0yPoSo03J1/sAwTgZrCw7jAqa+PAVvhUeo2Q7pL0kv1SfIEwyTCVjSQQYCa6LIqppjdcdFm+soyLFNdN7B445OUBkH189Lu/MENIMdk5Cnp1ffeKhj2LnlhK2pUsUf7lp79eXpXTJdxOIMAZBgKc7ZALkaWQD5NfGSHpPe8qR6ljOi9x6lMrJWFmZobOI69BR8xufa61gm8P9LHQhyM/KQO0s6enRxYBALKJhQ2DAOdPtA5vx3p9VRzuoEdfBNjtC5EAj84fvX1ttg51Fol5byy2hgmn+9yjhADIGBceBf2Du7/MtnG5VzfsmVw0tvruyMTCBx9+xgquIjk323bagQBnGAgwMEHte7xz5448BgAAIDHz6ydCfUU6xnblAQX6vkcCfOIKuLzBQDBCBtw1vptz3huLrWEsHInIawMg+7gZo6DFsOcr6ptVJ6AiL/3qYckP7v6SVaY33//RBxBgCHAmgQADTovZ8kUXGxkLAAC3jbVd133rdEyAW4eTjesLR6IUnf/aPvQ8LJ1hrmuMYqrpDXddFqa7PPmjZY1YBBhkO7k+CvpKhz0/s9QmslDaX1rT+e8//0/2qjTmeX6dfLNbCQQ4w0CAAcf0BuCrG24NAAA3iUgk2jayExPgJD3AjIMT3/2SaSa9FMVU0xsuuixcdOMTK/t74WhtBxYBBtnOhUdBZ0MXZWaGPSeBPoGRiYUPf/sFfRrsDJfPLVz71wgEOMNAgEEcOzs7xpmcBD/84Q/lYQAAAGfRNLAlBVifBEvuPYsjh/+BLU6AFVlNb95arhomuiysmPJd8Wjn4JK8EgCylRwdBZ3hYc/JIU0l6NP46mHJBx9+lq7R0bd8FDQEOMNAgEEcptNfff755/IwAACAs6jr3RCzWFGaB1Od2nRz3/1N8VQ2ey+F1cfyyDo6Ppeq6gNwjeTcKOjRycWfffRn1pi0JPmw51TQXViDFJp0q7Smk/JP//Yr9kYpZmRiQZ739gEBzjAQYBCH6dI7aVleGAAAbgmj84d/K5gUAtw7uSf3nsXChuNvBVdnv1xZWZjosrBilq8sY68rx5bWD+SVAJDFlNV2Xcw0rqWL8kqHPV/RykOfffGKvVeK+f2fvsv8J5wlQIAzDAQYvMV0+qsf//jH8jAAAIAUGJk7/OupANO23HsWM6v2rwvTLsBcVlmY6LKwYhby3liwCDDIFcg0/uGff8ZUIcVk0iiyatjzubiwy93mUdAQ4AwDAQZvMZ3+6tmzZ/IwAACAswiGIhUda6S+X+VP2NpWfIGwPHAW6RZg7qvGMNFlYcVqjOorYmsYwyLAIFe48CjojHVRZvOw51S48CjoW+tsEOAMAwEGEtPpr2iPz4fvNAAAkCqr2y5xKy+lb2pf7k2BNAkwl1VjmOiqYfUsTHqNsTWMYhFgkCtk+SjoXBz2zPiPzx6wt04xWbLcVOaBAGcYCDCQmE5/de/ePXkYAABACsyvO4T9UlK/ATgUjsysXEaAuayyMNFlYcUszHVNoi0CPCqvBIBcIDtHQefusGfG6vpuNv+JIQuBAGcYCDCQmE5/VVNTIw8DAABIgYWNtwKc37BIZisPJMUfDG/uu+9bpxSzTR4uqyxMdFlYsRouuvGJlX1dMFbdNimvBIBc4MJdlFe3XO3o5OL//f98yt4uLcnMsGcGRkGfCwhwhoEAA42ZmRmpvAbu3LkjDwMAAEiNpU2nsF8S1K/yx6dX7PLAWRw5/OcR4Lf+qYaJLgsrVsNEl4UVU74tHG3omJGXAUAukG2joK9u2PO///w/MzPsmYFR0OcCApxhIMBAw+fz3b17V4qvznvvvdfS0iIPAwAASI2NPbfRVDtGU/0KsrrjSmEZJC6fxjDRVcPqWZjosrBiY74rGu0aXJKXAUCOcOEuypaudA74vzHDnhkX/hMDGfstHAUNAc4wEGAAAAAgbSxsOIzK2jSwKQ8YMP12t76bRIC5c7Iw0WVhxSxMdNWwep680YclIwPjq/IyAMgRLtxF+a/v/eazL15RXhTUk+a1do/JM56fGzbsmZETy01lCRDgDAMBBgAAANLG4iYT4C15wIDPH/YH+fJIw7MHf9UHThui2GZ8mOiysGI1THRZWDFP3mgsT6zD0wsmlwlANkPieknloJfH8rOP/kxGfS4ZvnnDnhkXXm7qFo6ChgBnGAgwAAAAkDZYD3DPxK48YCAUjrDJseyuwHfWacMLFeE0hIkuCytWw0SXhRXzGLw3ltcVo0tr51jwCYAs4cKjoBNFyDCZ8OjkonwPM27qsGfGhUdBf/DhZ7dtFDQEOMNAgAEAAID0EAxFqrrWDB47PjBtYob+QDgS//XO6Qm+qJrjthkfJrpqWD0LE10WVmwSxXtjsVSNrW4eyisBIHe48CjoM0My86/v/eZFQb18JwPkxv/9f/5vVp+WfP9HH9iqO7JHHS8sdXQhWeLwGQMCnGEgwAAAAEB68PhCzypmjQLcP2UiwKFwhAxYPtGhr6w13WTOinbqYaLLwopZmOiqYfU8iu4a85VFS0nd2P7R7fq2Cm4G5KJptw5jhAaPTCzI99M7RW/2sGfGhUdBP8+vk6e4HUCAMwwEGAAAAEgPJMAvq+eNAtw3tSePGfAFwg53IBSOc+CdQ8+3xZNG+WSiy2KsNA0TXRZWzKO4LotQXxFb/Zjd4ZGXAUDuQNZx4YmaUg+JDXkgyfZtGPbMeFFQf7FLvrr1lrMTCHCGgQADAAAA6eHI4X9Y+vZW3r8VTMysmqwDHI5EA8FwMBSJRKK0TY+0kyr/VqBpLRNdljhNNQsTXRZWbBLFdY0xem8s1rphj9cvLg2AXIGM9L/9j//FnOHqckXqm23DnhmXGQUNAb5kIMBJgAADAAAA6eHA7hNzWT2vnPsqf/zrwonxxSN57BT6Vuf0BAMhbRIsf1DrCiYZDoUjlroF5ros3FTjw0SXhRWbRHFdY5jxsljrhsKRuDm9AMhyrm4G5kwmO4c9M37yiz+wZqeY0ppOeYpbAAQ4w0CAAQAAgPSwc+i5XzJFAvx14aToBG7sf7sOsBjz7A+E7U6/WAaJNNjtDUai0dVtJ9PdWLipxoeJrhpWz6O4rjFMdNWIMmvtoH59AOQGf31kzcDI56tO1g57ZmAUdCpAgDMMBBgAAABIDw53QJ/MWVNfYZjd42+XQSLdFZ29Lm+QvJf2hCNRX0Db0zK0dS7vpTDRZWHFPPGiq4aJLoux8uv8kfLGUXGBAGQ5pBn/7++/TLtpZDhZPuyZgVHQqQABzjAQYAAAACBtzK+ffGediqmmcRmkSDQa1Ec+h8NRsQwSCTCFtPmhbToT3ksxuKsaJrosrFjk7wUjte2T+vUBkO1c3bpHGUtODHtmXHi95dujcBDgDAMBBgAAANLJwvrJ47JpIZytw1tyr75KsNgQvRqkvto8WNGoPxhuH97+unDiraYqYaLLwopNooirMUx0WVgxy7eFIw0dU/plAZDV/PWRNdf7fj/74lUuLpBLzWYXkmJ+/6fvbkknMAQ4w0CAAQAAgDTTNbYjzLNp4O09wPRNzh8I6wOhNRP2+cPkwDraysB5dQtvffU0THTVsHoexVeNYaKrhtWziJpHJcM9w0viAgHIWlq7x3L6vt/cGvbMwCjoM4EAZxgIMAAAAJBm+ib3xJDm5oG3PcD0Tc7jC1G8/lAwpN0J7NdvCSYNnlo+Zj3ATHRZjJUmUWSVJaa4pmHFLKz4iXV4eHJNXiEAWcnq+m5Oz/mci8OeGRgFnRwIcIaBAAMAAADpZO/Ym1+/KAS4ZeitAEeiUdJdsl+3N+jza13BYr/DHYjdNsxEl+Wt4iaK4qvGMHdlYcVqWL3IM9vQ9MLbXm4AspD//j//N3ODXMn3f/TBVw9LcnHYM+PCd1/T5ctT3GggwBkGAgwAAACkk+7xXWG/lK6xt19BhADLJwZIgJ+UTTPXNYZbrhpFVo1hysrCitWwepantkEIMMhmLrwMz7VHDHuWl5HjjE4uYhR0EiDAGQYCDAAAAKSTjtGdmAA3D0o5pO9wib7FkQA/sE4x6RXhosuiyKoxzFTVsHoWVszyZd6IyIuyoel5CDDIUsgrLjz49npzA4Y9MzAKOgkQ4AwDAQYAAADSycTi0V8L5IJGfVN7YmcorK14JLYZPn+4vH0lXd5LYbLKwopZWLGamPqKWKqGVzcO5JUAkGVceP7ha8yNGfbMwCjoJECAMwwEGAAAAEgn24eeb4onhaz2nwqwETJej0+bB0s+p28/rsCzipm3ipsoiq8aw0yVhRWrYfUszHtjgQCDrIWkIudmfr5Jw54ZZbVdF3O8Dz787MaPgoYAZxgIMAAAAJBOljYd354KcKwHOIY/GCYBFvcDG7/VxVZOMokiq8YwU1XD6llYMQvTXTWWqhEIMMhOcq779+YNe2Zc+O8RN97lIMAZBgIMAAAApJO1XZcQ4Pslk8tbDrlXxx8Iu71B+SQeEuOanvVc8d5YJQQYZC05d/fv8Pi8bPoN5aPf/YVdcop5nl8nT3FDgQBnGAgwAAAAkE7GF4/ErbwPrFPz6yfGsXvhcDSSeCzf2MLhmd5LicmnaVgxCytWw0SXhRVTdAHelxcAQNZw4WmHrzE3XvMwCjoREOAMAwEGAAAA0snajutF1SwJ8F/zx9uG364DfCYD03vMV41h5snCitWwehYmuiys2JiS2uH9o7hebgCygVyc/gqalyg3fjEkCHCGgQADAAAAaUZfCljrBK7vXY+cTv5M39+M3+HY17m9I+/zihlmrRQmnGpYPQsrZmGiq4bVs1ABBBhkJ7m4+tFtWPMWo6BNgQBnGAgwAAAAkE7oK2zb8BbZ75eWsa8Lx9d2XbQzHIkGguFQOEIblGBI2xD1tJ8elzYdqYsrxVishhWzGBXXNKyexVgJAQZZSC6OfxZp6RqV13BDeVFQf7EfzYe//eIG/3UAApxhIMAAAABAmtncdz89XdZoeUtbz9MfDIuuYLc36PGFKHqHsD4tli9E+1e3nX/L124AZrbJYrRcNaxYjdFd1bBiFlYsAgEGWchfH1lzVIA/++IVxvqa5mZ3j0OAMwwEGAAAAEgzkWi0qGnpVIA1PyT79QXC4UiUjNfl0Rw4GIrQntg3usWNk68LxphzxsJEVw2rZ2HWysKK1bB6YyDAIAu58Djba89tWPP2J7/4A7vqFFNa0ylPceOAAGcYCDAAAACQfiaXjr7KH/+maGJr301Pvf6Q0xMMhbXlf0l96ZEiBj8L1nacpgLMRJeFFbMwWVXD6llYsZJhirV2wOP1y2sAIDv42Ud/ZjKQK/nB3V/eeAHGKGgVCHCGgQADAAAA6efY6f/KMlbYsEC6S0/d3qA/EKbE5sQS0Nc50mB67J/a+2v+WwFmossSKzONYqo8rJ6FFZtFU18IMMha/vW93zAZyJXchnmwMApaBQKcYSDAAAAAQPoJBCM13WsVHSsub5AcWCz/q357ox0kwIcnvmcV07p8JotRU02jmGpcWDELKzbLW++NBQIMspBcnAI6luMTbdaAm82Ff0A3VeogwBkGAgwAAABcCbtHnpG5gwO7LxTWOoFNETNCr247meuyMFllUUw1LqxYDatXwqXXGAgwyELS7hKZzG3wlguv0nxTJwmDAGcYCDAAAABwJZy4AjuHHo8vJO74lXtJevU7geUTnfVdFzNeEWaqLIqp8rB6FlashLsuy1d0/rwRCDDINlbXd3NagG/8SkgERkEzIMAZBgIMAAAApJ9AKEIC7PQE5XMDZL9kxfKJzvz6SereS1FkNS6smIUVm4W7rjHCe2Ox1fZDgEFWcRUukcncBgEmMAraCAQ4w0CAAQAAgPQT1AXY7vKLSbCS4/IGmwY2SpoX82rnnlfOvKiaeVk1y8SVophqXFgxCys2C3ddY5j3xoIeYJCF5LQAj0wsyMu40fzHZw/YhaeYrx6WyFPcICDAGQYCDAAAAFwJpL4ujzb5czh+5mdTolHtfmCfP0QvcXu1jM4ffFs0fqa7Gi3XNKxeCXddY5juqrHWoAcYZB3/8M8/YzKQQ7kl3jI6uXgx5buRK0VBgDMMBDir2dnZefbs2ccff/zjH//4zp07/8cp77777nvvvff555/39PTI0hTw+Xw2m+2Pp1gsFrvdLo+dB3oVtUqe5Y9/rKmpkQfOwvjuLS0tcm88dMl0XXS9dI10pXTVtH3v3j3aSYdk0VlQ5aeffkov/OEPf0gneeedd2ibPrH79++nfhKVXG+/Cv3+iNYSosGCf/zHf6Q9v/rVr+gdR0ZGZPX5OfMTo5PThxN7a3pfcZnG38yVlRVqpDzLeX7fEkEn/PLLL+Xp/vjHmZkZeQCA9JFk1qtzUdmxovjq2zDRZWHFSrjrsjDRZYmVQYBBFpK7yyBRbsMs0AKMgo4BAc4wEOAshb6jk35873vfE2KQBHIG0oNUVJZOKF9zCrmHPHYe7t69K19/CtmaPJYYshpZfQqzd/IQao88lgC6BPpk5AvMSPEkFzD/XG+/EfLS999/P5XfLgH9xOkl8sUpk/wTo0tIcqWkxLEytZ2ffPKJOHoB6PNXT3gZyQfAlFSGPadCz/jOVxajtWphosvCis3y1nLVMNFlYcUUCDDIQn7yiz8wGciV3IZ1gGNgFHQMCHCGgQBnI2QOqcuJ4M6dO2d2ZP34xz+W1afQHnnsPJByy9efQkomjyXmj3/8o6w+xdgl+OzZsxQvmcoS9QF+/vnnKZ7knXfeOW9HYq63n/D5fF9++aX640sRcuZziXeST4ws1NjhbIqopDarnwntufCfAD799FN5FgMQYJB2QmGx7u9l2dhzfV0wJsSViS6LwW8ThburMUx01bD6WCDAIAv56Hd/YTKQK/n3n//n7RHgstqui1nfBx9+dsM+JQhwhoEAZx2qNqTImd1i2SnAZDhkVnJXypBwitMKdnZ21KtLDkmU6aDcROR6+8nxxIDqy0BnSH0MdqJPjOw3FQkXJyFMP172AaaO+tZ37tyRxwBIH6S/iUZBkxqnPkB6a9/9jX4bcJIoosvCldUYZrlqWD3LVxBgkJW8KKhPu05kJr//03e3R4CJC9+tfcMGikOAMwwEOLsgQ5Dfys/PmTabhQJM9vjee+/J5+ck1muXolCpvPPOO5fUuVxpP7Xz8vYrSP13xvQTs9vtKV6sPIs+YFvuMnCxX92enh75egOpDOAH4Lrw+UMvKmeY8YooosvCZZWFiS4LK2Yh740FAgyykKvQicyktKZTXsPt4MJ99c/z6+QpbgQQ4AwDAc4iSGaMM13FePfddy0Wi5AHKpuZmaHtZ8+eMfXKOQGuqakxtUcx59PHH3+cfJTs3bt36bSJ7JE+STo5NSy5+FGrRPPOJKfbT+8iXxDP9773PWrqJ598Quehy6HfKzFt1b1795Jo6v379+V5k6J+YnR+009MhRomz6Lbu+m/i9T/eBED459BzhGORBv718/jvRTuq8Yw0WVhxWqM6itirRk4srtkcwHIGi48wdL15rZJC0ZBCyDAGQYCnEWYzgmUfPIhEhuyF1F5poVmmwCrVkNnJtWXL9Ah+Ulye63pHa2knez+WLvdTpXycDzUBnoLWZeUnG6/KsCk3+SxSe6kpdOa6iJBLZRFSVE/MXUwM30y9C4kxvR24s869LsktFyeRSf2S27k888/l4dTxvTTlscASB/0rezMO4DpOMltojJ/IBzRV06i40Mz+6mpL5dVY5joqmH1LEx6jSmpGdw/dIhmA5A9XHiCpWvMrboBWHBh8bths4VBgDMMBDiLUIWKFEIeSwrpzccff3xmR1a2CTCDTpLI5UgIEzkkI8lwVpIrWRTPhfszGdncfhJdWa3/0Ek15YGzMB0zTKRyhjM/MZLPM2duE9DvtnyNgfO6K7VZvtLABSwagDMhfXV6gvJJAshvqSYQDMvnBrz+0LHDT4/i6cTioeK6xnBZNYZZrhpWz8JcVw3VQIBBdnLhrsVrzGdfvLptAkxgFDQBAc4wEOBswagoMVLp3EudbBbgM1XfYrHI0sSQIsrqBJDtyFIDF+7PNJIT7b93717q6hvj448/lu9k4Msvv5SHE5P8E6PfoiT9zyp0mfKVBlL0Z4HphVxgHDUAyaGvry5v0OEOsC+yEXoevyfRN13y51gPMNE5uq1ILyXOVNUw0WVhxSzMctUYiyHAIDu5CqO46txOY7nwjGUf/vaLRP8VzTkgwBkGApwt1NTUyK/kp5y3g+tMslaAz7RHgfq+Rs60R4KMy7QndiXp2ryCXG//hSFFVN/0/fffl4cTk+QTo4/ivG02HQSepMNcRR1hcbHffwDOhPSVBNhnkFgiRM8MT1Onb3I3dfVlosvCitUw0WVhxSIQYJC1fPbFK6YE2Zybt7RPimAUNAEBzjAQ4Gzh/v378lv5KWKSpDSSnQJ85upNMRLdB0uk0iEpoKbK1xjo6emRhxOT6+2/DGrv6w9/+EN5LDGJPjHS6QvMO2Xq4fSrKA+fhen451T+6ADABaCvZKS7Tk+QTFjsiUSjHl8otvqRWCQpxa9uw7P7l/ReCqtnYaLLwopZCqsGtnaPZFsByCZyqxO4pWtUtvv28ZNf/IF9GinmxnxoEOAMAwHOFtSbLd95550bPwT63r178nAKkALJl8Vzrm5AtaedSD7TmCDX238Z1MmrUjHPRAJM+2XFOTFdEDjFQd3q+GfS6fT++wLACMktGa58oj8lGXZ7tRuDab/LGzx2+k1vABaQHouQJTcPbjDnjIVZrhpWz8JEVw2rZxE1lsrB1Y092W4Asoxc6QS+td2/AoyChgBnGAhwtmB6D3B6Z+jJNgFOfQbmGGof4HkHiqvzIROpzCOV6+2/DOokzHQh8lhiTAX4MuMaTBcEJrOVhxNDPyZ1/PO5/ngBQFogm6XHQEjTWuG3Yr8KVdBR8b1uZG7/m6JRRT656xrDillifpsorJ6FFeeVDy7haxbIVsgrcmI9pNvc/UtcWP9uzChoCHCGgQBnEaYrvqbRgbNNgFMfvxpDfevzXoLpHxpS6ZPM9fZfBlOVlccSo76KtPlc01YxTD02lYESpt3mtFMeBiDjGL+w0Tbprj4gOu5rnM8vh0zTY3HT/Kl8ctc1JuaoicLclYUVs7DiWJ5Z+6fn10WbAchCLty7mLH8/k/f3ebuX8GF/05xMzQPApxhIMBZhOkstQTtT8tctTdAgO/evStffMoFLkHthr0N7b8M6RLgC3xiDNN/I2eOAKfPR5aecoHeewDSSDAUodAGqa/bG3R5g8Y7hAk66vIE3b6g2FnRvsxcl4XJKgtTVhZWrIbVszyz9kGAQZbzr+/9hrlB9uQHd395fOKUDb3FXHjd5puxdhQEOMNAgLMIu92udnAJyHnoS/wlJ/u9AQKclku4ne2/DNkjwKbrEicfzEyi+84778jSU1KfugyAtCNGNvsDYbJc8lt/MBwIhsORqN4HrB2i/V5/iJRY7KQ9MytHf7OMMumlMFNlYaaqhtWzsGIlQyKPivt7hua0CwMgWyET+Id//hnTgyyJrbpDtvJ2c8tHQUOAMwwEOLswnavWyHvvvWexWGT1OUmLfRG3UyBvqgDb7Xb6rXv27BldIEG/YNQkhvqOhHx9YtLyiamodwp873vfo6uQhxVMxz9f9bzZACSBjJfUluLzh8h1heKSA9M2PYpDJMCBYIS0mLbp6IHd+23ReHZ4L0WqLwQY5BAtXaNZOBAag5+N3OZR0BDgDAMBzjq+/PJLdYwr486dO59//nmSL/2mkMnI159Ce+Sx83A7BTLX288YGRmhK1LXN0odeaLEXJEA02++PJ2BJAsa3bt3TxadksoaTgBcHWS2voDW5UsbFBJgocHkutpGRHtK8Qe0nmFx6MDu+6ZwjJmqGsVU48KKWVixWeK8N5bvCvubOibktQGQxXz1sCSrHPjD335B/+Bl48AlRkHTT1aeImeBAGcYCHA20tPTYzohFoM8+ZNPPkldg9NiX8TtFMgbI8AtLS1qMy6APF1irkiATVeTSvQx+nw+9c9J1DB5GICMI3p3RTdvLOS6pLmyQq8RAkySTI9RfVXh4qYFpqyxKKYaF1ashtUr4cZrzJdvBr8t6G9oG5NNByC7+dlHf2aScF35l5/++sjukM0COqOTixeTwB/c/WWud6RDgDMMBDhLIa0luVXvXVS5c+dOivPZpsW+iNspkDdAgMkGqVK+5tLIkybmigSYeO+99+QZDZhOFGexWORhA5e8lx6AyyC6f/3BsJj4irw3EAzTBj1SqICkl+Lzh0h9Y3cC0351NWDFVHlYPQsrVsJdl4XUV+Tv+QOVDQP6xQGQ7ZAm/eQXf2CekPnAfhNxa0dBQ4AzDAQ4qyEN/vzzzxPNjGUkldVQ02JfxO0UyFxvP/0uqXNQJ4JaZUR9R0KeNzFXJ8CmWmu6YJg6/pkuRx4DIOOQyp64/EJ9hdxSSHTFo+gNppAk06OQZNqvjYGORvPr51IT1zjLVcOKzcJd15iY98bytWWgvL5fXiEAWQ/9a7rwUNu05N9//p+w30Tc2lHQEOAMAwHODegbv/pVnvHll1/K6gTQV39ZesrFZOB2CmSut1996xj0q2Wz2VpaWhKttqVeOyGPJebqBNh0Yud3331XHj7FdPzz/fv35WEAMo7bG7Q7/RSPT1v66MQVEIpLrqvPeqW5rhj2LPqBaYO+rJMM02vre9cUU40LE10WVmwW7rrGMOk15m95A7ZqzCoHcgn6Z/U8vy7tvpFKfv+n77DoURLKarsu9nP54MPP6Mcqz5KDQIAzDAQ4lyA/+eSTTxJNkUX7Z2ZmZKkZabEv4nYKZE6339Rg6Rfm888/T2WJ6WwTYMJ0QWD2+692FNMln3fqOADSCHmtzx8iAT5x+R2ugO+075dC+0mASXr1HmCtN5iOiq7gYEibKHpzz/XYNqFYKxddNaxeCXddY5jrqhFlJZWd8goByB1GJhYyuTbS93/0wTNLbU5LWgYgD7zwDyWn/7IAAc4wEODcg4zF9Ns/cffuXVlkBmmSrDtF7TRLhVsokETutt+0v5RUsKWlRVacRRYKsOmCwJ9++qk8rKPeKvz+++/LYwBcH8KBnR6t79cteoD1CNelR92BtW1RT1YciUTXd50PSsaN7spEl8VYaZY40VXDRJeFFVtrej1ev2gtADkEKdNHv/sL04aryL///D+XV7flu4KkXPgn8jy/Tp4iB4EAZxgIcK5iuhgMQbYjKxRUAb6YkNw2gRTkbvtTv2M2EVkowIQ6U7rx/Ha7XR0rQR+FPAxAUrQu16uEnDYQDDs9AYrLG/TqU175tXmwIrSHrDisa7Cs1plYOPg6f4TclYkuS7zlmibOXVmY6LKw4lhsNX12h1s2FICcIhqNjkwsfPjbL5g8pCukvi1do+j4TZ3bOQoaApxhIMA5zKeffiq/1xsYGRmRhxVUASZDkMfOw20TSEHutl/9uRPnmgk5OwXY9G9AsW7tZ8+eyV2nvPPOO0n+PASAESafVwQ5sMsTdPv0eIMkwOIm4ROXn5RYFp2ysu34tjjhUsCK5arh1moME101rJ6lpLpv//BENhSAHITEiTT1wlMQm4bUt7SmE+p7Xi6sgt//0QcQYGMgwEmAAOcwpqNAk8zxk8ptk2dC4qSOp4UAp8i1tF8dCUw/QXksNbJTgHfMFgSOTYeuXnUqM6UDIIgNP75qyHjFLb5hfapneojoA57JwMmH6VF0DlPl4Mwek14RRXRZuKwawyxXDavnoQI9lor+1Y09cUUA5C70b5CU9fd/+o5UirlE6qHXkvp+9bAEk11dmFs4ChoCnGEgwLmN6qJkHfKYArmxLDJw5tzRRkg5VPsiIMApci3tV4cKn/dNs1OACVO39/l89Iuqjn9O/Z5nAE5c2jhk+eQqEborn8RDSkyhZrj0lrQOxa0DrIguiyKr8WGiy8KKeU69N5ZXpX0Ly1ui2QDkOtrfonQT/uyLV//y018zqUgUqiRzHplYIO+ll8tzgQvxoqD+Yjb44W+/yNEPHwKcYSDAuY0qwEmE1rTHOPV5sOx2OxXLl8UDAU6RLBFg2iOPpcb7778vX2lAHktMBgTY9PZmm82m/q0n7W8NbjahcMTj03tmrxufPlEWmXBN92oK3ktRfNUQJrosrNgk8d4by5Oinum5NdliAG4KughrkNaSDz/PryMlJsX64MPPyHUpXz0sof0tXaNUICrlK8HluIWjoCHAGQYCnMPMzMzIb/cGkkzzQwYri+KpqamRFYlJYr8EBDhFrqX96psSqd8NSyeXr4lHHk5MBgTYdILre/fuqZfMJogG4EyCIW3JIvnk+ohEoqIZDWesA6zIqiFMdNWwep543WX5a97go+LenqFZ0WAAbjDCcmPIveAK+Nf3fsN0LsW0dI3KU+QUEOAMAwHOCuh7PH1lJ9O4/NREyZd1NXUhMtvki6OOjIyo0mUEApwi19J+U4NNcei76WsFsiIxGRBgQr2zXR38TJz3XncAwqfmeb2IZgSCkerOFUV6KYqsGsIsVw2r54kXXTWkviIPCvtaeyZkiwEA4NL89ZH1Vo2ChgBnGAhwVmAcnPzJJ58kl1iB6eDPM23K9DZggswkkXuTKamdbAwIcIpcS/trampknQGyxOROSEfv3r0rq82QdYnJjACbDuxnJF8fG4BsRtwGHA5HBqd3/2rRlkE603spTHRZWDFPvOWqiXlvLN8WDDS0JVyAAAAAzsttGwUNAc4wEOCsoKWlRX5VP+XevXuJRiaTmSTqlztzmh+73X7nzh1ZHQ9ZLrm3zWYT+j0yMkKOrd4+SqgzD0GAU+Ra2u/z+dSXEPQT//zzz9Wx0PQL8Omnn5r2oxqR1YnJjAATpr+lRs410xsA2UYoHCEB9gfCr6tnuKzGh4kuCys2SbzosjDpNeab/P7y+j7ZXAAASAcXXpUqF8UPApxhIMBZgSrAMcgZyJE+/vhjkhzaSNIpRzIjT5cUdX3Uc0HvorYWApwi19X+M3/ByHjpAj/55BO1hQL1TeWpE5MxATZdENhIKkMqAMhawpFoMBQJBMMF9bNcWfUw0VXD6nniRZeFua6ar/TYarplcwEAIB38x2cPmNGlmM++eJVzncAQ4AwDAc4K6Au6/Kp+Ud5//315rhRQu3BThOSZXg4BFuR6+1Pke9/7Xk1NDb2FfH6KPG9iMibAyf/50G+7rAMgByH1Ffa7tuN8Vj5pFFdmuWqMxSaJF101THRZhPfGYqvuDgav/5ZpAMCN4VaNgoYAZxgIcLagCkbq3L17N/ksVgyfz3deB75z505sSDYEWJBb7SeS39NrCv3cR0a0W/uyWYCJJL/PSeZFByDLoe9wLm/Q7Q16fMGG3tW/5cu7f5nosrxVXNPEW64aJroszHtjsdb20hc42W4AAEgHt2cUNAQ4w0CAs4hnz56pbpOcd99912azydefB3LgVO7zFJD8GAUbAizIrfYL6Hcs0U3gDPrdoN+Q2B3CWS7ApnPCEXQV6k3OAOQKmgB7goFgOBKJ1navMNFl4aKrJl50WZjosjDdVVNU1be1cyjbDQAA6eDCo6C/elgiT5EjQIAzDAQ46yChvXfv3pmWcmH1NSLm00o0yTPt//jjj9W5gnd2doxrAlNTU+lkI202mpvwK3ksZeiNjJ8MtfAC8xuRmBnN/5a0PwYJ4eeff57oh07QZX7yySdsVnD6ZTO+hH4x5IHEpOUTSx36VyPfyUDqfxoAIAuJRKN2p9/rD4VCkSQCzEWXJV50WZjoqmGiy/NmQORVae/C8qZsNwAApIPW7rGLaeG//PTXuTUKGgKcYSDA2QuZZ01NDdlOjPv375NUnGut4BSh05KJybf54x/FTFfoOrvZ0M+Xfsokz/Kn/sc/0rYY8JyL0C+wtF4DiaZSByDLIfWNRLT4A2GRmq5lo/Q+KZt4VTXFXdcYxXVZmOiycNFlOfXeWB4V9QyPL8rWAwBAmrglo6AhwBkGAgwAuAmoiyHduXNHHgMg1wgEwycuv8Pl9/hCwVDE6w/FeoBJbh9axys7looa5uKMVyTectUw0WXhoqtGUV+R7/L7WrvHZesBACBN3JJR0BDgDAMBBgDkPC1m6zxd6YhrAK4apztw7PSRAPuDYXLg+t7VmOXeLxp9UjrxTeFIbI8WxXWNYaLLwi1XjWK8xvw1b+Cb/L7qxgHZdAAASBNltV0XM8MPPvwsh0ZBQ4AzDAQYAJDzmN4AnLvDuQEgwpGowx1weYJef8jtDbJFgJ+UTchtxXWNYaKrhosui+K6xpD3vo1lwFbdKZsOAABpgszwH/75Z0ztUszxiVOeJeuBAGcYCDAAILfZ2dkxzgom+OEPfygPA5CzRKNRMQW0PxAub1uM2e+Z3kthosvCRZdFcV2WOPU9ja2qE0sBAwDSzke/+wtTuxTzPL9OniLrgQBnGAgwACC3MZ3+6vPPP5eHAchZotH/cnuDvkDI6w/JIdCnfvugePRF+WTsaSxMdFm46KpRXNcYZrwstuoe+g4nmw4AAGniNoyChgBnGAgwACC3Uae/InZ28N99kPNEItETl7YM0u6Rp7pzmfz2ftFIXs30I+vYw5KxV5VT2eC9f6UCPUWVfVs7B7LpAACQJi4sh9//0QcQYGAKBBgAkMOYTn/14x//WB4GIJchAXa4/G5vcGPXqS16ZBDgVLyXwkWXRXFdY7joqjlVX5HXtt6FpQ3ZdAAASB8/++jPzO5STK6MgoYAZxgIMAAghzGd/urZs2fyMAC5jBDgQDBsd/or2haF9Kaivlx0WRTXZeGiyxLvvbE8LOwZGJmTTQcAgPTxoqD+wqOgW7vHKKOTi6vru1l7mwYEOMNAgAEAuYrp9Fe0x+fzyQoAchkSYFJfjy8YDEXqulfIex8UjzLXNYaLrhrFdY3hossSr7tq7hf01rcOyaYDAED6uIwf0gtZ/vW933z0u7989sUrEmP5BtcNBDjDQIABALmK6fRX9+7dk4cByHGi0ajbG3S4/C5PoK57mRS3fXijtGXeKL0UbrlqFNc1houumnjR5Tkt+9rSX16DlZAAAFfCP/3br5jgXT7Ch0mGXxTUy7e5JiDAGQYCDADIVUynv6qpqZGHAch9otH/cnmDTl2Avy0czq+dsdRMp6q+iusaExPXhDFarhpWrKe0qgMrIQEAroK/PrKmXRFjoTOTYH/2xavrmjQLApxhIMAAgJxkZmZGKq+BO3fuyMMA3BTcugDXdC4VNcySA1/SeynMWnmMlquGFcfHVtN7dOyQ7QYAgPRxFYqoht7iPz57kHkNhgBnGAgwACAn8fl8d+/eleKr895777W0tMjDANwUwpGoyxucWz2q61kpa1v4e8EwN95YFNc1hskqj9FyTcPqWd70U/LKepZXt2S7AQAgrVzFKGjT/MM//yzD00dDgDMMBBgAAADIaiKRqNMTqO1eLmmae1E5mU7vpRgtVw0rZtG9N5YnRV1jkwuy0QAAkFb+47MHzPGuLqSjP/nFH45PnPK9rxgIcIaBAAMAAADZTiAYLm6cK6iffV4xkW3eG8uD/J62rJlVFQBwkyBFvPBqwBfOP/zzz0YmMvFHPQhwhoEAAwAAANmOPxguapzTRkG3zjPXZeGyymK0XDWsWI0ivcb83dJfVd8jWwwAAGlidX33v//P/80ELzMhLy29+vntIcAZBgIMAAAAZDXhSPTE5bfUTj8vn3hTPcWMV4SbKovRck3D6lkU1zXmb3kDsdiq2sORiGw3AABcmtHJxf/2P/4Xs7tMhtS0pWtUtuZqgABnGAgwAAAAkNVEolGH21/fs/J1/hDlHN5LMVquGlbMorgui1F9RUqru05OXLLdAABwOch+/8//6+dM7TKfq3ZgCHCGgQADAAAA2U4oFClqmMmQ91IU1zWGSa8xRVW9G5t7stEAAHAJssR+Ra70fmAIcIaBAAMAAABZTTSqzQJdWK8JsBDUJ6VjeTVTb301FqPlqmHFahTXNYa5rhIq6H9a1DU2MS/bDQAAF4Wc8Lru+02Uq3NgCHCGgQADAAAA2UskEnV7gw6Xv7hxNmaqfy8YIh++XzR8Kq5n5fSF5lFc1xhFdNVo6ivyXUFvc/uwbDoAAFyUTC56lHrIga9CLCHAGQYCDAAAAGQvJMAeX3B58+SJbSymrA9KRv5mGfybJd5y1cQU1zSK67Ioosvy1ntj+bulr7SqXTYdAAAuxF8fWdMuhOnKzz76czQalQ1NExDgDAMBBgAAALKd3okto7vWdC7Zmufyqqe48YoYKs2juK4xiuiyxBmvmrLqDo/HJ9sNAADnZHV99x/++WdM57IqaZ8QCwKcYSDAAAAAQFYTjkRLW+Z1cZUprJt5VTn5TcFQbI8Wo+KaRnFdYxTRZYmzXJO86RMpruze2tmXTQcAgHPyf/8/nzKXy7b807/9Kr2dwBDgDAMBBgAAALKavSPP3/PjXPfrvMHviobf7mGiy6K4rjGK6KqJF12WU++N5UVx59TMkmw6AACch7Larqwd/GzMVw9LZIvTAQQ4w0CAAQAAgKxmfu34resaw0SXRXFdFkV0WeJFl0Xx3lge5ne1XeWCmQCAG8zPPvozE7nszPd/9EEaDRMCnGEgwAAAAEBWc3TitTXNpeq9FMV1jVFElyVedNUoxhuXvL6/W3rLqzEPFgDg3IxOLuZE96/I7//0XboGQkOAMwwEGAAAAMhqQqFIffcyt1w93xQMvaiYkE8V1zVGEV2WeMtVw0SXJS8upZVtwWBIth4AAFLjo9/9hVlcNuf7P/oAApyjQIABAACAbKd1cC0mvbHcLxourJ95VDJS1DDzbcEgM14RRXTVxIsuCxNdlnjvjaWksnt371A2HQAAUiD7J39Wky7JhABnGAgwAAAAkL04XH67098/uc3sl+T2fuHQw+Jh2nhiG/1aWxP4XOobL7osTHTVKNJrzCtr19z8qrwAAABIgWxe+zdRPvztF2npBIYAZxgIMAAAAJBF0NepUDgiNlzewNDMbufIBgnw/aLhmPpSHpWMfJNv0uuriC5LvOiqYaLLorhuXE7LHhZ0tXWNiMsBAIBUyJXpr4xJ1yhoCHCGgQADAAAAWQTZ7+aec3X7ZG71aHHjeG7taHrpYH7t+HXVRMxyHxQNF9ROfWMY9qyIrpp40WWJKa5pmOiqia//e15veXWbvB4AAEiBf/q3XzGFy4k8z6+TF3AJIMAZBgIMAAAAZAvhSHR9xzGxuD80vTM0s7uwfkwaTOmb2Hqgj3aO6W4Weq8xpVXtHo9PXhUAACQlt+Z/NuazL15dvhMYApxhIMAAAABAtrB/7GkZWCMBXtqwkwMvrh+Pze9NLOw3969+fSq9qalvvOiyKL7Kw0SXhRXH5+s8LUUVXavr2/KqAAAgKbl4A7DIBx9+BgHOOSDAAAAAQFbgD4SPHL7x+b2+ia2R2d2pxQMtSwcL68fDM7svyscv670UxVfjwkSXhRUrEeor8qSoc2RsTl4YAAAkJRdvABb5wd1fQoBzDggwAAAAkBW4vcFwJHri8mvjn6d3Jhf3Z1YOV7ZOyIGb+1e/KxqOie6zsrH7hUOxp3oU1zVGkdW4MNFVw+rjY/TeWL7L765p6JEXBgAASfnJL/7A/C1XkpZ5sCDAGQYCDAAAAGQRm3vOnrHN6aWDhbXjxfXjiQVtOPTc6tGryomY7hbVzzT2rnxTQA6suK4xiqzGhVmuGlYfH2a8amwVLcFgSF4VAAAkJkdnwBK5vGpCgDMMBBgAAADIIrb2nGS/ixvHk4v7JMDza0exqbDuFw59bRksa5l/VDKcVz35qnKcG6+IIqs8THRZWHF8mOWa5E2viK2qa3fvUF4VAAAkJqcFuKVrVF7GRYEAZxgIMAAAAJBF7B25yX5nVw7JeEfn9kZnd0dmdzd2nTuH7m/yB74tGGwbXHtsHSHRre9e4g6s+GpcmOiysGIlXHRZTr03lpclHVMzi/KqAAAgMTktwKU1nfIyLgoEOMNAgAEAAIDswh8IL2/a24fWSX1pY2XrJBAMb+w6vrZolvv3fHnH79PS0RflY5f1Xgqrjw8XXRbFe2N5mN/V1NovLwkAABKTdv3LZNADnHNAgAEAAICsIxqN7h97vL5g7KnLGyiomxLqK6PIalyY5aph9fHhoqtGMd64UIGlr7yyVbQfAACSkNMCPDKxIC/jokCAMwwEGAAAAMgNOobXyXuf2kYeFA0xX40LE10WVhyfOMU1DRNdlvhiW1X7yYlTth4AABLwD//8M+ZvOZTLqyYEOMNAgAEAAIDcYPfQ/W3BwHeFg9/mDzBx1cJEl4UVK2HuysNEl4UVnyavtHNufkW2HgAAEvCv7/2G+VsOBQKcc0CAAQAAgNzA5QmUt8wxceWiG5/7hYPPy0b5SwxhysrDRFcNq4/Pw/yu5jbcBgwAOIOfffRn5m85lONLj3OBAGcYCDAAAACQMyyuH8fc9buiwYfFQ8x430av+bul/37BYOwlsTBTNQkTXRZWzEMFeiy9pZXN4UhEth4AAMz4j88eMH/LlfzLT38djUblZVwUCHCGgQADAAAAOYMmwKeK+6B48FGJIsCK6xqjmKoSJrosrNgkp+p7GltV+8HBsWw9AACYUVbblXYDzEw++PAzCHDOAQEGAAAAcoaVLftDVXopiuuyKKYaHya6LKzYJHHSawxWAwYAnElr91iOCvDz/Dp5DZcAApxhIMAAAABAzhAIhut7llJXX8VU48NEVw2r54lzXZ43PZSH+Z2NLb2y9QAAYMZVGGBmkhbPhABnGAgwAAAAkEtUtc9f1nspTHRZWDFPvOiq0dVXJq/HVt4YDIZk6wEAwIyPfvcXpnDZnx/c/eXlxz8TEOAMAwEGAAAAcgb6rtU6sPp3Sz8z3melo49KhhVTVcJEl4UVmyRedFmM3muIrapza3tPXgAAAJiRi7cBp+UGYAICnGEgwAAAAEAuYXf6SHeZAP/dwkw1Pkx0WVixSeJFl0UxXpYXxR0jY7Oy9QAAkIB/+rdfMYvL8rR0jcqmXw4IcIaBAAMAAAC5RDgSbe5fEd6rmGp8mOiqYfU88aLLooguy9/zekUe5HfVNHTK1gMAQAJyazGktCyAJIAAZxgIMAAAAJBj9E1sKrIaHya6LKyYJ1501Siua0zMe42xVeA2YADAGYxOLubQKOi0zP8sgABnGAgwAAAAkGP0jG0o1qqHiS4LKzZJvOiyKK5rDDNelqLy9tW1Ldl6AABIwM8++jMTuezMD+7+8vjEKRt9aSDAGQYCDAAAAOQYfePxPcBMdFmMleaJF10WxXVZmOuyiJrHBe2tHQOy9QAAkACyypzoBP7si1fpGv9MQIAzDAQYAAAAyDEmFvY0cWWiqybOctXEiy5LvOWqYaLLwoq/zuspxShoAEAKkFsyl8u2pLf7l4AAZxgIMAAAAJBjbO467hf0c92NhYsuS7zoqmHuGh8muiys2BiMggYApEI0Gs3m6aC//6MPmjtHZFvTBAQ4w0CAAQAAgNyjrnNB9d4zFkMyWq4aRVmNYaKrhtWz/D2v50lhe3dvepYMAQDcbFq6RrN2IHR6Bz8LIMAZBgIMAAAA5B5zq4cPCgeE98byonz0UfGQcY+eeNFlUWSVxWi5algxC3lvLA8KeksrGsORiLwAAABIzEe/+wszumzIBx9+lt7BzwIIcIaBAAMAAAC5RzAUmV46eGwdVnQ3FsV1jVFklYWJLgsrVhPz3m8svd/m00u07ZLKto1NfCcDAJxNNBr9yS/+wKTuevP9H31wZHfI9qUVCHCGgQADAAAAucrk4v43lv5zeC9FkVVjmOiysGI1Me+N5XHJwIuyYbH9pLCtuzfN984BAG4qWeXAZL+26g7ZsnQDAc4wEGAAAAAgV9k/dn9XOEDe+21+/zf5Se1XkVVjmOiqYfUsMd1Nnm8t2lzQGAUNAEiR4xPnv773G6Z2mc+V2i8BAc4wEGAAAAAgV9k5cGnTQef1PisdflwyFGe8IoqssjDRZWHFLMxvU4mtonV370C2HgAAzuLaHfgqpn1mQIAzDAQYAAAAyFVIgLnxiuiC+sw29KRkMOarxjDRZWHFapjWitDbvakcZTtZnhW29Q2My9YDAEAKkANf11jof/npr5dXt2U7rgwIcIaBAAMAAAA5STT6X9v7zoq22YfFA0x9Rb7J66XEnj4sGnhqHWKua0ysMlGYzRrzvHToVcVI7HZf87zp/javE6OgAQDnJRqNfvbFK+Z4V51///l/XtGsVwwIcIaBAAMAAAC5SiAY3txzPLEOMVNlEX77oLCfHDimu8awehbusWZ5XDwQm+2Z5023MbbK1oODI3kBAACQGuTAIxML//Rvv2KmdxX5/o8++OphyVWseGQKBDjDQIABAACAHGZ2+eC7gn6mrLG8KBv5xhLnuvT0VcXoN5a+tHhvspwa77eWntflw9+c7nlZ3Do4MiFbDwAA54E0+KqXCP7wt19k2B4hwBkGAgwAAADkMB5fcGh6S3FXzXUfFg28KB1+XDxI249LBsmTaeOpdah9cOV56TB7iTFcZc+VN91PSwYeF/cL3aV8k9f9pmLkuW1QPL1v6SyvapKtBwCAcyK6gklTmfJdPv/+8/8cHp+n88t3yhQQ4AwDAQYAAABym4n53VNxjevsfVDYb22cIgem7We24W8tfaLsZbl2s67YNoar7Hlzarx1nfM17XOxpzJ5b2OrbMEoaADAZSBNJb56WHJ5dfz+jz4gnSapztiYZwYEOMNAgAEAAIAcJhiKTC3ukd/GvLewdqKkYaqgdqK6fW5m+cDaMCX8NvGM0JcLE9033Y+L+/OqRuVTg/fG8rK4dWJqTl4AAABcAtLg5/l1v//Td//y018zCUwe8t5///l/0mvJe+kk8nTXAQQ4w0CAAQAAgJxnYe3wvj7CuaF70ecPub2BY4fX6fbT9ujMtrhJOK9q7HXFKOWKvJfyTV73g4I+bVuRXmO+y++sqG6WTQcAgEuj9wdHSWVLazpJhslsKT+4+0sKiS4JIT2SIX/w4Wd09KuHJaK/93q9NwYEOMNAgAEAAICcJxgMV7TOVrfP+QOhYCi8vnOye+g6OvE6XP79Y/fIzDZ57zd5vY+KBspbZrjKnivxxsty39L7umKY6W5c3nSJlFY2Hh3bZesBACB9CBlOgqzLGiDAGQYCDAAAAOQ84XBk78jt8QVpOxAM7xy41rbtG7uO/SP3scPr84dWNo/zqkaf2YYeFQ9wp00xiu7GhYkuy6n3xvKyuGVialY0HgAAbjMQ4AwDAQYAAABuApHI224NtzewvnOyumUnE949cDk9ftJjst9vLIrWnhkmuixMdNUo6ivywNJeXdcimwsAALcYCHCGgQADAAAANxBy4L0j17HDe2j3OFz+jd2Th0X9XG6ThIkuC7NcNYrxGvNNnna3cGl5g9Ppls0FAIDbCgQ4w0CAAQAAgBuIzx/aP3Zv7Tt3DpwuT2Bt2/44lcHPTHTVMNFlUVzXGOG9sbyxtk5MYhQ0AOC2AwHOMBBgAAAA4AbiD4TWd05WNo9PnD4SYI8v2Du+HhPd1xUjlW2z31p6Y3uE3z6zDj4u7n+ru7Ew0WVRXJeFqa/IA0tneWVjOByRLQYAgFsJBDjDQIABAACAm0koHHG4tLt/j068xw5vx9AqiS5J74uy4ZqOuTeVozHvjaWxZ6GiZebtHia6egpqxmxNU/Kp4rqUkvpxS9UIbTDj5XnTZS1r3trelc0FAIBbCQQ4w0CAAQAAgJvM/pF7fefkwO5Z2jgqa55+XDJga5yKKe6Dwr6HhfrKvXoauhfKm6djrmsaTYAbJ43Gy1JYM/a4uJ/rbiwkxqd5mt/a0tYnGwoAALcSCHCGgQADAAAANxmfP7S569g/du8eupp6Fsly71t6LFWjwnhfV4xMLe6Vnipxcf1EeUtiAd/LLZEAAEw4SURBVFZc1xguumoM6htLaXm9x+OVbQUAgNsHBDjDQIABAACAm0w4oi0RvLplP7R7JuZ371t6yUVflg2R9L4oHXpQ0DcwsdHctyQU11I9+rpy5K3xiiiuyxJnuWrijZfFYm3GVFgAgNsMBDjDQIABAACAG442Ida2fefA6fYEGroXRGevrXHyqXWA/PZbS4828RWTXhHFdY3hossSL7pqvs3T8sDSXl7ZgKmwAAC3FghwhoEAAwAAADccry+4ve/cO3R5fMH6rvlv83tKGiYeFPUJy31eOng/v/et9F7Ie+9ber61nD6NF10W4b3GWMsxFRYA4PYCAc4wEGAAAADghuPxBuxO3+6B88Tpq2ideVE2NDKz9bJ8WOjuw6I+UuKLeW8sr8uHO4dWLFUjTHdjYdJrzNOC1pa2XtlWAAC4ZUCAMwwEGAAAALj57B+7t/YcOwfO0dnt8pZpS/Xog0LZA2xU3Ni2MUbRNcmp4hZUjz4r6Y89FWGuq+YbPZgKCwBwa4EAZxgIMAAAAHDD8QVC86sHJMAOl8/rD04t7jH1pTwq6rM2TBj3cNFliRddNUx0WYT3xoKpsAAAtxYIcIaBAAMAAAA5htPt9/lD0WhUPk9KKBzZ3D1Z3bbvH7tPXD6PN7Cyefyt0tl739L9tKSfNmKK+7i4v6xp6n5+T2yPTLzoGkMnuW/hrmsM895YHljaKyobZIsBAOA2AQHOMBBgAAAAIDc4snvIXRfWDrtH1gYnN8fndg7tHnksMeFw5OjEc3Ds3tg92TlwOlw+0uDmvkWSVaMAc8vVZ4d+WNT3dk+867IIvy1tnCCLjuluLEx3TfKm01begKmwAAC3EAhwhoEAAwAAADmA0+0n723uW2rtX+4YXGkfXGnpWxqY2PAHQuHIGWsIBYPh9W370sbRscPr8vjd3sDeoctSNaKq7zPb4JuKYeMeJrosTHSfFPd9l99t3MNFl+VNZyxPC5o7OvtkiwEA4NYAAc4wEGAAAAAg2wmHIyMz2639S51DK28zvNIxtDI8syW6gpMMiI5Go3tHrtWtY20iaJePiumxa3g1TnT1lDdPPxK9vorrshgtVw0XXRaD9xpjK6v1+fyy0SAr+eyLV//0b79CECS9Yfp6+UCAkwABBgAAALKdY4e3bWCZdFd4rzFtg8vNfYtzqwey1IxINHri9K1sHi1vHK1t23cPXXanb2Zp71sLv79XG/OsuK4xTHRZuOiqUaTXmHxry9T0nGw0yEr+47MH7Hs2giBZGAhwEiDAAAAAQLaztHHU2r/M1FekfXBlZGbL5QnI0gS4PH6y3wO7++jE43T7HS4fSXXv2Npb+1Vc1xgmuizcctUormvMt3kyj/LbKirrZYtBVgIBRpCcCAQ4CRBgAAAAINtZXD9sG0gkwMtjs9snLp8sTYzXFzy0e7b2HHuHLtJgnz+0unX8snTwSXH/fYu5ADPRVcNFl0VxXWNi3muMraxhawvf27IXCDCC5EQgwEmAAAMAAADZzs6Bs7lvsW1Qc+Du0TVtLDTZrz4iumt4pbRxcm4l2RBoQTgS2T10kQCfOLXbgNe37XTagYmNZyX9BdWjpup739L1qmywonnqUWGvcXYrLrosiuuyMOk15hmmwspuIMAIkhOBACcBAgwAAABkO4FgeGn9aHBys6V/qbptpn1wuW1gSTySwZLNhsNnTARNON3+uZX9pfVDrRP4yHXi8tFpx+e2SXfvW7qf2wa+s/TEFFfkQX6PpWqkoHrkTcXQ05J+LrpqFNc1hrkuDxXosZXWYCqsrAUCjCA5EQhwEiDAAAAAQG5Avrq8cTQ8vUkGu7p13D+xXt48tbRxJA+fRSQSJeml165sHJEMuzx+rz84Mr2VVzFcVDv2zNrPVjAyhosui+K6xnDRVXOqviIFtuapqVnZaJBlQIARJCcCAU4CBBgAAADISTz6cr6RJMsfmUEWTep7fOI5snt2D53kw7aGie8s5urLRZdFcV1juOWqiffeWB5Z2ioq6lLp0waZBwKMIDkRCHASIMAAAADA7SISiR7aPUcnnhOnz+MLjs1uPy3pS5f3UrjossTrLo9eYyuvX1hYls0F2QQEGEFyIhDgJECAAQAAgNtFIBgmAd4/ch3a3V5fcG3bXlA9crb3UhTXNeat4prGaLmmMRQXVfbU1LbI5oJsAgKMIDkRCHASIMAAAADA7eLE6Ts4djvdfrvD6/YGaLu8eUoo7lNr/7eW7rfGK6K4rjFGcTWP0XLVsOLTWEvrsB5SFgIBRpCcCAQ4CRBgAAAA4HZxfOLZ2D2xO70Ol+/EpY2C7hldI9H91tL1onRQWxP4+rw3lif5zXX16ATOOiDACJITgQAnAQIMAAAA3C4Ojt1r28f0KOLy+I9OPNOLu6VNk2d6L4WZKo/RctWwYpN0xGIrRydw1gEBRpCcCAQ4CRBgAAAA4HYRCkf2jlzb+44Tl4/s1+Hyub2BQ7unsmWKua4xiqnGx2i5pmH1PG+9N5anBegEzjogwAiSE4EAJwECDAAAANw6wuTAh7oDO30kwB5f4NjhreucZdJLUUxVidFy1bBiHi69LLbS6oODQ9lokAVAgBEkJwIBTgIEGAAAALiNBIJhcuCjE4/T7fd4A8FQuH1gSUjv46LehwXdiqzGh4kuCys2CXddY+6f5kVBQ3tHr2wxyAIgwAiSE4EAJwECDAAAANxS/IHQ/pHL4fLtHjh3D52jM1vFtWNkpy19C6WN4/G+ehomuiys2CTcdY2Jea8xpWU1JycO2WJw3UCAESQnAgFOAgQYAAAAuKUE9U5gst+NHTs9+vzB2eU90tQnxb2PCnvixJWJrhpjsUm46xrDjJflZVFjV1efbDG4biDACJITgQAnAQIMAAAA5DChcGRt237i9MnnKUMv3N53HNo9xyeeoxOP3ekNBMOkwXWds9/ld711Vya6LLEy83DXZWGumyhlZdUnJyey3eBagQAjSE4EApwECDAAAACQk0QiUfLV2eX99sFlcmC5N2Wi0ej6tn1169jp9u8fuQ7tbofL5w+EaKfW/ctEl4WLrhruusYwvz0zr4sbu7pwJ3BWAAFGkJwIBDgJEGAAAAAgJzlx+oamNrpHV0dnt8LhiNhJNnt04nF5AqTHYk8SNPU91u4BPjh20wY9Hp94dg6c5U2TZLlPinqfW/uv0XtjeZDXbrNV+Hx+2W5wfUCAESQnAgFOAgQYAAAAyElWNo96x9a6hlfaBpa297Vpouixe3ilc2i5Y3B5c/fsMcOBYPjQ7iYNPrR79GidwG5vYHhqg+yX8iImwFx0WbjrGsNs9rz59k075U1x/ejohGw3uD4gwAiSE4EAJwECDAAAAOQk/kBocf2QsrXnOLJ7Zpf3qlqnyX4ppMT94+vhiOwWTkQkEj12eEl66Qy7B07adulLIvWOrj4q6CEBLmua4LNhxYW7LgtT2XNFeG8s371pKyurQifwtQMBRpCcCAQ4CRBgAAAAIOdxeQLVbdOtfYuiB5gEeHnjUB5LSjAYJgE+tHu29x1Ot58E2OsLjs5uPS3pfVLc+7J04L6FSa8Id11jmMqeN0x9Y8kvaRxDJ/B1AwFGkJwIBDgJEGAAAAAg09gd3qMTj9sbWFo/XN44om3SzujZN+0m5ODYnVc5XNcx29q/qA+BXiKtlccSE4lG6X239hzUnhOnNzYpNL22pn1GkV4Kd11jmMeeN0x3We7ntT/IayuzlaMT+HqBACNITgQCnAQIMAAAAJBpVjaPhqY2Zpb2SFZ7R9eGpzcX1w53D5ypzFxlij8Q2tw96R5e6R1d7RpeGZrcsDu98lhi6FXUksNj94nTt3Pg3Nl3bO2drG0fkwbXdhgFmLuuMcxjzxsmumpIfWMpstZNTkzJ1oPrAAKMIDkRCHASIMAAAABARiHtnF7cJekdn9ueXd6fWtwdm92mrG3bo5fpBdZXNgoEw063PxSOpHIqKrE7vBu79q09x8GxmzZIwrW5oB3e0dmtypZJ5rosTGXPFWa5aozeG8tjS3NFWVVsymuQeSDACJITgQAnAQIMAAAAZBSy04n5nf6JdVLf0dntyYVdeko+TOYpKzKL3ekVw7CPTzz06HD5KGTCdZ0zL0v7HxV2p9F7KUx0WZjx8rxpL7bVLy4syqaDjLO6vtvSNYogSJbH7nDJf7RAAQIMAAAAZJoDu3tkZotCAjw6q220DSxt7WlLGV0LXl+QtFxskP26vQHa6Bldae6db+yee1U2cM3eS6EaPY/zmivLq9EJDAAA4GJAgAEAAIBMs7R+OKb1/e6Q+o7NbQ9Pb04v7vr8IXn4+nB5/LsHTnr0+oO7h86q1qnWvoWhyfX8qiEmtCmGia4aLrosp95rTJG1bn5uQbYYAAAAOA8QYAAAACCjRKLRqcXdoanN0Zkt8t7+8bXu4ZXjE488fK043b751X0xQzU16U35wOOi7vKmiYcFXcxsk4dZrhouuizxxsvyMK+1orwW00EDAAC4ABBgAAAAIHOEI5HVreOBifWR6c3hqc2phd2phZ3ukZXljSNZca1Q85zassBul8fvcPn6x1afW3tJaPOrhsTGmWGiy8JFlyVedNV8lydjKakfHhqVjQYAAABSBgIMAAAAZA6Pdm/tKmV8bntifmdocoM2ekZWaTtyuSmg00UoFN47cpH9Ot3+4xPPzNJufuXQ67KB7yzcdY1hosvCRVdNvOiyxLw3lgeWtvKyaqcTs7wAAAA4HxBgAAAAIHOQ5Pr8IXLLkenNzqFl8t6x2a3ByQ3akx3+q62l5PMHnW5tLmivL7h36Hxp62O6GwsTXTVcdFniRZeFSS/Ly4L69vYu2WgAAAAgNSDAAAAAwDVAerlz4Jxb2e8eWdnaO5F7swZtLLTb5/b4I5FoS+98Jr2XwlyX5X5em0hZec3u7p5sMQAAAJACEGAAAADg2vAHQrsHTpJM+TybcHsDZOmBYHhn3/GspCcV9eWiyxJvuWqY6LLEvDeWZ/kNtbUNsrkAAABACkCAAQAAAGAC2e+J0+d0awOhG7tnmesaw0VXTbzosjDRZWHSy2ItrVteWpEtBgAAAM4CAgwAAAAAjj8QWt+x7x5qawK7PYG+0ZXvLCbdv1x0WeJFl4WJrhrmuiyi5rGluaKsKhyOyHYDAAAASYEAAwAAAIATiUadbp/d6XW6/S63f2ff8aZ8IC3eS4kprmmY6LKwYkpBScPkxJRsNwAAAJAUCDAAAAAATIhEood2NzkwCbDD5Zta2Hlu7eGua4wiuixMXFmY6Kph9bE8zGsttZX7fD7ZbgAAACAxEGAAAAAAmBAIahN0kfo6XT6Xx+8PhJq6Z7n0iiiuawzzVRZmuWpYvRIqaHtdVN/b0yfbDQAAACQGAgwAAAAAE3z+oGa/bk2AaSMUCq9tHVnrR9LivRQmuiysWInmvYa0ltoqTuxZt5oUAACAbAMCDAAAAACO2xsg3T20u51uvz4RdCAQDIfCEXpqqx+tbZ+21Y0y441FkdW4MNFlYcVmMXrv2zzLb2iqb5atBwAAABIAAQYAAABAHNHof23tnSxvHLo8mv3So88f9HgDdCgYDHcNLZU1jrX3L7wp6zdqsGKqcWGiq4bVK4nTXZ43rRSbtXp7a1tcAgAAAGAKBBgAAAAAHH8gtHfktDu8xyeeE6fX4fK5PYFINEoavLFz/Kig81G+lqdF3YqpxoVZrhpWryRedNXo6ivyOK+psqI6HA7LawAAAAAUIMAAAAAAMIG8d3nj8ODItblr3zlwyPuB3f79I1dZw5gQ1McFnXnl/QZffRsmuiysWEm85aoxeK8xRSU187ML8gIAAAAABQgwAAAAAExwewLL6wcLq/sHx26S4SO72+sLeH1BtzcwMbf1tKiLTPWBpeNRfqfRXZnoshgrEyRedFkU441LXtvDvJYyK5ZEAgAAkBAIMAAAAADM8XgDbo8/Eo3SdvT00eHyrW8fi47fJ0Vdr0v7aIPk9lFBx8P8DqPuGmNQXNPEiy4LE101huK8otrhoRG9+QAAAAAHAgwAAACAc+B0+7d27d3Dy5aKATLbN+X9pMG08bS4q6Ru+HFR53eWNHkvhYkuCyuWaS3DkkgAAAASAAEGAAAAwDmIRv/r+MSztXfS3DNLilvVMmGtH3ld3veosJNkuLpt8llJ99Oirof5HYruxsKUVQkTXRZWzPKm9bmlvq62HrNhAQAAUIEAAwAAAODcuL2Buo4pEuCyxtHajqlHBR3lTWOvbL2PCzotFQNvyvqsdSO0HZPeUx9WfNUYJrosrFiNobjEWjM9OSXbCgAAAJwCAQYAAADARRib3SQBflrc9aRIE92Y7j7R58d6aeslExZ7yE4tFf2PC8iBFWulGMTVPKyehRXrefimuRwDoQEAAChAgAEAAABwEYKh8Mj0xpsyk2WQXpf2PSvujjnqC2vPK1tP7OnbKOIaF1bMwoqVvCioa6xvlG0FAAAAdCDAAAAAwE3A7fHvHjhDoYze+BoKR6pbJ5n9kp0+yu94mK9tiNA27Yk9ZabKEyszDStW8iDvbWyl1TPTM7KtAAAAAAQYAAAAuBnMreyVN417fUH5PFOsbh491RdD0odAK75qjCKrcWHFalh9fIzeG8tjS3OZtdTj8ci2AgAAuPVAgAEAAICbgMcXOHZ49MV6M4rL42/rm69tnyyoGuDKKqLIKg+rZ2HF8WHGq+ZVYW1zU4tsKwAAgFsPBBgAAAAAF8cfCNkdnqmF7ebuWeONvs+Ku17beijCVF9au4trBmPiqiWmuKYxVpqFia6Sllhs1srlpSXZXAAAALcbCDAAAAAALk4gGD6yu3cPHLb6kQcW/b5fXVALKvsrm8fqO6Ye6ntq2ya7hxettUNxlmuaeNFlUUSX5a33xvLY0lhmLfX5fLLFAAAAbjEQYAAAAABcnEAwtLFzvLVrn1/ZbeicelnS/aSwQ8jqK1tPXlnfm7LeuvbJzsHFpu6ZhMOkKfGiy6KILguXXpY3hTVtrW2yxQAAAG4xEGAAAAAAXJxIJBoMhkPhyMGxq61v7qW1+1lRp9FdHxV0dA4u9I2t5Fea2a+hUo0iumq468blzduU2irXVldlowEAANxWIMAAAAAAuCyRaNTh8k3Nb72ydkt9PVXcN2V9hdWD1rrhyubx2M6Y4iaKIrosiusaY/DeWJ7kNVSWVWIgNAAA3HIgwAAAAAC4LOFIxOnybewc13dOv7Xc+Dwv6dY2FNc1RhFdFsV1WRTvNSavsLqns1u2GAAAwK0EAgwAAACANBCJRo/s7pq2SaP0vo3iusYoosuiiC6L4rpxeVvZXGqr2Fhfly0GAABw+4AAAwAAACA9hMKR1r65B5Z0eS/FqK9KmOiysGI9TywNFaXlwWBQthgAAMAtAwIMAAAAgLRx4vTmlffF/DbmuizxlquGi2tcmOiqYfXxyS+q7uvtl80FAABwy4AAAwAAACBthCOR8sZRYbmvS3vYjNCK6LJwWeVhosvCilneNJ+mqcxWvruzI1sMAADgNgEBBgAAAEA6WVrff1PW+7ignR6v33spb9VX5pmlrrK0PBwOyxYDAAC4NUCAAQAAAJA2otHoscMzOb/1pKDjoaVNcV0WRVaNYaLLworVKN5rTFFJ9eDAoGw0AACAWwMEGAAAAABpIxyOeLyBE6e3vX+uqnmsrGHkcX57Or2XwupZFNc15mFey2maS62l25ubst0AAABuBxBgAAAAAKQNl9tH9uvzBylzSzsdA/OvS3tS8l4KE10WVsyiuC6LQX1lnlrqK2ylHrdbNh0AAMAtAAIMAAAAgLQRCke8voDD5fN4AwdHztbe2UTq+zi/7UlBu7bNRJcl/lUmUVzXGCa9LG8KaxrrG3AzMAAA3B4gwAAAAABIM+FwxOX2kQkPjK9wXz3Ni+LO17ZurruxKPU8iusaw0TXLFSjpdhaOTI0LNsNAADgpgMBBgAAAED68fmDHq9/dHrNaK2PLK3PCjusNYMFFX1PC9u59IoY6k2iuK4xiuWqkd5rSFOZtWxjfV22GwAAwI0GAgwAAACA9BOJRl0e/96ho6l7mryX3PVRXutrW3dF40h+ee/DvNY0ei9FEV0Wo/HyPLE0lJVYnU6nbDoAAICbCwQYAAAAAOknHI44XF6PL3Bkd1c1jZLiWsp6KU8K2kmDn+S3PS1sfyruAU4exXWNUUSXJU50k+RlfnVtVRVuBgYAgBsPBBgAAAAAaUazX6eX4g8EA8FQ/+jyi+LO50UdBRV9lvLekuqB1t7Zlp6ZouoBrruxKK5rjCK6auL8NpUUlVT19fbJCwAAAHBDgQADAAAAIM2Q9O4dOhwuuR6Sy+0rqup/ZGkrrRtu6poaGF/p6J8rrhl4qA+Nvl7vNaSptKR0bWVFXgMAAICbCAQYAAAAAGlG3ABMAux0+zy+ADnw1MLWyNTawNhyY9dU78hSaf3w69LuJwXt5MBaLqu+Ro+9eHAzMAAA3HggwAAAAABIP4FAiARYWxPY6XW5fZFIhHa6PD6y3+qWsbzynle2Lkt575P81qeFbXXtEwUVvUx6KYrossTpa1qCm4EBAOBmAwEGAAAAQPqJRqPkvWS8chS0R1sW2OP1kwDry/++tdySmoHhydWhiRVLWY/Yo4iumjhrTW+KiitxMzAAANxUIMAAAAAAuBL8gRB5byAYIgF2e/0eb4AceG5p55Gl5bWt62lBm9DdJwVt5Q3D1trBx/pY6KThsprOvGk6TSNuBgYAgJsKBBgAAAAAVwIJ8NGJmwSYvNfl9rk9fnqcWdwuquorqOht7JzsHJij5Jf3vrJ2GUWXlLiqaZQM+XSPIqtpzFvvfZsnefVlJdYTu11eCQAAgJsCBBgAAAAAVwIJ8P6R0+PVvFdMiKVtOL2Tc5uvrJ3kwGX1w2UNw6X1Q08L2mP2S6FDrT0z+RU9XFbTGEV6WV7lV1eVVwSDQXkxAAAAbgQQYAAAAACkjUg0Sq4rtgNBbR6sE6fX4wv4A0FhwqFwxOsLTM1vPi/uELpLG7bawcf5Wn/vI0vr86KOx/ktRVV9L0uoQBHXy0dxXWMe5b1NYXFlZ0eHuBYAAAA3AwgwAAAAANIDGe/mzvHS2h7pbjQaJeN1kP16/f6Adhuw0+WlAiqjp06Xj8rKG4bzy3vJfm11Qw0dk9Uto83dU2X1Q1xZ0xLFdY0xeq8h2s3A87Nz4uoAAADcACDAAAAAALgskUjU6fatbx+R1h4eu1Y2Dk6cnkAgpHX/erXuXxJgYb/ilmB69PgCVU2jbX2zJL0d/bMNHRN9o4sDY8tdg/PPitqEtT7Obyms7C2q6qM8slzoZmDFdVkU6Y3LU0t9aYn16PBQXCYAAIBcBwIMAAAAgMtCuruwsru2dSjGPJMG02M0GnV7tO7fUDhM0ksOHA5HSH0poXCErLisfshS1l3VPNo7Quq71Dey2D+2RBvPi9uFvj4tbBscXx6aWKH9VPk4v/Wt2SaPIrosTHSVNMbyMr+63GrzuN3yUgEAAOQyEGAAAAAAXAoSXX2Es290am1z53h142B7z0476VA4EiElduujoMl6A4GQGP/s8Qbo6ObOkbV24HlRe2ndYGPnZFPXZE3rWHnD0JMCTXRflnTkV/Q0dEy09832jy6RCRdX98dZrmkU1zVGEV2Wt95rjKWwqq6qGhNiAQDADQACDAAAAIA0EA5HNnaOJuc2D46coXBE7NSGRru8Lo+PDJl2hsLhQFBzYG154GCYJJlUmUSXjLegsrdnaKGubTymsq+sndXNo6THRVV9ZfVDFY3DTwvl0GiTKK5rjCK6arj0GvNYnxCrtak5HA6L6wIAAJCjQIABAAAAkAaE9AYCIdH3G4Ok1+3xk/eSIYcj2hBoEmAKKTFVnjg95L2dA3NjM+trmwdj02u22gHhtOS9JL117ePWmgFb3eDj/Lf3AD+2tORX9DwtaLOUdjHXZVFEl4W7rjHkvYY0lpRU9HX3yKsCAACQm0CAAQAAAHC1RCIRt9cvxj/To0efBEsbEa1bMZnwwsru+vYRCfD8yk59+4S41/dJfmtZ/dDg+HL/6NLQxErsxmBKXdtY38hiU+dkSXX/86I2Jr0URXRZuOuyxKuvzBOLNin09OSkvCoAAAA5CAQYAAAAAFeLJsAev8frd7p8Wl9wKEwOTN5LIQH2eANkv9t79tWNg6n5zcbOyZjrinuAe0cWa1rHaNtS3vPG1mWt6a9sHC6s6HlV0vHa2vGSiq/Se2Ohgqd5dWVW28b6urwwAAAAuQYEGAAAAABXSzgS0Se+0u4DJt0lGdYGRZ9Oi+X1BeaXd8h7RyZXB8eXSXdjk109yW99ZGnRFkB60/S6pKOqabi2ZdRS2vXYEnfTryK6arjrGsNEl4UVP7PUlZVYD/b35bUBAADIKSDAAAAAALhywuGImAorEon6A0GSXrE/EAyRDA9PrlS3jPaNLpIDT8yuVzQOCwE+9dtma01/9+BcS/dUe+9MTctocVVfauob564sTHTVsPpYnltqyq1Wp9MpLgEAAEAOAQEGAAAAQCbweANOl5cc2OMLiGWB6ZF2Uo5P3E63j0yYJJmUmJ5WNQ0XVvQ2dEyUVPe39U5T2vtmyuoG80q7alvHiqt680o7Fd2NhSsrCxNdFlbM8tiiJa+wuqqiEgsjAQBAzgEBBgAAAECGINd1OLVlgR0uL23Qo5gOmhI8HQ4dCkciUW3xpJmFre6h+f7RxYGxpabOyRdF7S+K28hvnxe15dk6iyp7Cyt6LGVdT/Nbnhe2XrX3UoT6xlJQXNnU0IiFkQAAILeAAAMAAAAgQ0TJbN2+E6fX49VuAyYH1tQ3GCYNJvX1BzQTpgSCISreO3QMji1pNwaPLZU3DBo6eJteWzvIfhs7J7oH55o6Jworuh9bEhosE10WVqyGea8xJdaKro5OcWkAAAByAggwAAAAADIHWa7TpQkwmTBtUGgP7Y9EIqI32KObMDnw0tqeGPlMrvusoIUJMOWNraO2daS4qqehfSyvtIOLq+K6LKyehbkuj3Z+SoPNWj45Pi4uDQAAQPYDAQYAAABA5tBnvfKFwhHXqQDTnnAkIqIf9Xt9gUg0urqx/1If82wMSW9hZbettv9ZISlx47OC5tK6/sKK7jh3VVzXGGOlGi66aqT6yjzJqy+1li4vLsrLAwAAkN1AgAEAAACQOUhxnW6fmASL7Jd0lzbEekgkwrRfzIYVDkfIkwfGlp6+7fvVBDW/rLOsrr+iYfB5Uautpi+/vIuU+FUJeTLpKHddY8TLk4SLLotBelmeWepLS6y7OzvyCgEAAGQxEGAAAAAAZA4SXfJbenTo3b+ku+KmX4/X79LV16/PDk0bopgc+En8/b2FFd0kwAUVXfRYUt1bVjdQWNHDdDcW4wtNw0WXJd51lTSIvLDUVJSWntjt4hoBAABkLRBgAAAAAGQOctoTp4cUl3TX49X6gYUAB4NhNzmwR+scDobCpMF6gf/E4altGSmsfDvI+Wl+MylxSVVvcWVPvjYLdDOTXpFYvWm46LLEWa5ppPrG8jK/qqqi0uN2y+sEAACQlUCAAQAAAJA5SG7Frb/kvWLAM23rk0L7yI1DYW0sNP1PMKjNC02HSInHZ9Z6h+dbe6aqm4cfW6TfFpR359k6n+a3xIxXhIkuCxddNXGWq4Z7rzH5RZUNtXVYGAkAALIZCDAAAAAAMkckok1/5dCkN0DeSxsnTg/JsBBj0mB/QAyB9ulzY0WohgS4a3C2a2C2vH7AUtr5xtpRUtX7qrittLa/snGInp7pvRQuuixxlquGuy7LE4tMibWqp7NLXioAAIDsAwIMAAAAgAwRjUbJbOXdv3roqXbrr9dPokvx6yYc0CfEikSjlIDeFby4slPdNGyr6SurHahrHW3rnW7umqTHsvqByqah50WtTHdj4aLLEme5arjossS815B6a0l5b0+vvGAAAABZBgQYAAAAABkiEomS9DqcpwLs1vp7SXHJeGmLRJe2/YGQ/hgkH6Y9ZMJhzYWju/sn7b3TDe3j5L19IwudA7ONneNFlT2vre1MeilcdFniLNc03HWNUaQ3Pnl1cGAAAMhaIMAAAAAAyBAktyS9ZLYuj1wEmKLPg6WpLyUSiYh7g6nG7dHmhRZPQ6Gw7sD23uH5/tGFofGlroHZgvKux/ETRHPRVRNnuWq46xrDRVdNXv1pNAfu7+2Tlw0AACBrgAADAAAAIEOQxIYjEdow3AmsTX/l9moLI/kD2ozQwWBIzP+sdf8Gtc5feqSn4XBkRxfgnqH54cnlnqG5vNKOVNU3znLVcNdl4aLL8tZ7jamz2SoG+uDAAACQXUCAAQAAAHANkPQ6XV5yXYqf7NcfJB8mGSY3JtclE/Z4A7GB0HRUjIsWDtw1MDswttjYMZ5f1sld1xguumq46xrDRZeFGy/PU0t9KRwYAACyDAgwAAAAADJNKBwm7z08dtodHhJdMt5AIEQbLo825pl0l6SXQjJM0ktxe/yhMG2H6OjewQk5cPfQHDlwZePg0/ymLPPeBkM0Bx4eHJSXDQAA4LqBAAMAAAAg00SjUXLdE4fH4fQK1yUHpkddg/1iQiyKW78TWN+j9QCTNtNO0uD9I0ffyDxpcEf/dFl9//PCltTUl7uuMVx01Siua0y89xpTX2otnxyfkFcOAADgWoEAAwAAAOAaCIbCJLfkvWIlJG2EszbsWXNdYcJ0lA6JPeIQFYvFgenlh8fOkcnlps5xW21fcVXPi8KW5wUtzwqaFemlcNdl4aLLoriuMYruqql/ll9ns5bCgQEAIBuAAAMAAADgOiGndTi9J04Pea9LN14pvYEgGS/F59cmhaYIH9YdOOpweXsG56qbhl+VtJHl5pd1VjYOvSpuNarvE0tjeX3/GysVcOmlcNFlUVyXRRFdFu0e4FjgwAAAkCVAgAEAAABwzYgBz/qKv5FAUFsTOBAIhULa5M8U0l06oOmx20ePbo8/Eo1SzczCZkXDYGFFV56tgwS4s3+mqXNCGw6t++3rkjay3+qmIVtN77OCpmvxXmPIgUttZdOTk/KaAQAAXAcQYAAAAABcG/q8Vtpsz+K+X0199dWAgyHtdl9yXbFUEm1TJVkxRZsyOqCtluTzBydn1/uG59t6plq6Jwf09YHbe6del7Q+0e4HbiA3fpYv1ZeLrhrFdY1RRJclznXVPNPzPL+uzFYOBwYAgGsEAgwAAACAayMYDLs9PofTc+L0ON1el0fr4yXLjUajJLr6wkh+l9vndGlzZdFR2iYfpkd6STgcObK7egZnO/unuwdm+0fmx6ZWBscWW7snbTW9JL35ZZ3PC5q56LIormuMIrpq4kSXRXivMXBgAAC4XiDAAAAAALhm9Dt+tR5dslyK6PIlN6adYhQ0CfDxiZt0lzZIlcXOSCS6d3AyNL40s7BBAtzRN907PEcaXN82qncCK65rjOK6LIrossSJLguTXhbhwIvzC/LiAQAAZBAIMAAAAACyC7FKMPmwmAuaNuiRtsWwZ60rWO8TDobCu/t2YbwV9f2FFV0Ua02PpbSd624siuiyKKLLEie6apjrKqkTeWGpKbWWriwtywsGAACQKSDAAAAAAMgiIpGIdpevPyhGO1Nog9RX3CccjcoJsRxODz0lVd7aPbJW91Q2DjS0j+aXdTDjfVl0OgQ6XnSf5ze+LGx6XtAoniqiyxJnuWoU0WWR3msMHBgAAK4FCDAAAAAAsoVAIOR0eUVIfbUpr/QVgCkOl5ekl/aLHmAxdRZt+3yBxdWd4Yml/pH5jv7pmPpSiiq7Siq78kvbSXdj6ktCS3sq6vuLK7vyrK3xoqsmTnRZFNFl4dLLIhx4bWVFXjwAAICrBwIMAAAAgGwhHIloruuUDhzr+6Vtsl/RJ+z2iEmhZRexeLQ73INji5390609k+29kwWl7eS6L4uaSX2LKjqLKzpjAvzG2lrbPGSxtb0obFJ0NxbuusYooquGu26ikAOXWUsxJxYAAGQMCDAAAAAAsoVAMERyKyzX7dFu9KUNsZ+eBkNhbSC03utL+6mMnlIC+vJI23vHU3Pr/cNz9W0j5LfkuvRYVttLKSjTfJjyLL+xsLyzunGQHLi+ddgovaTKTHTVKKLLwv02lTzPr7VZS4cHB8UnAAAA4EqBAAMAAAAgWyDFpcdIJHJ47Jxf3t47ONnePSbRDYe1lYEj0Wg4EnG5SXw1Dab9Pn+Q9pMeuzy+aDRKGtw3PPeioOlNSWt+aXtlQ39FfR/lzelQ5+LKrtKa3u7BmcGxRToqduZZW54XNFqrupjuxqKILgt32nPluZZaW0l5Z0dHOKxdPgAAgKsDAgwAAACA68cfCJLLOpyeI7tzcWWnb2R+YHRhdGpldWP/+MRFR72+AIkuGS8JsBgCHQqH9b5ibU1gEuBIJErn2T88aeoYbe4ca+4cb+2eqG8bqajv13t3GwrKOmiPNky6e6Ksro+kt6iig1Ja28OMV0QR3fqXhY2Gp1xlzxXde+NSVFzeVN9An4L4QAAAAFwFEGAAAAAAXCeRSIQeN7YPp+bWxXRWMwubZL+zi5u0TY8Olzb3FT2S+uqPPm3uK31yLDEtlgidh9jdt49OLlPGppbHp1dId0mGXxY2kwC/LGpu75nsHpjpG55r75noHpju7J8iWy6p7Hpd0pLEe2OxVnW9KCAH5jabepj0shQUVdRWVnncbvHJAAAASDsQYAAAAABcD9okz3rXLonr5s7h3OLW4so2OfD4zGr/yPzo1PLQ+OLewQnV+PwBl8dHAkwbMe8NBLWVgeko7dGVWEtAuyVYWzeYPNnp9pL9VjbIHmCS2/zSto6+qYHReXJgCm30DM5Yq7tLa3sKyztsVV0l2oxZHa+Kml4VNr0paX5Z0Kgbbz1tPM8nB+ZCm3qY6yqpFckvrKgsLT2x2+VnBAAAIK1AgAEAAABwDYTDEfJYbfSy23vi9EzNr88tbU3MrpED0+PY9AqFTHh+efvgyOH3B0mSSXRDYW0eLOHAYiC08F5yXVJiOhWdlk4ejWrDoUmwSaFJcSvq+/KsLaU1PVWN/QPa4Or58ZmViZnVobGFlq4xMt58W6uturtvaLapY3RgZK53aKZ/eK61a7ylc6yiriff1lJZ3/uysKGwrO3FOTVYEV0W6b3GvMmvqLCVHuzv658TAACAdAIBBgAAAEBGiUSjelettsav6AQeHFuYWdhYWNmeW9ykbZLhlY292cXNydk1XVZXfX6to9jl9rk8PrceehU9kglT6DxiD52NnpIG02MwFKad9PLmzrGa5sGWrvGugelBXX1X1nc3dw5394/nl7fIgfuGZ8l123smhBvTnomZlZ7B6bqWwfae8aqGPhLg10XayGeLrSXFfmBFdNVw7zXmdX5VudW2sb4uPzIAAABpAgIMAAAAgEwjemgjkUggGNrePRqbXlle210kAV7amppbn5pbm5xdpacjE0td/dPLazuksk6XNveVNrBZv+NXk+dgiJ46nB59PqxImM4W0FZRoqMOl4dcms7T1DEq7ux9XqANga6o75tb3NjZO9o7sK9t7q9v7k/Pr/ePzLV0jnX1T/UPz/UNzZIP057mjtGm9pHCsjaSXia3SaJYrhruusa8yK+L5XV+dZm1dH52TnxiAAAA0gIEGAAAAADXgMvj29w5nJpfH55YWlzdIe9dWd/T+oGXtX7gsakV0teh8cXh8cWl1R2X23tw5BDqq4121kP2q/f9arf7kgCLcdFUIHqG9w9P9EmwpvKscoIrMZEVaS2dkNR3a+eQMr+8RZmhZowviIxMLA6NzVNZbfNAXfPgi4L6VHp9FdFl4a5rjNF7jXmVX1NqLRsZHpYfGQAAgEsDAQYAAABARolGo/5AcHJujbKwsk3+OT2/TgI8u7hJajq/tEWPa3rf7MjE0sTM6sjkMgmw6O/16R28McsVe4IhOfL59E5gbZpoeiPaqGsdep7fINRXpKqhf2JmZXV9j7K2sbewvLW8trO+tb+5fbC9e0RKvLa5p3c+L45NLfcMTrd0jpZWdxWWtZHlviigU6XNeynMeFn0As2Bezq7sEQwAABcnrmZGQgwAAAAADJKKBQ+PHbOLW4K1yX/pI25pc2ZhY3x6ZWF5W2yX9pP6ru8tjs2vTI4tmA/cZPikuvSoxBg0l3NeF1ecRex6PsVAqxV+rVFg0mDqxv7rfrczraqrrKanpausb6h2Zn59cWVLbLf1fVdetzY2j86dlIOjx27+/aVtR3aOU/tmV/vHtDuBC6r7bZVd70oqC+p7BCTYCmiq4a7rjFMdFlY8XNLjdVa0dbcgiWCAQDgMkyMjZVbrRBgAAAAAGQUUlbS1MnZVTLexdUdepxd2CAfpo3p+XVS38WVbdqYnltf39wfnVomB6bH7d0jfbSz7PsV6kuWS/YbDIXIjYUP0yF6i2Ao7HB5qPLY7ursm+odmqltHmzpHBsYmRd3F5PfrqzvUki/SYbp6cbWwc7eMTkwvdHaptY5PDa11DM4XV7bQ8b7uqixqLydzPZlQX286LIwd40LE101rN6Y4pKKuppan88nPkMAAADnoq+np8xqtRUVQYABAAAAkCGi0Wg4EgmFiQiJ7uDYAqnvqjYOeZsUd3Zxc3ltd3J2bX55a3x6lR5p//D4EoV2Hhw5SGvpDCS9oo+X/Jak1+sL0Nm0/l59OmjaQ0dJiV36dFn0plu7R+V1vTVNA9WN/U0dIyTAJL2b2wf7hyck2GNTy90D0+0946OTS6TBS6vbZMXrW/vzy5u0hwS4oq63sKytqr7XWtlhKWkur+0mGc6Y9+qpESkoKq8qr3A6neLDBAAAkAr0fzntzc3luv1CgAEAAACQOTQB1qdr3tw+HJ1cJt2dX9oiuV1c2SbXpe31rQNtaPTylpgCmjI8vjg0tkCySoobCGiLIfn0NYHpVOTApLhCg2mDQg5MT8W22EkvISvu7JssKm9v6dKmeiatJcUVM2CRCdP527rHGtqGqYYyNDY/MrE4Mb3SPzLXPzzb3T/VPTCl9wN3t3SOtneP17cMltV0vcgX/cDMVHmY6LKwYiXSe43Jyy8vs1qPDg/lBwoAACApwWCwqa6urKRE2C8EGAAAAAAZhQSY7PXgyEFyu765T6I7Pr1CDjy7uDm3tLWyvjcxs7qwsr2xfTg9vz42tTwyubS0ukO+S+orRjVr9/fqyx15vH7xKHRXjzb9Vcx+6ZFsmd6RXkVm29g+PDAyt7K243B6dvaOSGt7h2b6hmYs1paC0taXhQ3P8+ubO0ZJdCmDo3NUPDgyRy/s6JkgSW7vGe/snRweW6hu6FNkNS5MdFlYsVm49xrzpqCi3GpbnF+QHygAAIAEeNzuuurq0uLimP1CgAEAAACQaaLRqN3hHh5fWl7T7sJd3djrH5mfnju9+3duXR+KvDMwOt87NDswMr9/eBIKh4XrBkNh4cCa/eoDoUlx6ZAISS/JLRWQ+DpdHhJgeqH+NGA/cW3tHB7ZnbQzGAxRGZ1278De1T9VVttd1zJIelzT2N/VN9nZO1HfMkjbFNogQx4jCdcatjYxvdw/PFNW0/VKuxOYWWvahjqb5kX+27wqqCorsfV2dWNqaAAASMTR4WFlaalRfUUgwAAAAADINIFAaHJ2bXBscWpujTR4en59bmlzbXN/fnmLfJgceHJ2lR4Hxxa6+qe3d4/8ZLl6fy/prkM3WxHaFsOeY3tIfWPbdNRHL9G7jukpObM/ENT8WZ8xSyi03eEi356aXV1Y3iTLnZlfI9HtH55tah+mdPRMkACPT5EAU8N21ze1mbFaO0drm/oLy1qFuDLLVWNQXNNw12Uxqq8h1SXFZXU1tbglGAAAVBbn57WbfgsLmf1SIMAAAAAAyDShsDZLs+bAowsr63sz+mhneiQZXlzZFvNU0dG5xU0yZKc+l1UkGtWcVu/g1Xp6XR4yWE1ifQHSWqfLQ6FDpNZan/DpLFnCcoUPU+S4aF+Ador6w2PHxPTKytrO7t7x7v7x/oH92K71FZPuzi2skxgPjc71D89MTC8va/Nj7UzNrtBTcuPS6k4muiyK6LJw0WVRjDc+VGCpsRSUV9hKtzc3xacKAAAgHA73dnaWG276ZYEAAwAAAOAaCIa0Uc1kudr0y8tb2jJI83rH7/z6gtYTuz48vjgxs+pyy4V/IpGINqNVIBiJROm1tEESS2fQ7gfWFVdIr357sPZUnzFL6xym/cKZaafd4To6doptETLq2YX1gZE5rRmLm+ub+zt7R2TC9Li2sbu8tj08vkDG2z88SyY8qKe9Z7yovK28tvtVYQOTXooiumq46xrDRZdF915jXlsqy0qs46Nj4lMCAIDbjMftrq+uNk55pQYCDAAAAIBrgKQ0Go2Siw6NLcwsbJDxismfyYRpz/j0itbN6/SQ0Eb0uaM9XrJb7XZfst+QLs8OvdeXJFb0A1Ol2KD9JL3BkPaUjtIb0SG9i1j2AFON36+5NBmyGA69uLI1OrnYMzA1MDK7srZD9ru6sUvS2zc03Ts4PTKxQBkam6eQADd3jJAAF9haisvbzqO+3HWN4aKrJt57jXmZX2OzljU3NgaDQfnhAgDA7WN3Zye5+opAgAEAAABwDYRIaqNRUtn9w5O1zX2S3onpldHJpcnZVfJPslbtvl99jV8qpkexoBE90iEyW6G+4lHcGHy6X7sNWPQPa93F0WhQXzdYVNI2ibE4iainnRSyanq6ur67vXtITz1e7aZi/abf/fGppd6h6f7hmZHxBZLk1q7R8trufFtzWryXwkWXJd51WUh9YykqKq8sLcMKSQCA28nUxESim35ZIMAAAAAAuDai0Sg9kugeHDlOnO6jYyeprDikrWAU0eyX0GeB1u74JY8V81qJvlzao3f2alM9O5zaXcEkt1R/KrraaklUJuyXLFdINRWLPYdHDjEvtHY0QDIeFkocOzmdam1jd3B0juyXHHhgZJa2qxt6s8d7jcnLxwpJAIBbRzAY7Ghr0+xXcV3TQIABAAAAcG2QlJLByifxCDcWkPFqchsMkZeSvopHYcJCa8V4Znokj6VdVCxkmAqEA1OojHZqnuzxkR7THrJf+4nr9KhcUphCJ3frO+mcewf2qdnVmfm1sclFSt/QTGPbUHF5m2K8sXDXNYaLLku86Kphxquk+nVBZam1FCskAQBuCSd2e21FBVvpN3kgwAAAAAC4NsKRiBjkzCD7DRkUjrb17lw/RXTPkqPSC4UA+/xahzBt6AarrwPs1W7u1WQ4qPUDC8Wl1wrvVXNsd5443EJ66VT0cpJkOhWdkLZX1nYmZ1YGR+fIfkl9C8taXxaoPcDcdY3hoqsmXnRZFNFlqY5PVUlJeT1WSAIA3HQ21tdTuemXBQIMAAAAgBwgGAqLNZC8WqeuNuEzqSn5qujXpQ16FAJM20KVxX6qFForOodPn2pzYtEGhc7gcLrp5Nq2PtG02E/vFdT9WfQhT0wv9w1N5xU3pu69FC66LPGiy6KIrhqmvm9jyS/DCkkAgBvM8OBg6sOejYEAAwAAACAHEF4qzJbUlPRVj+axJLrBkNRUUUN7tF5cLXKmK3qJ1ldMD1pHMVm0dhJRL18l6j0+ve9Xr9ffkQQ4Go3Sdt/QTGVdT1FZ61V7L0URXRauu8a8Os2b/Ioya+n4GFZIAgDcKHw+X1N9fdmF7JcCAQYAAABADhAOR8hRyXKF0FJEZy+JcSSiLZJEEcqqH5Ju7PdrKx7RHjpK9isehd8KT6Zt8RI6D+10OLUllMh4SZLpDFRD9eubexMzy5X1PWeqLxddlnjLVaOILgt3XWNi3mvM6/xqm7W0pbEJKyQBAG4GG+vrFTYbc9pzBQIMAAAAgBxAl1J/KBQmIxWKSzJMVkwhd9X6b/UeXVJW0mDNb3VbphcGQ9oiwIfHDiHMpzf6aqIrBDjmwMKK6S1CYX2p4dMB1XsH9q2dg8WVLVtVx6vCOia9FJJbS0mDtbItTneNiRddFkV0WbjrsjDpVYMVkgAAN4BgMNjX03OxYc/GQIABAAAAkBuQl+ruqg1X1mVVuxlYuKtfv7OXdgaCoUhE6ysmH9ZkOKhNnUWiK27xpdeSP1MZbZAJU4T9ku7GZoEWgk01eplHOLCYrKu7f7Kkoo2pr8jLgtrXRXWxpzLxosuiiK4a7rrGMMtNHkt+eWlJCYZDAwBylKPDw6ry8gsPezYGAgwAAACAHCAajYrBzMJ+KUJohaOKkKaKW3xJZcl9qV5XXI8Y3ixcVzxS7Ccuu0OugRQMhaiAVJleFvNeCmmz1qNMGh0K7+wd5duamPeaJ1501Siiy8Jd1xhmtqnndX5VqbWsqb4es0MDAHKLqYmJy3f8xgIBBgAAAEAOQA7qIRv1a6Od6VFb30if1Er09IpbdklWyXi1yaLFkObTqaG1l5zeHkwR2kwvpMhtXarpELmuOBXFqy2kFKSacDhCTxvbBrnosiiiy6KILgt3XWOYzZ4/VSL5BWXlNtvM1LT8WAEAIItxOp1N9fVptF8KBBgAAAAAOQDJLYmuPgmWTxuxrPfKaj29eg+t8FtdXDXvpUohtPRIh6iWqsXLqYCcVu/m1WT4yO60n7ioSJxBdPZGIhHthf6Athyx/nRlfadnYLKrb7yqvruwtNlS0vCyoDZF9VVEl4W7LouisueK9F5jXudXoisYAJD9rCwtXXK+K9NAgAEAAACQA5CakqBqfb+BUDgcpg2tizZI2xEyW73DVpNeUmISVtrW7Fc3YTpExeSxwofpJXrXbkiTXn1MtfZafcYsKqaX+3wBMl56XFrZ6uqfGBiZ6RuaHhqbIwGurO8uqWitqO0qKm8pLm8pKW8tLmthuhuLIrpquOsao6jsecO915jX+VUFBaUVttK1lRX5+QIAQNYQDAZ7OjvLr8B+KRBgAAAAAOQGwmbJfklnhd+K4c30KAYqi15cKtNtVrublypJZWlPMBjSpFcfMk0noUe9T1hMKC1mhBY3FUuRprOtrO9YrI2ij/dVoTbHVVFZc3ltp7WirbSq3VLcQMkrbmDeS1FEl4W7rjGKx5433HWNIe815k1BZZmtrL2l1efzyY8YAACum4P9/crS0rKSEiau6QoEGAAAAAC5gd8fFPf3kq+KAcxkvLQdCodF/zC5Kz1SyGJ1ldVv4tXvGaayQDDk18dRxxyYRJc2hPdSNVWKbSomzabK1fWdls7h2Djnl/m1xeWtJeWtVfU9bwrrjdKrH32bN4V1rwpqjXuY6LIoHnvecNdlYeprTGFRGbqCAQDZAP2Hd2JsrPzK1FcEAgwAAACA3CAajZKakqOSy1LE+GfyVVJi2iabpUMkvbRHaC3tEU6rvcQfjEQi4UhEaHCsvzf2SNEHRQfIsbUtvYxCm8Nj81X13VV13ZV13daKtnxrI5mwqffGUlrVnldUr29z12VRVPZc4aLLwlxXSaXIm4KKshJbZ3t7MBiUnzUAAGSWo8PD2srKtCx0lDwQYAAAAADkDOTAmtZ6fD5fgOyXHklcyXIDAW1QNKksbevjn7WFfwOBoLZ4kt45TJWhUJie0qu0l+i2TCF5FuasvVbvEKanYoi12KYXBnW7npheKi5reVNYb6tsL63qKKtut1W1Kd28xnDXNUZR2fOGu64xiuiySO+NT0VJcXllaenuzo78rAEAICOEw+GxkRFtqufCQiarVxEIMAAAAAByhkgkqt36qzuw8FgyXnr0a3NBh0RfbuzOXtqpzxRNNdrE0RTaQ4eEQmvGS6XBINlybCfpLkmyps365NL6ht7bHAgeHJ1U1WlTQBfammyVbQXWRhLgvGLRzZsT3kth0huXNwVVloLycmtpf28vuoIBAJlhd2fnSu/4VQMBBgAAAEAuIXp0yVd1y9VEV482yJlkWPT0+nTRFYOZqV6MaY7os0PTRlBfQJgKaD/toW06gybAXr82TFq/o5jUl3yYNsT9w3RO+4mrvXuU7FcxXhHuuiyKyp4r3HVZFNFl4a5rDHlvfCpLSirQFQwAuGrov8W93d0VVz/mmQUCDAAAAIAcIxgKkawKASaDJXcVGizMNjbfFRXoNdqkVqS9ZLaktfRaslnaKWyZHFjU0GtDYW2pJHJlocS0TU/oUfQMU+XM3GpxecvN8F6Kor5vYykoLyuxjo+N0YcmP3QAAEgfaysr5SUlmez4jQUCDAAAAIAcgzw2HI4EAkHdY32krGIAM23THpJVOkTuSopLT+kQhQRYM16/psdiJi2huEfHDvuJizaoRvQGUxmdnLYptNNFZfo5xZ3AswtrbwrrzlRfRWXPG+66xiiiy8JFl4W5Lg8V6MnLr7SWlNVWVh0dHsrPHQAALo3P52trbq64mjV+UwkEGAAAAAC5CokuuStpLVkrxe+Xo6NJVkUPMO2kbeGuQpVpJwkw2a+I9nKf1uVLp4r1Bov9YpseQ/rsWVRDj/Ta7v4JpruxKB573nDXNUYRXTXcdY3hosty6r0sloKyMqu1v7eXvrPKDx0AAC7KzNTUtfT6GgMBBgAAAECuIiaCJneNdflqNhyUkz+LblvSVwoV6AOntd5gCh0S26KGjtJL3PoCS7SHQtua/ep9v6LHmM5MR/UCf+/AZIG1gYz3TVFdga3xdWGN0WNLypvLq9uLSpuMO5OGuy6LIros3HWN4aKrJt54eQooFcXF2lrBM1PTGBENALgYTqezsa5Om+pZMdIMBwIMAAAAgFxF65LVByqTxApTJUmlvJVb/W5h8mR6GiJ7i0RIhk8cLvuJSyvQb/cVg5w9Hh+9nKJNghXUJr6ikzicbioi6dVuA9bPTCYs7Hp6dqW7f2JiarGytsNos6VVbSNjc129Y3VNvcb9ZuGiy6KILgt3XRYuuixGy1WjeW9c8grKbday2spKTI4FADgX9B/VibGxa+/4jQUCDAAAAIAchoSW7JRsVos+njkS0XTX4fTQU9JjYbmiE5i8l7R2cXlzZm712K5NEi16fWlD9PFKGdZnh6b99EgmTGeg12o6HdT6kLXoc1DTOQ8O7SXlzUWljTGtzSuqs1W2Fpc1vS6I6xaOD3ddYxTRZeGiy8JFl8VouaZR1NcYS0FZubW0vaWVPlz5AwAAgMRsb25WlZdnQ8dvLBBgAAAAAOQ2okuWpJc0lbyUfJV2Cll1OMlr6WBI2xMKkfpSlle3l1e3Do8dWzsHpLVCbsUGWa+4B5jORn5LrwyHw26Pdj+wZsI+7Y5i2qYCOrnW/+z1D43O5JfUK4prGu66xiiiq4a7rjFcdFmMimsaxXWTpKDAVm61jY+NYblgAEAinE5nc0ND+fVNdpUoEGAAAAAA3ATIVD0en7YasG7CovPWczoRNNnsxuYeGe/m9j458NLK5vrm7tTsCu0JRyJUqfX36oorOoFFbzDtpQ06A+0nDdYGQutPyYFFyIH3Do4LbW97gM3CXZdFEV0W7rrGcNFVY7RcNYrcppwKq7WssrR0Y31d/gAAAEAnGAwODw5qY54LC5l8ZkMgwAAAAAC4IUQicm0k0fEbG/msdQGHwqS7pL7kqwdHJ2sbu6vrOxTaoHoKvTYYDFElKa7o6XXrKwDHunxJgOkobdBOOrlTuz04EApro6DLq9uF6+YV1eWX1FfUdOQX1+eX1BWU1L8uSCjAiuiycNdl4aLLYrRcNdxmz5n8ChFLflm5raypvh5LJQEABPOzs6S+pcXFTDuzJxBgAAAAANwcwhFtXmgKCS35ajQapZ3aGGl/YHRigULGu7t/JOx3Y3PPdbpuMBky2axb6+PVnnp1B45EotqEWD4/Sa/o/iX1JRMWe6iAQht0ws6eURJgS3FddX1XZW1HTUNXSXmTtaL5TSEXYEV0WbjosnDRZYkpbqIwlT1XTr2XpaCgtMxqHRoYoA9I/BQAALeQ3Z2d2srKrLrd1zQQYAAAAADcKMhg3W6vNgOW3glMG6SpJw739NwKSe/y6tbG1t7RsWPv4NjhdJP0Ulk4HNHM2a/1GFMx+a1w4HA4TGego6TB2phnffAzuTTZNe2nePTZs+g8TpdnamapoKSeBLiipr22ofuNtjZS6t5L4a5rDBddFqPimoap7HmjSK8xeQUVloIKa0l5WYl1fnZO/hgAALcGj9vd0dZWlvXqKwIBBgAAAMCNggxWG7Gs36BLxBx1fXNXjHymo4fHJzu7h6KDV+vd9Wo3CZMJa4Olw5oDk+LSfrfH63S6aUM7EAzp3cV+rT9ZHwtN9bST9tAx2qCy2fnVsqrWAms9JWX15a5rDBddNUbLVcM89rxRXNcY8l4WS0F5qbW0trIKSyUBcEug//aNjYxU5Ij6ikCAAQAAAHDTCIY0gxXbZLYkwAdHJ2OTCzNzK/NL65vb+2S/ZLZClUVIX+klXp+f6rXuX682yFm7f1hbRUlbE5i2tXWEyZnFTr+27DAd8gf0O41PRXpgeKq4rOmS3kvhostitFw1zGPPG8V1jWHSq6agwFZmtXW2t2OpJABuNsuLi5Wl2h0QzDCzPBBgAAAAANxkxADm/YPj1fWd7Z2DxeXN8cmFianFE4eLDpEbk8pqvbj6ikdaR67XRz4sunbdHi/tpEN0Bu1RX2ZJjJcWzkxP6ZVefd1g2hbDrQ+PTjq7R/IKaxTppXDRZeGiy2K0XNMwlT1XFNdlYaKrpNyQMvqeWVZSMjI8jBuDAbh5bG9u1lVXa7f7ZuU8z8kDAQYAAADAzUfe3Ov1k/fu7B6SCTucbmG2wmPJYElfI5EoPfXrNwPTUU2OA0F6IA2mQ7RBR7UOYX10tFap2a+2MJImwKeDoqmWTj6/sFbb0J1IffOLa63ljdayRvGUiy6LUXFNw1T2vFFc1xhFdFmM3stSZi0uJQ3u7+1FbzAAN4O1lZXqioocVV8RCDAAAAAAbgXRaFSf51kTVwopK/mqZrleP4lsMKTNfUUmTHv0Yc8BeqQyocEkwKTEugnLubLInEma6ShtkzlTaEPT5EhELCBMpybTHh2fJdGNeW8slqKaIlt9cWkDd10WJroszGPPG8V1jVFEVw3T3bhY9Jmx9JSXnGqw0+mUPwwAQE5B/3VbXlysKi/PafUVgQADAAAA4BZByupwusVwZSHApLJksbRBO536qkhksE6nNjZa9AOLTl2tOKgV07Y4jzbymYroHNrqwZoKi23NnGl/IEBlZN07uwcNzT1MgLnoshgtVw3z2PNGcV1jFMtVw13XGIP3xiW/oKKoUBsU3dXRcWK36z8KAEAOQOo7PztbWVqa/esbpRgIMAAAAABuEWSkJLdHxw6Hw02iS9ZKdkvqK2791RzY6SY3Fl3EdIw8VlvuyKMd1aVXTo4lBFgXXu3mYYK26FR0NBKJkjPrL/STDNObbm3vF1nrL+u9FKay54riuiyK6LJw1zWG6a5ZqIZSRhpMX6PbW1oP9vfFTwQAkJ0Eg8HpyUn6B5tz01wlDwQYAAAAALcLcmBSXHJgUlbxlHxVmwLa63c43SSu9JQ8ltyVDNbl9mga7Ne6hbVDoZDWgaxPHC3kll5O+zVb1gdA04tpj3BgCkky+fPhoX1mbrmsqoUbrwizXDVMZc8bxXWNUUSXhbsuiyK6LMJ7WcoKC2xlNltLYyMWTAIgC6H/bI0OD5eVlFCYPd6AQIABAAAAcBshTZVbBsh4xX28JMPkt2SwYhQ0PVLoKdWIbaoRL6FjokB7WUQ7J51ZqDVB++mcpMf02rWNHVtFU8x7C0vqiijWOq67sTCPPW8U1zVGEV013HWNUUSXxai7pinTNdhabiutr6nZ3twUHxcA4HrxuN3Dg4M3VX1FIMAAAABAHFp/YCgsHiPRqC422uRJJDf0QP+jRZcdfade8PYlIe0xaHgMhcTR2KnEa7VTnW4YT6I/mpyEHqlGPJq1R3saa0+sOJVTiddqp9L+V5zq3Cc5bY/2P1r0p9nfHnqk0Mtjb0o7tXuD9aHLPl8s2nq/8RvaNr1M9P2e7tEmixaH3kZfMVh0JtPjwcFxeVWr8NuGpu7u3hETAWYee94ormuMYrlquOsao4gui1FxTaN5LwtpcEVpWV11zdrKivxHCADIOB63u7+392arr5aiov8fKhp+NZAltvMAAAAASUVORK5CYII=)\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"83d252d0-e5d3-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIxMywxXQ=="}
-{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzNiwxXQ=="}
-{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_sysmon_all_events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIxNSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIxNiwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIxNywxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIxOCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIxOSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the �l option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation that�s often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications.  Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**Abbreviation**|\\n|||HKEY_LOCAL_MACHINE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKLM|\\n|||HKEY_USERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier �mark of the web� stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIyMCwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"35500920-eb66-11e9-875d-ef4cb6c5875d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIyMSwxXQ=="}
-{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-28T13:44:13.391Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-28T13:44:13.391Z","version":"WzIxNDMsM10="}
-{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":15,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":false}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":60,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":60,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":14,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:47.305Z","id":"d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"83d252d0-e5d3-11e9-8f1d-73a2ea4cc3ed","name":"1:panel_1","type":"visualization"},{"id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","name":"2:panel_2","type":"visualization"},{"id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","name":"3:panel_3","type":"visualization"},{"id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","name":"4:panel_4","type":"visualization"},{"id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","name":"5:panel_5","type":"visualization"},{"id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","name":"7:panel_7","type":"visualization"},{"id":"35500920-eb66-11e9-875d-ef4cb6c5875d","name":"8:panel_8","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","updated_at":"2023-11-22T14:34:47.305Z","version":"WzIyMywxXQ=="}
-{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":11,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file
+{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":8},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":6},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"file.path\":{\"count\":2},\"file.path.text\":{\"count\":1},\"file.directory\":{\"count\":2},\"agent.name\":{\"count\":1},\"event.code\":{\"count\":1},\"winlog.event_data.SourceImage\":{\"count\":1},\"winlog.event_data.SourceUser\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T19:04:06.435Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-12-14T20:04:50.214Z","version":"WzI0MzcwLDE5XQ=="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_sysmon_all_events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDIyLDE2XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDIzLDE2XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI0LDE2XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI1LDE2XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI2LDE2XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the �l option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation that�s often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications.  Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**Abbreviation**|\\n|||HKEY_LOCAL_MACHINE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKLM|\\n|||HKEY_USERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier �mark of the web� stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI3LDE2XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"35500920-eb66-11e9-875d-ef4cb6c5875d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI4LDE2XQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T19:04:06.435Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-14T19:04:06.435Z","version":"WzIzMTM2LDE5XQ=="}
+{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T19:19:08.160Z","id":"d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","name":"2:panel_2","type":"visualization"},{"id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","name":"3:panel_3","type":"visualization"},{"id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","name":"4:panel_4","type":"visualization"},{"id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","name":"5:panel_5","type":"visualization"},{"id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","name":"7:panel_7","type":"visualization"},{"id":"35500920-eb66-11e9-875d-ef4cb6c5875d","name":"8:panel_8","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","updated_at":"2023-12-14T19:19:08.160Z","version":"WzIzMzkwLDE5XQ=="}
+{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file