diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 200399b6b4f..69ac4ec1732 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -753,7 +753,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add `join` and `sprintf` functions to `httpjson` input. {pull}27735[27735] - Improve memory usage of line reader of `log` and `filestream` input. {pull}27782[27782] - Add `ignore_empty_value` flag to `httpjson` `split` processor. {pull}27880[27880] - +- Update Cisco ASA/FTD ingest pipeline grok/dissect patterns for multiple message IDs. {issue}26869[26869] {pull}26879[26879] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 6e40ec0107f..5d95c482caa 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -21809,6 +21809,26 @@ type: keyword The WebVPN group name the user belongs to +type: keyword + +-- + +*`cisco.asa.termination_initiator`*:: ++ +-- +Interface name of the side that initiated the teardown + + +type: keyword + +-- + +*`cisco.asa.tunnel_type`*:: ++ +-- +SA type (remote access or L2L) + + type: keyword -- @@ -22047,6 +22067,16 @@ type: keyword The WebVPN group name the user belongs to +type: keyword + +-- + +*`cisco.ftd.termination_initiator`*:: ++ +-- +Interface name of the side that initiated the teardown + + type: keyword -- diff --git a/x-pack/filebeat/module/cisco/asa/_meta/fields.yml b/x-pack/filebeat/module/cisco/asa/_meta/fields.yml index f41b0383a11..e321a6cf3a2 100644 --- a/x-pack/filebeat/module/cisco/asa/_meta/fields.yml +++ b/x-pack/filebeat/module/cisco/asa/_meta/fields.yml @@ -187,3 +187,15 @@ default_field: false description: > The WebVPN group name the user belongs to + + - name: termination_initiator + type: keyword + default_field: false + description: > + Interface name of the side that initiated the teardown + + - name: tunnel_type + type: keyword + default_field: false + description: > + SA type (remote access or L2L) diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log index 0c3aef67223..e1666f72432 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log @@ -17,7 +17,7 @@ May 5 18:29:32 dev01: %ASA-6-302020: Built inbound ICMP connection for faddr 10 May 5 18:29:32 dev01: %ASA-6-302020: Built outbound ICMP connection for faddr 10.10.10.10/0 gaddr 8.8.8.8/0 laddr 192.168.2.2/0 type 3 code 3 May 5 18:29:32 dev01: %ASA-6-302014: Teardown TCP connection 2960892904 for out111:10.10.10.10/443 to fw111:192.168.2.2/55225 duration 0:00:00 bytes 0 TCP Reset-I May 5 18:29:32 dev01: %ASA-6-302013: Built outbound TCP connection 1588662 for intfacename:192.168.2.2/80 (8.8.8.8/80) to net:10.10.10.10/54839 (8.8.8.8/54839) -May 5 18:29:32 dev01: %ASA-6-302012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00 +May 5 18:29:32 dev01: %ASA-6-305012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00 May 5 18:40:50 dev01: %ASA-4-313004: Denied ICMP type=0, from laddr 10.10.10.10 on interface fw502 to 192.168.2.2: no matching session May 5 18:40:50 dev01: %ASA-6-305011: Built dynamic TCP translation from fw111:10.10.10.10/57006 to out111:192.168.2.2/57006 May 5 18:40:50 dev01: %ASA-2-106001: Inbound TCP connection denied from 192.168.2.2/43803 to 10.10.10.10/14322 flags SYN on interface out111 @@ -83,3 +83,10 @@ Apr 27 2020 02:03:03 dev01: %ASA-6-713904: All IPSec SA proposals found unaccept Apr 27 2020 02:03:03 dev01: %ASA-6-713903: IP = 192.128.1.1, All IPSec SA proposals found unacceptable! Apr 27 2020 02:03:03 dev01: %ASA-6-713902: Group = 100.60.140.10, All IPSec SA proposals found unacceptable! Apr 27 2020 02:03:03 dev01: %ASA-6-713901: Group = 100.60.140.10, IP = 192.128.1.1, All IPSec SA proposals found unacceptable! +Apr 27 2020 02:03:03 dev01: %ASA-4-106023: Deny protocol 47 src outside:100.66.124.24 dst inside:172.31.98.44 by access-group "inbound" +Apr 27 2020 02:03:03 dev01: %ASA-4-106023: Deny icmp src OUTSIDE:2a05:d016:add:4002:91f2:a9b2:e09a:6fc6 dst OUTSIDE:fe00:afa0::1 (type 128, code 0) by access-group "OUTSIDE_in" +Apr 27 2020 02:03:03 dev01: %ASA-4-302016: Teardown UDP connection 123364823 for OUTSIDE:82.0.0.1/500 to identity:85.0.0.1/500 duration 92:24:20 bytes 4671944 +May 5 19:02:25 dev01: %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 19269 +May 5 19:02:25 dev01: %ASA-4-733100: [ 192.168.0.1] drop rate-1 exceeded. Current burst rate is 0 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 6018 +May 5 19:02:25 dev01: %ASA-4-733100: [ Port-5432 5432] drop rate-1 exceeded. Current burst rate is 8 per second, max configured rate is 10; Current average rate is 20 per second, max configured rate is 5; Cumulative total count is 12466 +May 5 19:02:25 dev01: %ASA-4-733100: [ RDP 3389] drop rate-1 exceeded. Current burst rate is 63 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3054 diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json index cbe5e2b82eb..8866c2baa1b 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json @@ -31,6 +31,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 0, + "network.community_id": "1:Fw2gM6G3TtQ3pHWsZKBU6LW96pQ=", "network.direction": "inbound", "network.iana_number": 6, "network.transport": "tcp", @@ -91,6 +92,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 162, + "network.community_id": "1:IVpSg0ysDmubwwgwjXBIZ47C7h0=", "network.direction": "inbound", "network.iana_number": 17, "network.transport": "udp", @@ -338,7 +340,9 @@ "input.type": "log", "log.level": "informational", "log.offset": 770, - "network.transport": "tcp flow", + "network.community_id": "1:fZKugXq2jG4PzddJfuy6XDBSNb4=", + "network.iana_number": 6, + "network.transport": "tcp", "observer.egress.interface.name": "fw111", "observer.hostname": "dev01", "observer.ingress.interface.name": "fw111", @@ -395,6 +399,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 932, + "network.community_id": "1:RAjPAJDWj8kCZQnmEJzqMl9E6h8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "fw109", @@ -446,6 +451,7 @@ "input.type": "log", "log.level": "debug", "log.offset": 1119, + "network.community_id": "1:7GE6gaRtd6w4KEJWhDLHwfgp1Do=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "fw111", @@ -619,6 +625,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 1722, + "network.community_id": "1:adLbp2MSbpgtKlYEN938sSARKPs=", "network.iana_number": 1, "network.transport": "icmp", "observer.hostname": "dev01", @@ -860,6 +867,7 @@ "log.level": "informational", "log.offset": 2298, "network.bytes": 0, + "network.community_id": "1:4wndP8OTPk0tlCwv5mj9vURDLQ0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "fw111", @@ -916,6 +924,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 2462, + "network.community_id": "1:N0ZlFq5yxkndvN9h3uigv6XgVms=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -945,7 +954,7 @@ }, { "cisco.asa.destination_interface": "out111", - "cisco.asa.message_id": "302012", + "cisco.asa.message_id": "305012", "cisco.asa.source_interface": "fw111", "destination.address": "192.168.2.2", "destination.ip": "192.168.2.2", @@ -954,13 +963,13 @@ "event.category": [ "network" ], - "event.code": 302012, + "event.code": 305012, "event.dataset": "cisco.asa", "event.duration": 0, "event.end": "2021-05-05T18:29:32.000-02:00", "event.kind": "event", "event.module": "cisco", - "event.original": "%ASA-6-302012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00", + "event.original": "%ASA-6-305012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00", "event.severity": 6, "event.start": "2021-05-05T20:29:32.000Z", "event.timezone": "-02:00", @@ -973,6 +982,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 2623, + "network.community_id": "1:PyQWTuzAdzYav2//+TQFcJTt2os=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "out111", @@ -1024,6 +1034,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 2768, + "network.community_id": "1:adLbp2MSbpgtKlYEN938sSARKPs=", "network.iana_number": 1, "network.transport": "icmp", "observer.hostname": "dev01", @@ -1072,6 +1083,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 2904, + "network.community_id": "1:hoENwaIuofrQAf7gW+y4f0XXbxc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "out111", @@ -1123,6 +1135,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 3029, + "network.community_id": "1:+xI89PlchTpu6dxTMHpkmkd99Ns=", "network.direction": "inbound", "network.iana_number": 6, "network.transport": "tcp", @@ -1189,6 +1202,7 @@ "log.level": "critical", "log.offset": 3172, "network.bytes": 64585, + "network.community_id": "1:eOIoJBMMmanddR7cRZ0I9vTVI7o=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "net", @@ -1245,6 +1259,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 3328, + "network.community_id": "1:QsMj86uzy+H1c1pPwrevpSOTh6Q=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1305,6 +1320,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 3491, + "network.community_id": "1:QsMj86uzy+H1c1pPwrevpSOTh6Q=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1362,6 +1378,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 3654, + "network.community_id": "1:mPK7q/c5ZVhrh2fX6Uqp5314u3M=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "out111", @@ -1461,6 +1478,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 3935, + "network.community_id": "1:CQXm0MA6TgkTzvcatvgQvikqqes=", "network.direction": "inbound", "network.iana_number": 17, "network.transport": "udp", @@ -1512,6 +1530,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4053, + "network.community_id": "1:CctaOB5wLrJrIATPwYjXODlSpRk=", "network.iana_number": 6, "network.transport": "tcp", "observer.hostname": "dev01", @@ -1562,6 +1581,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4197, + "network.community_id": "1:ghA7Jv5D0sCP4HhHb948hjqh3H4=", "network.iana_number": 6, "network.transport": "tcp", "observer.hostname": "dev01", @@ -1612,6 +1632,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4337, + "network.community_id": "1:daEI7UiyuAFNVP1xsUsb/AHJ/1I=", "network.iana_number": 6, "network.transport": "tcp", "observer.hostname": "dev01", @@ -1661,6 +1682,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4472, + "network.community_id": "1:1Rjth0DOphFZyLUBP572S4VdEu0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "net", @@ -1711,6 +1733,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4631, + "network.community_id": "1:1Rjth0DOphFZyLUBP572S4VdEu0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "net", @@ -1816,6 +1839,7 @@ "log.level": "informational", "log.offset": 4949, "network.bytes": 0, + "network.community_id": "1:A692g/lxHLbLsT0d0M1RFfiHIs0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "net", @@ -1871,6 +1895,7 @@ "log.level": "informational", "log.offset": 5142, "network.bytes": 0, + "network.community_id": "1:pcILvYGm5J7rxuqU5/TRGZGGe3E=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "unknown", @@ -2002,6 +2027,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 5571, + "network.community_id": "1:XgYjYk8hbPPlEnBcHqCD172wQQE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "fw111", @@ -2055,6 +2081,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 5743, + "network.community_id": "1:a99mceIcFv0NTz6Aw/+bwE1TnPA=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "fw111", @@ -2174,6 +2201,7 @@ "input.type": "log", "log.level": "debug", "log.offset": 6256, + "network.community_id": "1:pXZbIlTv2J4XdRhqORC4IQqpKKg=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "net", @@ -2292,6 +2320,7 @@ "input.type": "log", "log.level": "error", "log.offset": 6722, + "network.community_id": "1:4MHSMLtBw+4q7Wke3ztBRVwtgt0=", "network.direction": "inbound", "network.iana_number": 1, "network.transport": "icmp", @@ -2384,6 +2413,7 @@ "input.type": "log", "log.level": "error", "log.offset": 7071, + "network.community_id": "1:frDwW4LN1XFwCsYClx5AmXSlEBE=", "network.direction": "inbound", "network.transport": "sctp", "observer.egress.interface.name": "fw111", @@ -2433,6 +2463,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 7178, + "network.community_id": "1:gZP3lWRSgL55d5cZvFu18yXen5M=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "out111", @@ -2688,6 +2719,7 @@ "log.level": "informational", "log.offset": 7808, "network.bytes": 245, + "network.community_id": "1:GUlUhGicslkTpg27XLqbp4L0H68=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "server.deflan", @@ -2749,6 +2781,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 8003, + "network.community_id": "1:B0rqhFg9+Gx1GmU4JRhiyO3+xmE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "srv", @@ -3437,6 +3470,7 @@ "input.type": "log", "log.level": "error", "log.offset": 9934, + "network.community_id": "1:9NRUY+1nxDxjlLBwQoakpBYA9sc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3704,6 +3738,122 @@ "forwarded" ] }, + { + "cisco.asa.message_id": "602303", + "cisco.asa.tunnel_type": "LAN-to-LAN", + "destination.address": "192.168.2.2", + "destination.ip": "192.168.2.2", + "event.action": "created", + "event.code": 602303, + "event.dataset": "cisco.asa", + "event.module": "cisco", + "event.original": "%ASA-6-602303: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xF81283) between 91.240.17.178 and 192.168.2.2 (user= admin) has been created.", + "event.outcome": "success", + "event.severity": 6, + "event.timezone": "-02:00", + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "informational", + "log.offset": 10775, + "network.direction": "outbound", + "network.type": "ipsec", + "observer.hostname": "dev01", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "related.ip": [ + "192.168.2.2", + "91.240.17.178" + ], + "related.user": [ + "admin" + ], + "service.type": "cisco", + "source.address": "91.240.17.178", + "source.as.number": 201126, + "source.as.organization.name": "CDW Ltd", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5888, + "source.geo.location.lon": -0.0247, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "91.240.17.178", + "tags": [ + "cisco-asa", + "forwarded" + ], + "user.name": "admin" + }, + { + "cisco.asa.message_id": "602304", + "cisco.asa.tunnel_type": "LAN-to-LAN", + "destination.address": "192.168.2.2", + "destination.ip": "192.168.2.2", + "event.action": "deleted", + "event.category": [ + "network" + ], + "event.code": 602304, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xF81283) between 91.240.17.178 and 192.168.2.2 (user= admin) has been deleted.", + "event.outcome": "success", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "deletion", + "info", + "user" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "informational", + "log.offset": 10937, + "network.direction": "outbound", + "network.type": "ipsec", + "observer.hostname": "dev01", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "related.ip": [ + "192.168.2.2", + "91.240.17.178" + ], + "related.user": [ + "admin" + ], + "service.type": "cisco", + "source.address": "91.240.17.178", + "source.as.number": 201126, + "source.as.organization.name": "CDW Ltd", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5888, + "source.geo.location.lon": -0.0247, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "91.240.17.178", + "tags": [ + "cisco-asa", + "forwarded" + ], + "user.name": "admin" + }, { "cisco.asa.message_id": "750002", "destination.address": "192.168.2.2", @@ -4117,5 +4267,356 @@ "cisco-asa", "forwarded" ] + }, + { + "cisco.asa.destination_interface": "inside", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "inbound", + "cisco.asa.source_interface": "outside", + "destination.address": "172.31.98.44", + "destination.ip": "172.31.98.44", + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny protocol 47 src outside:100.66.124.24 dst inside:172.31.98.44 by access-group \"inbound\"", + "event.outcome": "failure", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied", + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "warning", + "log.offset": 12205, + "network.community_id": "1:Uo11LCySQ1S0c9jtHZVIb4Pm/2k=", + "network.iana_number": 47, + "observer.egress.interface.name": "inside", + "observer.hostname": "dev01", + "observer.ingress.interface.name": "outside", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "related.ip": [ + "100.66.124.24", + "172.31.98.44" + ], + "service.type": "cisco", + "source.address": "100.66.124.24", + "source.ip": "100.66.124.24", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.message_id": "106023", + "cisco.asa.rule_name": "OUTSIDE_in", + "cisco.asa.source_interface": "OUTSIDE", + "destination.address": "fe00:afa0::1", + "destination.ip": "fe00:afa0::1", + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 106023, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-4-106023: Deny icmp src OUTSIDE:2a05:d016:add:4002:91f2:a9b2:e09a:6fc6 dst OUTSIDE:fe00:afa0::1 (type 128, code 0) by access-group \"OUTSIDE_in\"", + "event.outcome": "failure", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "denied", + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "warning", + "log.offset": 12341, + "network.community_id": "1:VA3lwFPBuRus2kxMs1BexFp+gp4=", + "network.iana_number": 1, + "network.transport": "icmp", + "observer.egress.interface.name": "OUTSIDE", + "observer.hostname": "dev01", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "related.ip": [ + "2a05:d016:add:4002:91f2:a9b2:e09a:6fc6", + "fe00:afa0::1" + ], + "service.type": "cisco", + "source.address": "2a05:d016:add:4002:91f2:a9b2:e09a:6fc6", + "source.as.number": 16509, + "source.as.organization.name": "Amazon.com, Inc.", + "source.geo.city_name": "Stockholm", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "SE", + "source.geo.country_name": "Sweden", + "source.geo.location.lat": 59.3333, + "source.geo.location.lon": 18.05, + "source.geo.region_iso_code": "SE-AB", + "source.geo.region_name": "Stockholm", + "source.ip": "2a05:d016:add:4002:91f2:a9b2:e09a:6fc6", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.connection_id": "123364823", + "cisco.asa.destination_interface": "identity", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "OUTSIDE", + "destination.address": "85.0.0.1", + "destination.as.number": 3303, + "destination.as.organization.name": "Bluewin", + "destination.geo.city_name": "Kolliken", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", + "destination.geo.location.lat": 47.3388, + "destination.geo.location.lon": 8.0264, + "destination.geo.region_iso_code": "CH-AG", + "destination.geo.region_name": "Aargau", + "destination.ip": "85.0.0.1", + "destination.port": 500, + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 332660000000000, + "event.end": "2020-04-27T02:03:03.000-02:00", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-4-302016: Teardown UDP connection 123364823 for OUTSIDE:82.0.0.1/500 to identity:85.0.0.1/500 duration 92:24:20 bytes 4671944", + "event.severity": 4, + "event.start": "2020-04-23T07:38:43.000Z", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "warning", + "log.offset": 12518, + "network.bytes": 4671944, + "network.community_id": "1:rwM9yFUsWh6N2utKviU7S94dS9U=", + "network.iana_number": 17, + "network.transport": "udp", + "observer.egress.interface.name": "identity", + "observer.hostname": "dev01", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "related.ip": [ + "82.0.0.1", + "85.0.0.1" + ], + "service.type": "cisco", + "source.address": "82.0.0.1", + "source.as.number": 5089, + "source.as.organization.name": "Virgin Media Limited", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4964, + "source.geo.location.lon": -0.1224, + "source.ip": "82.0.0.1", + "source.port": 500, + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.burst.avg_rate": "5", + "cisco.asa.burst.configured_avg_rate": "4", + "cisco.asa.burst.configured_rate": "8", + "cisco.asa.burst.cumulative_count": "19269", + "cisco.asa.burst.current_rate": "0", + "cisco.asa.burst.id": "rate-2", + "cisco.asa.burst.object": "Scanning", + "cisco.asa.message_id": "733100", + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 733100, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 19269", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "warning", + "log.offset": 12677, + "observer.hostname": "dev01", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "service.type": "cisco", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.burst.avg_rate": "5", + "cisco.asa.burst.configured_avg_rate": "5", + "cisco.asa.burst.configured_rate": "10", + "cisco.asa.burst.cumulative_count": "6018", + "cisco.asa.burst.current_rate": "0", + "cisco.asa.burst.id": "rate-1", + "cisco.asa.burst.object": "192.168.0.1", + "cisco.asa.message_id": "733100", + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 733100, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-4-733100: [ 192.168.0.1] drop rate-1 exceeded. Current burst rate is 0 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 6018", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "warning", + "log.offset": 12907, + "observer.hostname": "dev01", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "service.type": "cisco", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.burst.avg_rate": "20", + "cisco.asa.burst.configured_avg_rate": "5", + "cisco.asa.burst.configured_rate": "10", + "cisco.asa.burst.cumulative_count": "12466", + "cisco.asa.burst.current_rate": "8", + "cisco.asa.burst.id": "rate-1", + "cisco.asa.burst.object": "Port-5432 5432", + "cisco.asa.message_id": "733100", + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 733100, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-4-733100: [ Port-5432 5432] drop rate-1 exceeded. Current burst rate is 8 per second, max configured rate is 10; Current average rate is 20 per second, max configured rate is 5; Cumulative total count is 12466", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "warning", + "log.offset": 13142, + "observer.hostname": "dev01", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "service.type": "cisco", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.burst.avg_rate": "5", + "cisco.asa.burst.configured_avg_rate": "5", + "cisco.asa.burst.configured_rate": "10", + "cisco.asa.burst.cumulative_count": "3054", + "cisco.asa.burst.current_rate": "63", + "cisco.asa.burst.id": "rate-1", + "cisco.asa.burst.object": "RDP 3389", + "cisco.asa.message_id": "733100", + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 733100, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-4-733100: [ RDP 3389] drop rate-1 exceeded. Current burst rate is 63 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3054", + "event.severity": 4, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "warning", + "log.offset": 13384, + "observer.hostname": "dev01", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "service.type": "cisco", + "tags": [ + "cisco-asa", + "forwarded" + ] } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json index 39e67069061..9335237a31b 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json @@ -4,7 +4,7 @@ "cisco.asa.destination_interface": "Inside", "cisco.asa.message_id": "302016", "cisco.asa.source_interface": "Outside", - "cisco.asa.source_username": "(LOCAL\\Elastic)", + "cisco.asa.source_username": "LOCAL\\Elastic", "cisco.asa.termination_user": "zzzzzz", "destination.address": "10.233.123.123", "destination.ip": "10.233.123.123", @@ -33,6 +33,7 @@ "log.level": "informational", "log.offset": 0, "network.bytes": 148, + "network.community_id": "1:9aBQ+NznvYals1agEGRVJm37dvQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "Inside", @@ -48,10 +49,14 @@ "10.123.123.123", "10.233.123.123" ], + "related.user": [ + "Elastic" + ], "service.type": "cisco", "source.address": "10.123.123.123", "source.ip": "10.123.123.123", "source.port": 53723, + "source.user.name": "Elastic", "tags": [ "cisco-asa", "forwarded" @@ -85,6 +90,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 200, + "network.community_id": "1:kV/6Jt4iMhVyUT1AW+UO0itOhqU=", "network.iana_number": 1, "network.transport": "icmp", "observer.egress.interface.name": "Outside", @@ -135,6 +141,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 381, + "network.community_id": "1:7nrIUULEgk5A+nhbh4kNmEkwL3o=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -159,7 +166,7 @@ "cisco.asa.message_id": "106023", "cisco.asa.rule_name": "Inside_access_in", "cisco.asa.source_interface": "Inside", - "cisco.asa.source_username": "(LOCAL\\Elastic)", + "cisco.asa.source_username": "LOCAL\\Elastic", "destination.address": "10.123.123.123", "destination.ip": "10.123.123.123", "destination.port": 57621, @@ -184,6 +191,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 545, + "network.community_id": "1:LM0R4Wi8tEf+1pe2ukofXQKxfMc=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "Outside", @@ -198,10 +206,14 @@ "related.ip": [ "10.123.123.123" ], + "related.user": [ + "Elastic" + ], "service.type": "cisco", "source.address": "10.123.123.123", "source.ip": "10.123.123.123", "source.port": 57621, + "source.user.name": "Elastic", "tags": [ "cisco-asa", "forwarded" @@ -329,6 +341,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 989, + "network.community_id": "1:/zjqku0IM1BTHL37aH0DvJSecYY=", "network.iana_number": 1, "network.transport": "icmp", "observer.egress.interface.name": "identity", @@ -377,6 +390,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 1171, + "network.community_id": "1:F0lY+M777B6QL2SDSKa9RfuUJ7s=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -425,6 +439,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 1334, + "network.community_id": "1:F0lY+M777B6QL2SDSKa9RfuUJ7s=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -474,6 +489,7 @@ "input.type": "log", "log.level": "error", "log.offset": 1514, + "network.community_id": "1:kRCfRJ9T/IeRNAhAhzOsF6EjIV4=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -533,6 +549,7 @@ "input.type": "log", "log.level": "alert", "log.offset": 1723, + "network.community_id": "1:cJpy7sqGDQbchRUXDtR8k10HinM=", "network.iana_number": 1, "network.transport": "icmp", "observer.egress.interface.name": "outside", diff --git a/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json index 59fdb927a87..81c80ebf991 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json @@ -27,6 +27,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 0, + "network.community_id": "1:ygCOhTlTMVGn+PXlTgyzRveBJ9g=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -86,6 +87,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 150, + "network.community_id": "1:aH+Rcp4nenimMGZQ733uys/x0js=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -148,6 +150,7 @@ "log.level": "informational", "log.offset": 345, "network.bytes": 38110, + "network.community_id": "1:nawleoAMDhKg7pshv6H5enEaKV8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -209,6 +212,7 @@ "log.level": "informational", "log.offset": 535, "network.bytes": 44010, + "network.community_id": "1:XqwLVHNEt7Z1fB2ZZXj1piBH4PM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -270,6 +274,7 @@ "log.level": "informational", "log.offset": 725, "network.bytes": 7652, + "network.community_id": "1:Q18EvtK0EmoGK6hViBJu2B9syjc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -331,6 +336,7 @@ "log.level": "informational", "log.offset": 913, "network.bytes": 7062, + "network.community_id": "1:k3K4xSa45aJwCWLM9eIJsqCydLQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -392,6 +398,7 @@ "log.level": "informational", "log.offset": 1101, "network.bytes": 5738, + "network.community_id": "1:Qq/qwMDt7lmCdvQnPYJ86wHp5mY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -453,6 +460,7 @@ "log.level": "informational", "log.offset": 1290, "network.bytes": 4176, + "network.community_id": "1:ezm9yQGN1cdh1QEJ2nw19295QfU=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -514,6 +522,7 @@ "log.level": "informational", "log.offset": 1478, "network.bytes": 1715, + "network.community_id": "1:dV1ILqqOHNIkUwdYUt2iodkCTIg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -575,6 +584,7 @@ "log.level": "informational", "log.offset": 1666, "network.bytes": 45595, + "network.community_id": "1:M9jSkRNBaw+CV8aYYGLeh+1c4LQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -636,6 +646,7 @@ "log.level": "informational", "log.offset": 1853, "network.bytes": 27359, + "network.community_id": "1:kcIahkhuYMj1cJNDgmYdpgb8b5o=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -697,6 +708,7 @@ "log.level": "informational", "log.offset": 2043, "network.bytes": 4457, + "network.community_id": "1:Oll9UOQVtF14Vb1gAqDgbQ8GVN0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -758,6 +770,7 @@ "log.level": "informational", "log.offset": 2231, "network.bytes": 26709, + "network.community_id": "1:SRok/PbYRZCXwEJ9MQDvhiR0OZc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -819,6 +832,7 @@ "log.level": "informational", "log.offset": 2420, "network.bytes": 22097, + "network.community_id": "1:agnIkBJhbPXkAM0Ai6Q8vvm22FM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -880,6 +894,7 @@ "log.level": "informational", "log.offset": 2609, "network.bytes": 2209, + "network.community_id": "1:dyOBaLTo8f2aK6FSqmPQ8iEKQCM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -941,6 +956,7 @@ "log.level": "informational", "log.offset": 2798, "network.bytes": 10404, + "network.community_id": "1:JG3x+PLXI8vDNUP0xc2b7cGmtO8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1002,6 +1018,7 @@ "log.level": "informational", "log.offset": 2987, "network.bytes": 123694, + "network.community_id": "1:aVhOiCMAQUL3DYMg+b1hd6++Tsw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1063,6 +1080,7 @@ "log.level": "informational", "log.offset": 3177, "network.bytes": 35835, + "network.community_id": "1:yvanaru1i/rrH9fF3MeSmHfJVH0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1124,6 +1142,7 @@ "log.level": "informational", "log.offset": 3367, "network.bytes": 0, + "network.community_id": "1:h36yIuCF0zHqn+9q0Z5lLEIz2FE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1178,6 +1197,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 3552, + "network.community_id": "1:tCQw5Th130a6dZONq7h6PjILJZY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -1237,6 +1257,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 3703, + "network.community_id": "1:kcCQj9lygM48oLeBgvoRv3KlTuA=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1298,6 +1319,7 @@ "log.level": "informational", "log.offset": 3896, "network.bytes": 148, + "network.community_id": "1:kcCQj9lygM48oLeBgvoRv3KlTuA=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1357,6 +1379,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 4071, + "network.community_id": "1:bp0GOEdY1zkuA4pQN1jtkfjom00=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1418,6 +1441,7 @@ "log.level": "informational", "log.offset": 4264, "network.bytes": 164, + "network.community_id": "1:bp0GOEdY1zkuA4pQN1jtkfjom00=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1472,6 +1496,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 4439, + "network.community_id": "1:IqCv9QrYpJkgySoRM91LE2Ao1Ug=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1531,6 +1556,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 4589, + "network.community_id": "1:sxPO5rXtxG30Oh+QP2ncQZ0N1U8=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -1586,6 +1612,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 4784, + "network.community_id": "1:MZcBg2aQ/SdpVmPXf2Ze+Ng4g9Y=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1645,6 +1672,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 4934, + "network.community_id": "1:G5HU7oEz3i/eGfSUoq5HuDVo7u4=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -1705,6 +1733,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 5129, + "network.community_id": "1:H8tgP5tPUaaz9Npdxb+q+3ZYoN0=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1765,6 +1794,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 5326, + "network.community_id": "1:Sj4w7IG06WsDGSPRXBX9NS6LDEY=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1826,6 +1856,7 @@ "log.level": "informational", "log.offset": 5519, "network.bytes": 111, + "network.community_id": "1:H8tgP5tPUaaz9Npdxb+q+3ZYoN0=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1886,6 +1917,7 @@ "log.level": "informational", "log.offset": 5696, "network.bytes": 237, + "network.community_id": "1:Sj4w7IG06WsDGSPRXBX9NS6LDEY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1940,6 +1972,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 5871, + "network.community_id": "1:/KJCwT2FUqlgb+8c7f4b8fvqWFE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1999,6 +2032,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 6021, + "network.community_id": "1:gFO9U+lgj3sty9R349zScds2rBg=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2054,6 +2088,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 6218, + "network.community_id": "1:kpfWE+K4tPLbC1LWM9M8v5zQqyk=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2113,6 +2148,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 6369, + "network.community_id": "1:PmwiqFgdpl13iRx/dI+XAUpFScQ=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2173,6 +2209,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 6566, + "network.community_id": "1:HgVBFZOMW/jvKdEmq/wc0JyLnZQ=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2234,6 +2271,7 @@ "log.level": "informational", "log.offset": 6759, "network.bytes": 87, + "network.community_id": "1:PmwiqFgdpl13iRx/dI+XAUpFScQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2294,6 +2332,7 @@ "log.level": "informational", "log.offset": 6935, "network.bytes": 221, + "network.community_id": "1:HgVBFZOMW/jvKdEmq/wc0JyLnZQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2348,6 +2387,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 7110, + "network.community_id": "1:J8j4D9Hm6tPmF+enIkcOgaYzEg4=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -2407,6 +2447,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 7260, + "network.community_id": "1:2VKYvyM6qODR0XAXnVUFrYSP/IU=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2467,6 +2508,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 7455, + "network.community_id": "1:26iZkkyLxmu1X9KqcswJINmTCPM=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2527,6 +2569,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 7652, + "network.community_id": "1:xuWnph7S4x01QQURwZz62YrNdQQ=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2588,6 +2631,7 @@ "log.level": "informational", "log.offset": 7849, "network.bytes": 101, + "network.community_id": "1:26iZkkyLxmu1X9KqcswJINmTCPM=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2648,6 +2692,7 @@ "log.level": "informational", "log.offset": 8026, "network.bytes": 126, + "network.community_id": "1:xuWnph7S4x01QQURwZz62YrNdQQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2702,6 +2747,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 8203, + "network.community_id": "1:TO0ui5exOUfDCukU8mR9bJIjkLY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -2761,6 +2807,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 8353, + "network.community_id": "1:/NBLcipqeKvQyDqtEziGtIMUQTs=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2823,6 +2870,7 @@ "log.level": "informational", "log.offset": 8548, "network.bytes": 862, + "network.community_id": "1:/NBLcipqeKvQyDqtEziGtIMUQTs=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -2882,6 +2930,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 8733, + "network.community_id": "1:Aq1WnukJ+GNVqeRryOc0YYsSDos=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2943,6 +2992,7 @@ "log.level": "informational", "log.offset": 8930, "network.bytes": 104, + "network.community_id": "1:26iZkkyLxmu1X9KqcswJINmTCPM=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3003,6 +3053,7 @@ "log.level": "informational", "log.offset": 9107, "network.bytes": 176, + "network.community_id": "1:Aq1WnukJ+GNVqeRryOc0YYsSDos=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3057,6 +3108,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 9284, + "network.community_id": "1:Aj/XpM3jpqRdnliZ41V6x4P43+E=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3116,6 +3168,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 9434, + "network.community_id": "1:2YT6PqWSIyoyRYVbl2cIXiGcMsw=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3171,6 +3224,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 9625, + "network.community_id": "1:92e0i/+rET9QRb4OJPjo8ombnho=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3230,6 +3284,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 9775, + "network.community_id": "1:XheyUG03AcgRSOyMnpafZQNi3wY=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3285,6 +3340,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 9966, + "network.community_id": "1:zO9YefYViVlpEmjk0y/xJ+kBVQM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3344,6 +3400,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 10116, + "network.community_id": "1:cKgOVwHWv3CzYQlpMkVbynKHE30=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3404,6 +3461,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 10307, + "network.community_id": "1:+QNGALKBnl7iYd1+qg3bg2IJyho=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -3465,6 +3523,7 @@ "log.level": "informational", "log.offset": 10500, "network.bytes": 104, + "network.community_id": "1:+QNGALKBnl7iYd1+qg3bg2IJyho=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3519,6 +3578,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 10675, + "network.community_id": "1:04tYx55j9tCWtjlaXaCxE2U8b8M=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3578,6 +3638,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 10825, + "network.community_id": "1:YysjQgUCP64UYIQdnFMFxvopBMw=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3633,6 +3694,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 11018, + "network.community_id": "1:1MUBdAvjCABqDQE9IfLWai42OhA=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3692,6 +3754,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 11168, + "network.community_id": "1:wH3OQfGQv6qlex3KDY6fleRZ3W4=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3752,6 +3815,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 11361, + "network.community_id": "1:+y5eZK0soO9pFOh5l07R/VVpE0Q=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -3814,6 +3878,7 @@ "log.level": "informational", "log.offset": 11554, "network.bytes": 593, + "network.community_id": "1:YysjQgUCP64UYIQdnFMFxvopBMw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -3868,6 +3933,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 11738, + "network.community_id": "1:Q4mw5/UOrraSXyucLYyaom31Os4=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3927,6 +3993,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 11888, + "network.community_id": "1:9aaIbdVfxtctEtHtisDVEKYc8wI=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3988,6 +4055,7 @@ "log.level": "informational", "log.offset": 12081, "network.bytes": 375, + "network.community_id": "1:+y5eZK0soO9pFOh5l07R/VVpE0Q=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -4042,6 +4110,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 12256, + "network.community_id": "1:4DSy4gkfywR/vYGwMX8ni9L8xNA=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -4101,6 +4170,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 12406, + "network.community_id": "1:CUxMKGQ8Da35o4Z5ZJ3cqjyBcjE=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -4130,20 +4200,29 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "outside", "cisco.asa.message_id": "305012", - "event.action": "firewall-rule", + "cisco.asa.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8267, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "asa", "host.hostname": "localhost", @@ -4151,7 +4230,12 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 12599, + "network.community_id": "1:Aj/XpM3jpqRdnliZ41V6x4P43+E=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "asa", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4160,7 +4244,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1454, "tags": [ "cisco-asa", "forwarded" @@ -4194,6 +4285,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 12769, + "network.community_id": "1:24J8khLuXWoetlU/J6WYj+4RnIU=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -4253,6 +4345,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 12920, + "network.community_id": "1:gufBCDdtvRqSstVTarndQuv0AHg=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -4282,20 +4375,29 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "outside", "cisco.asa.message_id": "305012", - "event.action": "firewall-rule", + "cisco.asa.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8268, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "asa", "host.hostname": "localhost", @@ -4303,7 +4405,12 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 13115, + "network.community_id": "1:92e0i/+rET9QRb4OJPjo8ombnho=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "asa", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4312,7 +4419,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1455, "tags": [ "cisco-asa", "forwarded" @@ -4320,20 +4434,29 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "outside", "cisco.asa.message_id": "305012", - "event.action": "firewall-rule", + "cisco.asa.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8269, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "asa", "host.hostname": "localhost", @@ -4341,7 +4464,12 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 13285, + "network.community_id": "1:zO9YefYViVlpEmjk0y/xJ+kBVQM=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "asa", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4350,7 +4478,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1456, "tags": [ "cisco-asa", "forwarded" @@ -4358,20 +4493,29 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "outside", "cisco.asa.message_id": "305012", - "event.action": "firewall-rule", + "cisco.asa.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8270, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "asa", "host.hostname": "localhost", @@ -4379,7 +4523,12 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 13455, + "network.community_id": "1:04tYx55j9tCWtjlaXaCxE2U8b8M=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "asa", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4388,7 +4537,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1457, "tags": [ "cisco-asa", "forwarded" @@ -4396,20 +4552,29 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "outside", "cisco.asa.message_id": "305012", - "event.action": "firewall-rule", + "cisco.asa.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8271, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "asa", "host.hostname": "localhost", @@ -4417,7 +4582,12 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 13625, + "network.community_id": "1:1MUBdAvjCABqDQE9IfLWai42OhA=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "asa", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4426,7 +4596,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1458, "tags": [ "cisco-asa", "forwarded" @@ -4434,20 +4611,29 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "outside", "cisco.asa.message_id": "305012", - "event.action": "firewall-rule", + "cisco.asa.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8272, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "asa", "host.hostname": "localhost", @@ -4455,7 +4641,12 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 13795, + "network.community_id": "1:Q4mw5/UOrraSXyucLYyaom31Os4=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "asa", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4464,7 +4655,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1459, "tags": [ "cisco-asa", "forwarded" @@ -4472,20 +4670,29 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.asa.destination_interface": "outside", "cisco.asa.message_id": "305012", - "event.action": "firewall-rule", + "cisco.asa.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8273, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.asa", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "asa", "host.hostname": "localhost", @@ -4493,7 +4700,12 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 13965, + "network.community_id": "1:4DSy4gkfywR/vYGwMX8ni9L8xNA=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "asa", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4502,7 +4714,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1460, "tags": [ "cisco-asa", "forwarded" @@ -4543,6 +4762,7 @@ "log.level": "informational", "log.offset": 14135, "network.bytes": 575, + "network.community_id": "1:pux42VCSy7BX42P3cpyd4c/X1M8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4604,6 +4824,7 @@ "log.level": "informational", "log.offset": 14320, "network.bytes": 5391, + "network.community_id": "1:gufBCDdtvRqSstVTarndQuv0AHg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4658,6 +4879,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 14509, + "network.community_id": "1:mWEQuMzgDppOFGfUpnRU2SOVLC4=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -4717,6 +4939,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 14660, + "network.community_id": "1:WPQ7PgW0xK/OsH/dwOA4osO4W+M=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -4775,6 +4998,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 14855, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4832,6 +5056,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 15020, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4889,6 +5114,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 15185, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4946,6 +5172,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 15350, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5003,6 +5230,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 15515, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5060,6 +5288,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 15680, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5117,6 +5346,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 15845, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5174,6 +5404,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 16010, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5231,6 +5462,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 16175, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5288,6 +5520,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 16340, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5345,6 +5578,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 16505, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5402,6 +5636,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 16670, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5459,6 +5694,7 @@ "log.file.path": "asa.log", "log.level": "warning", "log.offset": 16835, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5513,6 +5749,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 17000, + "network.community_id": "1:ZuhnndzENnR8d8NKvStxJffM+XM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -5572,6 +5809,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 17150, + "network.community_id": "1:7t0ua2FV3S8YYwDwaXzw5Tm8M80=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -5627,6 +5865,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 17343, + "network.community_id": "1:ZhyIop0bR8c1qT9K7cSplqrW0ew=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -5686,6 +5925,7 @@ "log.file.path": "asa.log", "log.level": "informational", "log.offset": 17494, + "network.community_id": "1:vvawE2mM1hKl2WU/GmHBmMoI3G8=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", diff --git a/x-pack/filebeat/module/cisco/asa/test/filtered.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/filtered.log-expected.json index 5b15b5338d8..1ae3aa1f563 100644 --- a/x-pack/filebeat/module/cisco/asa/test/filtered.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/filtered.log-expected.json @@ -62,6 +62,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 174, + "network.community_id": "1:bEmZObpc4rxeHLkGwSyEBNS+Sxg=", "network.direction": "inbound", "network.iana_number": 6, "network.transport": "tcp", diff --git a/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json index adfb513bdb9..e959ed69145 100644 --- a/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json @@ -76,6 +76,7 @@ "log.file.path": "hostnames.log", "log.level": "informational", "log.offset": 169, + "network.community_id": "1:TIG5OyXflKDSW/Fgd/O5r5A7Zk4=", "network.iana_number": 1, "network.transport": "icmp", "observer.hostname": "MYHOSTNAME", diff --git a/x-pack/filebeat/module/cisco/asa/test/not-ip.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/not-ip.log-expected.json index bf0c3a439e7..09357b0121b 100644 --- a/x-pack/filebeat/module/cisco/asa/test/not-ip.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/not-ip.log-expected.json @@ -79,6 +79,7 @@ "log.file.path": "not-ip.log", "log.level": "informational", "log.offset": 201, + "network.community_id": "1:tTzSWYTCd+HV5W2Q/cSW6AszABM=", "network.iana_number": 1, "network.transport": "icmp", "observer.hostname": "localhost", @@ -138,6 +139,7 @@ "log.file.path": "not-ip.log", "log.level": "warning", "log.offset": 360, + "network.community_id": "1:d9RGgqBro5rzu16MqJQFehDRaKY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "wan", diff --git a/x-pack/filebeat/module/cisco/asa/test/sample.log b/x-pack/filebeat/module/cisco/asa/test/sample.log index 73ea89341b0..6553ffa18ef 100644 --- a/x-pack/filebeat/module/cisco/asa/test/sample.log +++ b/x-pack/filebeat/module/cisco/asa/test/sample.log @@ -70,3 +70,18 @@ Nov 16 2009 14:12:35: %ASA-5-304001: 10.30.30.30 Accessed URL 192.0.2.1:/app Nov 16 2009 14:12:36: %ASA-5-304001: 10.5.111.32 Accessed URL 192.0.2.32:http://example.com Nov 16 2009 14:12:37: %ASA-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.0.0.19 on interface inside Jan 13 2021 19:12:37: %ASA-6-302013: Built inbound TCP connection 27215708 for internet:10.2.3.4/49926 (1.2.3.4/49926)(LOCAL\username) to vlan-42:1.2.3.4/80 (1.2.3.4/80) (username) +Jan 13 2021 19:12:37: %ASA-5-304001: USER001@192.168.0.1(LOCAL\USER001) Accessed URL 172.17.6.211:http://testingserver.com/somewebpage.html +Jan 13 2021 19:12:37: %ASA-5-302013: Built inbound TCP connection 195207391 for OUTSIDE:85.0.0.1/12312 (62.0.0.1/34534)(LOCAL\USER001) to OUTSIDE:81.0.0.1/443 (81.0.0.1/443) (USER001) +Jan 13 2021 19:12:37: %ASA-5-302013: Built inbound TCP connection 195207391 for OUTSIDE:85.0.0.1/12312 (62.0.0.1/34534)(LOCAL\user@domain.tld) to OUTSIDE:81.0.0.1/443 (81.0.0.1/443) (user@domain.tld) +Jan 13 2021 19:12:37: %ASA-5-302020: Built inbound ICMP connection for faddr 85.0.0.1/0(LOCAL\USER001) gaddr 81.0.0.1/0 laddr 81.0.0.1/0 (USER001) type 3 code 3 +Jan 13 2021 19:12:37: %ASA-5-302020: Built inbound ICMP connection for faddr 85.0.0.1/0(LOCAL\user@domain.tld) gaddr 81.0.0.1/0 laddr 81.0.0.1/0 (user@domain.tld) type 3 code 3 +Jan 13 2021 19:12:37: %ASA-5-302020: Built inbound ICMP connection for faddr 85.0.0.1/0(AD\USER002) gaddr 81.0.0.1/0 laddr 81.0.0.1/0 (USER002) type 3 code 3 +Jan 15 2021 19:12:37: %ASA-6-305012: Teardown dynamic TCP translation from OUTSIDE:192.168.0.1/59677(LOCAL\USER001) to OUTSIDE:75.0.0.1/18449 duration 0:00:00 +Jan 15 2021 19:12:37: %ASA-6-302021: Teardown ICMP connection for faddr ff02::1/0 gaddr fe80::2205:baff:fe9d:f637/0 laddr fe80::2205:baff:fe9d:f637/0 type 134 code 0 +Jan 15 2021 19:12:37: %ASA-6-302013: Built inbound TCP connection 251933191 for OUTSIDE:fe00::fede:bbe1/62477 (fe00::fede:bbe1/62477) to OUTSIDE:2a03:2880:f253:cb:face:b00c:0:43fe/443 (2a03:2880:f253:cb:face:b00c:0:43fe/443) (soc@danskecommodities.com) +Jan 15 2021 19:12:37: %ASA-6-305012: Teardown dynamic TCP translation from OUTSIDE:81.0.0.1/50120(LOCAL\domain\USER001) to OUTSIDE:181.0.0.1/50120 duration 0:02:05 +Jan 15 2021 19:12:37: %ASA-6-302014: Teardown TCP connection 261246338 for OUTSIDE:81.0.0.1/50120(LOCAL\domain\USER001) to OUTSIDE:40.0.0.1/443 duration 0:02:05 bytes 9610 TCP FINs from OUTSIDE (domain\USER001) +Jan 15 2021 19:12:37: %ASA-6-302015: Built inbound UDP connection 261311655 for OUTSIDE:81.0.0.1/63790 (82.0.0.1/63790)(LOCAL\domain\USER001) to INSIDE:192.168.0.1/53 (192.168.0.1/53) (domain\USER001) +Jan 15 2021 19:12:37: %ASA-6-302016: Teardown UDP connection 261311655 for OUTSIDE:81.0.0.1/63790(LOCAL\domain\USER001) to INSIDE:192.168.0.1/53 duration 0:00:00 bytes 139 (domain\USER001) +Jan 15 2021 19:12:37: %ASA-6-302013: Built inbound TCP connection 261246338 for OUTSIDE:81.0.0.1/50120 (82.0.0.1/50120)(LOCAL\domain\USER001) to OUTSIDE:40.0.0.1/443 (40.0.0.1/443) (domain\USER001) +Jul 29 2021 08:35:29: %ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xABCXYZ) between 12.12.12.12 and 12.12.12.12 (user= 12.12.12.12) has been deleted. diff --git a/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json index 33522a3339c..50e7be1889e 100644 --- a/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json @@ -29,6 +29,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 0, + "network.community_id": "1:3NxcSu9jwJUYIYwJ2TO4TSNnPX8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -79,6 +80,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 139, + "network.community_id": "1:3NxcSu9jwJUYIYwJ2TO4TSNnPX8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -130,6 +132,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 294, + "network.community_id": "1:/AVpSqNe7QhujyFPgKMbMS9Ct44=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -181,6 +184,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 465, + "network.community_id": "1:462QRxMFThXYxhSyvR50cIDJegg=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -236,6 +240,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 632, + "network.community_id": "1:c8hH08+kxqP8+dYZZFCsPYYf0oo=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -287,6 +292,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 812, + "network.community_id": "1:oGT+RQ2PYVsSEX/LuKvEW6O6Jiw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -340,6 +346,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 938, + "network.community_id": "1:4NJbCZhuyrAJcj7S647C7IIhAM8=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -388,6 +395,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 1106, + "network.community_id": "1:ay9S7HyVcpV47ArwMPDsxLg6wBU=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -441,6 +449,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 1233, + "network.community_id": "1:JpGltiZUmRdP7Yj0gpMkjYQzWJY=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -491,6 +500,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 1401, + "network.community_id": "1:fZibb4nXPyoJv3pk+hIlafmMMMY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -545,6 +555,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 1527, + "network.community_id": "1:KAOD4KM9MUK44UkzQPDM20+aGPI=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -600,6 +611,7 @@ "log.level": "informational", "log.offset": 1692, "network.bytes": 140, + "network.community_id": "1:JpGltiZUmRdP7Yj0gpMkjYQzWJY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -631,6 +643,7 @@ "destination.address": "10.123.1.35", "destination.ip": "10.123.1.35", "destination.port": 52925, + "destination.user.name": "user2", "event.action": "flow-expiration", "event.category": [ "network" @@ -655,6 +668,7 @@ "log.level": "informational", "log.offset": 1844, "network.bytes": 9999999, + "network.community_id": "1:JpGltiZUmRdP7Yj0gpMkjYQzWJY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -666,14 +680,20 @@ "10.123.1.35", "192.0.2.222" ], + "related.user": [ + "user1", + "user2" + ], "service.type": "cisco", "source.address": "192.0.2.222", "source.ip": "192.0.2.222", "source.port": 53, + "source.user.name": "user1", "tags": [ "cisco-asa", "forwarded" - ] + ], + "user.name": "user2" }, { "@timestamp": "2011-06-04T21:59:52.000-02:00", @@ -702,6 +722,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 2008, + "network.community_id": "1:tTzSWYTCd+HV5W2Q/cSW6AszABM=", "network.iana_number": 1, "network.transport": "icmp", "observer.hostname": "FJSG2NRFW01", @@ -750,6 +771,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 2163, + "network.community_id": "1:EsAlPGwbpvnOIWG+1RbOLtWOWaI=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -804,6 +826,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 2289, + "network.community_id": "1:m/dSB7tetihSecuyjm6x4Rl/8I8=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -853,6 +876,7 @@ "log.file.path": "sample.log", "log.level": "critical", "log.offset": 2454, + "network.community_id": "1:cjsjwTI1K/FNwJ9mwZX971rPjfo=", "network.direction": "inbound", "network.iana_number": 17, "network.protocol": "dns", @@ -903,6 +927,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 2563, + "network.community_id": "1:Zboag8BrI6OW/Oo2vWMZ2CJe4tM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -953,6 +978,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 2722, + "network.community_id": "1:Ne/QE55iCFiCg5J75DhSp3KZzQI=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1003,6 +1029,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 2883, + "network.community_id": "1:nVqNkC3HBTw1Le7RJD28aYfCDTg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1053,6 +1080,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 3044, + "network.community_id": "1:c82bgYlFS2zsrs3He7w3jq7x6jY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1103,6 +1131,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 3205, + "network.community_id": "1:iQJvtLpa8CzCZimwacqAWJp9sZg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1153,6 +1182,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 3366, + "network.community_id": "1:CHFAR3iwADiL0sMiLhocbg8YF4o=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1203,6 +1233,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 3527, + "network.community_id": "1:fW9fDNL4osH5ogPXIzh5huGyJLU=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1253,6 +1284,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 3688, + "network.community_id": "1:VqbI7AJvRLmCOZAb2tHFFBTeRZ8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1303,6 +1335,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 3847, + "network.community_id": "1:TUJhCk7pGNvVhgiAnf4YJJaoCpo=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -1353,6 +1386,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 4004, + "network.community_id": "1:EItD1g2bG+b/iorMXbZ/3Bvjam8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1401,6 +1435,7 @@ "log.file.path": "sample.log", "log.level": "critical", "log.offset": 4163, + "network.community_id": "1:a6VFmKsjwlqdlhQIeSm95/lkWlY=", "network.direction": "inbound", "network.iana_number": 17, "network.transport": "udp", @@ -1448,6 +1483,7 @@ "log.file.path": "sample.log", "log.level": "critical", "log.offset": 4274, + "network.community_id": "1:96NZ3spb6QBXPZwoL7NadaqTMac=", "network.direction": "inbound", "network.iana_number": 17, "network.protocol": "dns", @@ -1498,6 +1534,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 4383, + "network.community_id": "1:DbXtTF7Tt+LJ0/omdap4K0RmodY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1548,6 +1585,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 4542, + "network.community_id": "1:8enMIE4IqhVXWyyRuJRvdyDxiBA=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1598,6 +1636,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 4703, + "network.community_id": "1:3vGj3wfvZB2f5kZmDflH/qfkWYE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1648,6 +1687,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 4862, + "network.community_id": "1:Wjdn68t3gwpMPxbO1bBTBvMkQKE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1698,6 +1738,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 5018, + "network.community_id": "1:OHPCPPOkvDP3KMLJodW8pdmntUw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1748,6 +1789,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 5174, + "network.community_id": "1:7ujfPje/XmaZUbijXhcBn7jzz8Y=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1798,6 +1840,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 5321, + "network.community_id": "1:7ujfPje/XmaZUbijXhcBn7jzz8Y=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1848,6 +1891,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 5468, + "network.community_id": "1:IOafOGWxFLefP+hvoAc06Z1pBj8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1898,6 +1942,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 5631, + "network.community_id": "1:89qba0kw6T/uGNWcSzTTYvNoLeY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1949,6 +1994,7 @@ "log.file.path": "sample.log", "log.level": "notification", "log.offset": 5792, + "network.community_id": "1:3EQcjAJCGY7yJRip464V5VZ2h00=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -2001,6 +2047,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 5963, + "network.community_id": "1:xQpx+K3UkeF1wQfNjT+9cuVvkHo=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2053,6 +2100,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 6138, + "network.community_id": "1:/lWsjFt8GNAqxtRiPYxbyU20/N8=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2104,6 +2152,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 6288, + "network.community_id": "1:/lWsjFt8GNAqxtRiPYxbyU20/N8=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2271,6 +2320,7 @@ "log.level": "informational", "log.offset": 6778, "network.bytes": 14804, + "network.community_id": "1:tVS/eeyng4tH7pSAcq77I2cbedw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2326,6 +2376,7 @@ "log.level": "informational", "log.offset": 6943, "network.bytes": 134781, + "network.community_id": "1:Tc+oC6fll4kTgOTp2hiirhpXAuQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2381,6 +2432,7 @@ "log.level": "informational", "log.offset": 7109, "network.bytes": 134781, + "network.community_id": "1:Tc+oC6fll4kTgOTp2hiirhpXAuQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2430,6 +2482,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 7275, + "network.community_id": "1:BX8uzuuLWZ5TLiZXPqdka12ZHOc=", "network.iana_number": 6, "network.transport": "tcp", "observer.ingress.interface.name": "outside", @@ -2478,6 +2531,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 7417, + "network.community_id": "1:BX8uzuuLWZ5TLiZXPqdka12ZHOc=", "network.iana_number": 6, "network.transport": "tcp", "observer.ingress.interface.name": "outside", @@ -2528,6 +2582,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 7559, + "network.community_id": "1:BouUIZD+TqJZdYklL1aMrJfnbQ0=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2581,6 +2636,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 7710, + "network.community_id": "1:mUqH1e0FnddfDertRLbskQ9rX5Q=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2635,6 +2691,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 7884, + "network.community_id": "1:mUqH1e0FnddfDertRLbskQ9rX5Q=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2691,6 +2748,7 @@ "log.level": "informational", "log.offset": 8058, "network.bytes": 11420, + "network.community_id": "1:kugTIYv6tVeitQAN8XRNgUPvZiw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2745,6 +2803,7 @@ "log.level": "informational", "log.offset": 8223, "network.bytes": 1416, + "network.community_id": "1:n1IQHcbrWLb1u8dflqz8hfEElA0=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3180,6 +3239,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 9335, + "network.community_id": "1:buRYH8vRkdq5apZqKHNDfmztnUo=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -3281,6 +3341,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 9599, + "network.community_id": "1:XKWgpeop6LmXORBjS+D+pjammJ4=", "network.iana_number": 1, "network.transport": "icmp", "observer.ingress.interface.name": "inside", @@ -3334,6 +3395,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 9735, + "network.community_id": "1:ZWjuP5bJeA+f0NH342ubXOWI+Lc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3396,6 +3458,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 9986, + "network.community_id": "1:iQUXct+pq5A5+rR869ELbDtnuek=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outsidet", @@ -3454,6 +3517,7 @@ "log.file.path": "sample.log", "log.level": "warning", "log.offset": 10285, + "network.community_id": "1:iQUXct+pq5A5+rR869ELbDtnuek=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outsidet", @@ -3623,6 +3687,7 @@ "cisco.asa.message_id": "302013", "cisco.asa.source_interface": "internet", "cisco.asa.source_username": "LOCAL\\username", + "cisco.asa.termination_user": "username", "destination.address": "1.2.3.4", "destination.geo.city_name": "Moscow", "destination.geo.continent_name": "Europe", @@ -3634,7 +3699,6 @@ "destination.geo.region_name": "Moscow", "destination.ip": "1.2.3.4", "destination.port": 80, - "destination.user.name": "username", "event.action": "firewall-rule", "event.category": [ "network" @@ -3654,6 +3718,7 @@ "log.file.path": "sample.log", "log.level": "informational", "log.offset": 10899, + "network.community_id": "1:iwVZPCmO/50L3MVqIW0tC5ED+bg=", "network.direction": "inbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3674,10 +3739,1090 @@ "source.ip": "10.2.3.4", "source.nat.ip": "1.2.3.4", "source.port": 49926, + "source.user.name": "username", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T19:12:37.000-02:00", + "cisco.asa.message_id": "304001", + "destination.address": "172.17.6.211", + "destination.ip": "172.17.6.211", + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 304001, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-5-304001: USER001@192.168.0.1(LOCAL\\USER001) Accessed URL 172.17.6.211:http://testingserver.com/somewebpage.html", + "event.outcome": "success", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "info" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 11080, + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.ip": [ + "172.17.6.211", + "192.168.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "192.168.0.1", + "source.ip": "192.168.0.1", + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ], + "url.domain": "testingserver.com", + "url.extension": "html", + "url.original": "http://testingserver.com/somewebpage.html", + "url.path": "/somewebpage.html", + "url.scheme": "http" + }, + { + "@timestamp": "2021-01-13T19:12:37.000-02:00", + "cisco.asa.connection_id": "195207391", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.mapped_destination_ip": "81.0.0.1", + "cisco.asa.mapped_destination_port": 443, + "cisco.asa.mapped_source_ip": "62.0.0.1", + "cisco.asa.mapped_source_port": 34534, + "cisco.asa.message_id": "302013", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\USER001", + "cisco.asa.termination_user": "USER001", + "destination.address": "81.0.0.1", + "destination.as.number": 15704, + "destination.as.organization.name": "Xtra Telecom S.A.", + "destination.geo.city_name": "Madrid", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "ES", + "destination.geo.country_name": "Spain", + "destination.geo.location.lat": 40.4143, + "destination.geo.location.lon": -3.7016, + "destination.geo.region_iso_code": "ES-M", + "destination.geo.region_name": "Madrid", + "destination.ip": "81.0.0.1", + "destination.port": 443, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-5-302013: Built inbound TCP connection 195207391 for OUTSIDE:85.0.0.1/12312 (62.0.0.1/34534)(LOCAL\\USER001) to OUTSIDE:81.0.0.1/443 (81.0.0.1/443) (USER001)", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 11220, + "network.community_id": "1:80+NOqHrJ3D1YMNcnBpJC7S6Pkg=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "OUTSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.ip": [ + "62.0.0.1", + "81.0.0.1", + "85.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "85.0.0.1", + "source.as.number": 3303, + "source.as.organization.name": "Bluewin", + "source.geo.city_name": "Kolliken", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "CH", + "source.geo.country_name": "Switzerland", + "source.geo.location.lat": 47.3388, + "source.geo.location.lon": 8.0264, + "source.geo.region_iso_code": "CH-AG", + "source.geo.region_name": "Aargau", + "source.ip": "85.0.0.1", + "source.nat.ip": "62.0.0.1", + "source.nat.port": "34534", + "source.port": 12312, + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T19:12:37.000-02:00", + "cisco.asa.connection_id": "195207391", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.mapped_destination_ip": "81.0.0.1", + "cisco.asa.mapped_destination_port": 443, + "cisco.asa.mapped_source_ip": "62.0.0.1", + "cisco.asa.mapped_source_port": 34534, + "cisco.asa.message_id": "302013", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\user@domain.tld", + "cisco.asa.termination_user": "user@domain.tld", + "destination.address": "81.0.0.1", + "destination.as.number": 15704, + "destination.as.organization.name": "Xtra Telecom S.A.", + "destination.geo.city_name": "Madrid", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "ES", + "destination.geo.country_name": "Spain", + "destination.geo.location.lat": 40.4143, + "destination.geo.location.lon": -3.7016, + "destination.geo.region_iso_code": "ES-M", + "destination.geo.region_name": "Madrid", + "destination.ip": "81.0.0.1", + "destination.port": 443, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-5-302013: Built inbound TCP connection 195207391 for OUTSIDE:85.0.0.1/12312 (62.0.0.1/34534)(LOCAL\\user@domain.tld) to OUTSIDE:81.0.0.1/443 (81.0.0.1/443) (user@domain.tld)", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 11404, + "network.community_id": "1:80+NOqHrJ3D1YMNcnBpJC7S6Pkg=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "OUTSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "domain.tld" + ], + "related.ip": [ + "62.0.0.1", + "81.0.0.1", + "85.0.0.1" + ], + "related.user": [ + "user@domain.tld" + ], + "service.type": "cisco", + "source.address": "85.0.0.1", + "source.as.number": 3303, + "source.as.organization.name": "Bluewin", + "source.geo.city_name": "Kolliken", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "CH", + "source.geo.country_name": "Switzerland", + "source.geo.location.lat": 47.3388, + "source.geo.location.lon": 8.0264, + "source.geo.region_iso_code": "CH-AG", + "source.geo.region_name": "Aargau", + "source.ip": "85.0.0.1", + "source.nat.ip": "62.0.0.1", + "source.nat.port": "34534", + "source.port": 12312, + "source.user.domain": "domain.tld", + "source.user.name": "user@domain.tld", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T19:12:37.000-02:00", + "cisco.asa.destination_username": "LOCAL\\USER001", + "cisco.asa.icmp_code": 3, + "cisco.asa.icmp_type": 3, + "cisco.asa.mapped_source_ip": "81.0.0.1", + "cisco.asa.message_id": "302020", + "cisco.asa.source_username": "USER001", + "destination.address": "85.0.0.1", + "destination.as.number": 3303, + "destination.as.organization.name": "Bluewin", + "destination.geo.city_name": "Kolliken", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", + "destination.geo.location.lat": 47.3388, + "destination.geo.location.lon": 8.0264, + "destination.geo.region_iso_code": "CH-AG", + "destination.geo.region_name": "Aargau", + "destination.ip": "85.0.0.1", + "destination.user.name": "USER001", + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 302020, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-5-302020: Built inbound ICMP connection for faddr 85.0.0.1/0(LOCAL\\USER001) gaddr 81.0.0.1/0 laddr 81.0.0.1/0 (USER001) type 3 code 3", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 11604, + "network.direction": "inbound", + "network.protocol": "icmp", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.ip": [ + "81.0.0.1", + "85.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ], + "user.name": "USER001" + }, + { + "@timestamp": "2021-01-13T19:12:37.000-02:00", + "cisco.asa.destination_username": "LOCAL\\user@domain.tld", + "cisco.asa.icmp_code": 3, + "cisco.asa.icmp_type": 3, + "cisco.asa.mapped_source_ip": "81.0.0.1", + "cisco.asa.message_id": "302020", + "cisco.asa.source_username": "user@domain.tld", + "destination.address": "85.0.0.1", + "destination.as.number": 3303, + "destination.as.organization.name": "Bluewin", + "destination.geo.city_name": "Kolliken", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", + "destination.geo.location.lat": 47.3388, + "destination.geo.location.lon": 8.0264, + "destination.geo.region_iso_code": "CH-AG", + "destination.geo.region_name": "Aargau", + "destination.ip": "85.0.0.1", + "destination.user.domain": "domain.tld", + "destination.user.name": "user@domain.tld", + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 302020, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-5-302020: Built inbound ICMP connection for faddr 85.0.0.1/0(LOCAL\\user@domain.tld) gaddr 81.0.0.1/0 laddr 81.0.0.1/0 (user@domain.tld) type 3 code 3", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 11765, + "network.direction": "inbound", + "network.protocol": "icmp", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "domain.tld" + ], + "related.ip": [ + "81.0.0.1", + "85.0.0.1" + ], + "related.user": [ + "user@domain.tld" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.user.domain": "domain.tld", + "source.user.name": "user@domain.tld", + "tags": [ + "cisco-asa", + "forwarded" + ], + "user.name": "user@domain.tld" + }, + { + "@timestamp": "2021-01-13T19:12:37.000-02:00", + "cisco.asa.destination_username": "AD\\USER002", + "cisco.asa.icmp_code": 3, + "cisco.asa.icmp_type": 3, + "cisco.asa.mapped_source_ip": "81.0.0.1", + "cisco.asa.message_id": "302020", + "cisco.asa.source_username": "USER002", + "destination.address": "85.0.0.1", + "destination.as.number": 3303, + "destination.as.organization.name": "Bluewin", + "destination.geo.city_name": "Kolliken", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", + "destination.geo.location.lat": 47.3388, + "destination.geo.location.lon": 8.0264, + "destination.geo.region_iso_code": "CH-AG", + "destination.geo.region_name": "Aargau", + "destination.ip": "85.0.0.1", + "destination.user.domain": "AD", + "destination.user.name": "USER002", + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 302020, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-5-302020: Built inbound ICMP connection for faddr 85.0.0.1/0(AD\\USER002) gaddr 81.0.0.1/0 laddr 81.0.0.1/0 (USER002) type 3 code 3", + "event.severity": 5, + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "notification", + "log.offset": 11942, + "network.direction": "inbound", + "network.protocol": "icmp", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "AD" + ], + "related.ip": [ + "81.0.0.1", + "85.0.0.1" + ], + "related.user": [ + "USER002" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.user.name": "USER002", + "tags": [ + "cisco-asa", + "forwarded" + ], + "user.name": "USER002" + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.message_id": "305012", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\USER001", + "destination.address": "75.0.0.1", + "destination.as.number": 7018, + "destination.as.organization.name": "AT&T Services, Inc.", + "destination.geo.city_name": "Carson City", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 39.1507, + "destination.geo.location.lon": -119.7459, + "destination.geo.region_iso_code": "US-NV", + "destination.geo.region_name": "Nevada", + "destination.ip": "75.0.0.1", + "destination.port": 18449, + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2021-01-15T19:12:37.000-02:00", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from OUTSIDE:192.168.0.1/59677(LOCAL\\USER001) to OUTSIDE:75.0.0.1/18449 duration 0:00:00", + "event.severity": 6, + "event.start": "2021-01-15T21:12:37.000Z", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 12100, + "network.community_id": "1:kOYfvYjW0lZrPxD+ArQ6vDYnS7g=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "OUTSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.ip": [ + "192.168.0.1", + "75.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "192.168.0.1", + "source.ip": "192.168.0.1", + "source.port": 59677, + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.icmp_code": 0, + "cisco.asa.icmp_type": 134, + "cisco.asa.mapped_source_ip": "fe80::2205:baff:fe9d:f637", + "cisco.asa.message_id": "302021", + "destination.address": "ff02::1", + "destination.ip": "ff02::1", + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 302021, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302021: Teardown ICMP connection for faddr ff02::1/0 gaddr fe80::2205:baff:fe9d:f637/0 laddr fe80::2205:baff:fe9d:f637/0 type 134 code 0", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 12259, + "network.community_id": "1:bHWN9qumWIGMl/MbjgS2bQi/Jsw=", + "network.iana_number": 1, + "network.transport": "icmp", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.ip": [ + "fe80::2205:baff:fe9d:f637", + "ff02::1" + ], + "service.type": "cisco", + "source.address": "fe80::2205:baff:fe9d:f637", + "source.ip": "fe80::2205:baff:fe9d:f637", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.connection_id": "251933191", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.mapped_destination_ip": "2a03:2880:f253:cb:face:b00c:0:43fe", + "cisco.asa.mapped_destination_port": 443, + "cisco.asa.mapped_source_ip": "fe00::fede:bbe1", + "cisco.asa.mapped_source_port": 62477, + "cisco.asa.message_id": "302013", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.termination_user": "soc@danskecommodities.com", + "destination.address": "2a03:2880:f253:cb:face:b00c:0:43fe", + "destination.as.number": 32934, + "destination.as.organization.name": "Facebook, Inc.", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "IE", + "destination.geo.country_name": "Ireland", + "destination.geo.location.lat": 53.0, + "destination.geo.location.lon": -8.0, + "destination.ip": "2a03:2880:f253:cb:face:b00c:0:43fe", + "destination.port": 443, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built inbound TCP connection 251933191 for OUTSIDE:fe00::fede:bbe1/62477 (fe00::fede:bbe1/62477) to OUTSIDE:2a03:2880:f253:cb:face:b00c:0:43fe/443 (2a03:2880:f253:cb:face:b00c:0:43fe/443) (soc@danskecommodities.com)", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 12425, + "network.community_id": "1:lOTrEnVpsUc4jukAUBxF/BkD8jE=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "OUTSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.ip": [ + "2a03:2880:f253:cb:face:b00c:0:43fe", + "fe00::fede:bbe1" + ], + "service.type": "cisco", + "source.address": "fe00::fede:bbe1", + "source.ip": "fe00::fede:bbe1", + "source.port": 62477, + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.message_id": "305012", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\domain\\USER001", + "destination.address": "181.0.0.1", + "destination.as.number": 7303, + "destination.as.organization.name": "Telecom Argentina S.A.", + "destination.geo.continent_name": "South America", + "destination.geo.country_iso_code": "AR", + "destination.geo.country_name": "Argentina", + "destination.geo.location.lat": -34.6033, + "destination.geo.location.lon": -58.3817, + "destination.ip": "181.0.0.1", + "destination.port": 50120, + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 305012, + "event.dataset": "cisco.asa", + "event.duration": 125000000000, + "event.end": "2021-01-15T19:12:37.000-02:00", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from OUTSIDE:81.0.0.1/50120(LOCAL\\domain\\USER001) to OUTSIDE:181.0.0.1/50120 duration 0:02:05", + "event.severity": 6, + "event.start": "2021-01-15T21:10:32.000Z", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 12678, + "network.community_id": "1:R7zADbxzUGXOH0O/Hzma4ba6iHU=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "OUTSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "domain" + ], + "related.ip": [ + "181.0.0.1", + "81.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.port": 50120, + "source.user.domain": "domain", + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.connection_id": "261246338", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.message_id": "302014", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\domain\\USER001", + "cisco.asa.termination_initiator": "OUTSIDE", + "cisco.asa.termination_user": "domain\\USER001", + "destination.address": "40.0.0.1", + "destination.as.number": 4249, + "destination.as.organization.name": "Eli Lilly and Company", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "40.0.0.1", + "destination.port": 443, + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 302014, + "event.dataset": "cisco.asa", + "event.duration": 125000000000, + "event.end": "2021-01-15T19:12:37.000-02:00", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302014: Teardown TCP connection 261246338 for OUTSIDE:81.0.0.1/50120(LOCAL\\domain\\USER001) to OUTSIDE:40.0.0.1/443 duration 0:02:05 bytes 9610 TCP FINs from OUTSIDE (domain\\USER001)", + "event.reason": "TCP FINs", + "event.severity": 6, + "event.start": "2021-01-15T21:10:32.000Z", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 12842, + "network.bytes": 9610, + "network.community_id": "1:Wki7xXtyiCACPfXpHuQV+NLf33o=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "OUTSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "domain" + ], + "related.ip": [ + "40.0.0.1", + "81.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.port": 50120, + "source.user.domain": "domain", + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.connection_id": "261311655", + "cisco.asa.destination_interface": "INSIDE", + "cisco.asa.mapped_destination_ip": "192.168.0.1", + "cisco.asa.mapped_destination_port": 53, + "cisco.asa.mapped_source_ip": "82.0.0.1", + "cisco.asa.mapped_source_port": 63790, + "cisco.asa.message_id": "302015", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\domain\\USER001", + "cisco.asa.termination_user": "domain\\USER001", + "destination.address": "192.168.0.1", + "destination.ip": "192.168.0.1", + "destination.port": 53, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302015, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302015: Built inbound UDP connection 261311655 for OUTSIDE:81.0.0.1/63790 (82.0.0.1/63790)(LOCAL\\domain\\USER001) to INSIDE:192.168.0.1/53 (192.168.0.1/53) (domain\\USER001)", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 13053, + "network.community_id": "1:BIxqdLncXeXXZrNudh3yrj2zmZc=", + "network.direction": "inbound", + "network.iana_number": 17, + "network.transport": "udp", + "observer.egress.interface.name": "INSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "domain" + ], + "related.ip": [ + "192.168.0.1", + "81.0.0.1", + "82.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.nat.ip": "82.0.0.1", + "source.port": 63790, + "source.user.domain": "domain", + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.connection_id": "261311655", + "cisco.asa.destination_interface": "INSIDE", + "cisco.asa.message_id": "302016", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\domain\\USER001", + "cisco.asa.termination_user": "domain\\USER001", + "destination.address": "192.168.0.1", + "destination.ip": "192.168.0.1", + "destination.port": 53, + "event.action": "flow-expiration", + "event.category": [ + "network" + ], + "event.code": 302016, + "event.dataset": "cisco.asa", + "event.duration": 0, + "event.end": "2021-01-15T19:12:37.000-02:00", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302016: Teardown UDP connection 261311655 for OUTSIDE:81.0.0.1/63790(LOCAL\\domain\\USER001) to INSIDE:192.168.0.1/53 duration 0:00:00 bytes 139 (domain\\USER001)", + "event.severity": 6, + "event.start": "2021-01-15T21:12:37.000Z", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 13254, + "network.bytes": 139, + "network.community_id": "1:BIxqdLncXeXXZrNudh3yrj2zmZc=", + "network.iana_number": 17, + "network.transport": "udp", + "observer.egress.interface.name": "INSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "domain" + ], + "related.ip": [ + "192.168.0.1", + "81.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.port": 63790, + "source.user.domain": "domain", + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T19:12:37.000-02:00", + "cisco.asa.connection_id": "261246338", + "cisco.asa.destination_interface": "OUTSIDE", + "cisco.asa.mapped_destination_ip": "40.0.0.1", + "cisco.asa.mapped_destination_port": 443, + "cisco.asa.mapped_source_ip": "82.0.0.1", + "cisco.asa.mapped_source_port": 50120, + "cisco.asa.message_id": "302013", + "cisco.asa.source_interface": "OUTSIDE", + "cisco.asa.source_username": "LOCAL\\domain\\USER001", + "cisco.asa.termination_user": "domain\\USER001", + "destination.address": "40.0.0.1", + "destination.as.number": 4249, + "destination.as.organization.name": "Eli Lilly and Company", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "40.0.0.1", + "destination.port": 443, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302013, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302013: Built inbound TCP connection 261246338 for OUTSIDE:81.0.0.1/50120 (82.0.0.1/50120)(LOCAL\\domain\\USER001) to OUTSIDE:40.0.0.1/443 (40.0.0.1/443) (domain\\USER001)", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 13443, + "network.community_id": "1:Wki7xXtyiCACPfXpHuQV+NLf33o=", + "network.direction": "inbound", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "OUTSIDE", + "observer.ingress.interface.name": "OUTSIDE", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "domain" + ], + "related.ip": [ + "40.0.0.1", + "81.0.0.1", + "82.0.0.1" + ], + "related.user": [ + "USER001" + ], + "service.type": "cisco", + "source.address": "81.0.0.1", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 40.4143, + "source.geo.location.lon": -3.7016, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", + "source.ip": "81.0.0.1", + "source.nat.ip": "82.0.0.1", + "source.port": 50120, + "source.user.domain": "domain", + "source.user.name": "USER001", + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "@timestamp": "2021-07-29T08:35:29.000-02:00", + "cisco.asa.message_id": "602304", + "cisco.asa.tunnel_type": "LAN-to-LAN", + "destination.address": "12.12.12.12", + "destination.as.number": 32328, + "destination.as.organization.name": "Alascom, Inc.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "12.12.12.12", + "event.action": "deleted", + "event.category": [ + "network" + ], + "event.code": 602304, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-602304: IPSEC: An outbound LAN-to-LAN SA (SPI= 0xABCXYZ) between 12.12.12.12 and 12.12.12.12 (user= 12.12.12.12) has been deleted.", + "event.outcome": "success", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "allowed", + "deletion", + "info", + "user" + ], + "fileset.name": "asa", + "input.type": "log", + "log.file.path": "sample.log", + "log.level": "informational", + "log.offset": 13641, + "network.direction": "outbound", + "network.type": "ipsec", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.ip": [ + "12.12.12.12" + ], + "related.user": [ + "12.12.12.12" + ], + "service.type": "cisco", + "source.address": "12.12.12.12", + "source.as.number": 32328, + "source.as.organization.name": "Alascom, Inc.", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "12.12.12.12", "tags": [ "cisco-asa", "forwarded" ], - "user.name": "username" + "user.name": "12.12.12.12" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/fields.go b/x-pack/filebeat/module/cisco/fields.go index b7ffbc2b460..a1e5fe24bef 100644 --- a/x-pack/filebeat/module/cisco/fields.go +++ b/x-pack/filebeat/module/cisco/fields.go @@ -19,5 +19,5 @@ func init() { // AssetCisco returns asset data. // This is the base64 encoded zlib format compressed contents of module/cisco. func AssetCisco() string { - return "eJzs/W1zGzmSII6/30+B64j/2e5Q09Pubu9N3+5eaCX1tG5st9ay3fu/mIgKEAWSGKOAMoAixf70v0AC9cAqFElRQEneHb9w2BKZyEwAiXzO79Bnuv0ZEaaJ/CeEDDOc/owu/H9zqolipWFS/Iz+7Z8QQuitzCtO0UIqtMIi50ws3ceRoGYj1WeU0zUjFHG51LN/QmjBKM/1z/8E37Z/vkMCF9SvOcNF2fwGIbMt6c9oqWTV/aminGJNf0ZzanDn5zld4IqbDJb4GS0w13Tn1wPs6z8dKkqsdEvE+dubBvP6T01BF0BNhGEF1QYXZSawkJoSKXK988maqBwb2vvFHgTtnw8r2sJHTKCrUpIV6izUYhlEjq6pMJldPmN5EKnPdLuRqv+7A3idI13N0fUlkgtkVtQtc4ZyWlKRW1ZK4X4GixzAMaeGErtSPPws3yzwGr8C8w1W1C9F82Mxiso0i1TLsmaNA7gQKQQlRqpsWcXG5i8fW3yadZD2e8jEQqoCWwDIwL04gCpcWkAzfP5PO2oCYaXw1uIJCwDWt1YiYENzi1kk9NcVF1ThOePMMBomYcGxMVTQBxBRI95briakwJwRJivtLtABnDXBYtZZPB7fL9tfW6xxfaE7fMewPJpTx25mmP3NGchUeoeLklMgSZeUsAUjKGcK9mgL2B9DGuEUh4maSxn43QGi/t19Ca0xryhiC0+CoDlaME7RBmsESyKpkJBHcd8DyCyA8KHhUizvh+eFrISxbAegDY5MINwy8T7IlUoSqnV8BBvADZK7B4SJJafunBx9nhuksVlFRzhniwVV9iTXjGRRkW/ub9ZI+Og0tDLCnQ+pUC5JVVBhdPPGPYwWIouyMlTNJn9/zpBmBeNYgUSUJeJ0TXnvHTxD88qgSrAv7h4XFTfMypvmYxrZB5+JteTrgw9+Qy29M1QJzDNWBkkd/PgIKmuY6PqmJrbempXUR28EJoat+/rjA2Thted7peA2UJGXkgmDmEZuqeNkYIOfV/4znOdqXNSc+oBy3lgXTBiqFpjQnSfevvL346y9O7Oc6VJqFvftvMCGLqVif+D6+bRr7T6M37ytL/E3ltHfXNgd/OYAyjWPLeFToY4bxgcUgBR0iUUxc7I5uk1QH/YGPJpjTXN7eLSsFKEIi9wCMkw4Blwf0ho9O2YFJmmUXsx5w/O35xeouV9HIkZGhMajIUa4rPKMSTKJ4toVCte/XcBZbRRS+wM41RotlCyOMBJa5PVKKpMlIeHWgu5+KAEhO1euxPZaTCdRavzjCQ1PAcupMMxsZ0X+UzwS3l7+hFZYrwLb8BAc9Qp/H/HQ/Hr+fXQsF4Dlq59eR8Xz1U+vT8QU3mysyIqtvck13aEFC9GvneQVDBA3zXmu13Qk9jwr93NI7KMh8XmfjorU9yE6JcZg8tkapJhxPcNlyRnB8dWrDmDnfu2gfnVXcskMulGANqs9xIe0hSAB8F+aZwU48eMRcYPNquYzvaOkMnjOwRDKOUdmhQ24iOr1vbbo7e35NkDkCdRZlbS2ouLuj4WMClpIta21tf7pop6CIz3lIfx1pUvvAhn3iT1Y+6zxdh6QzYoKhIXfGWvDPnxbplWKSgymSYRnhCol1WRO4dptAKseJZIcfvB3RmQe8fqCtwXwsHD9p+dMLHe0jOMxNStFsclWlTBMLGearqliZhtR9nuISFFdcVPLf7cususiRZdMG6rGHwB0AU549EZuvrtQzDCC+f0IY4LA85YpWlqjJq2nr5E4LZV2i9zaJyJufzAR2kysqTZs6SNLCpPPEP/QujoU0hjDHmLuETG34Gq060X6gr7HfXD5WfXmNAp0VRRYxbwZDmBNhawMkQWtvXxxkVe0oDmLrA+9p0QWBRU5wIXwnqJa8rWLiXWjf1sEIh/eqONcl2OUxD7/LB+efn+c7DMVfyuoyDPDivBluH/+xO9WLehL1AUTmLM/aG7ZTrjUB7Wc0VNvsDLJ8bUaZxNdPUEfYyK3SrlUUT3yl00crYEPALVTkwtsyAr+M9Qpd3WcNiD39vrD+ytk7BEih8yC3pb4L8Uk8A3TpnZz7mDWl6SdK1GJex4lQ8kKglipUW/WeRj2XwubC2YUzfahe5oBEvJ9w1oea3R9+Uwf4OHXteWek/uRjs7Merkj+GmfWSzyjDNBZ1gtXRg87jt48eYaNaD77LzgssrRByexr3+78JqsMz0hp/AAi+dlluOdtEb00ONw1UZzJXeaaidY+k8DHrpETN3FIZyIuWfdXyBJEmS7z6S8PUe/MEU3mPP92ZTNYaNa4+UgV3F89/ayAXauwcTDRt6xzagKbkuTzFEtFuzuSDT8W/Yz0lTrvhq5F8ff4OeY+/UQXhiq0P/PInwsohC4zJqoeAzO3bpgaBtpr7W9BZcbtNd6bnMomyBqXNwuO9HZhyCoKk4z+88YSL3rJJueE0K1RhdSGCW5k8x2sa5iZK1fts+D29vdSlOVAlcL1+HFnK7mw+COnUdh2N3oydDshujvgWuBy5LmWX1lygCevR8eFDBGYaHde+B5d31TO1fvgYs1+o7m2t6c95NwHrU5w9ja9y2A7SCl7QRMRp1APUx25EvkjdxNALnPbnaxeqwt7WJ/7L528U6xuV2cDu6wt5Eg7y+OHgCqmcsjtNKiLgd4iebSCGosposFIzP0mwCZs6Zq+x2XmzNk/+qBK2ROFTb0DK3YcmUfG/i4/c8xZBHn+t/GoMyHEbbN8zdO2S+tyf0zWjNV6TP/mT59Rsm/Y3GGqCF76fGploEyiROp+ejTORu9B8jC8KbvxYSRooQilwAWkKZzPA7XF29vxotWdhYcxC5OX9CCOpbXI3SmESufbt511kY7a4d0AVxmihKpehUgBxF5gIaPtWZLQXN0eX6D+osHWdnai1nYXkyJrl8e2eU7NiWXy6WzGO015pJgjnCVM2N/s4+cmvz+I3gkDfd9JdvnsGU85MDASeGMCoN0BRrwouJ825wesZeKUrE143RJZ5Lf8wyfuBfgasWgWep2eatfkhUWy1pD9/qm5LkrGjmOCEE3T5AIQTeHiZhXSpuZnP+dkr4US3cpao+KWxbEPuCBNlgJJpZ7L7TDmE1zbLrYWiUAXV+ehK7PRM5UP0aQVPb49GeHLKCvKRVHYCvFgi0rRfPHQbhdv4P7YbTxevk4+OI1VXhJH8ToR0O+w+wAHZhzuem4I/ec8KLi2LA1zYisxHTCxEiDOSJ1sVQH9xUzGmkmiIvBemkDRX9WNa8jghSr/QQaqoquy2MS0s7Pz5uaZvCHKPqlArNq2UVoH94bOl+XYubqdO/lp3moHvk7nVsFwRXwAhWNW2dOrWWpkZH/1MfXuaUXpovNw93SvzBFS7mhqjYML+mCCk2fiK/6lw+XX5ev2iL8D1/1P3zV//BVf9W+avRRU3R1cet/NRPYzFj5Dxf2iS7sEDufsG+7Qbfz+3scgX/4vQ/jtHss+nz+h1f8H17xf3jFdxY86BXXlFSDhHy3XtCB1S7YW+493nhNH5h76+Giq/EKpf8invmUKN7XM7/XrE6F6H9bs5pJHdWsvv7t9oi+eU3YAgyPjLN76ApHKuBWq3FmjYW+9/IuMIEE/PuazrdXF/fbqHohZCTarBhZuXfJm/mKLqjS6HknLfoM3b57e3OGbv//t2dQZqhlD+xCKrN6MUPnLXDXjQthtMIq9w3v1ozQM4RRqaSRRPIzBK+Hq5xEctF/5qxdtdWGFkjLhbFAZujaoJwKaeiO3eUfV4Ir3fDefbWvGjgyZ4OD6OvOZ41pPOvdHrmmaqOYscJBVXRwXoebdHpDyO4RGraa2ayocrfL6w5ohTWaUyqQnGuqdnoMNWb7TkLlIWKGl28vKeN3C7AWeFdLHF99bP39bS8L3e9etW+Fe2TgfrDm8We6teZzpV14keDSVJ7/Cm+aiwNmNpEF1ZZoSMftgUbojVyiS2p1CRUmxMEalM6cSs5u601LWmTAHuHE3Pcs13VzLgNharlATGiDhanR0EEcAzUxxyB4qGLmQyeaaZdA2Hhximt3pnPyY/SOmt+ZEfYZ8Ls/GxyNhli9khXPkaBreDmbc1dipSl6Sw22qGHXW6Vd6vkbudQvbzD5TI1+MQB/CV2G+PasicJi9J46YeFOuOigOQsycmjuHcfJQ93lLmmpKAEb1WKS0wUT0AiJA1qu7r3AZRirQi+HtWYxT6Df47f+nl9ffu97NjrHWm0L1fVFmECehNsvNdgIoA4quP1pgc/Z7SixMoxUHCv4vt/Y2ejJGIA+6aSETsYA8vhJGd2S9bR78uofe7J/TwJVHZE25GHXV87/ngEh/W15Mtit8SlCLzlqijrd9yniZtmW6v4/DDNtsKEF7aUAPBHkIMkuIxwPmq08CfSoMIOy+ieB2CrQuuNJIMbEaYil1ZhqyfF0T1pO8SnSIy3bFtQFaWLZUCN6TcjODLRftNgM9JCBkvAwK6KnhwygH7Aixrk4cExOwkXR8aoE2efYNSAzEvtQgIP3Zh+ZQq2uBmGemv66E+OuUXshBbGPAzbyqVu2I+JmzdKKwy53L+wybFE3p/MH8o1cuhBPnURUiZwqcJZSL6gGpC/YHc2RppBbuPPl3TX0uMFSb8IA9oMNlmYTBqDvtSlDT2B8/9JpB3NA1z14cj8eDLIYkpzLX6U2XRHJ+yeynmbif6lDx6bjQ/p6+DvopH8Md/e33+8y9vpm/WNTqTJ23fvMHVBv5NfK3HW/Q2l09r7+78veQaA/iWzoywXnSOt6y3KE0ZKtqWicZF+vImCCM8oe3wLJn6Ly93VENEYdGrLcZop+SbDX3eAhbDDQ7asqr9zS6AYu0pn3ZhuMPmxLishggApYIZSZFVXo47Uw379GUqFfuMTmh1ft5AgfIIOamWETwSHdp6i7XzHdEAZNZ3xG8C8Ecw8nsY7rlb96B4NUG6wGNcjRtI6OROuQ3eXk9c2nHX0PQ5Vmf0tRndviHlGPNlQ40J35GVAeptiSQbmL+86utnKAD6n0rz2JEdc3n14HWBDOyUERWNBgNORyjNenPahDxfHU12dFcU7VJLHrX2EpdH35kCipw7cbLAUwp8VKn7STjZMsuZ8N14rWdatowUWxpsuF5Bwmx32NAthy7xFybuyZYxoRx7p6QmVHUX0j+2oL2sPoJ2jxFWT+VFTVQmpIdiukQPPtYNNQnblsAWpWlHzr98l+2LXcxWSFNMspev4nZFaqQq9++ukFFEBr6jsPF32/1y4nnoTyegQndCmFpulYQb6aU+EK4WufQlXMndCDseJBCOg5nss17TCDiWBmZS3etFEUF6P3h3w1x+aRWUVzVvX1tBiM+iakOTaOBbZAzPytevWn7/+snUh/WYIArZH+24Cav1l78A3eUoVeoStBcKkr32XWmpT3kush6A8MfgRyK0Or/PAK/asl9wz98AP6V0SkgsYusE1u0TP0P7n53/aDTKNdpnwT3EIh80Cd9hOxdcWGZgRzPsfkc1oN2CFXFwxg4yeHMt2Oi/E9dIKIwuHIYExLan0QBihiDhgDptpIZTVrsXVah/3FGnPmxjigEFLI9dG2LwyngDwMQjgueXH3Rgwgx4gF+uuwJ2w0sgtbLnH+VN45jw7S7A+KCmrUsLE7gpHP/Q+DLeye+1oI22cfm1ajdeOX7LbN0K9yY7dmaHMygaSyxpiR6DOl5QGmPYkX7ythmpshn61ZnuWpoq5NR/QlFVCorKGsqnJ2tLcL10yZCnNrtO/43kXAxeGHlLvau3YSvr/q15dIWWmtwaECTMNqSU3zsYOc0CpR0tOjc6Juk7CPEypJKGgo+Nv5Tu9pIQ1Ft/681x2h5tsxQYmgwYsLxHwFgRe/UqZLzlJmNjxpc16zgdr/JHQzK3MTnne4dfYNqMs0/amrrRb/hPzXiDA68bJgg5FqE8ToYWCrVOjm4vzG676+KJcVbihI4In86tIgqqfh/vCdMcAQH7YYRM6VumvKV+1XWoPd6Tlgmc/Qq59eow3wvaBYwGyaoK8AnPqgJrX+I7ShynV6RNBZBWuDpOiVi+wy8dHVxK+biYG7miJs63n3u1Q5MM41hyArIblcbvuBuAVTAy0WoZ8QWWGFiXFMtJd6C/iD01ygSvicHr7jMx+tqI1d0O0C9SmDCHtil2BRFG42bx1GUHgzKtNAsvbUSkxAY3UxCj9dGklCoJMpQNQGixyrHAmpCjcDMGDLqyLIn9xnOZzMIlnNB0/SvZjUYt0g85KzBQWKAwa+pkSKfETBbrc70yaln2UPQUwQWZScmuABGHWiYlDgjWI9MdipN1PmkQ7yrV07eJzHjvLuyRw9foUUZhVpm9r61Fg5L22WU/5IjL8SeQq2W5B/SJG628IesWhXr1VMl177oc/hgYhKdqPPkaF3xl8+tKZKd8op8n15YIH9fehh21Ici8y2TI9IldPgENo4p9gn2fhnSjcr1jpGnWnTfLAbXx++VkoWM4BaQVG+JlRgxaRT64uKG/adYVQhXJa8rn5pe9kUWOBlqDQXIQ7hnZ22PnUPL8TMM43kRrjImMFF2fcMeoyh5amSw+QjZjQiK2atG5lTPUNvK23ATOoCdQMLR/JysaEnbtJeAbZYWLzXdApNCDa5XtDxDlpBUUHcgcACpuuuWW41GzgPYUF2WwuyDz3mhYm8K5majMJ2P10s6M6eRGb4tu57ZSToaxYp1w9zr2804qaPunDOrDRu5NlssGSTTiar2BKoGChyD4XY8D/2VQEN8ktFq8mOkj3d7hS18nGDNQIk8pFzA8h9H5upEZWCHYYmkGnLwiR4fZdFClxhFG58oCm05zKmKNoF+io61AS6UucVeRwTsmc+Bt+YwXN5rzfnVLF5SK6dEixoH4heN4TYjiBMBkp8DMVaVzx12GnEipKVIbKgLx0OjfECWdmDBpjIngvHgh0DcuSA0DUddCCejLB6dV8E2Ins7HP5pC1eHPQOdK90U+lioUHcqaSELVhr+IS1W989f+RMeV05fTZTYAMaFyPL24KJ2kWV+yBLEG9vNk+1CZ92rfSuJSgV+u3Wp8YyXScE9P1qyPeF7c2sQDtVkrqUmkUUHEedLTCnRe46TEEqf313R7vwVNwMe5Q/ligSVUEVI/eVRUHaJqhi20NYt5KtuRlOLLn7PSBtTUUulU+Y3UuZnP/9EbrX1KHdQCf5LmLpa8EH7LYSdD9iTtKn7FX3zfBC+qp/L2a8l2uFm9xiIQ3CMJnDIhlOoOVymdWJKo8i1OuDeG+hPkXPlB3Z9xdIt4Ku1btDPbtYlZIzsk19e/bIhRtAwDfXFnw7IpeD860SM/B9xSkgFhanUhh6l1pjbRC6Fs5f1/ZDxXmu7V/wqMJAQ0Ao1ADmwOPsZsFm/aG0CWTBWOCyHjzb9ArBxig2rwztSIhhjr4fY2u19e7zFxYduuwPbXu41eIGGk9/c8AQ7OcX+enKHf0tYNw2syvqhoO6zflSa6pm6Ja2UyJmeEmhlbfPdF9IVeMwgF2DcXo7cVMm3Pc7fSukQnMlN/Z39U+9runMrtF+0tf5DVYmtpuuARzbo+LvVH9a9XR3qplInfBKyZL6gGKqt/hcIMypMk12kWoX9T9z4S0vPjpNACAJKaAw50hI8Z2iJQVLZl/2A5gNUz459Yjdxl4xzRjal8xF2Orwz4CyDTMrryw7WY8uYcE5VJsIJMV3S2n/veclcCNqAopjQrpxJxj4EhCwSMoFstLBMKpn6LaVKf3BBt3KqjQYX7hyvkpbI8aVjLpkm9yLX894jAivtKkPpP/PYJvgK0zbnfQ10d6/YRVf+O24CjS59uNuWNiid22Z0illzw4ZXhbLS8ACYa0lYeAvtbsRtCdhw96wz/RnhFG52mpGMEc505/PUKlgJgpMb3sWVpSxwqfUXt7zoXd1NgoX1MDIfqyhi5eGRg6uFwGRRWGlmNwJ2g9La3YG0aHh0+Teg8fS+Dp7mOBhcuKbyKKshncwwbZhtGEilxufT0ukILQ0Z00mxSgzBmQuKs636EuFuXN+5rLATHipIToLcTnydHW9nrHUpT2kW5XwDROfae5rgepEdKzBO+UNFPubbxrUZizft3F80BUiqajrTnZybok+AjV6v90+Fl6/ld7zim6H7XqaoLObR5doNMKIi9WvCdi6879f0/4hsqa9YDz9HW9I/gVWa66xonlFKKojRzTsbtNUMcyzwGua7BG5hSVrtbn/PnYeQPvCjPoFKPmsT2o5EMNj7Fe3D90K61VzQ61aGKgyrMjKZf7WNTZNmeFFDanXIswS0iwz04rYbzX/H1aaIivPBWKQc1cJwilW9kfQCK9FzRcQtkPwXGHn4eiDE36DyZZP/MUispjXI4zlYufB8mWj6h6vF8zYndrT19VGAIFxj980AdLAlbhwq7uejOOeUmfBJXeNN+xzXubrS/TOSZrnvnEDctP2OqNHX4T1aueAfgxffsf9fH0JLPUlb42YGHoPdiNyLg3QkTBzh8jKgg3TYSN1rbcpe9nvRnV9gbZTF/b6sUfmUSe+dBftcOLry4OabCz/3AFN1iL2SuStRjtDF64+0/c75e4X+7VZQFDtfuL7b7w7bl6ZpnJTmuYxqgSn2nFGugdlI9EaK4bnfFAF6JoyMIFKjkcEgaZCJ+2PsrOhXVXVrTyzkspqGHV9IbP7fPvy+qavQyPfMtZ5FMbqsk8cKHh0LWQbaXFIomth0C1bCgzCYuSIllKlbF77bCC/7CG9qXU3CV0d4Z8Wke68b3vKchk4OO9++4CYILzKqRVnfpCt/foMPb+qBxjfOIeIAwvSexb2i0BkbvLYJjin2qcljBnTn63KfQJe9yjF67gx3/mn4T3Tn/eEXI1iyyVV6UbYhVn2qRsL8Di4Ec2K6pXkuT09zlYfmTS6E3qfwLMwjL17qfz8vdMxXjTNOK4vw2UkR0fniSzKbOK8K9gVn3sFY1ydf09X8+8sOlJAferCzebOKzJmpXm19JGyxrqYN9JSKug8YOV6jd/IlDg/iPxRFMBhV/0FzD53D5ElYqQ18nMrRDF6i0ndTzms3FoRNKkdI8V3tYKq9kshZ2tGH2qtKNbRc4O1waaKpTg3/ijM+KOZHXbxubxDLH85/n7Zl7WaAkOL0cdB42N3FywW4atbv2OJp+8NDvnlcO7eKc8ZE7KKFePs1JHoZfQ7ZSVpTKfDwCP7Y2TAqTsz7hyJc86t3EO6IoRqvag4urLrIyJzqu2RqJv9hi0LJnJ6F5kBnGlzmub5QNkCC4Mppmok5lRBfLPAinHI4Al48Fz8XSwRBiZ+Z78bpEwkOIdy7poLPZJG7FdHz5t8zpIqXfqiWydhBizzKkKbEF93eHoxUmTo3FzD9zh1QolTvpokL++rcp+2v8RMaJRTgxkPOBnmsjKd742QJvnkuZm1xxY3eWyAx/hDamhR8mTZPOcopwvsQ0C+82Udw/fZmlYrXlPF8RYKuYz0jyt6HriR9hdgdftv00VdBe589dowU0FjRhQkrLUNhg2bHnpdo0axOv4dgmNjmkBWEVkU9j6lOUYXDjpinWTfUsk1y53/rO4iV1A9mgiVS3J6oPH+3rJfGG+1RtLNywurBnclJD09jqyvV08r6/8u5yf6nU4m7//KuQ/AhG9XydI1zr2EhGK387c31+h6oFB10UjWtdZXl+zHIGJhV1MNu4xqSN/HH+Zzq8PKvRMR2VzmqSu+BhV3faXD44IsLiPq0Sp+twQXMpig8rzjAvalwy6BtomHsCXLm1DOiBOviG01DsrAI7z88ZS8hu6ySvlM1dO9bz667jl1IAqSNe4oqbpeBJf6Naeh8ta6C9O+xI0JHCFBr3i+6xBpqivxGjOOh4EM1LjCEdRXLqhSI5MW3B06xdcfL+7mjZXCN4ByAdgBST7dQLPlbEQisiKbV3m+je6fYUUWtQ6oA7fS9LRG53u9VPEhKiYjdjnoldhlupqiIIHpbvaq67mKq5yZprKu7YvmMQoNtmsrNpwoacML+4l0WWKxObiezCq/+HSFnvtaiU8Vt7rynHEo4IA8sKu7Umr7yRfou6GjQfSjMJ+F3IgdQ0hTUkEzi/Uu9JFJmwRP4ILrp4Ve1FXu73xp0hu6xGSLPo6aa5zNFX6Mony/8A6LmUAFZmKhcEH3pmOUWMHU3vR9EnaUyxtYFr2TuUuObtsCdrLOAkihA9oXpApYRqSykHb7xr2jG/RrJcCUfCtzytFzJtazb88Qk+QMze1f1P6FBeZbzfTs23B80ZAyW3A8mJwfW4fa1fAvbhAsCr4ukJPbeviVXOxt1GBkUkzdT+cez7oNgqbKHuQgQusirtztYfbp7e9YUfTBJQB/++2nt7+fv7/69luXc7vGCrPRM7mR6nPMkuWDF+z3esFuhG3UCYZFbCXC1+zE7VLSPAeY2Odim8CEWUhFhWYkpgDpuJISYFzE94IE4gOxgGYbzIbDiR/sHYDe57GB2usTu0RdV/NEl8LMc21U7Mp3qNdO5hDrvqXR3tG65iOdk/TUYpd2MNhApfHFJm3di693sSAWbNTRVJOazBF7KqnBbkQBMvvlPWGhfHI/wfs7LizyXv9/P1y1VZnd5L9HOWJ5x0fvEdmL5KMcjjqOuw8/KSdI2trZ2Y5d+tw0Ge11lh30yXwBbrfByT0cma5bVrMp4mFQ9LXAjFte181cbrzMuL7s1rZBJy5rDhq6DLQwGM8qrHOuM6sinkDPKYnXkG7tq48uZFFUou+JGmAnTmvc9FDs3tE78xca1qkb3PRpmvVDcbvFIv93GY6atbgZbNgpkuHB2A0X3kFOV7pkhMloWaJTWfCA/QYrMQw6PHXUtSjKTKYSxrfv3t6g35wftU1KDSPyZdJUgtv/eIO+VFSN9G6tuMgU7XfqTJvc0HGIbtH7uugsmNbVaOkk4kPaBSpjjxGwQMuTHEeHoJpAcOzBcPP4Axowx6pIsFsWbAL3Ai4jFiA3QKs82lTaHZhxu13tgM6x6WuFD4U7p4KsCqxilZU0cLclHowvfnD0CZNBOlUUmNkq+lkgdBG3gKoBvFhCq6UEYOX87wmgljj6JAzXcSr68YKge8ZiPzi+c1tBreoZHWmRYQKDUeKXn1jYWkQ03juA58ty/aO4M6vo7zsRGTEqy3XUvusd6BbyaZGnIwCvOY4uMURGxZKJiEWRQ9ApcqNFtsj0hhkSXX6IbMHlRuMifu5KF7Yw63TQE0RdiMiYSClOmCipKubbaAnvA9gl+ZwG+BrzFGeFlVmppJFZ/JAUQF//mIHHMT5snuxucrnM8hTMtoDj578RkRX4LjMmlttgF7A90ZwmeBQKJhIhzUQ6pEuuMz7nWeyw6A7sPyUEHr0zeAd27F6IXdixq3q7sH9KCPt1Qtj/nBD2/0oI+89pYBtZcjynKURKAz2+eSayouKgfM+3Cd7JGnj5OYFeUlScLYsyjfZttUzMl7GTkDxklkIp0fQLie8bEZl2CYkJdlArksaatIDTWJN6q6sywSxSIpqy6iSmqpHGmh70LoEIMdJYwywVbDBrkgCvBLsTWEhNSYJDuH5tuZLoUVi/lqVZUZwncKvJoswIT+DDtoATBEkArppvTXy3qIWsk0AuqyxBTIMoZhjBPEEBkc7wkgqyjZh11YUtMN/+QfN5CrzXGbQBTQLZtYNJg7VLrE0Cfb4s16/T+KB1Nmfmz0kajRGdxZ0V1wOsZHRRrZNcc4BKiYpf5aadjz/arK0OYGpWzs8f3znigIPalwS46yYfr4NcB/aCcZrChtHZIsUmskXM4uxdwCl0A52xEpIUsySijpXrH3NtykEz/0iwtSJJYHO2oCnMGA2O5oLmLFrB6C5sJtKckkLmFaeayBTc9sDZMoFskqXeYBN15n8HeiiDPApgRZdMG4Xje0Ja2Ak0PkXLVKxWyXitoRO5SiRfXWa+O+IJoBtFcZFAkXSlQKnQTqdcb1aS6cxNmI0PfYsVTnLA85FC2BiQ126+fWy4TBssos85zrWZVyrWsMAaKnWzglJAraLjGl+PrmuSY4OFyQ2L+MOuT+00sA/mEud57DvA8thh1bp1UIK3iBUZUVIWSboSWcAJzDRWZGmSI33HoxRsLj9Hb89U6vgtS1mpS8UiA+XYMFNFzz7jTNB4LXZaqDrqRJ0GLhTfxndrcem6nmYLLqM/5w3wBCn/1uaNLnUs0AQSx9rQCVCNnpvA5TLJ0RXLJBe4lCq2ACvm1TLFNSuYJinEQqGTHNgUcyAENdBcKTrc6DLcNYCOnfHnoMZOxxObTWwLJElFmXQDoKNbojK+ZiQVW2aBeVwPhrsRVMV/s8rMDeWNDjbqZOoWrBvxmuSQJSjc9DNxYgsDDza2NCgz50iKji7W2v4yI6tYdf4D0PSuZNEDASVVxVJhYQY9d2NA3iQBHP/pdZ3IPn7sTQGNAFjJZYZ1GXFgQBe0wrGhKop5Cv1OUQJ8cF1HEwGPz2QLOW4L1w5kqfIEGMd3ZOoEvmHtfMMJ8gE0jZ0I4AYeJzBONP0S/wCEGrRGg5rAlNJsmUDw6jK2l00rkuIeKJJHV6S1IqGuuBEAm3gjtrowKx29q+aaiNiFEsFpsQ8F6pp0xibfLE38Y+WAxo/oNTM9Y8PdltG7tVb5PEkeeqV4grew0lRlOYtd9Z5kbEUdGUrBBkO0wUVsb/A6Y0IbvEigGayZMinU8HUpErRuMlJVIqabNdQWLdBR9LwyEr2vBBos3WSPJByW9wlzlqMLRXNm0AVWue9mqKH9exgdNzkrIZfGJoQCGBiij6C/AZEchUp1mnwIJtJx7qooudzSwWDBg/xbyCpaU+8jz5jlofMZwbwzRZf0DhW432ihjcWKZdUfBpIcSc40DGeoV/dbDw2UkK7KUiqDho1HEdqssEHMoFLRxdhReEBa7n2GUIQY762OBgXEhO/sPtIXmjOReiJ/B1W7WhdPjYxcUrOiatZ+Xq9kNXjREBJ0TVUzjshIVGKlKXpLDYaJ4O6u4oYFz9/IpX5548peX6BLP+LrDJlVYEoRNAN+T/3oY0BboHfU/M6MoDq8z8NDnYR5CxjZ3dwiWNwRqylWZDVjggXxg5m7E/TX7olPmIUByRAvOa4EzPpdVjDHtW7iHm7g3uvXvoem9O24G5qaJtx+fvGIsW83IotY03Rc51VYFn2gdwZuxZi7YIpp1CMCqR1c9w4mVAs+MvESuucmHAcO/XM1NUjRLxXVZk/T7tOzle/fK9+pDDCWx63qJHbfI9Xkne66U/bh5DCC2NjOz6FDu/45SHnM2f+H5xvaxa4va6EAa4fPBlgN8ZJ473mE7eMyx5oil67dYIMGt6rZJf+Nx8FXNKPgG8ylcu3rg2xECGukKYVxZ3j/vCqFhcZkgvG+gw7TbmkBam97aEilYALaPqRLqgrm1I2pkG6XdIM52JpxuqSI0zXlCGvNlsJtXDuvP3z0oSXzI8pvWH/PSZ8/yqRni1kl2JeK9sck4vDl6+B7WsfE06ag1BoNy92FJFIICrkVaMPMakxQIBSoDGk0dkVPKi+6t2lh2QnypHmiuFwygjmyGIyYPoDF42IHS42MaXw83pWrrQ6j10ln28heVmvsBx5zhnW2ksltAmfENeYazFJphxpZqdgdwRPuB4DcpbHYwpvmB7EQTrGanXMtrSG+c98uIViOfvXfmKFzsW3+N4BuwJbXwiCcz4gsyspQFRbDSdz4lrB05tk3/b2AGYs7G8LM36pXf/r+z9b2vexsR82xb4Jo+3OaxY2YHeu4wVuq0D83Pjn90qMByIVvfez6n/RnXrQ475z6vftxYvLyIdn2rD8wxa4zQ+9++3BlaaeKOucJ+EtzpomiJRZka7VKr57xfi4IAg6doQ9vf0bXwvzw6gxdv7u8+s+f0cdrYV7/iJ5vVlskKDMrqhBZSe1HpUmlKDHwqe9f/5//8eJZkCPUrBLKuD4/QKbOChwex6MTn757XvNbdxava6TCVzx/Wkh3ZdMBzE9sGHf0Ax/Ct6eYttbJJ6ZMhTl6c/4uiOwfUtB0vqzTTsb/k4LOwry16H41IhQIOSw8YQue4hu8Zx+W2NANfoQR6XC6b9B5nivw07pTHkKneXpJUZ4a53xoLOT64u2Ne5VGw2MF1hNGP3acSk5T9W83ur6xqIx4vywPT5wEEYWHdu1xHtaaWOama00rIDro4jxn9sOYtwHbziz/8Ds34QGwJiFccOlv+OXuERig0uZaJ9Hrjn3SMHrnMbyRyjQieSB0cwiwwQYwsz0sefXEvHf0MLGsH5OarLdjjBc0ZDdO5cX12IHli7WWhFmV0/mNBjoOsnJZYbGks8Z0IlIs2LJSNEfzLcCkIoesobCcKU9sPTAoGh3RloOLLhL0O+ARdf9uCVd0B4CihTQ085nd8fOM4rM2FzrDmUvFTwC6NCoN8EWCI7FIUC3MU1yHVP1PygRMxXlWe+LSqeV9C97SMeuv1nUmPIIGe2VWVAlq0IdtSc/Qx/oZewMOsB/QTe0AG7wEv41pavWongmUiRHTuEba+8XPEOY8qEyU7QchwQ0rSMxbU2XfQCaMRNrAY84E+ng9KlAIJMgmk1fRRbYFKssEY98sYEV17IxeCzZBiYt7EWOnooO/PQG2brRCxqlYRp8UCThb5SOhFjqigTqVB/NOAEYgAukEC4TRL1JtsMqHc7oROl9CspdC2N74O8ilm1OzoVSEVc/IXRPvG+OWBvNuqM4hg6BlPGRGDChkwue5QlpCwYwVS37ERpjENcdiijj+EQ7KOkGk46IcELjrsmwjKWtrwS7BgN19eWJHKimBLgTreP3gjovYY2UYqThWCPpFoxqJ51d3P7+RS7lYhKe/U5KZFU2+vTvIfrALutvYwfvK4m3RPa/Migrjk8VH0dZVzM4JxyX0uCXHUf+oqRpFWFaGyGk57ZccR/i2IoRqPYIzdB4/rTnaaYkngBeyKu5Sqi0KFCYMcJtCOO3gSHs4WqkEAT5dSmHfFSu3Qsph80U0UJR2qVrH60c38m5i5LqWQs0AZzRv6PF+mJ4+zATSzFQB+YmguIB6Ee2hrrBGOJelfV3MijKF5Ea0W+YYZ/CdFLIYyauFmRyauRb10yoRVrlnIrfyRyrdMACjXxin6NwjNhuw4Rhnr2gIc3dyNGG8of9R0hVGWXDrsxbiciFEY4ARMevdH8AIl6936+s1YnNiPCF0LlNWDwSIn9MVXjNZgXZJZFEqWbCRDEU6NXJXAs85FJEt0MV+3JhYN2InIZJ9DHe0ThREYAfDqMNlTkAwsH6DX+rd7byy7X0bPXZtmWUlTL+cLbZGn0MZeEZOMeuP0oLgPV5SQRUjNUnAEEj066cWMLOCpzY02w15ZGfk+5k2ajz4WdN0StutR6Pp1X6avHrh1kpIV9A0bYxwwwqqrVx32p6iJR0NIvldiNYU4uBGQOPBB26DOvJondK7+9GO1g/H0fR9pqMNOT2aNO8wPkThgDaguBUIRwiDr5e6VwepU5PunbtoUWhTh3cuWi/VaQTIATneCJCv9zj+cHjLYo02mGbLjpOPalIJEvOOHSE/Jj2OMWkbHMZGqYcStJ6fOnrlTmVWWUHNSj5ClATveJKRQ8N/bHTDoZeSkkm9TnuiOu8l9/5ai8iec5nIE/Kfs5/+9Cf0/M3l+c0LdMm0YWJZMb2iOZTCB3HhcimT9wXaFwmDbNmFw8NvM3xwJGNMycRexX31n3ZXQxg0NwY88tGGPt/nuhBI+2/qfjuOP8ApFDPFItQmvc0UwzxWd7oeIe9xzirtVkBSIc0KxrFy4smKTXuHCLzr4fIquOea5VN2Gulmyn+0B6H2Ivb6YraXPF2dxbnYd9chrOErDTv+X+8kgt8MzoJ33NBOWUYedmVKlTIxYBCyAVZLtcSC/bEnq1qkOwrHMvsETnfP1Ai7F0wFa0kTdf35xS4Hr4Vr8eV6F+1kNf9KMTcrghVFpaK5LJjAwYK7jni6wYZRYfTB9HiOp6T2DX5UYl3rR1omOrj26jyzgqvEykAzpJbU/WJ1wmZHXtgcI1EXNKcKG5pn0ZLK9pwPK3x+qVdsgmc3Sq5Z3jQP85/DZcm9pjo4GL75j33WdnXasILTEsnyiahslvS9/sx2hMzg8FDInFwzFz1f9RX3kRZwjdIZcyj4fTVPegc6U+dLnUroZYBQp6OCxoo10kYqJ/EttIIaDKs9g0/N7KeehakvWJ5zOp2UewvrHSvnAtvbkXsnybl6PMY05N741TodhsS2js6eoZJju2X2fZYKUUHUthzz8kMq5AT25BEZdKqxLX+V2qC3mKyYGDHpcpxIcnzT5/VHAZn+paJWfFj9yDU50zP0Jscl+gT/cfpRLoWrO/3b8PFEK7ymVnPiFCv0paJqi6AHoS6l0LTWqMLFqZbeDL4zjbz0PfCIhaxY3QVSOPJdX75xPGuSJkC1PUDvfXPUYzGFKU9pHWb9M163lt5pYmRtQ//wMo1UJUTQjtVnzcvjIs+ujdRIjZ2HmHkLM/1GYLRhIpcbjXRJCVswYn9zFqoT9HmywwtiyXP4tjk36Dl0hKWCtM8QhC5fdLiFKgHv+Bu6xGSLPurdxrdNBLboF9JGz661K0xgsI+89l1TC1CBWjU4ZPZFHHC86QMQqP7fqTSFcp4h+3bJTq9Qj3Xndep1gGKgMHjQ/HdOIHaavN4xUn2Gr3e917LuCkgf7wI6pGYah10TMNjdmzYh023DYIfCDSkOFz9D2UDMkYCjFW5Ack4XTHhfPQgn6OpX4HKk6SBgd1KhWCLcWgdMT/2LLRgbn21q2n0vpZHelI0P2xhMVsXELfDbVYHhaGAddbcjyZCXORPxJohFvRuWZCgqTPt4BoRUt2wHtsW10W7L+wNTOwdYp337DmBdYlWfKfvjs5aUzYoNWqkjezusLeuS348iz0SfWeLaWki1Tbfh/6JLLP7tYMeYGpHdLuq1eh56mixb/uUlQD9A26OpRAOq6n7r+6kaPQUZFUbJ8hTRkctqPnAuHHXG/ZrW2qYHyhEAR1fdMe09vJBFicW2uY9w7WCcvrNX1lTZZyhjYiHDSgHWn1PXCB2QHz0rssZsQ9N2RV98SZUj8EvF+Rb9R4U5WzCao0uoe3bOwSAqGzrPiJSf2SMF3X+nc+TWb+1nzMe0+ejdZttweFkZULlPHGF6+K6/b5bwU3a8O9r55Gfow7Z0pLeeA8sct4Pjm6foIovaTLaHtsXBOSLUMx1qW9tHZgpXXaNc7mLnPIulVLW3H0LM79+MbHmnV07k41Tzokw7h2gPK+zKBz33NZpKykSayC5Sdh27H6jEJuyaJCLDOma0vwNY+XL6yJArxSNucwdqxF1pjNGsUrG8IR2YmqoML+PZlC3o6M/TLuio6Y+7oP2pTyBY6J2hAlSr+MaJhR/tNDeK3krRXqpMbI3KLTFFLeGOzP0Ay4J69dL/+8Kj8NL/w+c1hdz+mFMVzs7z5Dxi9NwR0w2eg8e1M2ptQE7uB6JZk4qJBVVqJO46pHsSurqK/0HWB92zEyBZ9yVedLYhcKUgrC2TXqnAEpMdvysXt7fH7gNkEKvuj/5Khwla4wM/Wbmiahp/hNXZfcbT8wsY/fgCXcD6YdSoMhM1Sxnh8wVVfvgn3cnC3NOclyYNHXcY2dlwu+gz3ekUvXen2R+neiXv3xolvNvolv0R9tawz4lkyvVfr5CgS2mY28ByhfXIBChNpm4r1NlKt/j4cEG71ckmQA0SXHpnrG6cXtffhBNSNFtOUVGx29+omXr4YXTQspUmTOsqutIJkCFZKp237mExFMCQKpXUBzrYlK70vLKLo1sITu+TTpNkSDSdwX0U+fktpHbuf4w60vM0JO8vPffgOC5CtebZOuWL3g+pekd2EJk8s0cPV9HbNOpUgNln6i3qRM0NvmnHlXQfJJCtPyIN8Tqp0PXt+V/f3qAb+06h38TI9JUW20SV1Kdg+2Ejw9iCGCIrSj7rk5zIxwnhtD3IQkPnmn6dTYswSAP1IwhbKbhHy6WKDZpCPoKS6/BouoKMGg2As8GmmmzCZxfLNeYsdwcxgERfEE7W1XqfIASOfaZb3RfbkU5+nUAaGfbKmFJnDGbQJgENW5mCIQQ/gdvElqKufJGKme2BG0VkUSTtE3ck3g4P7xAKl+BvmKK8b2nGdrFsOBaZ1o818Nau7GT4757aukYriK0rNc5KyaZIqw4h7DBAgAEgFbYGgK1khYUYNM5I3W7KrwqIjMRsJ2rb3Dwsfubh72/O3/l372Vv+eZBMVL1ff/Re7Yx/TlbS16lYsB5PcdZ+Dk3zWTsepxvJZjR6LlDQr+Abh1Q2FtP1O2BR4B0kBpeJZJmbzyuHwUzPl1gtlt0sKYKMgUWFUdECkJLYw3lW7eHI+0VNpuU0tcx3hrs9Qhti2gplUHS8vfXfz8PpeAG2R773Em1nD7Bsl9gsONinWPX7CTYKOYvV7/dXN+gt/iuYCJvxnqHt9XSNnka5s4QxRGyPBkD6vaR1ahP4ZLF6OnZrsoxW0xXsPnYRfg1ycnVjh1nmZfK15e+S6/HYi+GfLpNeeReATXFxX/5uuGmMEfkQ00y9u0Gf4k1oR8pu9GPqwYrvgnqFq649wzpKpCijjX6F22UFMt/m3NMPnOmDc3/5aX/2VnzWyYWlIR/tWCKbjAPKjJ4zjvfQVjkSEs0ciwVXTJt1NZa9lMKixKblW/W3+CA+jgMkASn1FRoukJoV69FpOp0IW/0yQZzKkwnJ6XG2w9knDXT1Ga9yz+O+xjeOV3gipsM7sTPaIH5TinyDkm7GfzvOskR9aTIdmR8W7ZmFF4sGIFBAnNKBZJz6BvRaejV7IvG9yCmf7EPkDK89Y3L2GItEquThU7dJmlEoii8QQXVGi99XyIirfyGAWYhRfKNXKJLSmQ+EvbxsKL7qFzP54gJTD2Ep5RGUIRpXzS5QExog4Wp0Qjb+Iad9Ijnw3cqqIrDPWTWujWuzqkdT4BW1raFCbu/MyOo1vXuH56CIOiaqm6DihIrTdFbajBo6r7mtlnq+Ru51C9vXFLtiwH4S58O1qoVGL2nTli4Ey46aI50kqHrJC6ch0WbC71Mqzz7PX7r7/n15fc+4OLavrXWNfQEuMPEIC6Xbr+GfW2AOphk7U8LfE7vzh2y3/cbOxs9GQPQJ52U0MkYQB4/KaNbsp52T179Y0/274ldNc2GPOz6yvnfs2CvqyeD3TpVqPRhqCmaMiv24WxLdf8fhhnYfukK7h+GHK5yZjLoR/0U0ds1nJ4QYquIE3WjIsbEaYil1ZhqyfF0T1pOTxoWm5ZtC0rz1EUg42GLbttE10iS5gM9ZKAkPMyK6OkhA+gHrIhxLk5fZ94fjBtkn2PXgMxI7EMBDt6bfWQKtdpHBxo1WjX0+x9td43aCymIfRywkU/dsh0RN9CkLqE47HL3wi7jkl869/mNXPqxrr6KAXrJWRNEUS+oBqQv2B3NkaYwaXfny7tr6HGDpd6EAewHGyzNJgxA32tThp7A+P6l0w7mgK578OR+PIjYYmHPufy1ziv1J5L3T6Smouk8zOVSh45Nx4f09fCXnXLABl8aZez1zfrHth/gyHXvM3dAvZFfK3PXr1Oz9/V/X/Ymrn3yPO7LBedI63rLcoTRkq2paJxkX68iYFl0mv8irQWSP0Xl7+uIaIw6NGS5zRT9kmCvu8FD2GCg2zfzu/I9xW7gIp15b7bBrsKa4KEEmdM6efTjtTDfv0ZSoV+4xOaHV7tpXkSKBVtWajy/paX7FHX3K6YbwqBPtWwSLOMJemaMZcfU1URfu4NBqg1WeTKlbv+keqeQfNrR9zBSlONhapprreofUY+2b4YJJ1W3XT6kYksmMK+/s6utHOBDKv1rT2LE9c2n1wEWoGA3WRSBBQ1GQy7HeH3agzpUHE99fVYU5wnL63dMO1gKXV8+JErq8O0GSwHMabHSJ+1k4yRL7mfDTQ5uq2jBRbGmy4XkHPqmfo0C2HLvEXJu7JljGhHHuno8XEdRfSOH4yzGGf0ELb6CzJ+KqlpIberCvfl2sGnNJC4LULOi5Fu/T/bDkMxMMVkhzXKKnv8JmZWq0KuffnqBNtiPEqpX2cOJJ6G8HsEJP1cnGSvIV3Mq3FCV2qfQ9F21V1kHIaDneC7XtMMMFi7RqcWbNoriYvT+kK/m2Dwyq2jOTmqacIhR34Q0x8axwBaImbrvD4j0l65NaI30cJzV3xDUi2ypQq/QlSC41BXHTbOye8n1EPQHBj8CuZWhVX54hf7VknuGfvgB/SsiUll92fUcqIep/U9u/rf9INNolynh9hdC5vTJ2rpiQzOCOZ9j8jl96VNOhTT1aDSwKywT65oXME3GptLB4UjezAiODDTcxhwwdnPsjVRWsxZbp3XYX3SaUYSQQmghK5HbF4bDQAYNHQGOS17cvREDyDFigf467AkbjezClkucP5V3zqODNPsDhlEqRgJWhzeFux8GW9g997UQts8+Nq1GKxf1ts3Qr3Jjt2ZoczKBpLLGmJHoM6XlAaY9iRfvK2GaG0yRrVMOPL+qJQ+MpXLzqQVM4u/YhWumYGTq9eWu710EXBzdme7ADEeFv+rXl0hZaa3BoTKcLTI6/b/hRLJ65kfnxO48kpF8uSShoKHgb5tfvYdu+M2MZqIo9oOARgSl/VMHYr6CwItfKdMlZ6m7lzxZc16zVIWwD0yRPq1p1LHnHW6dfQPqiUD+1NVWi39C/mtEGJ14GYwLmiRGDyOApEI3F+c3XvclWFj2sKKUqq/xIngiv7o0iOppuD8+uqcKDPHQqFs0NOWr9iutwe70HLDMZ+jVT6/RBvheUCwQ5jzsK6irnxeo9R+hDVXUgcUGcYq1QVL0ykV2mfjoauLXzcTAXU0RtvW8+12qHBgHWU2UrITkcrntB+IWTA20WIR+QmSFFSbGMZFC+yKLhZvgjirhc3r4js98tKI2dkG3C9SnDCLsm7ZgLYrCKplS1GEEhTejMg0ka0+txAQ0VhejEN7nIAmpVA1RGyxyrHIkpCowZ3+E8nulKoL8yX2Ww8ksOm4W3h4mtVg3yLzkbEGB4oCBrymRIh9RsNvtzrSZoKF9iCAmiCxKTk3wAIw6UTEo8OONprXByjzSQb61aweP89hR3j2Zo8evkCJ6J+R8kCDx4KYHIn8kxl+JPAXbLcg/pHik7jn16rWK6dJrP/Q5PBBRyW70OYJh3H4EuW+HW2OX78sDC+zvQw/btj8K/OEgFSVS5TRP9w76JBv/TOlmxVrHqDNtmg924+vD10rJYgZQKyjK14QKrJh0an1RccO+M4wqhMuS19UvbS+bAgu8DJXmIsQhvFPbiw4ph6tGzDzTSG6Ei4wZXJR9z6DHuJ6aNLx9RiOyYta6kTnVM/S20gbMpC5Q1z1rJC8XG3riJu0VYIuFxXtNp9CEYJPrBR3v3NA0QdyBwFa1ztma5VazgfMQFmS3tSD70GNemMi7kqnJKGz308WC7uxJZIZvHbHaCj2rr1mk4IDu941G3PQD3b5reTYbLNl2V6tiS6Ai+ijOhv+xrwpokF8qWk12lOzpdqeolY8bDGNPq24Dri6aJSAXa9RDw9SISsEOQxPItGVhEry+yyIFrmWWANUyS6E9lzFF0S7QWKM+WqgJdKXOK/I4JmTPfAy+MYPn8l5vzqli85BcOyVY0D4QvW4IsR1BmAyU+BiKta74IzXNl5UhsqAvHQ6N8eIHuAxOCBaeBTsG5MgBoWuqmEndGnSs+7Rf3RcBjo0m7bl8Jh7c5l7pptLFQoO4kxt13xo+Ye3WBXPGeqp4XTl9NlNgAxoXI8sHk2GbSbBBvENTZBJuwqddK71rCUqFfrv1qbFM1wkBfb8arF/v0FiVpC6lZhEFx1FnC8xpkbfdhZu7O9qFp+ImS9e66J6iSFQFVYzcVxYFaZto8vMRlWzNzXBiyd3vAWlrKnKYk3xQbsn53x+he00d2pXD6bRdxNLXgg/YDfOA9yLmJH3KXnXfjE6C9WLGe7lWuMktFtIg3ExSCyfQcrnM6kSVRxHq9UG8t1CfomfKjuz7C6RbQdfqYdvvRvGXnJHtFNN2RuTCDSDgm2sLvh2RyxVPmTcdZuD7yjf/D4tTKQy9S62xNghdt6MC6uqqPNf2L3hUMa8RCjWAOfA4kxUWS5oJukktC8YCl3TTCfWDEmKMYvPK0I6EGOboa4e61da7z9/IUOISRxN2Def4YELHJDcHDMF+fpFDpqu/BYxbqACzDKsbDuo250utqZqhW+o2pdJUzfCSQitvn+m+kKrGYQC7BuP0dgLfR+77nb4VUqG5khv7u/qnpJ7jaM2u0X7S1/kNVia2m64BHNuj4u+UHFSHTnWnJM/bGaSJrpQsqQ8opnqLzwXCnCrTZBepdlH/Mxfe8uKj0wQAkpACCnOOhBTfKVpSsGT2ZT9MMRdlt49+aBqK0+NeMhdhq8M/A8r8UI1W1qNLWHAO1SYCSfHdUtp/73kJQEnJAopjQrpxJxj4EhCwSMoFggnzjOoZum1lSn+wQbeyKg3GF66cr9LWiHEloy7ZJvfit5lmQnilTX0g/X8G2wRfYdrupK+J9v4Nq/jCb8dVoMm1H3fDwha9a8uUTil7dsjwslheAhYIay0JA3+p3Y2gPQkb9oZ9pj93BhnC4MIzVCqYiXKGqCHPwooyVjjWwOoDQSxYihqqNCqxhi5eGho5+GnSsiisFJM7QfthaQ01ZK+6596Dx9L4OnuY4GFy4pvIoqyGdzDBtmG0YSKXG59P66dNnjWZFKPMGJC5qDjfoi8V5s75mcsCMz+IF+iuF+Jy5Onqej0TDbAfjIZj4jPNfS1QnYiONXinvIFif/NNg9qM5fs2jg+6QiQVdd3JTs4t0UegRu+328fC67fSe17R7bBdTxN0pqpg/cFOqV2sfs3OmLz9mvYPkTXtBePp73hD8i+wWnONFc0rQlEdOaJhd5ubqZ8FXtNkj8jtzhj//vvYeQDtCzPqF6Dksz6p5UAMj7Ff3T50K6xXzQ21amGgyrAiK5f5W9fYNGWGFzWkXoswS0izzEwrYr/V/H9YaYqsPBeIQc5dJQinWNkfQSO8FjVfQFhPfq0LOw9HH5zwq4Z9np70i0VkMW/G9y52HixfNqru8Xqtmar01J6+rjYCCIx7/KYJkAauxIVb3fVkHPeUOgtuusG1zst8felHcKPnvnFDPZvSFf1a3F6E9WrngH6sAf/e/Xx92Z3v2oiJofdgNyLn0gAdCTN3iKws2DAdNlLXepuyl/1uVNcXaDt1Ya8fWzjje+JxxxfNwuj68qAmG8s/d0CTtYi9Enmr0c7QhavP9P1OufvFfm0WEFS7n/j+G++Om1emqdyUpnmMKsGpdpyR7kHZSLTGiuE5H1QBuqYMTKCS4xFBoKnQSfuj7GxoV1V1K8+spLIaRl1fyOw+3768vunr0Mi3jHUehbG67BMHCh5dC9lGWhyS6FoYdMuWAoOwGDmipVQpm9c+G8gve0hvat1NQldH+KdFpHOX4ZTlMnBw3v32ATFBeJVTK878IFv79Rl6fnWHi5LTn9GNc4g4sCC9Z2G/CETmJo9tgnOqfVrCmDH92arcJ+B1j1K8jhvznX8a3jP9eU/I1Si2XFKVboRdmGWfurEAjwNopytF9Ury3J4eZ6uPTBrdCb1P4FkYxt69VH7+3ukYL5pmHNeX4TKSo6PzRBZlNnHeFeyKz72CMa7Ov6er+XcWHSmgPnUB42ZkXpExK82rpY+UNdbFvJGWUkHnASvXa/xGpsRhlW+wepwMvWFXfStdsX+ILBEjrZGfWyGK0VtM6n7KYeXWiqBJ7RgpvqsVVLVfCjlbM/pQa0Wxjp4brA02VSzFufFHYcYfzeywi8/lHWL5y/H3y76s1RQYWow+Dhofu7tgsQhf3fodSzx9b3DIL4dz9055zpiQVawYZ6eORC+j3ykrSWM6HQYe2R8jA07dmXHnSJxzbuUe0hUhVOtFxdGVXR8RmVNtj0Td7DdsWTCR07vIDOBMm9M0zwfKFlgYTDFVIzGnCuKbBVaMQwZPwIPn4u9iiTAw8Tv73SBlIsE5lHPXXOiRNGK/Onre5HOWVOnSF906CTNgmVcR2oT4usPTi5EiQ+fmGr7HqRNKnPLVJHl5X5X7tP0lZkKjnBrMeMDJMJeV6XxvhDTJJ8/NrD22uMljAzzGH1JDi5Iny+Y5RzldYB8C8p0v6xi+z9a0WvGaKo63UMhlpH9c0fPAjbS/AKvbf5su6ipw56vXhpkKGjOiIGGtbTBs2PTQ6xo1itXx7xAcG9MEsorIorD3Kc0xunDQEesk+5ZKrlnu/Gd1F7mC6tFEqFyS0wON9/eW/cJ4qzWSbl5eWDW4KyHp6XFkfb16Wln/dzk/0e90Mnn/V859ACZ8u0qWrnHuJSQUu52/vblG1wOFqotGsq61vrpkPwYRC7uaathlVEP6Pv4wn1sdVu6diMjmMk9d8TWouOsrHR4XZHEZUY9W8bsluJDBBJXnHRewLx12CbRNPIQtWd6EckaceEVsq3FQBh7h5Y+n5DV0l1XKZ6qe7n3z0XXPqQNRkKxxR0nV9SK41K85DZW31l2Y9iVuTOAICXrF812HSFNdideYcTwMZKDGFY6gvnJBlRqZtODu0Cm+/nhxN2+sFL4BlAvADkjy6QaaLWcjEpEV2bzK8210/wwrsqh1QB24laanNTrf66WKD1ExGbHLQa/ELtPVFAUJTHezV13PVVzlzDSVdW1fNI9RaLBdW7HhREkbXthPpMsSi83B9WRW+cWnK/Tc10p8qrjVleeMQwEH5IFd3ZVS20++QN8NHQ2iH4X5LORG7BhCmpIKmlmsd6GPTNokeAIXXD8t9KKucn/nS5Pe0CUmW/Rx1FzjbK7wYxTl+4V3WMwEKjATC4ULujcdo8QKpvam75Owo1zewLLoncxdcnTbFrCTdRZACh3QviBVwDIilYW02zfuHd2gXysBpuRbmVOOnjOxnn17hpgkZ2hu/6L2Lyww32qmZ9+G44uGlNmC48Hk/Ng61K6Gf3GDYFHwdYGc3NbDr+Rib6MGI5Ni6n4693jWbRA0VfYgBxFaF3Hlbg+zT29/x4qiDy4B+NtvP739/fz91bffupzbNVaYjZ7JjVSfY5YsH7xgv9cLdiNso04wLGIrEb5mJ26XkuY5wMQ+F9sEJsxCKio0IzEFSMeVlADjIr4XJBAfiAU022A2HE78YO8A9D6PDdRen9gl6rqaJ7oUZp5ro2JXvkO9djKHWPctjfaO1jUf6Zykpxa7tIPBBiqNLzZp6158vYsFsWCjjqaa1GSO2FNJDXYjCpDZL+8JC+WT+wne33Fhkff6//vhqq3K7Cb/PcoRyzs+eo/IXiQf5XDUcdx9+Ek5QdLWzs527NLnpslor7PsoE/mC3C7DU7u4ch03bKaTREPg6KvBWbc8rpu5nLjZcb1Zbe2DTpxWXPQ0GWghcF4VmGdc51ZFfEEek5JvIZ0a199dCGLohJ9T9QAO3Fa46aHYveO3pm/0LBO3eCmT9OsH4rbLRb5v8tw1KzFzWDDTpEMD8ZuuPAOcrrSJSNMRssSncqCB+w3WIlh0OGpo65FUWYylTC+fff2Bv3m/KhtUmoYkS+TphLc/scb9KWiaqR3a8VFpmi/U2fa5IaOQ3SL3tdFZ8G0rkZLJxEf0i5QGXuMgAVanuQ4OgTVBIJjD4abxx/QgDlWRYLdsmATuBdwGbEAuQFa5dGm0u7AjNvtagd0jk1fK3wo3DkVZFVgFauspIG7LfFgfPGDo0+YDNKposDMVtHPAqGLuAVUDeDFElotJQAr539PALXE0SdhuI5T0Y8XBN0zFvvB8Z3bCmpVz+hIiwwTGIwSv/zEwtYiovHeATxflusfxZ1ZRX/ficiIUVmuo/Zd70C3kE+LPB0BeM1xdIkhMiqWTEQsihyCTpEbLbJFpjfMkOjyQ2QLLjcaF/FzV7qwhVmng54g6kJExkRKccJESVUx30ZLeB/ALsnnNMDXmKc4K6zMSiWNzOKHpAD6+scMPI7xYfNkd5PLZZanYLYFHD//jYiswHeZMbHcBruA7YnmNMGjUDCRCGkm0iFdcp3xOc9ih0V3YP8pIfDoncE7sGP3QuzCjl3V24X9U0LYrxPC/ueEsP9XQth/TgPbyJLjOU0hUhro8c0zkRUVB+V7vk3wTtbAy88J9JKi4mxZlGm0b6tlYr6MnYTkIbMUSommX0h834jItEtITLCDWpE01qQFnMaa1FtdlQlmkRLRlFUnMVWNNNb0oHcJRIiRxhpmqWCDWZMEeCXYncBCakoSHML1a8uVRI/C+rUszYriPIFbTRZlRngCH7YFnCBIAnDVfGviu0UtZJ0EclllCWIaRDHDCOYJCoh0hpdUkG3ErKsubIH59g+az1Pgvc6gDWgSyK4dTBqsXWJtEujzZbl+ncYHrbM5M39O0miM6CzurLgeYCWji2qd5JoDVEpU/Co37Xz80WZtdQBTs3J+/vjOEQcc1L4kwF03+Xgd5DqwF4zTFDaMzhYpNpEtYhZn7wJOoRvojJWQpJglEXWsXP+Ya1MOmvlHgq0VSQKbswVNYcZocDQXNGfRCkZ3YTOR5pQUMq841USm4LYHzpYJZJMs9QabqDP/O9BDGeRRACu6ZNooHN8T0sJOoPEpWqZitUrGaw2dyFUi+eoy890RTwDdKIqLBIqkKwVKhXY65XqzkkxnbsJsfOhbrHCSA56PFMLGgLx28+1jw2XaYBF9znGuzbxSsYYF1lCpmxWUAmoVHdf4enRdkxwbLExuWMQfdn1qp4F9MJc4z2PfAZbHDqvWrYMSvEWsyIiSskjSlcgCTmCmsSJLkxzpOx6lYHP5OXp7plLHb1nKSl0qFhkox4aZKnr2GWeCxmux00LVUSfqNHCh+Da+W4tL1/U0W3AZ/TlvgCdI+bc2b3SpY4EmkDjWhk6AavTcBC6XSY6uWCa5wKVUsQVYMa+WKa5ZwTRJIRYKneTAppgDIaiB5krR4UaX4a4BdOyMPwc1djqe2GxiWyBJKsqkGwAd3RKV8TUjqdgyC8zjejDcjaAq/ptVZm4ob3SwUSdTt2DdiNckhyxB4aafiRNbGHiwsaVBmTlHUnR0sdb2lxlZxarzH4CmdyWLHggoqSqWCgsz6LkbA/ImCeD4T6/rRPbxY28KaATASi4zrMuIAwO6oBWODVVRzFPod4oS4IPrOpoIeHwmW8hxW7h2IEuVJ8A4viNTJ/ANa+cbTpAPoGnsRAA38DiBcaLpl/gHINSgNRrUBKaUZssEgleXsb1sWpEU90CRPLoirRUJdcWNANjEG7HVhVnp6F0110TELpQITot9KFDXpDM2+WZp4h8rBzR+RK+Z6Rkb7raM3q21yudJ8tArxRO8hZWmKstZ7Kr3JGMr6shQCjYYog0uYnuD1xkT2uBFAs1gzZRJoYavS5GgdZORqhIx3ayhtmiBjqLnlZHofSXQYOkmeyThsLxPmLMcXSiaM4MusMp9N0MN7d/D6LjJWQm5NDYhFMDAEH0E/Q2I5ChUqtPkQzCRjnNXRcnllg4GCx7k30JW0Zp6H3nGLA+dzwjmnSm6pHeowP1GC20sViyr/jCQ5EhypmE4Q72633pooIR0VZZSGTRsPIrQZoUNYgaVii7GjsID0nLvM4QixHhvdTQoICZ8Z/eRvtCcidQT+Tuo2tW6eGpk5JKaFVWz9vN6JavBi4aQoGuqmnFERqISK03RW2owTAR3dxU3LHj+Ri71yxtX9voCXfoRX2fIrAJTiqAZ8HvqRx8D2gK9o+Z3ZgTV4X0eHuokzFvAyO7mFsHijlhNsSKrGRMsiB/M3J2gv3ZPfMIsDEiGeMlxJWDW77KCOa51E/dwA/dev/Y9NKVvx93Q1DTh9vOLR4x9uxFZxJqm4zqvwrLoA70zcCvG3AVTTKMeEUjt4Lp3MKFa8JGJl9A9N+E4cOifq6lBin6pqDZ7mnafnq18/175TmWAsTxuVSex+x6pJu90152yDyeHEcTGdn4OHdr1z0HKY87+Pzzf0C52fVkLBVg7fDbAaoiXxHvPI2wflznWFLl07QYbNLhVzS75bzwOvqIZBd9gLpVrXx9kI0JYI00pjDvD++dVKSw0JhOM9x10mHZLC1B720NDKgUT0PYhXVJVMKduTIV0u6QbzMHWjNMlRZyuKUdYa7YUbuPaef3how8tmR9RfsP6e076/FEmPVvMKsG+VLQ/JhGHL18H39M6Jp42BaXWaFjuLiSRQlDIrUAbZlZjggKhQGVIo7ErelJ50b1NC8tOkCfNE8XlkhHMkcVgxPQBLB4XO1hqZEzj4/GuXG11GL1OOttG9rJaYz/wmDOss5VMbhM4I64x12CWSjvUyErF7giecD8A5C6NxRbeND+IhXCK1eyca2kN8Z37dgnBcvSr/8YMnYtt878BdAO2vBYG4XxGZFFWhqqwGE7ixreEpTPPvunvBcxY3NkQZv5WvfrT93+2tu9lZztqjn0TRNuf0yxuxOxYxw3eUoX+ufHJ6ZceDUAufOtj1/+kP/OixXnn1O/djxOTlw/Jtmf9gSl2nRl699uHK0s7VdQ5T8BfmjNNFC2xIFurVXr1jPdzQRBw6Ax9ePszuhbmh1dn6Prd5dV//ow+Xgvz+kf0fLPaIkGZWVGFyEpqPypNKkWJgU99//r//I8Xz4IcoWaVUMb1+QEydVbg8Dgenfj03fOa37qzeF0jFb7i+dNCuiubDmB+YsO4ox/4EL49xbS1Tj4xZSrM0Zvzd0Fk/5CCpvNlnXYy/p8UdBbmrUX3qxGhQMhh4Qlb8BTf4D37sMSGbvAjjEiH032DzvNcgZ/WnfIQOs3TS4ry1DjnQ2Mh1xdvb9yrNBoeK7CeMPqx41Rymqp/u9H1jUVlxPtleXjiJIgoPLRrj/Ow1sQyN11rWgHRQRfnObMfxrwN2HZm+YffuQkPgDUJ4YJLf8Mvd4/AAJU21zqJXnfsk4bRO4/hjVSmEckDoZtDgA02gJntYcmrJ+a9o4eJZf2Y1GS9HWO8oCG7cSovrscOLF+stSTMqpzObzTQcZCVywqLJZ01phORYsGWlaI5mm8BJhU5ZA2F5Ux5YuuBQdHoiLYcXHSRoN8Bj6j7d0u4ojsAFC2koZnP7I6fZxSftbnQGc5cKn4C0KVRaYAvEhyJRYJqYZ7iOqTqf1ImYCrOs9oTl04t71vwlo5Zf7WuM+ERNNgrs6JKUIM+bEt6hj7Wz9gbcID9gG5qB9jgJfhtTFOrR/VMoEyMmMY10t4vfoYw50Flomw/CAluWEFi3poq+wYyYSTSBh5zJtDH61GBQiBBNpm8ii6yLVBZJhj7ZgErqmNn9FqwCUpc3IsYOxUd/O0JsHWjFTJOxTL6pEjA2SofCbXQEQ3UqTyYdwIwAhFIJ1ggjH6RaoNVPpzTjdD5EpK9FML2xt9BLt2cmg2lIqx6Ru6aeN8YtzSYd0N1DhkELeMhM2JAIRM+zxXSEgpmrFjyIzbCJK45FlPE8Y9wUNYJIh0X5YDAXZdlG0lZWwt2CQbs7ssTO1JJCXQhWMfrB3dcxB4rw0jFsULQLxrVSDy/uvv5jVzKxSI8/Z2SzKxo8u3dQfaDXdDdxg7eVxZvi+55ZVZUGJ8sPoq2rmJ2TjguocctOY76R03VKMKyMkROy2m/5DjCtxUhVOsRnKHz+GnN0U5LPAG8kFVxl1JtUaAwYYDbFMJpB0faw9FKJQjw6VIK+65YuRVSDpsvooGitEvVOl4/upF3EyPXtRRqBjijeUOP98P09GEmkGamCshPBMUF1ItoD3WFNcK5LO3rYlaUKSQ3ot0yxziD76SQxUheLczk0My1qJ9WibDKPRO5lT9S6YYBGP3COEXnHrHZgA3HOHtFQ5i7k6MJ4w39j5KuMMqCW5+1EJcLIRoDjIhZ7/4ARrh8vVtfrxGbE+MJoXOZsnogQPycrvCayQq0SyKLUsmCjWQo0qmRuxJ4zqGIbIEu9uPGxLoROwmR7GO4o3WiIAI7GEYdLnMCgoH1G/xS727nlW3v2+ixa8ssK2H65WyxNfocysAzcopZf5QWBO/xkgqqGKlJAoZAol8/tYCZFTy1odluyCM7I9/PtFHjwc+aplPabj0aTa/20+TVC7dWQrqCpmljhBtWUG3lutP2FC3paBDJ70K0phAHNwIaDz5wG9SRR+uU3t2PdrR+OI6m7zMdbcjp0aR5h/EhCge0AcWtQDhCGHy91L06SJ2adO/cRYtCmzq8c9F6qU4jQA7I8UaAfL3H8YfDWxZrtME0W3acfFSTSpCYd+wI+THpcYxJ2+AwNko9lKD1/NTRK3cqs8oKalbyEaIkeMeTjBwa/mOjGw69lJRM6nXaE9V5L7n311pE9pzLRJ6Q/5z99Kc/oedvLs9vXqBLpg0Ty4rpFc2hFD6IC5dLmbwv0L5IGGTLLhwefpvhgyMZY0om9iruq/+0uxrCoLkx4JGPNvT5PteFQNp/U/fbcfwBTqGYKRahNultphjmsbrT9Qh5j3NWabcCkgppVjCOlRNPVmzaO0TgXQ+XV8E91yyfstNIN1P+oz0ItRex1xezveTp6izOxb67DmENX2nY8f96JxH8ZnAWvOOGdsoy8rArU6qUiQGDkA2wWqolFuyPPVnVIt1ROJbZJ3C6e6ZG2L1gKlhLmqjrzy92OXgtXIsv17toJ6v5V4q5WRGsKCoVzWXBBA4W3HXE0w02jAqjD6bHczwltW/woxLrWj/SMtHBtVfnmRVcJVYGmiG1pO4XqxM2O/LC5hiJuqA5VdjQPIuWVLbnfFjh80u9YhM8u1FyzfKmeZj/HC5L7jXVwcHwzX/ss7ar04YVnJZIlk9EZbOk7/VntiNkBoeHQubkmrno+aqvuI+0gGuUzphDwe+redI70Jk6X+pUQi8DhDodFTRWrJE2UjmJb6EV1GBY7Rl8amY/9SxMfcHynNPppNxbWO9YORfY3o7cO0nO1eMxpiH3xq/W6TAktnV09gyVHNsts++zVIgKorblmJcfUiEnsCePyKBTjW35q9QGvcVkxcSISZfjRJLjmz6vPwrI9C8VteLD6keuyZmeoTc5LtEn+I/Tj3IpXN3p34aPJ1rhNbWaE6dYoS8VVVsEPQh1KYWmtUYVLk619GbwnWnkpe+BRyxkxeoukMKR7/ryjeNZkzQBqu0Beu+box6LKUx5Susw65/xurX0ThMjaxv6h5dppCohgnasPmteHhd5dm2kRmrsPMTMW5jpNwKjDRO53GikS0rYghH7m7NQnaDPkx1eEEuew7fNuUHPoSMsFaR9hiB0+aLDLVQJeMff0CUmW/RR7za+bSKwRb+QNnp2rV1hAoN95LXvmlqACtSqwSGzL+KA400fgED1/06lKZTzDNm3S3Z6hXqsO69TrwMUA4XBg+a/cwKx0+T1jpHqM3y9672WdVdA+ngX0CE10zjsmoDB7t60CZluGwY7FG5Icbj4GcoGYo4EHK1wA5JzumDC++pBOEFXvwKXI00HAbuTCsUS4dY6YHrqX2zB2PhsU9PueymN9KZsfNjGYLIqJm6B364KDEcD66i7HUmGvMyZiDdBLOrdsCRDUWHaxzMgpLplO7Atro12W94fmNo5wDrt23cA6xKr+kzZH5+1pGxWbNBKHdnbYW1Zl/x+FHkm+swS19ZCqm26Df8XXWLxbwc7xtSI7HZRr9Xz0NNk2fIvLwH6AdoeTSUaUFX3W99P1egpyKgwSpaniI5cVvOBc+GoM+7XtNY2PVCOADi66o5p7+GFLEosts19hGsH4/SdvbKmyj5DGRMLGVYKsP6cukbogPzoWZE1Zhuativ64kuqHIFfKs636D8qzNmC0RxdQt2zcw4GUdnQeUak/MweKej+O50jt35rP2M+ps1H7zbbhsPLyoDKfeII08N3/X2zhJ+y493Rzic/Qx+2pSO99RxY5rgdHN88RRdZ1GayPbQtDs4RoZ7pUNvaPjJTuOoa5XIXO+dZLKWqvf0QYn7/ZmTLO71yIh+nmhdl2jlEe1hhVz7oua/RVFIm0kR2kbLr2P1AJTZh1yQRGdYxo/0dwMqX00eGXCkecZs7UCPuSmOMZpWK5Q3pwNRUZXgZz6ZsQUd/nnZBR01/3AXtT30CwULvDBWgWsU3Tiz8aKe5UfRWivZSZWJrVG6JKWoJd2TuB1gW1KuX/t8XHoWX/h8+rynk9secqnB2nifnEaPnjphu8Bw8rp1RawNycj8QzZpUTCyoUiNx1yHdk9DVVfwPsj7onp0Aybov8aKzDYErBWFtmfRKBZaY7Phdubi9PXYfIINYdX/0VzpM0Bof+MnKFVXT+COszu4znp5fwOjHF+gC1g+jRpWZqFnKCJ8vqPLDP+lOFuae5rw0aei4w8jOhttFn+lOp+i9O83+ONUref/WKOHdRrfsj7C3hn1OJFOu/3qFBF1Kw9wGliusRyZAaTJ1W6HOVrrFx4cL2q1ONgFqkODSO2N14/S6/iackKLZcoqKit3+Rs3Uww+jg5atNGFaV9GVToAMyVLpvHUPi6EAhlSppD7QwaZ0peeVXRzdQnB6n3SaJEOi6Qzuo8jPbyG1c/9j1JGepyF5f+m5B8dxEao1z9YpX/R+SNU7soPI5Jk9eriK3qZRpwLMPlNvUSdqbvBNO66k+yCBbP0RaYjXSYWub8//+vYG3dh3Cv0mRqavtNgmqqQ+BdsPGxnGFsQQWVHyWZ/kRD5OCKftQRYaOtf062xahEEaqB9B2ErBPVouVWzQFPIRlFyHR9MVZNRoAJz/P+6upbdxGwjf+yt4TAA3Afq6dFHAzXa7ATat0TbYozCmaJswRQokZTn/vuDwYT1ot2hkpdhrAlMfZ4bDITnfjAXbzNbhs4vyAIKX3hAzIIaOcLaq1pccIUpsz17M0G1PZPkxgXTisXfW1qbg2IP2KkOjKq8hEAr/g9XEtzIyX5Tm9uUfVhRVVXXVOnH/ErfHES6E8hT8lmsmhifNqa9YWgGyMOatGt66L3sf/jnMNnK0smg91bioFZ8jrToH2CMgiABB5U8DKFa6AylHhTOuXW4qfBWBnHmznalsc9pYQs/Dz5+Wv4V9737w+bShWKWHd/+T12zjZl8clGiuJYBl7OMsQ5+b1Bk7tvNtJLeG3HgQ5hardSCxN3bUHQxPEHR2NqK5kjf7FLA+S25DusBdn3RwYBozBTaNIFRJymrrDsp/eh2eKa/Qttf0vl7w7sAeW2g7oLXSlign348/L3MpuFmxT213Sm/nT7AcEgx6V6xr8MVOsoVifv3l99XjijzBseKyTG2982p1c5s9DbPXRPHMtMI0RrO7NK0UPuUpi5OnZ3uWY7GZj7D51iT8OOWrhx29y7LglR/fhyq9AcVFhGI+pbxxrYA44+qL5w0nYo4sx5Hk1Ksb70vcEfqNshtDu2o8xadH3cqTexfENJkUdTDknbFaye1PawF0L7ixrHx3H/62SP/lcsNo/l8brlkLIhvIwFp0fkNAlsQocsYsNdtyY/WLO9nP6SxqsLtQrD9hIEMMI5B4KTUXTE+E9nwtqnSnCnmKJxNyJm0nJ+V0426oumuqtWZCdE/zeUvv4emn33/AJYAr9sENSp7DoN2NdbxOBuXm+ODEcl44F6AQspQEtIaUf1/yDdJYbec7RDOBbz1Bx8hrzUUB4cJxImh/YfYKbfxVhfbsulPLCB657MO4rQJLd8xkg1clOH0p4ovh+GHwFVCxOFB6jPSVKTyUVGKQm1iB5I4sD8AFvpOdsu/Jt7jCYa0O2Sirh3syGdtQ9e0E3Um1gjIUO4iIPyhN2BGqWrAF+UNBxeUWeQWNxbJQsaNqDvlaKLpnZTG9hQytQSO9/kTC7lrGmjnIAcsZFXx3WQXBCCe1nKiAFrPrcfyF+2NIMLfsaO93thI5PGYHhdnBN9//MAWaj+xISr5lxkZ/0K/6kF/2cChKZn3338n0mkYMVwOUKt3pCkNAWn7gujGEyS2XpwYryGzh0tT+51k30MA0zpO4/R4v5YQgtXIC4p4UIFuQzgo71YjIzep5eRsM1KTnmlqrI3cRnMMNzkPYRssOrS9N1FCQst++N6mgqouSm1oZPopaX+N+8T2jyzo0CS/GIogIofqtbFkeAEsgPIFoXfC90irq8Wb5tLp1M6xBJ/uKe59vCvOY1EY2DDMofiQU3MIlD4KBXLhxOeWqwb38We6larMqdgKpPIbx/d1/lMjj5vT5xaiVWvha31KXT6tz6AxVejIXgoMNkWAOqEPgAyIMKRI33ce6kb/ilNlyIZyk1wJk1omXYIGyUVuAV8Duyi9ZwnuwQB7wO96lBzJg4IE2humvka/vYxINmw2nOby+g+Hw5PwKuOFUnDbK9BTte3XbRkom7r76OwAA//8VqLns" + return "eJzsvW1zGzmSIPx9fwWuI56z3aGmp93d3pu+3b3QSupp3dhurWW797mYiAoQBZIYo4AygCLF/vUXSKBeWIUiKQooyXvjDw5bIhOZCSCR7/kd+ky3PyPCNJH/hJBhhtOf0YX/b041Uaw0TIqf0b/9E0IIvZV5xSlaSIVWWOSciaX7OBLUbKT6jHK6ZoQiLpd69k8ILRjluf75n+Db9s93SOCC+jVnuCib3yBktiX9GS2VrLo/VZRTrOnPaE4N7vw8pwtccZPBEj+jBeaa7vx6gH39p0NFiZVuiTh/e9NgXv+pKegCqIkwrKDa4KLMBBZSUyJFrnc+WROVY0N7v9iDoP3zYUVb+IgJdFVKskKdhVosg8jRNRUms8tnLA8i9ZluN1L1f3cAr3Okqzm6vkRygcyKumXOUE5LKnLLSincz2CRAzjm1FBiV4qHn+WbBV7jV2C+wYr6pWh+LEZRmWaRalnWrHEAFyKFoMRIlS2r2Nj85WOLT7MO0n4PmVhIVWALABm4FwdQhUsLaIbP/2lHTSCsFN5aPGEBwPrWSgRsaG4xi4T+uuKCKjxnnBlGwyQsODaGCvoAImrEe8vVhBSYM8Jkpd0FOoCzJljMOovH4/tl+2uLNa4vdIfvGJZHc+rYzQyzvzkDmUrvcFFyCiTpkhK2YATlTMEebQH7Y0gjnOIwUXMpA787QNS/uy+hNeYVRWzhSRA0RwvGKdpgjWBJJBUS8ijuewCZBRA+NFyK5f3wvJCVMJbtALTBkQmEWybeB7lSSUK1jo9gA7hBcveAMLHk1J2To89zgzQ2q+gI52yxoMqe5JqRLCryzf3NGgkfnYZWRrjzIRXKJakKKoxu3riH0UJkUVaGqtnk788Z0qxgHCuQiLJEnK4p772DZ2heGVQJ9sXd46Lihll503xMI/vgM7GWfH3wwW+opXeGKoF5xsogqYMfH0FlDRNd39TE1luzkvrojcDEsHVff3yALLz2fK8U3AYq8lIyYRDTyC11nAxs8PPKf4bzXI2LmlMfUM4b64IJQ9UCE7rzxNtX/n6ctXdnljNdSs3ivp0X2NClVOwPXD+fdq3dh/Gbt/Ul/sYy+psLu4PfHEC55rElfCrUccP4gAKQgi6xKGZONke3CerD3oBHc6xpbg+PlpUiFGGRW0CGCceA60Nao2fHrMAkjdKLOW94/vb8AjX360jEyIjQeDTECJdVnjFJJlFcu0Lh+rcLOKuNQmp/AKdao4WSxRFGQou8XkllsiQk3FrQ3Q8lIGTnypXYXovpJEqNfzyh4SlgORWGme2syH+KR8Lby5/QCutVYBsegqNe4e8jHppfz7+PjuUCsHz10+uoeL766fWJmMKbjRVZsbU3uaY7tGAh+rWTvIIB4qY5z/WajsSeZ+V+Dol9NCQ+79NRkfo+RKfEGEw+W4MUM65nuCw5Izi+etUB7NyvHdSv7koumUE3CtBmtYf4kLYQJAD+S/OsACd+PCJusFnVfKZ3lFQGzzkYQjnnyKywARdRvb7XFr29Pd8GiDyBOquS1lZU3P2xkFFBC6m2tbbWP13UU3CkpzyEv6506V0g4z6xB2ufNd7OA7JZUYGw8DtjbdiHb8u0SlGJwTSJ8IxQpaSazClcuw1g1aNEksMP/s6IzCNeX/C2AB4Wrv/0nInljpZxPKZmpSg22aoShonlTNM1VcxsI8p+DxEpqituavnv1kV2XaTokmlD1fgDgC7ACY/eyM13F4oZRjC/H2FMEHjeMkVLa9Sk9fQ1Eqel0m6RW/tExO0PJkKbiTXVhi19ZElh8hniH1pXh0IaY9hDzD0i5hZcjXa9SF/Q97gPLj+r3pxGga6KAquYN8MBrKmQlSGyoLWXLy7yihY0Z5H1ofeUyKKgIge4EN5TVEu+djGxbvRvi0Dkwxt1nOtyjJLY55/lw9Pvj5N9puJvBRV5ZlgRvgz3z5/43aoFfYm6YAJz9gfNLdsJl/qgljN66g1WJjm+VuNsoqsn6GNM5FYplyqqR/6yiaM18AGgdmpygQ1ZwX+GOuWujtMG5N5ef3h/hYw9QuSQWdDbEv+lmAS+YdrUbs4dzPqStHMlKnHPo2QoWUEQKzXqzToPw/5rYXPBjKLZPnRPM0BCvm9Yy2ONri+f6QM8/Lq23HNyP9LRmVkvdwQ/7TOLRZ5xJugMq6ULg8d9By/eXKMGdJ+dF1xWOfrgJPb1bxdek3WmJ+QUHmDxvMxyvJPWiB56HK7aaK7kTlPtBEv/acBDl4ipuziEEzH3rPsLJEmCbPeZlLfn6Bem6AZzvj+bsjlsVGu8HOQqju/eXjbAzjWYeNjIO7YZVcFtaZI5qsWC3R2Jhn/Lfkaaat1XI/fi+Bv8HHO/HsILQxX6/yzCxyIKgcusiYrH4NytC4a2kfZa21twuUF7rec2h7IJosbF7bITnX0IgqriNLP/jIHUu06y6TkhVGt0IYVRkjvJbBfrKkbW+mX7PLi93a00VSlwtXAdXszpaj4M7th5FIbdjZ4MzW6I/h64FrgsaZ7VV6YM4Nn74UEBYxQW2r0HnnfXN7Vz9R64WKPvaK7tzXk/CedRmzOMrX3fAtgOUtpOwGTUCdTDZEe+RN7I3QSQ++xmF6vH2tIu9sfuaxfvFJvbxengDnsbCfL+4ugBoJq5PEIrLepygJdoLo2gxmK6WDAyQ78JkDlrqrbfcbk5Q/avHrhC5lRhQ8/Qii1X9rGBj9v/HEMWca7/bQzKfBhh2zx/45T90prcP6M1U5U+85/p02eU/DsWZ4gaspcen2oZKJM4kZqPPp2z0XuALAxv+l5MGClKKHIJYAFpOsfjcH3x9ma8aGVnwUHs4vQFLahjeT1CZxqx8unmXWdttLN2SBfAZaYokapXAXIQkQdo+FhrthQ0R5fnN6i/eJCVrb2Yhe3FlOj65ZFdvmNTcrlcOovRXmMuCeYIVzkz9jf7yKnJ7z+CR9Jw31eyfQ5bxkMODJwUzqgwSFegAS8qzrfN6RF7qSgVWzNOl3Qm+T3P8Il7Aa5WDJqlbpe3+iVZYbGsNXSvb0qeu6KR44gQdPMEiRB0c5iIeaW0mcn53ynpS7F0l6L2qLhlQewDHmiDlWBiufdCO4zZNMemi61VAtD15Uno+kzkTPVjBEllj09/dsgC+ppScQS2UizYslI0fxyE2/U7uB9GG6+Xj4MvXlOFl/RBjH405DvMDtCBOZebjjtyzwkvKo4NW9OMyEpMJ0yMNJgjUhdLdXBfMaORZoK4GKyXNlD0Z1XzOiJIsdpPoKGq6Lo8JiHt/Py8qWkGf4iiXyowq5ZdhPbhvaHzdSlmrk73Xn6ah+qRv9O5VRBcAS9Q0bh15tRalhoZeSzLfTBUqknQv258jN2Kcs1y79BrQrMucEuxyuVm7zaYSgjKp1Pkb88BNHquaCHtFXYOSqnQm1dvXvxTHz0XDFiYLgoPDwb8whQt5Yaq2hy/pAsqNH0iEYJfPlx+XRECi/A/IgT/iBD8I0LwVUcI0EdN0dXFrf/VTGAzY+U/AgcnBg5C7HzCEYUG3c7v73EE/hFtOIzT7rHo8/kfsYh/xCL+EYvYWfBgLEJTUg3KINx6Qbdhu2Bvufd44zV9YO6th4uuxuvC/ovEQ1KieN94yF5nRipE/+HM+CqdGbsuAia7p/rhLoLr326P6LzYBL7AiMo4u4fec6QxYTU0Z6JZ6HsF0QITKOE4EoXm1bu9urjfoasXQkaizYqRlXtjvctC0QVVGj3vJNafodt3b2/O0O3/f3sGhapa9sAupDKrFzN03gJ3/dwQRiusct8ycc0IPUMYlUoaSSQ/Q/ASutpbJBf9J9seqK02tEBaLowFMkPXBuVUSEN3bEivKBBc6fYswlf7ao4jczY4iL5zwawx82c9SSDXVG0UM/bWqYoOzutwk05vKdo9QsNmRZsVVU5SeD0IrbBGc0oFknNN1U6XqsYFsZOSe4iY4eXbS8r43QKsBd7VeMdXH1t/f+PUQvf7n+1b4R453B+sqf+ZbhHTVipDgJrg0lSe/wpvmosDUo/IgmpLNCR090Aj9EYu0SW1epEKE+JgDYqvTiVnt3mrJS0yYI9wYu57luu6vZuBRAe5QExog4Wp0dBBHANVVccgeKjm6kMnHm6XQNh4cYpr16wLE2H0jprfmRH2GfC7PxscjYZYvZIVz5Gga9ACmnNXYqUpeksNtqhh152nXer5G7nUL28w+UyNfjEAfwl9qvj2rInjY/SeOmHhTrjooDkLMnJouh7HyUP9CS9pqSgBXcFiktMFE9BKiwNarnNCgcswVoVeDqsVY55Av8dv/T2/vvzed/10ek5t19UVaphApo3bLzXYCKAOegD40wKfs9tRYmUYqThW8H2/sbPRkzEAfdJJCZ2MAeTxkzK6Jetp9+TVP/Zk/54E6oIibcjDrq+c/z0DQvrb8mSwW+NThF5y1BR1uu9TxM2yLdX9fxhm2mBDC9pLInkiyEGaZkY4HrTreRLoUWEGjRmeBGKrQPOXJ4EYE6chllZjqiXH0z1pOcWnSI+0bFtQF3CKZUON6DUhOzPQwNNiM9BDBkrCw6yInh4ygH7Aihjn4sDJOgkXu47KIPscuwZkRmIfCnDw3uwjU6jV1SBkVdNf9/LcNWovpCD2ccBGPnXLdkTcrFlacdjl7oVdhi3q9ob+QL6RSxeuqhOiKpFTBc5S6gXVgPQFu6M50hSyU3e+vLuGHjdY6k0YwH6wwdJswgD0vTZl6AmM71867WAO6LoHT+7Hg0FGRpJz+avUpisief9E1vNw/C916Nh0fEhfD38HsxiO4e7+AQ5dxl7frH9sap3GrnufuQPqjfxambvu97iNzt7X/++yd5C0kEQ29OWCc6R1vWU5wmjJ1lQ0TrKvVxEwwSl3j2+B5E9R+fs6IhqjDg1ZbjNFvyTY627wEDYY6PZ1uVduaXQDF+nMe7MNRh+2JUVkMIIHrBDKzIoq9PFamO9fI6nQL1xi88OrdvaID5BB1dWwDeWQ7lPU3a+YbgiDpjM+I/gXgnmUk1jH9cpfvYNBqg1Wgyr2aFpHR6J1yO5y8vrm046+h6HOt7+lqM5tcY+oR9vnS3UnsECBoWJLBqU77ju72soBPqTSv/YkRlzffHodYEE4JwdFYEGD0ZDLMV6f9qAOFcdTX58VxTlVk8Suf4Wl0PXlQ6KkDt9usBTAnBYrfdJONk6y5H42XCta162iBRfFmi4XknOYPfg1CmDLvUfIubFnjmlEHOvqGacdRfWN7KstaA+jn6DFV5D5U1FVC6kh2a2QAs23g01DdRa2BahZUfKt3yf7Yde0GZOVSxd+/idkVqpCr3766QWU0Gvqe1cXfb/XLieehPJ6BCd0KYWm6VhBvppT4Vop1D6Fqpg7oQeD6YMQ0HM8l2vaYQYTwczKWrxpoyguRu8P+WqOzSOziuas6utpMRj1TUhzbBwLbIGY+Vv16k/f/1k7kf6yBAFaI/23ATV/g+4DeEsVeoWuBMGlrnyfYmtS3kuuh6A/MPgRyK0MrfLDK/Svltwz9MMP6F8RkQpaA8E2uUXP0H/n5n/aDzKNdpnyTXALhcwDNedPxNYVG5oRzPkck89pNWCHXF0wgI2fPct0O3DId2EKIgqHI4NBP6n1QRjBiTlgDJhqI5XVrMXWaR32F2vMmRsEgkJIIdeJ3b4wnALyMErjuOTF3RsxgBwjFuivw56w0cgubLnE+VN55zw6SLM/KCqoUcPRAAiGhvc/DLawe+5rIWyffWxajdYN8LLbNkO/yo3dmqHNyQSSyhpjRqLPlJYHmPYkXryvhGlKQjHYmuVZnirq2vTUX1IBRdcayqoqZ0d7u3DNlKkwt0b7ju9dBFwcfsy9qyO0zHBU+Kt+fYmUldYaHCrANKyW1DQfO8gJrRIlPT06J+qWD/s4oZKEgoaCv50Q9t61V7r1573uKTbfjglKBM1qXCDmKwi8+JUyXXKWMrPhSZvzmg3U/iehm1mZm/C8uzLhP9oyTX/qaqvFPyH/NSKMTrws2GAo3wQxehj5KxW6uTi/8bqvL8plhRsrE3giv7o0iOppuD98lw8wxIdNKpFzpe6a8lX7ldZgd3oOWOYz9Oqn12gDfC8oFjDdKOgrAKc+qEmt/whtqHK9QhF0icHaICl65SK7THx0NfHrZmLgrqYI23re/S5VDoxzjS7ISkgul9t+IG7B1ECLRegnRFZYYWIcE+2l3gL+4DQXqBI+p4fv+MxHK2pjF3S7QH3KIMKe2CVYFIWb7lyHERTejMo0kKw9tRIT0FhdjMLPJ0eSEOiFCxC1wSLHKkdCqsJNkQzY8qoI8if3WQ4ns0hW88GTdC8mtVg3yLzkbEGB4oCBrymRIh9RsNvtzrRJ6WfZQxATRBYlpyZ4AEadqBgUeKNYTwx26s2UeaSDfGvXDh7nsaO8ezJHj18hhVlF2qa2PjVWzkub5ZQ/EuOvRJ6C7RbkH1Kk7rawRyza1WsV06XXfuhzeCCikt3oc2TonfGXD62p0p1yinxfHlhgfx962LYUxyKzLdMjUuU0OMY4zin2STb+mdLNirWOUWfaNB/sxteHr5WSxQygVlCUrwkVWDHp1Pqi4oZ9ZxhVCJclr6tf2l42BRZ4GSrNRYhDeGenrU/djwwx80wjuREuMmZwUfY9gx5jaN+q5DD5iBmNyIpZ60bmVM/Q20obMJO6QN3Iy5G8XGzoiZu0V4AtFhbvNZ1CE4JNrhd0vINWUFQQdyCwgPnMa5ZbzQbOQ1iQ3daC7EOPeWEi70qmJqOw3U8XC7qzJ5EZvq37XhkJ+ppFyvX23Osbjbjpoy6cMyuNG3k2GyzZpJPJKrYEKgaK3EMhNvyPfVVAg/xS0Wqyo2RPtztFrXzcYI0AiXzk3ABy38dmakSlYIehCWTasjAJXt9lkQJXGKYcH2gK7bmMKYp2gb6KDjWBrtR5RR7HhOyZj8E3ZvBc3uvNOVVsHpJrpwQL2gei1w0htiMIk4ESH0Ox1hVPHXYasaJkZYgs6EuHQ2O8QFb2oAEmsufCsWDHgBw5IHRNB92UJyOsXt0XAXYiO/tcPmmLFwe9A90r3VS6WGgQdyopYQvWGj5h7dZPAhg5U15XTp/NFNiAxsXI8rZgonZR5T7IEsTbm81TbcKnXSu9awlKhX679amxTNcJAX2/GvJ9YXvzN9BOlaQupWYRBcdRZwvMaZG7DlOQyl/f3dEuPBU3w37rjyWKRFVQxch9ZVGQtgmq2PYQ1q1ka26GE0vufg9IW1ORS+UTZvdSJud/f4TuNXVoN9AVv4tY+lrwAbutBN2PmJP0KXvVfTO8kL7q34sZ7+Va4Sa3WEiDMEwZsUiGE2i5XGZ1osqjCPX6IN5bqE/RM2VH9v0F0q2ga/XuWNguVqXkjGxT3549cuEGEPDNtQXfjsjl4KyuxAx8X3EKiIXFqRSG3qXWWBuEroXz17X9UHGea/sXPKowEhMQCjWAOfA4u2nCWX+scQJZMBa4rEcXN71CsDGKzStDOxJimKPvByFbbb37/IVFhy77A+gebrW4kdjT3xwwBPv5RX4+d0d/Cxi3zRyOuuGgbnO+1JqqGbql7cSLGV5SaOXtM90XUtU4DGDXYJzeTtzEDPf9Tt8KqdBcyY39Xf1Tr2s6s2u0n/R1foOVie2mawDH9qj4O9Wfdz7dnWpmmie8UrKkPqCY6i0+FwhzqkyTXaTaRf3PXHjLi49OEwBIQgoozDkSUnynaEnBktmX/QBmw5RPTj2kubFXTDPI+CVzEbY6/DOgbMPMyivLTtajS1hwDtUmAknx3VLaf+95Cdy4nYDimJBu3AkGvgQELJJygax0MIzqGbptZUp/sEG3sioNxheunK/S1ohxJaMu2Sb34tczHiPCK23qA+n/M9gm+ArTdid9TbT3b1jFF347rgJNrv24Gxa26F1bpnRK2bNDhpfF8hKwQFhrSdxkI7sbQXsSNuwN+0x/RhiVq61mBHOUM/35DJUKZqLAJLpnYUUZK3xK7eU9H3pXZ6NwQQ1VGpVYQxcvDY0cXC8CIovCSjG5E7QfltbsDNVDw6fJvQePpfF19jDBw+TEN5FFWQ3vYIJtw2jDRC43Pp+WSEFoac6aTIpRZgzIXFScb9GXCnPn/MxlgZnwUkN0FuJy5Onqej1jqUt7SLcq4RsmPtPc1wLViehYg3fKGyj2N980qM1Yvm/j+KArRFJR153s5NwSfQRq9H67fSy8fiu95xXdDtv1NEFnN3ku0WiEERerXxOwded/v6b9Q2RNe8F4+jvekPwLrNZcY0XzilBUR45o2N2mqWKYZ4HXNNkjcgtL1mpz/33sPID2hRn1C1DyWZ/UciCGx9ivbh+6Fdar5oZatTBQZViRlcv8rWtsmjLDixpSr0WYJaRZZqYVsd9q/j+sNEVWngvEIOeuEoRTrOyPoBFei5ovIGyH4LnCzsPRByf8BlM6n/iLRWQxr8cxy8XOg+XLRtU9Xi+YFzy1p6+rjQAC4x6/aQKkgStx4VZ3PRnHPaXOgkvuGm/Y57zM15fonZM0z33jBuSm7XXGqL4I69XOAf0YvvyO+/n6EljqS94aMTH0HuxG5FwaoCNh5g6RlQUbpsNG6lpvU/ay343q+gJtpy7s9WOPzNZOfOku2kHL15cHNdlY/rkDmqxF7JXIW412hi5cfabvd8rdL/Zrs4Cg2v3E9994d9y8Mk3lpjTNY1QJTrXjjHQPykaiNVYMz/mgCtA1ZWAClRyPCAJNhU7aH2VnQ7uqqlt5ZiWV1TDq+kJm9/n25fVNX4dGvmWs8yiM1WWfOFDw6FrINtLikETXwqBbthQYhMXIES2lStm89tlAftlDelPrbhK6OsI/LSLd2eX2lOUycHDe/fYBMUF4lVMrzvwgW/v1GXp+VQ8wvnEOEQcWpPcs7BeByNzksU1wTrVPSxgzpj9blfsEvO5RitdxY77zT8N7pj/vCbkaxZZLqtKNsAuz7FM3FuBxcCOaFdUryXN7epytPjJpdCf0PoFnYRh791L5+XunY7xomnFcX4bLSI6OzhNZlNnEeVewKz73Csa4Ov+erubfWXSkgPrUhZvNnVdkzErzaukjZY11MW+kpVTQecDK9Rq/kSlxfhD5oyiAw676C5h97h4iS8RIa+TnVohi9BaTup9yWLm1ImhSO0aK72oFVe2XQs7WjD7UWlGso+cGa4NNFUtxbvxRmPFHMzvs4nN5h1j+cvz9si9rNQWGFqOPg8bH7i5YLMJXt37HEk/fGxzyy+HcvVOeMyZkFSvG2akj0cvod8pK0phOh4FH9sfIgFN3Ztw5EuecW7mHdEUI1XpRcXRl10dE5lTbI1E3+w1bFkzk9C4yAzjT5jTN84GyBRYGU0zVSMypgvhmgRXjkMET8OC5+LtYIgxM/M5+N0iZSHAO5dw1F3okjdivjp43+ZwlVbr0RbdOwgxY5lWENiG+7vD0YqTI0Lm5hu9x6oQSp3w1SV7eV+U+bX+JmdAopwYzHnAyzGVlOt8bIU3yyXMza48tbvLYAI/xh9TQouTJsnnOUU4X2IeAfOfLOobvszWtVrymiuMtFHIZ6R9X9DxwI+0vwOr236aLugrc+eq1YaaCxowoSFhrGwwbNj30ukaNYnX8OwTHxjSBrCKyKOx9SnOMLhx0xDrJvqWSa5Y7/1ndRa6gejQRKpfk9EDj/b1lvzDeao2km5cXVg3uSkh6ehxZX6+eVtb/Xc5P9DudTN7/lnMfgAnfrpKla5x7CQnFbudvb67R9UCh6qKRrGutry7Zj0HEwq6mGnYZ1ZC+jz/M51aHlXsnIrK5zFNXfA0q7vpKh8cFWVxG1KNV/G4JLmQwQeV5xwXsS4ddAm0TD2FLljehnBEnXhHbahyUgUd4+eMpeQ3dZZXymaqne998dN1z6kAUJGvcUVJ1vQgu9WtOQ+WtdRemfYkbEzhCgl7xfNch0lRX4jVmHA8DGahxhSOor1xQpUYmLbg7dIqvP17czRsrhW8A5QKwA5J8uoFmy9mIRGRFNq/yfBvdP8OKLGodUAdupelpjc73eqniQ1RMRuxy0Cuxy3Q1RUEC093sVddzFVc5M01lXdsXzWMUGmzXVmw4UdKGF/YT6bLEYnNwPZlVfvHpCj33tRKfKm515TnjUMABeWBXd6XU9pMv0HdDR4PoR2E+C7kRO4aQpqSCZhbrXegjkzYJnsAF108Lvair3N/50qQ3dInJFn0cNdc4myv8GEX5fuEdFjOBCszEQuGC7k3HKLGCqb3p+yTsKJc3sCx6J3OXHN22BexknQWQQge0L0gVsIxIZSHt9o17Rzfo10qAKflW5pSj50ysZ9+eISbJGZrbv6j9CwvMt5rp2bfh+KIhZbbgeDA5P7YOtavhX9wgWBR8XSAnt/XwK7nY26jByKSYup/OPZ51GwRNlT3IQYTWRVy528Ps09vfsaLog0sA/vbbT29/P39/9e23Lud2jRVmo2dyI9XnmCXLBy/Y7/WC3QjbqBMMi9hKhK/ZidulpHkOMLHPxTaBCbOQigrNSEwB0nElJcC4iO8FCcQHYgHNNpgNhxM/2DsAvc9jA7XXJ3aJuq7miS6FmefaqNiV71Cvncwh1n1Lo72jdc1HOifpqcUu7WCwgUrji03auhdf72JBLNioo6kmNZkj9lRSg92IAmT2y3vCQvnkfoL3d1xY5L3+/364aqsyu8l/j3LE8o6P3iOyF8lHORx1HHcfflJOkLS1s7Mdu/S5aTLa6yw76JP5Atxug5N7ODJdt6xmU8TDoOhrgRm3vK6budx4mXF92a1tg05c1hw0dBloYTCeVVjnXGdWRTyBnlMSryHd2lcfXciiqETfEzXATpzWuOmh2L2jd+YvNKxTN7jp0zTrh+J2i0X+7zIcNWtxM9iwUyTDg7EbLryDnK50yQiT0bJEp7LgAfsNVmIYdHjqqGtRlJlMJYxv3729Qb85P2qblBpG5MukqQS3//EGfamoGundWnGRKdrv1Jk2uaHjEN2i93XRWTCtq9HSScSHtAtUxh4jYIGWJzmODkE1geDYg+Hm8Qc0YI5VkWC3LNgE7gVcRixAboBWebSptDsw43a72gGdY9PXCh8Kd04FWRVYxSoraeBuSzwYX/zg6BMmg3SqKDCzVfSzQOgibgFVA3ixhFZLCcDK+d8TQC1x9EkYruNU9OMFQfeMxX5wfOe2glrVMzrSIsMEBqPELz+xsLWIaLx3AM+X5fpHcWdW0d93IjJiVJbrqH3XO9At5NMiT0cAXnMcXWKIjIolExGLIoegU+RGi2yR6Q0zJLr8ENmCy43GRfzclS5sYdbpoCeIuhCRMZFSnDBRUlXMt9ES3gewS/I5DfA15inOCiuzUkkjs/ghKYC+/jEDj2N82DzZ3eRymeUpmG0Bx89/IyIr8F1mTCy3wS5ge6I5TfAoFEwkQpqJdEiXXGd8zrPYYdEd2H9KCDx6Z/AO7Ni9ELuwY1f1dmH/lBD264Sw/zkh7P+REPaf08A2suR4TlOIlAZ6fPNMZEXFQfmebxO8kzXw8nMCvaSoOFsWZRrt22qZmC9jJyF5yCyFUqLpFxLfNyIy7RISE+ygViSNNWkBp7Em9VZXZYJZpEQ0ZdVJTFUjjTU96F0CEWKksYZZKthg1iQBXgl2J7CQmpIEh3D92nIl0aOwfi1Ls6I4T+BWk0WZEZ7Ah20BJwiSAFw135r4blELWSeBXFZZgpgGUcwwgnmCAiKd4SUVZBsx66oLW2C+/YPm8xR4rzNoA5oEsmsHkwZrl1ibBPp8Wa5fp/FB62zOzJ+TNBojOos7K64HWMnoolonueYAlRIVv8pNOx9/tFlbHcDUrJyfP75zxAEHtS8JcNdNPl4HuQ7sBeM0hQ2js0WKTWSLmMXZu4BT6AY6YyUkKWZJRB0r1z/m2pSDZv6RYGtFksDmbEFTmDEaHM0FzVm0gtFd2EykOSWFzCtONZEpuO2Bs2UC2SRLvcEm6sz/DvRQBnkUwIoumTYKx/eEtLATaHyKlqlYrZLxWkMncpVIvrrMfHfEE0A3iuIigSLpSoFSoZ1Oud6sJNOZmzAbH/oWK5zkgOcjhbAxIK/dfPvYcJk2WESfc5xrM69UrGGBNVTqZgWlgFpFxzW+Hl3XJMcGC5MbFvGHXZ/aaWAfzCXO89h3gOWxw6p166AEbxErMqKkLJJ0JbKAE5hprMjSJEf6jkcp2Fx+jt6eqdTxW5ayUpeKRQbKsWGmip59xpmg8VrstFB11Ik6DVwovo3v1uLSdT3NFlxGf84b4AlS/q3NG13qWKAJJI61oROgGj03gctlkqMrlkkucClVbAFWzKtlimtWME1SiIVCJzmwKeZACGqguVJ0uNFluGsAHTvjz0GNnY4nNpvYFkiSijLpBkBHt0RlfM1IKrbMAvO4Hgx3I6iK/2aVmRvKGx1s1MnULVg34jXJIUtQuOln4sQWBh5sbGlQZs6RFB1drLX9ZUZWser8B6DpXcmiBwJKqoqlwsIMeu7GgLxJAjj+0+s6kX382JsCGgGwkssM6zLiwIAuaIVjQ1UU8xT6naIE+OC6jiYCHp/JFnLcFq4dyFLlCTCO78jUCXzD2vmGE+QDaBo7EcANPE5gnGj6Jf4BCDVojQY1gSml2TKB4NVlbC+bViTFPVAkj65Ia0VCXXEjADbxRmx1YVY6elfNNRGxCyWC02IfCtQ16YxNvlma+MfKAY0f0WtmesaGuy2jd2ut8nmSPPRK8QRvYaWpynIWu+o9ydiKOjKUgg2GaIOL2N7gdcaENniRQDNYM2VSqOHrUiRo3WSkqkRMN2uoLVqgo+h5ZSR6Xwk0WLrJHkk4LO8T5ixHF4rmzKALrHLfzVBD+/cwOm5yVkIujU0IBTAwRB9BfwMiOQqV6jT5EEyk49xVUXK5pYPBggf5t5BVtKbeR54xy0PnM4J5Z4ou6R0qcL/RQhuLFcuqPwwkOZKcaRjOUK/utx4aKCFdlaVUBg0bjyK0WWGDmEGloouxo/CAtNz7DKEIMd5bHQ0KiAnf2X2kLzRnIvVE/g6qdrUunhoZuaRmRdWs/bxeyWrwoiEk6JqqZhyRkajESlP0lhoME8HdXcUNC56/kUv98saVvb5Al37E1xkyq8CUImgG/J760ceAtkDvqPmdGUF1eJ+HhzoJ8xYwsru5RbC4I1ZTrMhqxgQL4gczdyfor90TnzALA5IhXnJcCZj1u6xgjmvdxD3cwL3Xr30PTenbcTc0NU24/fziEWPfbkQWsabpuM6rsCz6QO8M3Ioxd8EU06hHBFI7uO4dTKgWfGTiJXTPTTgOHPrnamqQol8qqs2ept2nZyvfv1e+UxlgLI9b1UnsvkeqyTvddafsw8lhBLGxnZ9Dh3b9c5DymLP/D883tItdX9ZCAdYOnw2wGuIl8d7zCNvHZY41RS5du8EGDW5Vs0v+G4+Dr2hGwTeYS+Xa1wfZiBDWSFMK487w/nlVCguNyQTjfQcdpt3SAtTe9tCQSsEEtH1Il1QVzKkbUyHdLukGc7A143RJEadryhHWmi2F27h2Xn/46ENL5keU37D+npM+f5RJzxazSrAvFe2PScThy9fB97SOiadNQak1Gpa7C0mkEBRyK9CGmdWYoEAoUBnSaOyKnlRedG/TwrIT5EnzRHG5ZARzZDEYMX0Ai8fFDpYaGdP4eLwrV1sdRq+TzraRvazW2A885gzrbCWT2wTOiGvMNZil0g41slKxO4In3A8AuUtjsYU3zQ9iIZxiNTvnWlpDfOe+XUKwHP3qvzFD52Lb/G8A3YAtr4VBOJ8RWZSVoSoshpO48S1h6cyzb/p7ATMWdzaEmb9Vr/70/Z+t7XvZ2Y6aY98E0fbnNIsbMTvWcYO3VKF/bnxy+qVHA5AL3/rY9T/pz7xocd459Xv348Tk5UOy7Vl/YIpdZ4be/fbhytJOFXXOE/CX5kwTRUssyNZqlV494/1cEAQcOkMf3v6MroX54dUZun53efWfP6OP18K8/hE936y2SFBmVlQhspLaj0qTSlFi4FPfv/5f/+3FsyBHqFkllHF9foBMnRU4PI5HJz5997zmt+4sXtdIha94/rSQ7sqmA5if2DDu6Ac+hG9PMW2tk09MmQpz9Ob8XRDZP6Sg6XxZp52M/yMFnYV5a9H9akQoEHJYeMIWPMU3eM8+LLGhG/wII9LhdN+g8zxX4Kd1pzyETvP0kqI8Nc750FjI9cXbG/cqjYbHCqwnjH7sOJWcpurfbnR9Y1EZ8X5ZHp44CSIKD+3a4zysNbHMTdeaVkB00MV5zuyHMW8Dtp1Z/uF3bsIDYE1CuODS3/DL3SMwQKXNtU6i1x37pGH0zmN4I5VpRPJA6OYQYIMNYGZ7WPLqiXnv6GFiWT8mNVlvxxgvaMhunMqL67EDyxdrLQmzKqfzGw10HGTlssJiSWeN6USkWLBlpWiO5luASUUOWUNhOVOe2HpgUDQ6oi0HF10k6HfAI+r+3RKu6A4ARQtpaOYzu+PnGcVnbS50hjOXip8AdGlUGuCLBEdikaBamKe4Dqn6n5QJmIrzrPbEpVPL+xa8pWPWX63rTHgEDfbKrKgS1KAP25KeoY/1M/YGHGA/oJvaATZ4CX4b09TqUT0TKBMjpnGNtPeLnyHMeVCZKNsPQoIbVpCYt6bKvoFMGIm0gcecCfTxelSgEEiQTSavootsC1SWCca+WcCK6tgZvRZsghIX9yLGTkUHf3sCbN1ohYxTsYw+KRJwtspHQi10RAN1Kg/mnQCMQATSCRYIo1+k2mCVD+d0I3S+hGQvhbC98XeQSzenZkOpCKuekbsm3jfGLQ3m3VCdQwZBy3jIjBhQyITPc4W0hIIZK5b8iI0wiWuOxRRx/CMclHWCSMdFOSBw12XZRlLW1oJdggG7+/LEjlRSAl0I1vH6wR0XscfKMFJxrBD0i0Y1Es+v7n5+I5dysQhPf6ckMyuafHt3kP1gF3S3sYP3lcXbontemRUVxieLj6Ktq5idE45L6HFLjqP+UVM1irCsDJHTctovOY7wbUUI1XoEZ+g8flpztNMSTwAvZFXcpVRbFChMGOA2hXDawZH2cLRSCQJ8upTCvitWboWUw+aLaKAo7VK1jtePbuTdxMh1LYWaAc5o3tDj/TA9fZgJpJmpAvITQXEB9SLaQ11hjXAuS/u6mBVlCsmNaLfMMc7gOylkMZJXCzM5NHMt6qdVIqxyz0Ru5Y9UumEARr8wTtG5R2w2YMMxzl7REObu5GjCeEP/o6QrjLLg1mctxOVCiMYAI2LWuz+AES5f79bXa8TmxHhC6FymrB4IED+nK7xmsgLtksiiVLJgIxmKdGrkrgSecygiW6CL/bgxsW7ETkIk+xjuaJ0oiMAOhlGHy5yAYGD9Br/Uu9t5Zdv7Nnrs2jLLSph+OVtsjT6HMvCMnGLWH6UFwXu8pIIqRmqSgCGQ6NdPLWBmBU9taLYb8sjOyPczbdR48LOm6ZS2W49G06v9NHn1wq2VkK6gadoY4YYVVFu57rQ9RUs6GkTyuxCtKcTBjYDGgw/cBnXk0Tqld/ejHa0fjqPp+0xHG3J6NGneYXyIwgFtQHErEI4QBl8vda8OUqcm3Tt30aLQpg7vXLReqtMIkANyvBEgX+9x/OHwlsUabTDNlh0nH9WkEiTmHTtCfkx6HGPSNjiMjVIPJWg9P3X0yp3KrLKCmpV8hCgJ3vEkI4eG/9johkMvJSWTep32RHXeS+79tRaRPecykSfkP2c//elP6Pmby/ObF+iSacPEsmJ6RXMohQ/iwuVSJu8LtC8SBtmyC4eH32b44EjGmJKJvYr76j/troYwaG4MeOSjDX2+z3UhkPbf1P12HH+AUyhmikWoTXqbKYZ5rO50PULe45xV2q2ApEKaFYxj5cSTFZv2DhF418PlVXDPNcun7DTSzZT/aA9C7UXs9cVsL3m6Ootzse+uQ1jDVxp2/L/eSQS/GZwF77ihnbKMPOzKlCplYsAgZAOslmqJBftjT1a1SHcUjmX2CZzunqkRdi+YCtaSJur684tdDl4L1+LL9S7ayWr+lWJuVgQrikpFc1kwgYMFdx3xdIMNo8Log+nxHE9J7Rv8qMS61o+0THRw7dV5ZgVXiZWBZkgtqfvF6oTNjrywOUaiLmhOFTY0z6Ille05H1b4/FKv2ATPbpRcs7xpHuY/h8uSe011cDB88x/7rO3qtGEFpyWS5RNR2Szpe/2Z7QiZweGhkDm5Zi56vuor7iMt4BqlM+ZQ8PtqnvQOdKbOlzqV0MsAoU5HBY0Va6SNVE7iW2gFNRhWewafmtlPPQtTX7A853Q6KfcW1jtWzgW2tyP3TpJz9XiMaci98at1OgyJbR2dPUMlx3bL7PssFaKCqG055uWHVMgJ7MkjMuhUY1v+KrVBbzFZMTFi0uU4keT4ps/rjwIy/UtFrfiw+pFrcqZn6E2OS/QJ/uP0o1wKV3f6t+HjiVZ4Ta3mxClW6EtF1RZBD0JdSqFprVGFi1MtvRl8Zxp56XvgEQtZsboLpHDku75843jWJE2AanuA3vvmqMdiClOe0jrM+me8bi2908TI2ob+4WUaqUqIoB2rz5qXx0WeXRupkRo7DzHzFmb6jcBow0QuNxrpkhK2YMT+5ixUJ+jzZIcXxJLn8G1zbtBz6AhLBWmfIQhdvuhwC1UC3vE3dInJFn3Uu41vmwhs0S+kjZ5da1eYwGAfee27phagArVqcMjsizjgeNMHIFD9v1NpCuU8Q/btkp1eoR7rzuvU6wDFQGHwoPnvnEDsNHm9Y6T6DF/veq9l3RWQPt4FdEjNNA67JmCwuzdtQqbbhsEOhRtSHC5+hrKBmCMBRyvcgOScLpjwvnoQTtDVr8DlSNNBwO6kQrFEuLUOmJ76F1swNj7b1LT7XkojvSkbH7YxmKyKiVvgt6sCw9HAOupuR5IhL3Mm4k0Qi3o3LMlQVJj28QwIqW7ZDmyLa6PdlvcHpnYOsE779h3AusSqPlP2x2ctKZsVG7RSR/Z2WFvWJb8fRZ6JPrPEtbWQaptuw/9Fl1j828GOMTUiu13Ua/U89DRZtvzLS4B+gLZHU4kGVNX91vdTNXoKMiqMkuUpoiOX1XzgXDjqjPs1rbVND5QjAI6uumPae3ghixKLbXMf4drBOH1nr6ypss9QxsRChpUCrD+nrhE6ID96VmSN2Yam7Yq++JIqR+CXivMt+o8Kc7ZgNEeXUPfsnINBVDZ0nhEpP7NHCrr/TufIrd/az5iPafPRu8224fCyMqBynzjC9PBdf98s4afseHe088nP0Idt6UhvPQeWOW4HxzdP0UUWtZlsD22Lg3NEqGc61La2j8wUrrpGudzFznkWS6lqbz+EmN+/GdnyTq+cyMep5kWZdg7RHlbYlQ967ms0lZSJNJFdpOw6dj9QiU3YNUlEhnXMaH8HsPLl9JEhV4pH3OYO1Ii70hijWaVieUM6MDVVGV7Gsylb0NGfp13QUdMfd0H7U59AsNA7QwWoVvGNEws/2mluFL2Vor1UmdgalVtiilrCHZn7AZYF9eql//eFR+Gl/4fPawq5/TGnKpyd58l5xOi5I6YbPAePa2fU2oCc3A9EsyYVEwuq1EjcdUj3JHR1Ff+DrA+6ZydAsu5LvOhsQ+BKQVhbJr1SgSUmO35XLm5vj90HyCBW3R/9lQ4TtMYHfrJyRdU0/girs/uMp+cXMPrxBbqA9cOoUWUmapYywucLqvzwT7qThbmnOS9NGjruMLKz4XbRZ7rTKXrvTrM/TvVK3r81Sni30S37I+ytYZ8TyZTrv14hQZfSMLeB5QrrkQlQmkzdVqizlW7x8eGCdquTTYAaJLj0zljdOL2uvwknpGi2nKKiYre/UTP18MPooGUrTZjWVXSlEyBDslQ6b93DYiiAIVUqqQ90sCld6XllF0e3EJzeJ50myZBoOoP7KPLzW0jt3P8YdaTnaUjeX3ruwXFchGrNs3XKF70fUvWO7CAyeWaPHq6it2nUqQCzz9Rb1ImaG3zTjivpPkggW39EGuJ1UqHr2/O/vr1BN/adQr+JkekrLbaJKqlPwfbDRoaxBTFEVpR81ic5kY8Twml7kIWGzjX9OpsWYZAG6kcQtlJwj5ZLFRs0hXwEJdfh0XQFGTUaAGeDTTXZhM8ulmvMWe4OYgCJviCcrKv1PkEIHPtMt7ovtiOd/DqBNDLslTGlzhjMoE0CGrYyBUMIfgK3iS1FXfkiFTPbAzeKyKJI2ifuSLwdHt4hFC7B3zBFed/SjO1i2XAsMq0fa+CtXdnJ8N89tXWNVhBbV2qclZJNkVYdQthhgAADQCpsDQBbyQoLMWickbrdlF8VEBmJ2U7Utrl5WPzMw9/fnL/z797L3vLNg2Kk6vv+o/dsY/pztpa8SsWA83qOs/BzbprJ2PU430owo9Fzh4R+Ad06oLC3nqjbA48A6SA1vEokzd54XD8KZny6wGy36GBNFWQKLCqOiBSElsYayrduD0faK2w2KaWvY7w12OsR2hbRUiqDpOXvr/9+HkrBDbI99rmTajl9gmW/wGDHxTrHrtlJsFHMX65+u7m+QW/xXcFE3oz1Dm+rpW3yNMydIYojZHkyBtTtI6tRn8Ili9HTs12VY7aYrmDzsYvwa5KTqx07zjIvla8vfZdej8VeDPl0m/LIvQJqiov/8nXDTWGOyIeaZOzbDf4Sa0I/UnajH1cNVnwT1C1cce8Z0lUgRR1r9C/aKCmW/zbnmHzmTBua/8tL/7Oz5rdMLCgJ/2rBFN1gHlRk8Jx3voOwyJGWaORYKrpk2qitteynFBYlNivfrL/BAfVxGCAJTqmp0HSF0K5ei0jV6ULe6JMN5lSYTk5KjbcfyDhrpqnNepd/HPcxvHO6wBU3GdyJn9EC851S5B2SdjP433WSI+pJke3I+LZszSi8WDACgwTmlAok59A3otPQq9kXje9BTP9iHyBleOsbl7HFWiRWJwuduk3SiERReIMKqjVe+r5ERFr5DQPMQorkG7lEl5TIfCTs42FF91G5ns8RE5h6CE8pjaAI075ocoGY0AYLU6MRtvENO+kRz4fvVFAVh3vIrHVrXJ1TO54AraxtCxN2f2dGUK3r3T88BUHQNVXdBhUlVpqit9Rg0NR9zW2z1PM3cqlf3rik2hcD8Jc+HaxVKzB6T52wcCdcdNAc6SRD10lcOA+LNhd6mVZ59nv81t/z68vvfcDFtX1rrWvoCXCHiUFcLt1+DfvaAHUwydqfFvic3p07ZL/vN3Y2ejIGoE86KaGTMYA8flJGt2Q97Z68+see7N8Tu2qaDXnY9ZXzv2fBXldPBrt1qlDpw1BTNGVW7MPZlur+PwwzsP3SFdw/DDlc5cxk0I/6KaK3azg9IcRWESfqRkWMidMQS6sx1ZLj6Z60nJ40LDYt2xaU5qmLQMbDFt22ia6RJM0HeshASXiYFdHTQwbQD1gR41ycvs68Pxg3yD7HrgGZkdiHAhy8N/vIFGq1jw40arRq6Pc/2u4atRdSEPs4YCOfumU7Im6gSV1Ccdjl7oVdxiW/dO7zG7n0Y119FQP0krMmiKJeUA1IX7A7miNNYdLuzpd319DjBku9CQPYDzZYmk0YgL7Xpgw9gfH9S6cdzAFd9+DJ/XgQscXCnnP5a51X6k8k759ITUXTeZjLpQ4dm44P6evhLzvlgA2+NMrY65v1j20/wJHr3mfugHojv1bmrl+nZu/r/3fZm7j2yfO4LxecI63rLcsRRku2pqJxkn29ioBl0Wn+i7QWSP4Ulb+vI6Ix6tCQ5TZT9EuCve4GD2GDgW7fzO/K9xS7gYt05r3ZBrsKa4KHEmRO6+TRj9fCfP8aSYV+4RKbH17tpnkRKRZsWanx/JaW7lPU3a+YbgiDPtWySbCMJ+iZMZYdU1cTfe0OBqk2WOXJlLr9k+qdQvJpR9/DSFGOh6lprrWqf0Q92r4ZJpxU3Xb5kIotmcC8/s6utnKAD6n0rz2JEdc3n14HWICC3WRRBBY0GA25HOP1aQ/qUHE89fVZUZwnLK/fMe1gKXR9+ZAoqcO3GywFMKfFSp+0k42TLLmfDTc5uK2iBRfFmi4XknPom/o1CmDLvUfIubFnjmlEHOvq8XAdRfWNHI6zGGf0E7T4CjJ/KqpqIbWpC/fm28GmNZO4LEDNipJv/T7ZD0MyM8VkhTTLKXr+J2RWqkKvfvrpBdpgP0qoXmUPJ56E8noEJ/xcnWSsIF/NqXBDVWqfQtN31V5lHYSAnuO5XNMOM1i4RKcWb9ooiovR+0O+mmPzyKyiOTupacIhRn0T0hwbxwJbIGbqvj8g0l+6NqE10sNxVn9DUC+ypQq9QleC4FJXHDfNyu4l10PQHxj8CORWhlb54RX6V0vuGfrhB/SviEhl9WXXc6Aepvbfufmf9oNMo12mhNtfCJnTJ2vrig3NCOZ8jsnn9KVPORXS1KPRwK6wTKxrXsA0GZtKB4cjeTMjODLQcBtzwNjNsTdSWc1abJ3WYX/RaUYRQgqhhaxEbl8YDgMZNHQEOC55cfdGDCDHiAX667AnbDSyC1sucf5U3jmPDtLsDxhGqRgJWB3eFO5+GGxh99zXQtg++9i0Gq1c1Ns2Q7/Kjd2aoc3JBJLKGmNGos+UlgeY9iRevK+EaW4wRbZOOfD8qpY8MJbKzacWMIm/YxeumYKRqdeXu753EXBxdGe6AzMcFf6qX18iZaW1BofKcLbI6PT/hhPJ6pkfnRO780hG8uWShIKGgr9tfvUeuuE3M5qJotgPAhoRlPZPHYj5CgIvfqVMl5yl7l7yZM15zVIVwj4wRfq0plHHnne4dfYNqCcC+VNXWy3+CfmvEWF04mUwLmiSGD2MAJIK3Vyc33jdl2Bh2cOKUqq+xovgifzq0iCqp+H++OieKjDEQ6Nu0dCUr9qvtAa703PAMp+hVz+9Rhvge0GxQJjzsK+grn5eoNZ/hDZUUQcWG8Qp1gZJ0SsX2WXio6uJXzcTA3c1RdjW8+53qXJgHGQ1UbISksvlth+IWzA10GIR+gmRFVaYGMdECu2LLBZugjuqhM/p4Ts+89GK2tgF3S5QnzKIsG/agrUoCqtkSlGHERTejMo0kKw9tRIT0FhdjEJ4n4MkpFI1RG2wyLHKkZCqwJz9EcrvlaoI8if3WQ4ns+i4WXh7mNRi3SDzkrMFBYoDBr6mRIp8RMFutzvTZoKG9iGCmCCyKDk1wQMw6kTFoMCPN5rWBivzSAf51q4dPM5jR3n3ZI4ev0KK6J2Q80GCxIObHoj8kRh/JfIUbLcg/5Dikbrn1KvXKqZLr/3Q5/BARCW70ecIhnH7EeS+HW6NXb4vDyywvw89bNv+KPCHg1SUSJXTPN076JNs/DOlmxVrHaPOtGk+2I2vD18rJYsZQK2gKF8TKrBi0qn1RcUN+84wqhAuS15Xv7S9bAos8DJUmosQh/BObS86pByuGjHzTCO5ES4yZnBR9j2DHuN6atLw9hmNyIpZ60bmVM/Q20obMJO6QF33rJG8XGzoiZu0V4AtFhbvNZ1CE4JNrhd0vHND0wRxBwJb1Tpna5ZbzQbOQ1iQ3daC7EOPeWEi70qmJqOw3U8XC7qzJ5EZvnXEaiv0rL5mkYIDut83GnHTD3T7ruXZbLBk212tii2BiuijOBv+x74qoEF+qWg12VGyp9udolY+bjCMPa26Dbi6aJaAXKxRDw1TIyoFOwxNINOWhUnw+i6LFLiWWQJUyyyF9lzGFEW7QGON+mihJtCVOq/I45iQPfMx+MYMnst7vTmnis1Dcu2UYEH7QPS6IcR2BGEyUOJjKNa64o/UNF9WhsiCvnQ4NMaLH+AyOCFYeBbsGJAjB4SuqWImdWvQse7TfnVfBDg2mrTn8pl4cJt7pZtKFwsN4k5u1H1r+IS1WxfMGeup4nXl9NlMgQ1oXIwsH0yGbSbBBvEOTZFJuAmfdq30riUoFfrt1qfGMl0nBPT9arB+vUNjVZK6lJpFFBxHnS0wp0Xedhdu7u5oF56Kmyxd66J7iiJRFVQxcl9ZFKRtosnPR1SyNTfDiSV3vwekranIYU7yQbkl539/hO41dWhXDqfTdhFLXws+YDfMA96LmJP0KXvVfTM6CdaLGe/lWuEmt1hIg3AzSS2cQMvlMqsTVR5FqNcH8d5CfYqeKTuy7y+QbgVdq4dtvxvFX3JGtlNM2xmRCzeAgG+uLfh2RC5XPGXedJiB7yvf/D8sTqUw9C61xtogdN2OCqirq/Jc27/gUcW8RijUAObA40xWWCxpJugmtSwYC1zSTSfUD0qIMYrNK0M7EmKYo68d6lZb7z5/I0OJSxxN2DWc44MJHZPcHDAE+/lFDpmu/hYwbqECzDKsbjio25wvtaZqhm6p25RKUzXDSwqtvH2m+0KqGocB7BqM09sJfB+573f6VkiF5kpu7O/qn5J6jqM1u0b7SV/nN1iZ2G66BnBsj4q/U3JQHTrVnZI8b2eQJrpSsqQ+oJjqLT4XCHOqTJNdpNpF/c9ceMuLj04TAEhCCijMORJSfKdoScGS2Zf9MMVclN0++qFpKE6Pe8lchK0O/wwo80M1WlmPLmHBOVSbCCTFd0tp/73nJQAlJQsojgnpxp1g4EtAwCIpFwgmzDOqZ+i2lSn9wQbdyqo0GF+4cr5KWyPGlYy6ZJvci99mmgnhlTb1gfT/GWwTfIVpu5O+Jtr7N6ziC78dV4Em137cDQtb9K4tUzql7Nkhw8tieQlYIKy1JAz8pXY3gvYkbNgb9pn+3BlkCIMLz1CpYCbKGaKGPAsryljhWAOrDwSxYClqqNKoxBq6eGlo5OCnScuisFJM7gTth6U11JC96p57Dx5L4+vsYYKHyYlvIouyGt7BBNuG0YaJXG58Pq2fNnnWZFKMMmNA5qLifIu+VJg752cuC8z8IF6gu16Iy5Gnq+v1TDTAfjAajonPNPe1QHUiOtbgnfIGiv3NNw1qM5bv2zg+6AqRVNR1Jzs5t0QfgRq9324fC6/fSu95RbfDdj1N0JmqgvUHO6V2sfo1O2Py9mvaP0TWtBeMp7/jDcm/wGrNNVY0rwhFdeSIht1tbqZ+FnhNkz0itztj/PvvY+cBtC/MqF+Aks/6pJYDMTzGfnX70K2wXjU31KqFgSrDiqxc5m9dY9OUGV7UkHotwiwhzTIzrYj9VvP/YaUpsvJcIAY5d5UgnGJlfwSN8FrUfAFhPfm1Luw8HH1wwq8a9nl60i8WkcW8Gd+72HmwfNmousfrtWaq0lN7+rraCCAw7vGbJkAauBIXbnXXk3HcU+osuOkG1zov8/WlH8GNnvvGDfVsSlf0a3F7EdarnQP6sQb8e/fz9WV3vmsjJobeg92InEsDdCTM3CGysmDDdNhIXettyl72u1FdX6Dt1IW9fmzhjO+Jxx1fNAuj68uDmmws/9wBTdYi9krkrUY7QxeuPtP3O+XuF/u1WUBQ7X7i+2+8O25emaZyU5rmMaoEp9pxRroHZSPRGiuG53xQBeiaMjCBSo5HBIGmQiftj7KzoV1V1a08s5LKahh1fSGz+3z78vqmr0Mj3zLWeRTG6rJPHCh4dC1kG2lxSKJrYdAtWwoMwmLkiJZSpWxe+2wgv+whval1NwldHeGfFpHOXYZTlsvAwXn32wfEBOFVTq0484Ns7ddn6PnVHS5KTn9GN84h4sCC9J6F/SIQmZs8tgnOqfZpCWPG9Gercp+A1z1K8TpuzHf+aXjP9Oc9IVej2HJJVboRdmGWferGAjwOoJ2uFNUryXN7epytPjJpdCf0PoFnYRh791L5+XunY7xomnFcX4bLSI6OzhNZlNnEeVewKz73Csa4Ov+erubfWXSkgPrUBYybkXlFxqw0r5Y+UtZYF/NGWkoFnQesXK/xG5kSh1W+wepxMvSGXfWtdMX+IbJEjLRGfm6FKEZvMan7KYeVWyuCJrVjpPiuVlDVfinkbM3oQ60VxTp6brA22FSxFOfGH4UZfzSzwy4+l3eI5S/H3y/7slZTYGgx+jhofOzugsUifHXrdyzx9L3BIb8czt075TljQlaxYpydOhK9jH6nrCSN6XQYeGR/jAw4dWfGnSNxzrmVe0hXhFCtFxVHV3Z9RGROtT0SdbPfsGXBRE7vIjOAM21O0zwfKFtgYTDFVI3EnCqIbxZYMQ4ZPAEPnou/iyXCwMTv7HeDlIkE51DOXXOhR9KI/eroeZPPWVKlS1906yTMgGVeRWgT4usOTy9Gigydm2v4HqdOKHHKV5Pk5X1V7tP2l5gJjXJqMOMBJ8NcVqbzvRHSJJ88N7P22OImjw3wGH9IDS1Kniyb5xzldIF9CMh3vqxj+D5b02rFa6o43kIhl5H+cUXPAzfS/gKsbv9tuqirwJ2vXhtmKmjMiIKEtbbBsGHTQ69r1ChWx79DcGxME8gqIovC3qc0x+jCQUesk+xbKrlmufOf1V3kCqpHE6FySU4PNN7fW/YL463WSLp5eWHV4K6EpKfHkfX16mll/d/l/ES/08nk/W859wGY8O0qWbrGuZeQUOx2/vbmGl0PFKouGsm61vrqkv0YRCzsaqphl1EN6fv4w3xudVi5dyIim8s8dcXXoOKur3R4XJDFZUQ9WsXvluBCBhNUnndcwL502CXQNvEQtmR5E8oZceIVsa3GQRl4hJc/npLX0F1WKZ+perr3zUfXPacOREGyxh0lVdeL4FK/5jRU3lp3YdqXuDGBIyToFc93HSJNdSVeY8bxMJCBGlc4gvrKBVVqZNKCu0On+Prjxd28sVL4BlAuADsgyacbaLacjUhEVmTzKs+30f0zrMii1gF14FaantbofK+XKj5ExWTELge9ErtMV1MUJDDdzV51PVdxlTPTVNa1fdE8RqHBdm3FhhMlbXhhP5EuSyw2B9eTWeUXn67Qc18r8aniVleeMw4FHJAHdnVXSm0/+QJ9N3Q0iH4U5rOQG7FjCGlKKmhmsd6FPjJpk+AJXHD9tNCLusr9nS9NekOXmGzRx1FzjbO5wo9RlO8X3mExE6jATCwULujedIwSK5jam75Pwo5yeQPLoncyd8nRbVvATtZZACl0QPuCVAHLiFQW0m7fuHd0g36tBJiSb2VOOXrOxHr27Rlikpyhuf2L2r+wwHyrmZ59G44vGlJmC44Hk/Nj61C7Gv7FDYJFwdcFcnJbD7+Si72NGoxMiqn76dzjWbdB0FTZgxxEaF3Elbs9zD69/R0rij64BOBvv/309vfz91fffutybtdYYTZ6JjdSfY5Zsnzwgv1eL9iNsI06wbCIrUT4mp24XUqa5wAT+1xsE5gwC6mo0IzEFCAdV1ICjIv4XpBAfCAW0GyD2XA48YO9A9D7PDZQe31il6jrap7oUph5ro2KXfkO9drJHGLdtzTaO1rXfKRzkp5a7NIOBhuoNL7YpK178fUuFsSCjTqaalKTOWJPJTXYjShAZr+8JyyUT+4neH/HhUXe6//vh6u2KrOb/PcoRyzv+Og9InuRfJTDUcdx9+En5QRJWzs727FLn5smo73OsoM+mS/A7TY4uYcj03XLajZFPAyKvhaYccvrupnLjZcZ15fd2jboxGXNQUOXgRYG41mFdc51ZlXEE+g5JfEa0q199dGFLIpK9D1RA+zEaY2bHordO3pn/kLDOnWDmz5Ns34obrdY5P8uw1GzFjeDDTtFMjwYu+HCO8jpSpeMMBktS3QqCx6w32AlhkGHp466FkWZyVTC+Pbd2xv0m/OjtkmpYUS+TJpKcPsfb9CXiqqR3q0VF5mi/U6daZMbOg7RLXpfF50F07oaLZ1EfEi7QGXsMQIWaHmS4+gQVBMIjj0Ybh5/QAPmWBUJdsuCTeBewGXEAuQGaJVHm0q7AzNut6sd0Dk2fa3woXDnVJBVgVWsspIG7rbEg/HFD44+YTJIp4oCM1tFPwuELuIWUDWAF0totZQArJz/PQHUEkefhOE6TkU/XhB0z1jsB8d3biuoVT2jIy0yTGAwSvzyEwtbi4jGewfwfFmufxR3ZhX9fSciI0ZluY7ad70D3UI+LfJ0BOA1x9ElhsioWDIRsShyCDpFbrTIFpneMEOiyw+RLbjcaFzEz13pwhZmnQ56gqgLERkTKcUJEyVVxXwbLeF9ALskn9MAX2Oe4qywMiuVNDKLH5IC6OsfM/A4xofNk91NLpdZnoLZFnD8/DcisgLfZcbEchvsArYnmtMEj0LBRCKkmUiHdMl1xuc8ix0W3YH9p4TAo3cG78CO3QuxCzt2VW8X9k8JYb9OCPufE8L+Hwlh/zkNbCNLjuc0hUhpoMc3z0RWVByU7/k2wTtZAy8/J9BLioqzZVGm0b6tlon5MnYSkofMUiglmn4h8X0jItMuITHBDmpF0liTFnAaa1JvdVUmmEVKRFNWncRUNdJY04PeJRAhRhprmKWCDWZNEuCVYHcCC6kpSXAI168tVxI9CuvXsjQrivMEbjVZlBnhCXzYFnCCIAnAVfOtie8WtZB1EshllSWIaRDFDCOYJygg0hleUkG2EbOuurAF5ts/aD5Pgfc6gzagSSC7djBpsHaJtUmgz5fl+nUaH7TO5sz8OUmjMaKzuLPieoCVjC6qdZJrDlApUfGr3LTz8UebtdUBTM3K+fnjO0cccFD7kgB33eTjdZDrwF4wTlPYMDpbpNhEtohZnL0LOIVuoDNWQpJilkTUsXL9Y65NOWjmHwm2ViQJbM4WNIUZo8HRXNCcRSsY3YXNRJpTUsi84lQTmYLbHjhbJpBNstQbbKLO/O9AD2WQRwGs6JJpo3B8T0gLO4HGp2iZitUqGa81dCJXieSry8x3RzwBdKMoLhIokq4UKBXa6ZTrzUoynbkJs/Ghb7HCSQ54PlIIGwPy2s23jw2XaYNF9DnHuTbzSsUaFlhDpW5WUAqoVXRc4+vRdU1ybLAwuWERf9j1qZ0G9sFc4jyPfQdYHjusWrcOSvAWsSIjSsoiSVciCziBmcaKLE1ypO94lILN5efo7ZlKHb9lKSt1qVhkoBwbZqro2WecCRqvxU4LVUedqNPAheLb+G4tLl3X02zBZfTnvAGeIOXf2rzRpY4FmkDiWBs6AarRcxO4XCY5umKZ5AKXUsUWYMW8Wqa4ZgXTJIVYKHSSA5tiDoSgBporRYcbXYa7BtCxM/4c1NjpeGKziW2BJKkok24AdHRLVMbXjKRiyywwj+vBcDeCqvhvVpm5obzRwUadTN2CdSNekxyyBIWbfiZObGHgwcaWBmXmHEnR0cVa219mZBWrzn8Amt6VLHogoKSqWCoszKDnbgzImySA4z+9rhPZx4+9KaARACu5zLAuIw4M6IJWODZURTFPod8pSoAPrutoIuDxmWwhx23h2oEsVZ4A4/iOTJ3AN6ydbzhBPoCmsRMB3MDjBMaJpl/iH4BQg9ZoUBOYUpotEwheXcb2smlFUtwDRfLoirRWJNQVNwJgE2/EVhdmpaN31VwTEbtQIjgt9qFAXZPO2OSbpYl/rBzQ+BG9ZqZnbLjbMnq31iqfJ8lDrxRP8BZWmqosZ7Gr3pOMragjQynYYIg2uIjtDV5nTGiDFwk0gzVTJoUavi5FgtZNRqpKxHSzhtqiBTqKnldGoveVQIOlm+yRhMPyPmHOcnShaM4MusAq990MNbR/D6PjJmcl5NLYhFAAA0P0EfQ3IJKjUKlOkw/BRDrOXRUll1s6GCx4kH8LWUVr6n3kGbM8dD4jmHem6JLeoQL3Gy20sVixrPrDQJIjyZmG4Qz16n7roYES0lVZSmXQsPEoQpsVNogZVCq6GDsKD0jLvc8QihDjvdXRoICY8J3dR/pCcyZST+TvoGpX6+KpkZFLalZUzdrP65WsBi8aQoKuqWrGERmJSqw0RW+pwTAR3N1V3LDg+Ru51C9vXNnrC3TpR3ydIbMKTCmCZsDvqR99DGgL9I6a35kRVIf3eXiokzBvASO7m1sEiztiNcWKrGZMsCB+MHN3gv7aPfEJszAgGeIlx5WAWb/LCua41k3cww3ce/3a99CUvh13Q1PThNvPLx4x9u1GZBFrmo7rvArLog/0zsCtGHMXTDGNekQgtYPr3sGEasFHJl5C99yE48Chf66mBin6paLa7GnafXq28v175TuVAcbyuFWdxO57pJq80113yj6cHEYQG9v5OXRo1z8HKY85+//wfEO72PVlLRRg7fDZAKshXhLvPY+wfVzmWFPk0rUbbNDgVjW75L/xOPiKZhR8g7lUrn19kI0IYY00pTDuDO+fV6Ww0JhMMN530GHaLS1A7W0PDakUTEDbh3RJVcGcujEV0u2SbjAHWzNOlxRxuqYcYa3ZUriNa+f1h48+tGR+RPkN6+856fNHmfRsMasE+1LR/phEHL58HXxP65h42hSUWqNhubuQRApBIbcCbZhZjQkKhAKVIY3GruhJ5UX3Ni0sO0GeNE8Ul0tGMEcWgxHTB7B4XOxgqZExjY/Hu3K11WH0OulsG9nLao39wGPOsM5WMrlN4Iy4xlyDWSrtUCMrFbsjeML9AJC7NBZbeNP8IBbCKVazc66lNcR37tslBMvRr/4bM3Quts3/BtAN2PJaGITzGZFFWRmqwmI4iRvfEpbOPPumvxcwY3FnQ5j5W/XqT9//2dq+l53tqDn2TRBtf06zuBGzYx03eEsV+ufGJ6dfejQAufCtj13/k/7MixbnnVO/dz9OTF4+JNue9Qem2HVm6N1vH64s7VRR5zwBf2nONFG0xIJsrVbp1TPezwVBwKEz9OHtz+hamB9enaHrd5dX//kz+ngtzOsf0fPNaosEZWZFFSIrqf2oNKkUJQY+9f3r//XfXjwLcoSaVUIZ1+cHyNRZgcPjeHTi03fPa37rzuJ1jVT4iudPC+mubDqA+YkN445+4EP49hTT1jr5xJSpMEdvzt8Fkf1DCprOl3Xayfg/UtBZmLcW3a9GhAIhh4UnbMFTfIP37MMSG7rBjzAiHU73DTrPcwV+WnfKQ+g0Ty8pylPjnA+NhVxfvL1xr9JoeKzAesLox45TyWmq/u1G1zcWlRHvl+XhiZMgovDQrj3Ow1oTy9x0rWkFRAddnOfMfhjzNmDbmeUffucmPADWJIQLLv0Nv9w9AgNU2lzrJHrdsU8aRu88hjdSmUYkD4RuDgE22ABmtoclr56Y944eJpb1Y1KT9XaM8YKG7MapvLgeO7B8sdaSMKtyOr/RQMdBVi4rLJZ01phORIoFW1aK5mi+BZhU5JA1FJYz5YmtBwZFoyPacnDRRYJ+Bzyi7t8t4YruAFC0kIZmPrM7fp5RfNbmQmc4c6n4CUCXRqUBvkhwJBYJqoV5iuuQqv9JmYCpOM9qT1w6tbxvwVs6Zv3Vus6ER9Bgr8yKKkEN+rAt6Rn6WD9jb8AB9gO6qR1gg5fgtzFNrR7VM4EyMWIa10h7v/gZwpwHlYmy/SAkuGEFiXlrquwbyISRSBt4zJlAH69HBQqBBNlk8iq6yLZAZZlg7JsFrKiOndFrwSYocXEvYuxUdPC3J8DWjVbIOBXL6JMiAWerfCTUQkc0UKfyYN4JwAhEIJ1ggTD6RaoNVvlwTjdC50tI9lII2xt/B7l0c2o2lIqw6hm5a+J9Y9zSYN4N1TlkELSMh8yIAYVM+DxXSEsomLFiyY/YCJO45lhMEcc/wkFZJ4h0XJQDAnddlm0kZW0t2CUYsLsvT+xIJSXQhWAdrx/ccRF7rAwjFccKQb9oVCPx/Oru5zdyKReL8PR3SjKzosm3dwfZD3ZBdxs7eF9ZvC2655VZUWF8svgo2rqK2TnhuIQet+Q46h81VaMIy8oQOS2n/ZLjCN9WhFCtR3CGzuOnNUc7LfEE8EJWxV1KtUWBwoQBblMIpx0caQ9HK5UgwKdLKey7YuVWSDlsvogGitIuVet4/ehG3k2MXNdSqBngjOYNPd4P09OHmUCamSogPxEUF1Avoj3UFdYI57K0r4tZUaaQ3Ih2yxzjDL6TQhYjebUwk0Mz16J+WiXCKvdM5Fb+SKUbBmD0C+MUnXvEZgM2HOPsFQ1h7k6OJow39D9KusIoC2591kJcLoRoDDAiZr37Axjh8vVufb1GbE6MJ4TOZcrqgQDxc7rCayYr0C6JLEolCzaSoUinRu5K4DmHIrIFutiPGxPrRuwkRLKP4Y7WiYII7GAYdbjMCQgG1m/wS727nVe2vW+jx64ts6yE6ZezxdbocygDz8gpZv1RWhC8x0sqqGKkJgkYAol+/dQCZlbw1IZmuyGP7Ix8P9NGjQc/a5pOabv1aDS92k+TVy/cWgnpCpqmjRFuWEG1letO21O0pKNBJL8L0ZpCHNwIaDz4wG1QRx6tU3p3P9rR+uE4mr7PdLQhp0eT5h3Ghygc0AYUtwLhCGHw9VL36iB1atK9cxctCm3q8M5F66U6jQA5IMcbAfL1HscfDm9ZrNEG02zZcfJRTSpBYt6xI+THpMcxJm2Dw9go9VCC1vNTR6/cqcwqK6hZyUeIkuAdTzJyaPiPjW449FJSMqnXaU9U573k3l9rEdlzLhN5Qv5z9tOf/oSev7k8v3mBLpk2TCwrplc0h1L4IC5cLmXyvkD7ImGQLbtwePhthg+OZIwpmdiruK/+0+5qCIPmxoBHPtrQ5/tcFwJp/03db8fxBziFYqZYhNqkt5limMfqTtcj5D3OWaXdCkgqpFnBOFZOPFmxae8QgXc9XF4F91yzfMpOI91M+Y/2INRexF5fzPaSp6uzOBf77jqENXylYcf/651E8JvBWfCOG9opy8jDrkypUiYGDEI2wGqplliwP/ZkVYt0R+FYZp/A6e6ZGmH3gqlgLWmirj+/2OXgtXAtvlzvop2s5l8p5mZFsKKoVDSXBRM4WHDXEU832DAqjD6YHs/xlNS+wY9KrGv9SMtEB9denWdWcJVYGWiG1JK6X6xO2OzIC5tjJOqC5lRhQ/MsWlLZnvNhhc8v9YpN8OxGyTXLm+Zh/nO4LLnXVAcHwzf/sc/ark4bVnBaIlk+EZXNkr7Xn9mOkBkcHgqZk2vmouervuI+0gKuUTpjDgW/r+ZJ70Bn6nypUwm9DBDqdFTQWLFG2kjlJL6FVlCDYbVn8KmZ/dSzMPUFy3NOp5Nyb2G9Y+VcYHs7cu8kOVePx5iG3Bu/WqfDkNjW0dkzVHJst8y+z1IhKojalmNefkiFnMCePCKDTjW25a9SG/QWkxUTIyZdjhNJjm/6vP4oINO/VNSKD6sfuSZneobe5LhEn+A/Tj/KpXB1p38bPp5ohdfUak6cYoW+VFRtEfQg1KUUmtYaVbg41dKbwXemkZe+Bx6xkBWru0AKR77ryzeOZ03SBKi2B+i9b456LKYw5Smtw6x/xuvW0jtNjKxt6B9eppGqhAjasfqseXlc5Nm1kRqpsfMQM29hpt8IjDZM5HKjkS4pYQtG7G/OQnWCPk92eEEseQ7fNucGPYeOsFSQ9hmC0OWLDrdQJeAdf0OXmGzRR73b+LaJwBb9Qtro2bV2hQkM9pHXvmtqASpQqwaHzL6IA443fQAC1f87laZQzjNk3y7Z6RXqse68Tr0OUAwUBg+a/84JxE6T1ztGqs/w9a73WtZdAenjXUCH1EzjsGsCBrt70yZkum0Y7FC4IcXh4mcoG4g5EnC0wg1IzumCCe+rB+EEXf0KXI40HQTsTioUS4Rb64DpqX+xBWPjs01Nu++lNNKbsvFhG4PJqpi4BX67KjAcDayj7nYkGfIyZyLeBLGod8OSDEWFaR/PgJDqlu3Atrg22m15f2Bq5wDrtG/fAaxLrOozZX981pKyWbFBK3Vkb4e1ZV3y+1HkmegzS1xbC6m26Tb8X3SJxb8d7BhTI7LbRb1Wz0NPk2XLv7wE6AdoezSVaEBV3W99P1WjpyCjwihZniI6clnNB86Fo864X9Na2/RAOQLg6Ko7pr2HF7Iosdg29xGuHYzTd/bKmir7DGVMLGRYKcD6c+oaoQPyo2dF1phtaNqu6IsvqXIEfqk436L/qDBnC0ZzdAl1z845GERlQ+cZkfIze6Sg++90jtz6rf2M+Zg2H73bbBsOLysDKveJI0wP3/X3zRJ+yo53Rzuf/Ax92JaO9NZzYJnjdnB88xRdZFGbyfbQtjg4R4R6pkNta/vITOGqa5TLXeycZ7GUqvb2Q4j5/ZuRLe/0yol8nGpelGnnEO1hhV35oOe+RlNJmUgT2UXKrmP3A5XYhF2TRGRYx4z2dwArX04fGXKleMRt7kCNuCuNMZpVKpY3pANTU5XhZTybsgUd/XnaBR01/XEXtD/1CQQLvTNUgGoV3zix8KOd5kbRWynaS5WJrVG5JaaoJdyRuR9gWVCvXvp/X3gUXvp/+LymkNsfc6rC2XmenEeMnjtiusFz8Lh2Rq0NyMn9QDRrUjGxoEqNxF2HdE9CV1fxP8j6oHt2AiTrvsSLzjYErhSEtWXSKxVYYrLjd+Xi9vbYfYAMYtX90V/pMEFrfOAnK1dUTeOPsDq7z3h6fgGjH1+gC1g/jBpVZqJmKSN8vqDKD/+kO1mYe5rz0qSh4w4jOxtuF32mO52i9+40++NUr+T9W6OEdxvdsj/C3hr2OZFMuf7rFRJ0KQ1zG1iusB6ZAKXJ1G2FOlvpFh8fLmi3OtkEqEGCS++M1Y3T6/qbcEKKZsspKip2+xs1Uw8/jA5attKEaV1FVzoBMiRLpfPWPSyGAhhSpZL6QAeb0pWeV3ZxdAvB6X3SaZIMiaYzuI8iP7+F1M79j1FHep6G5P2l5x4cx0Wo1jxbp3zR+yFV78gOIpNn9ujhKnqbRp0KMPtMvUWdqLnBN+24ku6DBLL1R6QhXicVur49/+v/5e7qehs5ufD9+yu4TCS/idSvm64qudluN9Kma7Ub7eXomME2MgMjYDzOv684MHg+sLtKZsZVbxOZeYDD4QDnec7TiqzcPkU+yzPVV05oJ2JSvwbtl1ql0aIbojtG9+ZVl8jf5oSn1SBLFZ2Lep1RIgzTQEMJwpMXvBDlMs0HopBXCHI9jqgKcvbQgJgt2Gq2Cp9tlAcQPPeGmADRd4SzqVpfcoQ4Ynv2YvpueyTLbxJIR257Z21pMo41aCdpGqdyigGh8C9YTXwrG+aL0ty+/MOKoqooJtWJ+0bcHke4EEpT8GuumeifNMe+YqkFyMyYaxW8dV/2Pvxr6G3D0Uqi9VTjrFR8jrTqFGCPgCACBJU+DeCw0h1IORDOmFpuKnwVgZx5s51JtjluLKHm4ddPyz/Cvnff+3zcUKzS/bv/0TXbuNlnByWqqQZg2dRxlqHOTayM3ZTzrSS3htx4EOYW1TqQ2NtU1O01TxB0sjeimsibfQpYnyW3IV3grks6ODCNmQKbShCqJGWldQflv/wcnpFXqOspva8feHdgb0poO6Cl0pYoN74ff12mUnCTwz623Sm9nT/Bsk8w6FyxrsGLnSSFYn7/7fPqcUWe4Fhwmcey3ulpdX2bPQ2zU0TxTLdCNwa9u9StGD6lKYujp2d7lmO2mY+weW0SftPlycOOzmVZ8MqP74NKb0BxEaGYb1KurBXQ9Lj4z/OGIzFH5sNIcuzVjfcl7gh9pezGUK4aT/HxUbfw5N4FMVUiRR0MeWesVnL7y1oA3QtuLMvf3Ye/LeJ/udwwmv7XhmtWg0gGMrAWrd8QkDkxipwxS8223Fj94k72czqLEuwuiPVHDKSPYQASL6XmgumJ0J6vRZVuqZDHeDIiZ9K2clJON+6GqruqWGsmRPs0n7b0Dp5u+v0HXAK4Yh9co+Q5NNreWIfrpCc3x3snlvODcwEKIUtJQGuI+fc53yCN1ba+QzQT+NYT5hh5rakoIFw4jgTtC2av0MpfVWjPrjuVjOANl70ftxVg6Y6ZZPCqBKcvWfNiOHwYfANUFAeKj5FemcJDiRKD3DQKJHdkeQAu8J3slH1PvscVDmt1SEZZHdyjjbENqm8n6G5UC8iD2EGD+IPShB2hKAVbkD8VFFxukVdQWZSFaiqqppCvhaJ7lmfjW0jfGjTS608k7LZlrJmDHLCcmYIfLk9BMMJRLaeZgBqz67H9hftjSDC37Gjvd7YQKTxmB5nZwXc//jQGmo/sSHK+ZcY2/qCr+pBe9nDIcmZ99d/R5jW2GK4GKFW6VRWGgLT8wHVlCJNbLk8FVpDZwqUp/c+TbqCCcZwncfs9XsoJQUrlBoh7UoCsQTorbKkRkZvV8/I2GKiJzzWlVkfuIjiHG5yHsJWWLVpf7KihIGW3fG+cgqLMcm5KZfggan2L+8X3jDbr0ES8GIsgIoTqt7JlfgCUQHgCUbvge6VVM483y6fVrethCTraV7P3+aIwj3HayIZhBsXPhIJbuORBMJAL1y6nXFW4lz/LvVR1cordgBQew/D+7pUj8rg5fX4xKKUWvta11OXT6hw6Q5UezYVgY30kmAPqEPiACEOKyE33sW7DX3GTWXMh3EivBcikE8/BAmWDsgBvgN0ev2gJ78ECecDveJceyICBB1oZpv+PfH0fk2jYbDhN4fUVDPsn5zfADafiuFHGp2hfq9tWUjJx97+/AwAA//8ypVmA" } diff --git a/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml b/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml index 88f1d922df1..5e9678f9adb 100644 --- a/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml +++ b/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml @@ -126,3 +126,9 @@ default_field: false description: > The WebVPN group name the user belongs to + + - name: termination_initiator + type: keyword + default_field: false + description: > + Interface name of the side that initiated the teardown diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json index 9f144579c5e..5b4432fe41b 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json @@ -5,7 +5,7 @@ "cisco.ftd.destination_interface": "Inside", "cisco.ftd.message_id": "302016", "cisco.ftd.source_interface": "Outside", - "cisco.ftd.source_username": "(LOCAL\\Elastic)", + "cisco.ftd.source_username": "LOCAL\\Elastic", "cisco.ftd.termination_user": "zzzzzz", "destination.address": "10.233.123.123", "destination.ip": "10.233.123.123", @@ -34,6 +34,7 @@ "log.level": "informational", "log.offset": 0, "network.bytes": 148, + "network.community_id": "1:9aBQ+NznvYals1agEGRVJm37dvQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "Inside", @@ -49,10 +50,14 @@ "10.123.123.123", "10.233.123.123" ], + "related.user": [ + "Elastic" + ], "service.type": "cisco", "source.address": "10.123.123.123", "source.ip": "10.123.123.123", "source.port": 53723, + "source.user.name": "Elastic", "tags": [ "cisco-ftd", "forwarded" @@ -87,6 +92,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 200, + "network.community_id": "1:kV/6Jt4iMhVyUT1AW+UO0itOhqU=", "network.iana_number": 1, "network.transport": "icmp", "observer.egress.interface.name": "Outside", @@ -138,6 +144,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 381, + "network.community_id": "1:7nrIUULEgk5A+nhbh4kNmEkwL3o=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -163,7 +170,7 @@ "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "Inside_access_in", "cisco.ftd.source_interface": "Inside", - "cisco.ftd.source_username": "(LOCAL\\Elastic)", + "cisco.ftd.source_username": "LOCAL\\Elastic", "destination.address": "10.123.123.123", "destination.ip": "10.123.123.123", "destination.port": 57621, @@ -188,6 +195,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 545, + "network.community_id": "1:LM0R4Wi8tEf+1pe2ukofXQKxfMc=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "Outside", @@ -202,10 +210,14 @@ "related.ip": [ "10.123.123.123" ], + "related.user": [ + "Elastic" + ], "service.type": "cisco", "source.address": "10.123.123.123", "source.ip": "10.123.123.123", "source.port": 57621, + "source.user.name": "Elastic", "tags": [ "cisco-ftd", "forwarded" diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json index 21e4da22dbc..4aa3fad3d8b 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json @@ -26,6 +26,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 0, + "network.community_id": "1:ygCOhTlTMVGn+PXlTgyzRveBJ9g=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -84,6 +85,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 150, + "network.community_id": "1:aH+Rcp4nenimMGZQ733uys/x0js=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -145,6 +147,7 @@ "log.level": "informational", "log.offset": 345, "network.bytes": 38110, + "network.community_id": "1:nawleoAMDhKg7pshv6H5enEaKV8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -205,6 +208,7 @@ "log.level": "informational", "log.offset": 535, "network.bytes": 44010, + "network.community_id": "1:XqwLVHNEt7Z1fB2ZZXj1piBH4PM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -265,6 +269,7 @@ "log.level": "informational", "log.offset": 725, "network.bytes": 7652, + "network.community_id": "1:Q18EvtK0EmoGK6hViBJu2B9syjc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -325,6 +330,7 @@ "log.level": "informational", "log.offset": 913, "network.bytes": 7062, + "network.community_id": "1:k3K4xSa45aJwCWLM9eIJsqCydLQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -385,6 +391,7 @@ "log.level": "informational", "log.offset": 1101, "network.bytes": 5738, + "network.community_id": "1:Qq/qwMDt7lmCdvQnPYJ86wHp5mY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -445,6 +452,7 @@ "log.level": "informational", "log.offset": 1290, "network.bytes": 4176, + "network.community_id": "1:ezm9yQGN1cdh1QEJ2nw19295QfU=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -505,6 +513,7 @@ "log.level": "informational", "log.offset": 1478, "network.bytes": 1715, + "network.community_id": "1:dV1ILqqOHNIkUwdYUt2iodkCTIg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -565,6 +574,7 @@ "log.level": "informational", "log.offset": 1666, "network.bytes": 45595, + "network.community_id": "1:M9jSkRNBaw+CV8aYYGLeh+1c4LQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -625,6 +635,7 @@ "log.level": "informational", "log.offset": 1853, "network.bytes": 27359, + "network.community_id": "1:kcIahkhuYMj1cJNDgmYdpgb8b5o=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -685,6 +696,7 @@ "log.level": "informational", "log.offset": 2043, "network.bytes": 4457, + "network.community_id": "1:Oll9UOQVtF14Vb1gAqDgbQ8GVN0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -745,6 +757,7 @@ "log.level": "informational", "log.offset": 2231, "network.bytes": 26709, + "network.community_id": "1:SRok/PbYRZCXwEJ9MQDvhiR0OZc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -805,6 +818,7 @@ "log.level": "informational", "log.offset": 2420, "network.bytes": 22097, + "network.community_id": "1:agnIkBJhbPXkAM0Ai6Q8vvm22FM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -865,6 +879,7 @@ "log.level": "informational", "log.offset": 2609, "network.bytes": 2209, + "network.community_id": "1:dyOBaLTo8f2aK6FSqmPQ8iEKQCM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -925,6 +940,7 @@ "log.level": "informational", "log.offset": 2798, "network.bytes": 10404, + "network.community_id": "1:JG3x+PLXI8vDNUP0xc2b7cGmtO8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -985,6 +1001,7 @@ "log.level": "informational", "log.offset": 2987, "network.bytes": 123694, + "network.community_id": "1:aVhOiCMAQUL3DYMg+b1hd6++Tsw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1045,6 +1062,7 @@ "log.level": "informational", "log.offset": 3177, "network.bytes": 35835, + "network.community_id": "1:yvanaru1i/rrH9fF3MeSmHfJVH0=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1105,6 +1123,7 @@ "log.level": "informational", "log.offset": 3367, "network.bytes": 0, + "network.community_id": "1:h36yIuCF0zHqn+9q0Z5lLEIz2FE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1158,6 +1177,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 3552, + "network.community_id": "1:tCQw5Th130a6dZONq7h6PjILJZY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -1216,6 +1236,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 3703, + "network.community_id": "1:kcCQj9lygM48oLeBgvoRv3KlTuA=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1276,6 +1297,7 @@ "log.level": "informational", "log.offset": 3896, "network.bytes": 148, + "network.community_id": "1:kcCQj9lygM48oLeBgvoRv3KlTuA=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1334,6 +1356,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4071, + "network.community_id": "1:bp0GOEdY1zkuA4pQN1jtkfjom00=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1394,6 +1417,7 @@ "log.level": "informational", "log.offset": 4264, "network.bytes": 164, + "network.community_id": "1:bp0GOEdY1zkuA4pQN1jtkfjom00=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1447,6 +1471,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4439, + "network.community_id": "1:IqCv9QrYpJkgySoRM91LE2Ao1Ug=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1505,6 +1530,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4589, + "network.community_id": "1:sxPO5rXtxG30Oh+QP2ncQZ0N1U8=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -1559,6 +1585,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4784, + "network.community_id": "1:MZcBg2aQ/SdpVmPXf2Ze+Ng4g9Y=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1617,6 +1644,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4934, + "network.community_id": "1:G5HU7oEz3i/eGfSUoq5HuDVo7u4=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -1676,6 +1704,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 5129, + "network.community_id": "1:H8tgP5tPUaaz9Npdxb+q+3ZYoN0=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1735,6 +1764,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 5326, + "network.community_id": "1:Sj4w7IG06WsDGSPRXBX9NS6LDEY=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -1795,6 +1825,7 @@ "log.level": "informational", "log.offset": 5519, "network.bytes": 111, + "network.community_id": "1:H8tgP5tPUaaz9Npdxb+q+3ZYoN0=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1854,6 +1885,7 @@ "log.level": "informational", "log.offset": 5696, "network.bytes": 237, + "network.community_id": "1:Sj4w7IG06WsDGSPRXBX9NS6LDEY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -1907,6 +1939,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 5871, + "network.community_id": "1:/KJCwT2FUqlgb+8c7f4b8fvqWFE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1965,6 +1998,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 6021, + "network.community_id": "1:gFO9U+lgj3sty9R349zScds2rBg=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2019,6 +2053,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 6218, + "network.community_id": "1:kpfWE+K4tPLbC1LWM9M8v5zQqyk=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2077,6 +2112,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 6369, + "network.community_id": "1:PmwiqFgdpl13iRx/dI+XAUpFScQ=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2136,6 +2172,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 6566, + "network.community_id": "1:HgVBFZOMW/jvKdEmq/wc0JyLnZQ=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2196,6 +2233,7 @@ "log.level": "informational", "log.offset": 6759, "network.bytes": 87, + "network.community_id": "1:PmwiqFgdpl13iRx/dI+XAUpFScQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2255,6 +2293,7 @@ "log.level": "informational", "log.offset": 6935, "network.bytes": 221, + "network.community_id": "1:HgVBFZOMW/jvKdEmq/wc0JyLnZQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2308,6 +2347,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7110, + "network.community_id": "1:J8j4D9Hm6tPmF+enIkcOgaYzEg4=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -2366,6 +2406,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7260, + "network.community_id": "1:2VKYvyM6qODR0XAXnVUFrYSP/IU=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2425,6 +2466,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7455, + "network.community_id": "1:26iZkkyLxmu1X9KqcswJINmTCPM=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2484,6 +2526,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7652, + "network.community_id": "1:xuWnph7S4x01QQURwZz62YrNdQQ=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2544,6 +2587,7 @@ "log.level": "informational", "log.offset": 7849, "network.bytes": 101, + "network.community_id": "1:26iZkkyLxmu1X9KqcswJINmTCPM=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2603,6 +2647,7 @@ "log.level": "informational", "log.offset": 8026, "network.bytes": 126, + "network.community_id": "1:xuWnph7S4x01QQURwZz62YrNdQQ=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2656,6 +2701,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 8203, + "network.community_id": "1:TO0ui5exOUfDCukU8mR9bJIjkLY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -2714,6 +2760,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 8353, + "network.community_id": "1:/NBLcipqeKvQyDqtEziGtIMUQTs=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2775,6 +2822,7 @@ "log.level": "informational", "log.offset": 8548, "network.bytes": 862, + "network.community_id": "1:/NBLcipqeKvQyDqtEziGtIMUQTs=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -2833,6 +2881,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 8733, + "network.community_id": "1:Aq1WnukJ+GNVqeRryOc0YYsSDos=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2893,6 +2942,7 @@ "log.level": "informational", "log.offset": 8930, "network.bytes": 104, + "network.community_id": "1:26iZkkyLxmu1X9KqcswJINmTCPM=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -2952,6 +3002,7 @@ "log.level": "informational", "log.offset": 9107, "network.bytes": 176, + "network.community_id": "1:Aq1WnukJ+GNVqeRryOc0YYsSDos=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3005,6 +3056,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 9284, + "network.community_id": "1:Aj/XpM3jpqRdnliZ41V6x4P43+E=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3063,6 +3115,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 9434, + "network.community_id": "1:2YT6PqWSIyoyRYVbl2cIXiGcMsw=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3117,6 +3170,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 9625, + "network.community_id": "1:92e0i/+rET9QRb4OJPjo8ombnho=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3175,6 +3229,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 9775, + "network.community_id": "1:XheyUG03AcgRSOyMnpafZQNi3wY=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3229,6 +3284,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 9966, + "network.community_id": "1:zO9YefYViVlpEmjk0y/xJ+kBVQM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3287,6 +3343,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 10116, + "network.community_id": "1:cKgOVwHWv3CzYQlpMkVbynKHE30=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3346,6 +3403,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 10307, + "network.community_id": "1:+QNGALKBnl7iYd1+qg3bg2IJyho=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -3406,6 +3464,7 @@ "log.level": "informational", "log.offset": 10500, "network.bytes": 104, + "network.community_id": "1:+QNGALKBnl7iYd1+qg3bg2IJyho=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3459,6 +3518,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 10675, + "network.community_id": "1:04tYx55j9tCWtjlaXaCxE2U8b8M=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3517,6 +3577,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 10825, + "network.community_id": "1:YysjQgUCP64UYIQdnFMFxvopBMw=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3571,6 +3632,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 11018, + "network.community_id": "1:1MUBdAvjCABqDQE9IfLWai42OhA=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3629,6 +3691,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 11168, + "network.community_id": "1:wH3OQfGQv6qlex3KDY6fleRZ3W4=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3688,6 +3751,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 11361, + "network.community_id": "1:+y5eZK0soO9pFOh5l07R/VVpE0Q=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -3749,6 +3813,7 @@ "log.level": "informational", "log.offset": 11554, "network.bytes": 593, + "network.community_id": "1:YysjQgUCP64UYIQdnFMFxvopBMw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -3802,6 +3867,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 11738, + "network.community_id": "1:Q4mw5/UOrraSXyucLYyaom31Os4=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3860,6 +3926,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 11888, + "network.community_id": "1:9aaIbdVfxtctEtHtisDVEKYc8wI=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -3920,6 +3987,7 @@ "log.level": "informational", "log.offset": 12081, "network.bytes": 375, + "network.community_id": "1:+y5eZK0soO9pFOh5l07R/VVpE0Q=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3973,6 +4041,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 12256, + "network.community_id": "1:4DSy4gkfywR/vYGwMX8ni9L8xNA=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -4031,6 +4100,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 12406, + "network.community_id": "1:CUxMKGQ8Da35o4Z5ZJ3cqjyBcjE=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -4060,27 +4130,41 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", - "event.action": "firewall-rule", + "cisco.ftd.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8267, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "ftd", "host.hostname": "localhost", "input.type": "log", "log.level": "informational", "log.offset": 12599, + "network.community_id": "1:Aj/XpM3jpqRdnliZ41V6x4P43+E=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4089,7 +4173,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1454, "tags": [ "cisco-ftd", "forwarded" @@ -4122,6 +4213,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 12769, + "network.community_id": "1:24J8khLuXWoetlU/J6WYj+4RnIU=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -4180,6 +4272,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 12920, + "network.community_id": "1:gufBCDdtvRqSstVTarndQuv0AHg=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -4209,27 +4302,41 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", - "event.action": "firewall-rule", + "cisco.ftd.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8268, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "ftd", "host.hostname": "localhost", "input.type": "log", "log.level": "informational", "log.offset": 13115, + "network.community_id": "1:92e0i/+rET9QRb4OJPjo8ombnho=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4238,7 +4345,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1455, "tags": [ "cisco-ftd", "forwarded" @@ -4246,27 +4360,41 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", - "event.action": "firewall-rule", + "cisco.ftd.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8269, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "ftd", "host.hostname": "localhost", "input.type": "log", "log.level": "informational", "log.offset": 13285, + "network.community_id": "1:zO9YefYViVlpEmjk0y/xJ+kBVQM=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4275,7 +4403,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1456, "tags": [ "cisco-ftd", "forwarded" @@ -4283,27 +4418,41 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", - "event.action": "firewall-rule", + "cisco.ftd.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8270, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "ftd", "host.hostname": "localhost", "input.type": "log", "log.level": "informational", "log.offset": 13455, + "network.community_id": "1:04tYx55j9tCWtjlaXaCxE2U8b8M=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4312,7 +4461,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1457, "tags": [ "cisco-ftd", "forwarded" @@ -4320,27 +4476,41 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", - "event.action": "firewall-rule", + "cisco.ftd.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8271, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "ftd", "host.hostname": "localhost", "input.type": "log", "log.level": "informational", "log.offset": 13625, + "network.community_id": "1:1MUBdAvjCABqDQE9IfLWai42OhA=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4349,7 +4519,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1458, "tags": [ "cisco-ftd", "forwarded" @@ -4357,27 +4534,41 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", - "event.action": "firewall-rule", + "cisco.ftd.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8272, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "ftd", "host.hostname": "localhost", "input.type": "log", "log.level": "informational", "log.offset": 13795, + "network.community_id": "1:Q4mw5/UOrraSXyucLYyaom31Os4=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4386,7 +4577,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1459, "tags": [ "cisco-ftd", "forwarded" @@ -4394,27 +4592,41 @@ }, { "@timestamp": "2018-10-10T12:34:56.000-02:00", + "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", - "event.action": "firewall-rule", + "cisco.ftd.source_interface": "inside", + "destination.address": "100.66.98.44", + "destination.ip": "100.66.98.44", + "destination.port": 8273, + "event.action": "flow-expiration", "event.category": [ "network" ], "event.code": 305012, "event.dataset": "cisco.ftd", + "event.duration": 30000000000, + "event.end": "2018-10-10T12:34:56.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30", "event.severity": 6, + "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", "event.type": [ - "info" + "connection", + "end" ], "fileset.name": "ftd", "host.hostname": "localhost", "input.type": "log", "log.level": "informational", "log.offset": 13965, + "network.community_id": "1:4DSy4gkfywR/vYGwMX8ni9L8xNA=", + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "outside", "observer.hostname": "localhost", + "observer.ingress.interface.name": "inside", "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", @@ -4423,7 +4635,14 @@ "related.hosts": [ "localhost" ], + "related.ip": [ + "100.66.98.44", + "172.31.98.44" + ], "service.type": "cisco", + "source.address": "172.31.98.44", + "source.ip": "172.31.98.44", + "source.port": 1460, "tags": [ "cisco-ftd", "forwarded" @@ -4463,6 +4682,7 @@ "log.level": "informational", "log.offset": 14135, "network.bytes": 575, + "network.community_id": "1:pux42VCSy7BX42P3cpyd4c/X1M8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4523,6 +4743,7 @@ "log.level": "informational", "log.offset": 14320, "network.bytes": 5391, + "network.community_id": "1:gufBCDdtvRqSstVTarndQuv0AHg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4576,6 +4797,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 14509, + "network.community_id": "1:mWEQuMzgDppOFGfUpnRU2SOVLC4=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -4634,6 +4856,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 14660, + "network.community_id": "1:WPQ7PgW0xK/OsH/dwOA4osO4W+M=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -4691,6 +4914,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 14855, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4747,6 +4971,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 15020, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4803,6 +5028,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 15185, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4859,6 +5085,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 15350, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4915,6 +5142,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 15515, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -4971,6 +5199,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 15680, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5027,6 +5256,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 15845, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5083,6 +5313,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 16010, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5139,6 +5370,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 16175, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5195,6 +5427,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 16340, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5251,6 +5484,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 16505, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5307,6 +5541,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 16670, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5363,6 +5598,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 16835, + "network.community_id": "1:m3G8lpFOBxFE7qCGywbpUdjPFfY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -5416,6 +5652,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 17000, + "network.community_id": "1:ZuhnndzENnR8d8NKvStxJffM+XM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -5474,6 +5711,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 17150, + "network.community_id": "1:7t0ua2FV3S8YYwDwaXzw5Tm8M80=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -5528,6 +5766,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 17343, + "network.community_id": "1:ZhyIop0bR8c1qT9K7cSplqrW0ew=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -5586,6 +5825,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 17494, + "network.community_id": "1:vvawE2mM1hKl2WU/GmHBmMoI3G8=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", diff --git a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json index ab324760e70..900923811c3 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json @@ -74,6 +74,7 @@ "log.level": "alert", "log.offset": 0, "network.application": "dns client", + "network.community_id": "1:yuD3M7UhwRSNitDpAnWcqzEC85c=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -185,6 +186,7 @@ "log.level": "alert", "log.offset": 658, "network.application": "dns client", + "network.community_id": "1:eDcIGG/W1UcwGWzaTgv5mgr2RDw=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -294,6 +296,7 @@ "log.level": "alert", "log.offset": 1371, "network.application": "dns client", + "network.community_id": "1:nTPeg7DUgB3rjeFwl+cm5VHEdXQ=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -405,6 +408,7 @@ "log.level": "alert", "log.offset": 2047, "network.application": "dns client", + "network.community_id": "1:F3IHQYMd3DO1p+rWBITDU1/XCgA=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -515,6 +519,7 @@ "log.level": "alert", "log.offset": 2766, "network.application": "dns client", + "network.community_id": "1:1SqTqSDG5492OiLhDUMOi+wnDYs=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -624,6 +629,7 @@ "log.level": "alert", "log.offset": 3449, "network.application": "dns client", + "network.community_id": "1:eXdHUOdHk5dGXusvMEGcWj9ywPM=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -736,6 +742,7 @@ "log.level": "alert", "log.offset": 4125, "network.application": "dns client", + "network.community_id": "1:rjxS8IH4jqdHiflcG+1txqEFP1M=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -845,6 +852,7 @@ "log.level": "alert", "log.offset": 4878, "network.application": "dns client", + "network.community_id": "1:R1FcZHFFvO0mHFfeVXH/CwTGCmU=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -955,6 +963,7 @@ "log.level": "alert", "log.offset": 5553, "network.application": "dns client", + "network.community_id": "1:0YJqKZXX7VN9W1Gx6txd8TFELHM=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1066,6 +1075,7 @@ "log.level": "alert", "log.offset": 6269, "network.application": "dns client", + "network.community_id": "1:jVTdIEwjG0Eb77jGrcDygrNq9jg=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1178,6 +1188,7 @@ "log.level": "alert", "log.offset": 6983, "network.application": "dns client", + "network.community_id": "1:ZllIE5YNb+12oKtX/tP/gysnSuE=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1283,6 +1294,7 @@ "log.level": "alert", "log.offset": 7672, "network.application": "dns client", + "network.community_id": "1:oGBN4YWsAncmtqDJ1onnQNRAEnw=", "network.iana_number": 6, "network.protocol": "dns", "network.transport": "tcp", @@ -1393,6 +1405,7 @@ "log.level": "alert", "log.offset": 8298, "network.application": "dns client", + "network.community_id": "1:+1CCqUYePM8bXFUXWVeSSjL3g58=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1502,6 +1515,7 @@ "log.level": "alert", "log.offset": 9010, "network.application": "dns client", + "network.community_id": "1:f5P/ntfU9KchCtCfWHT0mYDOHOw=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1612,6 +1626,7 @@ "log.level": "alert", "log.offset": 9683, "network.application": "dns client", + "network.community_id": "1:wrAm7MmrJHlBQ+ikcQmSwf2JnJM=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1723,6 +1738,7 @@ "log.level": "alert", "log.offset": 10403, "network.application": "dns client", + "network.community_id": "1:rjxS8IH4jqdHiflcG+1txqEFP1M=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1832,6 +1848,7 @@ "log.level": "alert", "log.offset": 11118, "network.application": "dns client", + "network.community_id": "1:0YJqKZXX7VN9W1Gx6txd8TFELHM=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -1941,6 +1958,7 @@ "log.level": "alert", "log.offset": 11801, "network.application": "dns client", + "network.community_id": "1:nTPeg7DUgB3rjeFwl+cm5VHEdXQ=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -2050,6 +2068,7 @@ "log.level": "alert", "log.offset": 12477, "network.application": "dns client", + "network.community_id": "1:R1FcZHFFvO0mHFfeVXH/CwTGCmU=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -2157,6 +2176,7 @@ "log.level": "alert", "log.offset": 13152, "network.application": "dns client", + "network.community_id": "1:k5kQaEfpetJ7SxFkG7Ytzzz5ik0=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -2268,6 +2288,7 @@ "log.level": "alert", "log.offset": 13795, "network.application": "dns client", + "network.community_id": "1:jVTdIEwjG0Eb77jGrcDygrNq9jg=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", diff --git a/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json index 8dcb7692215..709c0b6a9a2 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json @@ -53,6 +53,7 @@ "log.offset": 0, "message": "SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt", "network.application": "firefox", + "network.community_id": "1:aVBZLbVEijzexcqIhp/89fLm6Fw=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -140,6 +141,7 @@ "log.offset": 587, "message": "SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt", "network.application": "firefox", + "network.community_id": "1:T2FxxCvrJYccm7bcw2QZ9tWONIo=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -224,6 +226,7 @@ "log.level": "unknown", "log.offset": 1174, "message": "APP-DETECT failed FTP login attempt", + "network.community_id": "1:4Ze3PKactlddzol+s7PbEeCTTlk=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -307,6 +310,7 @@ "log.level": "unknown", "log.offset": 1662, "message": "APP-DETECT failed FTP login attempt", + "network.community_id": "1:yyUSZl65LfpqAPKtrjT9QRDUlfs=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", diff --git a/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json index a1f9c037515..eb1a32afe4c 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json @@ -77,6 +77,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 201, + "network.community_id": "1:tTzSWYTCd+HV5W2Q/cSW6AszABM=", "network.iana_number": 1, "network.transport": "icmp", "observer.hostname": "localhost", @@ -135,6 +136,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 360, + "network.community_id": "1:d9RGgqBro5rzu16MqJQFehDRaKY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "wan", diff --git a/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json index 454f0f3141e..4d979868847 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json @@ -28,6 +28,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 0, + "network.community_id": "1:3NxcSu9jwJUYIYwJ2TO4TSNnPX8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -77,6 +78,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 139, + "network.community_id": "1:3NxcSu9jwJUYIYwJ2TO4TSNnPX8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -127,6 +129,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 294, + "network.community_id": "1:/AVpSqNe7QhujyFPgKMbMS9Ct44=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -177,6 +180,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 465, + "network.community_id": "1:462QRxMFThXYxhSyvR50cIDJegg=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -231,6 +235,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 632, + "network.community_id": "1:c8hH08+kxqP8+dYZZFCsPYYf0oo=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -281,6 +286,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 812, + "network.community_id": "1:oGT+RQ2PYVsSEX/LuKvEW6O6Jiw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -333,6 +339,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 938, + "network.community_id": "1:4NJbCZhuyrAJcj7S647C7IIhAM8=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -380,6 +387,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 1106, + "network.community_id": "1:ay9S7HyVcpV47ArwMPDsxLg6wBU=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -432,6 +440,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 1233, + "network.community_id": "1:JpGltiZUmRdP7Yj0gpMkjYQzWJY=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -481,6 +490,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 1401, + "network.community_id": "1:fZibb4nXPyoJv3pk+hIlafmMMMY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -534,6 +544,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 1527, + "network.community_id": "1:KAOD4KM9MUK44UkzQPDM20+aGPI=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -588,6 +599,7 @@ "log.level": "informational", "log.offset": 1692, "network.bytes": 140, + "network.community_id": "1:JpGltiZUmRdP7Yj0gpMkjYQzWJY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -619,6 +631,7 @@ "destination.address": "10.123.1.35", "destination.ip": "10.123.1.35", "destination.port": 52925, + "destination.user.name": "user2", "event.action": "flow-expiration", "event.category": [ "network" @@ -642,6 +655,7 @@ "log.level": "informational", "log.offset": 1844, "network.bytes": 9999999, + "network.community_id": "1:JpGltiZUmRdP7Yj0gpMkjYQzWJY=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -653,14 +667,20 @@ "10.123.1.35", "192.0.2.222" ], + "related.user": [ + "user1", + "user2" + ], "service.type": "cisco", "source.address": "192.0.2.222", "source.ip": "192.0.2.222", "source.port": 53, + "source.user.name": "user1", "tags": [ "cisco-ftd", "forwarded" - ] + ], + "user.name": "user2" }, { "@timestamp": "2011-06-04T21:59:52.000-02:00", @@ -688,6 +708,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 2008, + "network.community_id": "1:tTzSWYTCd+HV5W2Q/cSW6AszABM=", "network.iana_number": 1, "network.transport": "icmp", "observer.hostname": "FJSG2NRFW01", @@ -735,6 +756,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 2163, + "network.community_id": "1:EsAlPGwbpvnOIWG+1RbOLtWOWaI=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -788,6 +810,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 2289, + "network.community_id": "1:m/dSB7tetihSecuyjm6x4Rl/8I8=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -836,6 +859,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 2454, + "network.community_id": "1:cjsjwTI1K/FNwJ9mwZX971rPjfo=", "network.direction": "inbound", "network.iana_number": 17, "network.protocol": "dns", @@ -885,6 +909,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 2563, + "network.community_id": "1:Zboag8BrI6OW/Oo2vWMZ2CJe4tM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -934,6 +959,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 2722, + "network.community_id": "1:Ne/QE55iCFiCg5J75DhSp3KZzQI=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -983,6 +1009,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 2883, + "network.community_id": "1:nVqNkC3HBTw1Le7RJD28aYfCDTg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1032,6 +1059,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 3044, + "network.community_id": "1:c82bgYlFS2zsrs3He7w3jq7x6jY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1081,6 +1109,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 3205, + "network.community_id": "1:iQJvtLpa8CzCZimwacqAWJp9sZg=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1130,6 +1159,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 3366, + "network.community_id": "1:CHFAR3iwADiL0sMiLhocbg8YF4o=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1179,6 +1209,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 3527, + "network.community_id": "1:fW9fDNL4osH5ogPXIzh5huGyJLU=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1228,6 +1259,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 3688, + "network.community_id": "1:VqbI7AJvRLmCOZAb2tHFFBTeRZ8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1277,6 +1309,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 3847, + "network.community_id": "1:TUJhCk7pGNvVhgiAnf4YJJaoCpo=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -1326,6 +1359,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 4004, + "network.community_id": "1:EItD1g2bG+b/iorMXbZ/3Bvjam8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1373,6 +1407,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 4163, + "network.community_id": "1:a6VFmKsjwlqdlhQIeSm95/lkWlY=", "network.direction": "inbound", "network.iana_number": 17, "network.transport": "udp", @@ -1419,6 +1454,7 @@ "input.type": "log", "log.level": "critical", "log.offset": 4274, + "network.community_id": "1:96NZ3spb6QBXPZwoL7NadaqTMac=", "network.direction": "inbound", "network.iana_number": 17, "network.protocol": "dns", @@ -1468,6 +1504,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 4383, + "network.community_id": "1:DbXtTF7Tt+LJ0/omdap4K0RmodY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1517,6 +1554,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 4542, + "network.community_id": "1:8enMIE4IqhVXWyyRuJRvdyDxiBA=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1566,6 +1604,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 4703, + "network.community_id": "1:3vGj3wfvZB2f5kZmDflH/qfkWYE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1615,6 +1654,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 4862, + "network.community_id": "1:Wjdn68t3gwpMPxbO1bBTBvMkQKE=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1664,6 +1704,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 5018, + "network.community_id": "1:OHPCPPOkvDP3KMLJodW8pdmntUw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1713,6 +1754,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 5174, + "network.community_id": "1:7ujfPje/XmaZUbijXhcBn7jzz8Y=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1762,6 +1804,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 5321, + "network.community_id": "1:7ujfPje/XmaZUbijXhcBn7jzz8Y=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -1811,6 +1854,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 5468, + "network.community_id": "1:IOafOGWxFLefP+hvoAc06Z1pBj8=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1860,6 +1904,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 5631, + "network.community_id": "1:89qba0kw6T/uGNWcSzTTYvNoLeY=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1910,6 +1955,7 @@ "input.type": "log", "log.level": "notification", "log.offset": 5792, + "network.community_id": "1:3EQcjAJCGY7yJRip464V5VZ2h00=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -1962,6 +2008,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 5963, + "network.community_id": "1:xQpx+K3UkeF1wQfNjT+9cuVvkHo=", "network.direction": "outbound", "network.iana_number": 17, "network.transport": "udp", @@ -2017,6 +2064,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 6143, + "network.community_id": "1:/lWsjFt8GNAqxtRiPYxbyU20/N8=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2071,6 +2119,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 6298, + "network.community_id": "1:/lWsjFt8GNAqxtRiPYxbyU20/N8=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2243,6 +2292,7 @@ "log.level": "informational", "log.offset": 6803, "network.bytes": 14804, + "network.community_id": "1:tVS/eeyng4tH7pSAcq77I2cbedw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2301,6 +2351,7 @@ "log.level": "informational", "log.offset": 6973, "network.bytes": 134781, + "network.community_id": "1:Tc+oC6fll4kTgOTp2hiirhpXAuQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2359,6 +2410,7 @@ "log.level": "informational", "log.offset": 7144, "network.bytes": 134781, + "network.community_id": "1:Tc+oC6fll4kTgOTp2hiirhpXAuQ=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2411,6 +2463,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7315, + "network.community_id": "1:BX8uzuuLWZ5TLiZXPqdka12ZHOc=", "network.iana_number": 6, "network.transport": "tcp", "observer.hostname": "127.0.0.1", @@ -2462,6 +2515,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7462, + "network.community_id": "1:BX8uzuuLWZ5TLiZXPqdka12ZHOc=", "network.iana_number": 6, "network.transport": "tcp", "observer.hostname": "127.0.0.1", @@ -2515,6 +2569,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 7609, + "network.community_id": "1:BouUIZD+TqJZdYklL1aMrJfnbQ0=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "outside", @@ -2571,6 +2626,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7765, + "network.community_id": "1:mUqH1e0FnddfDertRLbskQ9rX5Q=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2628,6 +2684,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 7944, + "network.community_id": "1:mUqH1e0FnddfDertRLbskQ9rX5Q=", "network.direction": "outbound", "network.iana_number": 6, "network.transport": "tcp", @@ -2687,6 +2744,7 @@ "log.level": "informational", "log.offset": 8123, "network.bytes": 11420, + "network.community_id": "1:kugTIYv6tVeitQAN8XRNgUPvZiw=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "dmz", @@ -2743,6 +2801,7 @@ "log.level": "informational", "log.offset": 8293, "network.bytes": 1416, + "network.community_id": "1:n1IQHcbrWLb1u8dflqz8hfEElA0=", "network.iana_number": 17, "network.transport": "udp", "observer.egress.interface.name": "inside", @@ -3169,6 +3228,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 9405, + "network.community_id": "1:buRYH8vRkdq5apZqKHNDfmztnUo=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "inside", @@ -3268,6 +3328,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 9669, + "network.community_id": "1:XKWgpeop6LmXORBjS+D+pjammJ4=", "network.iana_number": 1, "network.transport": "icmp", "observer.ingress.interface.name": "inside", @@ -3320,6 +3381,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 9805, + "network.community_id": "1:ZWjuP5bJeA+f0NH342ubXOWI+Lc=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -3382,6 +3444,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 10056, + "network.community_id": "1:iQUXct+pq5A5+rR869ELbDtnuek=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outsidet", @@ -3441,6 +3504,7 @@ "input.type": "log", "log.level": "warning", "log.offset": 10355, + "network.community_id": "1:iQUXct+pq5A5+rR869ELbDtnuek=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outsidet", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json index fae2b463a49..f5c9eb57649 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json @@ -56,6 +56,7 @@ "log.level": "alert", "log.offset": 0, "network.application": "icmp client", + "network.community_id": "1:Lc5Ybc+aBSwS/2nqgn+rGxqrgck=", "network.iana_number": 1, "network.protocol": "icmp", "network.transport": "icmp", @@ -150,6 +151,7 @@ "log.level": "alert", "log.offset": 579, "network.application": "icmp client", + "network.community_id": "1:Lc5Ybc+aBSwS/2nqgn+rGxqrgck=", "network.iana_number": 1, "network.protocol": "icmp", "network.transport": "icmp", @@ -253,6 +255,7 @@ "log.level": "alert", "log.offset": 1182, "network.application": "dns client", + "network.community_id": "1:LrHhMjRxI8XLokucnZO43cq3wJ0=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -363,6 +366,7 @@ "log.level": "alert", "log.offset": 1821, "network.application": "dns client", + "network.community_id": "1:/cLFaau3XcCC0NUtxHnt+rWlO6A=", "network.iana_number": 17, "network.protocol": "dns", "network.transport": "udp", @@ -462,6 +466,7 @@ "input.type": "log", "log.level": "alert", "log.offset": 2515, + "network.community_id": "1:L+Ul/KflTuC9qM1HyJ2hOk2/NSM=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -577,6 +582,7 @@ "advanced packaging tool", "ubuntu" ], + "network.community_id": "1:L+Ul/KflTuC9qM1HyJ2hOk2/NSM=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -682,6 +688,7 @@ "input.type": "log", "log.level": "alert", "log.offset": 3919, + "network.community_id": "1:TE/czajXLfyOntGRUMlWpOamN+I=", "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "outside", @@ -793,6 +800,7 @@ "log.level": "alert", "log.offset": 4442, "network.application": "curl", + "network.community_id": "1:TE/czajXLfyOntGRUMlWpOamN+I=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -887,6 +895,7 @@ "input.type": "log", "log.level": "alert", "log.offset": 5177, + "network.community_id": "1:Lc5Ybc+aBSwS/2nqgn+rGxqrgck=", "network.iana_number": 1, "network.transport": "icmp", "observer.egress.interface.name": "input", @@ -989,6 +998,7 @@ "log.level": "alert", "log.offset": 5719, "network.application": "curl", + "network.community_id": "1:EX7LDhHq0D9ez/OeVOOW5FWakkI=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json index 367c559c2e6..3dcdb4f4219 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json @@ -44,6 +44,7 @@ "log.level": "alert", "log.offset": 0, "network.application": "curl", + "network.community_id": "1:ICpzATq4Q7ls9bAGqEmf+eAOtFc=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -123,6 +124,7 @@ "log.level": "alert", "log.offset": 450, "network.application": "curl", + "network.community_id": "1:1P/UJpeT0HuAQ0Zj36VUw3NWrms=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -202,6 +204,7 @@ "log.level": "alert", "log.offset": 900, "network.application": "curl", + "network.community_id": "1:k9jZpiIYklqnW5VrPKZ36zGCfpw=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -281,6 +284,7 @@ "log.level": "alert", "log.offset": 1348, "network.application": "curl", + "network.community_id": "1:1O6Tg+zlE975TFeaA0Qa6QBRfBs=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -366,6 +370,7 @@ "log.level": "alert", "log.offset": 1804, "network.application": "curl", + "network.community_id": "1:9k57JmGIU8Cd4FcndffJHSuGmHg=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -454,6 +459,7 @@ "log.level": "alert", "log.offset": 2372, "network.application": "curl", + "network.community_id": "1:eJqjWMIqoBPiagsWFCmeQAhxZaM=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -546,6 +552,7 @@ "log.level": "alert", "log.offset": 2940, "network.application": "curl", + "network.community_id": "1:EX7LDhHq0D9ez/OeVOOW5FWakkI=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -647,6 +654,7 @@ "log.level": "alert", "log.offset": 3639, "network.application": "curl", + "network.community_id": "1:idXjLwb9WD2+SkGKCxynJU8imAk=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -737,6 +745,7 @@ "log.level": "alert", "log.offset": 4397, "network.application": "curl", + "network.community_id": "1:nOd4Q0QVZ1CGu/nTE/uuQ/52Q3A=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", @@ -837,6 +846,7 @@ "log.level": "alert", "log.offset": 5211, "network.application": "curl", + "network.community_id": "1:NJVenFV6VTdZygfzWuC08PwZc84=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json index a1146a75efc..eeb9024fdc4 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json @@ -77,6 +77,7 @@ "log.level": "unknown", "log.offset": 0, "network.application": "chrome", + "network.community_id": "1:IpM6MLWKXk42SgVki5Wy5/6cTfk=", "network.iana_number": 6, "network.protocol": "http", "network.transport": "tcp", diff --git a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml index 2c92b41648e..ee379156ce6 100644 --- a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml +++ b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml @@ -268,7 +268,10 @@ processors: field: "message" description: "106023" patterns: - - ^%{NOTSPACE:event.outcome} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{IPORHOST:source.address}(/%{POSINT:source.port})?\s*(%{GREEDYDATA:_temp_.cisco.source_username} )?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{IPORHOST:destination.address}(/%{POSINT:destination.port})?%{DATA}by access.group "%{NOTSPACE:_temp_.cisco.list_id}" + - ^%{NOTSPACE:event.outcome} ((protocol %{POSINT:network.iana_number})|%{NOTSPACE:network.transport}) src %{NOTCOLON:_temp_.cisco.source_interface}:%{IPORHOST:source.address}(/%{POSINT:source.port})?\s*(\(%{CISCO_USER:_temp_.cisco.source_username}\) )?dst %{NOTCOLON:_temp_.cisco.destination_interface}:%{IPORHOST:destination.address}(/%{POSINT:destination.port})?%{DATA}by access-group "%{NOTSPACE:_temp_.cisco.list_id}" + pattern_definitions: + NOTCOLON: "[^:]*" + CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - dissect: if: "ctx._temp_.cisco.message_id == '106027'" field: "message" @@ -329,28 +332,37 @@ processors: field: "message" description: "302013, 302015" patterns: - - "Built %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} connection %{NUMBER:_temp_.cisco.connection_id} for %{NOTSPACE:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port} \\(%{IP:_temp_.natsrcip}/%{NUMBER:_temp_.cisco.mapped_source_port}\\)(\\(%{NOTSPACE:_temp_.cisco.source_username}\\))? to %{NOTSPACE:_temp_.cisco.destination_interface}:%{NOTSPACE:destination.address}/%{NUMBER:destination.port} \\(%{NOTSPACE:_temp_.natdstip}/%{NUMBER:_temp_.cisco.mapped_destination_port}\\)( \\(%{NOTSPACE:destination.user.name}\\))?%{GREEDYDATA}" + - Built %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} connection %{NUMBER:_temp_.cisco.connection_id} for %{NOTCOLON:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port} \(%{IP:_temp_.natsrcip}/%{NUMBER:_temp_.cisco.mapped_source_port}\)(\(%{CISCO_USER:_temp_.cisco.source_username}\))? to %{NOTCOLON:_temp_.cisco.destination_interface}:%{NOTSPACE:destination.address}/%{NUMBER:destination.port} \(%{NOTSPACE:_temp_.natdstip}/%{NUMBER:_temp_.cisco.mapped_destination_port}\)(\(%{CISCO_USER:destination.user.name}\))?( \(%{CISCO_USER:_temp_.cisco.termination_user}\))?%{GREEDYDATA} + pattern_definitions: + NOTCOLON: "[^:]*" + CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - dissect: if: "ctx._temp_.cisco.message_id == '303002'" field: "message" description: "303002" pattern: "%{network.protocol} connection from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, user %{client.user.name} %{} file %{file.path}" - - dissect: - if: "ctx._temp_.cisco.message_id == '302012'" + - grok: + if: "ctx._temp_.cisco.message_id == '305012'" field: "message" - description: "302012" - pattern: "Teardown %{} %{network.transport} translation from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} duration %{_temp_.duration_hms}" + description: "305012" + patterns: + - Teardown %{DATA} %{NOTSPACE:network.transport} translation from %{NOTCOLON:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port}(\s*\(%{CISCO_USER:_temp_.cisco.source_username}\))? to %{NOTCOLON:_temp_.cisco.destination_interface}:%{IP:destination.address}/%{NUMBER:destination.port} duration %{DURATION:_temp_.duration_hms} + pattern_definitions: + NOTCOLON: "[^:]*" + CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) + DURATION: "%{INT}:%{MINUTE}:%{SECOND}" - grok: if: "ctx._temp_.cisco.message_id == '302020'" field: "message" description: "302020" patterns: - - "Built %{NOTSPACE:network.direction} %{NOTSPACE:network.protocol} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\\s*(?:\\(%{NOTSPACE:_temp_.cisco.destination_username}\\) )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\\s*(?:\\(%{NOTSPACE:_temp_.cisco.source_username}\\) )?(type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})?" + - "Built %{NOTSPACE:network.direction} %{NOTSPACE:network.protocol} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\\s*(?:\\(%{CISCO_USER:_temp_.cisco.destination_username}\\) )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\\s*(?:\\(%{CISCO_USER:_temp_.cisco.source_username}\\) )?(type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})?" pattern_definitions: NOTCOLON: "[^:]*" ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" MAPPEDSRC: "(?:%{DATA:_temp_.natsrcip}|%{HOSTNAME})" + CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - dissect: if: "ctx._temp_.cisco.message_id == '302022'" field: "message" @@ -366,7 +378,7 @@ processors: field: "message" description: "304001" patterns: - - "%{IP:source.address} %{DATA} (%{NOTSPACE}@)?%{IP:destination.address}:%{GREEDYDATA:url.original}" + - "(%{NOTSPACE:source.user.name}@)?%{IP:source.address}(\\(%{DATA}\\))? %{DATA} (%{NOTSPACE}@)?%{IP:destination.address}:%{GREEDYDATA:url.original}" - set: if: "ctx._temp_.cisco.message_id == '304001'" field: "event.outcome" @@ -651,13 +663,14 @@ processors: field: "message" description: "722051" patterns: - - "Group <%{NOTSPACE:_temp_.cisco.webvpn.group_name}> User <%{NOTSPACE:source.user.name}> IP <%{IP:source.address}> IPv4 Address <%{IP:_temp_.cisco.assigned_ip}> %{GREEDYDATA}" - - "Group %{NOTSPACE:_temp_.cisco.webvpn.group_name} User %{NOTSPACE:source.user.name} IP %{IP:source.address} IPv4 Address %{IP:_temp_.cisco.assigned_ip} %{GREEDYDATA}" - - dissect: + - "Group <%{NOTSPACE:_temp_.cisco.webvpn.group_name}> User <%{NOTSPACE:source.user.name}> IP <%{IP:source.address}> IPv4 Address <%{IP:_temp_.cisco.assigned_ip}> %{GREEDYDATA}" + - "Group %{NOTSPACE:_temp_.cisco.webvpn.group_name} User %{NOTSPACE:source.user.name} IP %{IP:source.address} IPv4 Address %{IP:_temp_.cisco.assigned_ip} %{GREEDYDATA}" + - grok: if: "ctx._temp_.cisco.message_id == '733100'" field: "message" description: "733100" - pattern: "[%{_temp_.cisco.burst.object}] drop %{_temp_.cisco.burst.id} exceeded. Current burst rate is %{_temp_.cisco.burst.current_rate} per second, max configured rate is %{_temp_.cisco.burst.configured_rate}; Current average rate is %{_temp_.cisco.burst.avg_rate} per second, max configured rate is %{_temp_.cisco.burst.configured_avg_rate}; Cumulative total count is %{_temp_.cisco.burst.cumulative_count}" + patterns: + - \[(%{SPACE})?%{DATA:_temp_.cisco.burst.object}\] drop %{NOTSPACE:_temp_.cisco.burst.id} exceeded. Current burst rate is %{INT:_temp_.cisco.burst.current_rate} per second, max configured rate is %{INT:_temp_.cisco.burst.configured_rate}; Current average rate is %{INT:_temp_.cisco.burst.avg_rate} per second, max configured rate is %{INT:_temp_.cisco.burst.configured_avg_rate}; Cumulative total count is %{INT:_temp_.cisco.burst.cumulative_count} - dissect: if: "ctx._temp_.cisco.message_id == '734001'" field: "message" @@ -667,7 +680,7 @@ processors: if: "ctx._temp_.cisco.message_id == '805001'" field: "message" description: "805001" - pattern: "Offloaded %{network.transport} for connection %{_temp_.cisco.connection_id} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})" + pattern: "Offloaded %{network.transport} Flow for connection %{_temp_.cisco.connection_id} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})" - dissect: if: "ctx._temp_.cisco.message_id == '805002'" field: "message" @@ -696,7 +709,7 @@ processors: - dissect: if: '["602303", "602304"].contains(ctx._temp_.cisco.message_id)' field: "message" - pattern: "%{network.type}: An %{network.direction} %{network.inner} SA (SPI= %{}) between %{source.address} and %{destination.address} (user= %{user.name}) has been %{event.action}." + pattern: "%{network.type}: An %{network.direction} %{_temp_.cisco.tunnel_type} SA (SPI= %{}) between %{source.address} and %{destination.address} (user= %{user.name}) has been %{event.action}." - dissect: if: "ctx._temp_.cisco.message_id == '750002'" field: "message" @@ -762,27 +775,29 @@ processors: # Handle 302xxx messages (Flow expiration a.k.a "Teardown") # - set: - if: '["302012", "302014", "302016", "302018", "302020", "302021", "302036", "302304", "302306", "609001", "609002"].contains(ctx._temp_.cisco.message_id)' + if: '["305012", "302014", "302016", "302018", "302020", "302021", "302036", "302304", "302306", "609001", "609002"].contains(ctx._temp_.cisco.message_id)' field: "event.action" value: "flow-expiration" - description: "302012, 302014, 302016, 302018, 302020, 302021, 302036, 302304, 302306, 609001, 609002" + description: "305012, 302014, 302016, 302018, 302020, 302021, 302036, 302304, 302306, 609001, 609002" - grok: field: "message" if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' description: "302014, 302016, 302018, 302021, 302036, 302304, 302306" patterns: - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} \(%{NOTSPACE:_temp_.cisco.termination_user}\) - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} \(%{NOTSPACE:_temp_.cisco.termination_user}\) - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) \(%{NOTSPACE:_temp_.cisco.termination_user}\) - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) - - ^Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:\(%{NOTSPACE:_temp_.cisco.destination_username}\) )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:\(%{NOTSPACE:_temp_.cisco.source_username}\))?(\s*type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})? + - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} \(%{CISCO_USER:_temp_.cisco.termination_user}\) + - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} + - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} \(%{CISCO_USER:_temp_.cisco.termination_user}\) + - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) \(%{CISCO_USER:_temp_.cisco.termination_user}\) + - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} + - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) + - ^Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:\(%{CISCO_USER:_temp_.cisco.source_username}\))?(\s*type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})? pattern_definitions: NOTCOLON: "[^:]*" ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" - MAPPEDSRC: "(?:%{DATA:_temp_.natsrcip}|%{HOSTNAME})" + MAPPEDSRC: "(?:%{IPORHOST:_temp_.natsrcip}|%{HOSTNAME})" + DURATION: "%{INT}:%{MINUTE}:%{SECOND}" + CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) # # Decode FTD's Security Event Syslog Messages # @@ -1320,6 +1335,35 @@ processors: Instant.parse(end).minusNanos(nanos), ZoneOffset.UTC); # + # Parse Source/Dest Username/Domain + # + - set: + field: source.user.name + value: "{{{ _temp_.cisco.source_username }}}" + if: 'ctx?.source?.user?.name == null && ctx?._temp_?.cisco?.source_username != null' + - set: + field: destination.user.name + value: "{{{ _temp_.cisco.destination_username }}}" + if: 'ctx?.destination?.user?.name == null && ctx?._temp_?.cisco?.destination_username != null' + - grok: + field: "source.user.name" + if: 'ctx?.source?.user?.name != null' + ignore_failure: true + patterns: + - (%{CISCO_DOMAIN})?%{CISCO_USER:source.user.name} + pattern_definitions: + CISCO_USER: "%{USERNAME}(@%{HOSTNAME:source.user.domain})?" + CISCO_DOMAIN: (LOCAL\\)?(%{HOSTNAME:source.user.domain}\\)? + - grok: + field: "destination.user.name" + if: 'ctx?.destination?.user?.name != null' + ignore_failure: true + patterns: + - (%{CISCO_DOMAIN})?%{CISCO_USER:destination.user.name} + pattern_definitions: + CISCO_USER: "%{USERNAME}(@%{HOSTNAME:destination.user.domain})?" + CISCO_DOMAIN: (LOCAL\\)?(%{HOSTNAME:destination.user.domain}\\)? + # # Normalize protocol names # - lowercase: @@ -1428,50 +1472,62 @@ processors: field: "source.port" type: integer ignore_failure: true + ignore_missing: true - convert: field: "destination.port" type: integer ignore_failure: true + ignore_missing: true - convert: field: "source.bytes" type: long ignore_failure: true + ignore_missing: true - convert: field: "destination.bytes" type: long ignore_failure: true + ignore_missing: true - convert: field: "network.bytes" type: long ignore_failure: true + ignore_missing: true - convert: field: "source.packets" type: integer ignore_failure: true + ignore_missing: true - convert: field: "destination.packets" type: integer ignore_failure: true + ignore_missing: true - convert: field: "_temp_.cisco.mapped_source_port" type: integer ignore_failure: true + ignore_missing: true - convert: field: "_temp_.cisco.mapped_destination_port" type: integer ignore_failure: true + ignore_missing: true - convert: field: "_temp_.cisco.icmp_code" type: integer ignore_failure: true + ignore_missing: true - convert: field: "_temp_.cisco.icmp_type" type: integer ignore_failure: true + ignore_missing: true - convert: field: "network.iana_number" type: integer ignore_failure: true + ignore_missing: true # # Assign ECS .ip fields from .address is a valid IP address is found, # otherwise set .domain field. @@ -1856,22 +1912,22 @@ processors: allow_duplicates: false - append: field: related.user - value: "{{user.name}}" + value: "{{{user.name}}}" if: ctx?.user?.name != null && ctx?.user?.name != '' allow_duplicates: false - append: field: related.user - value: "{{host.user.name}}" + value: "{{{host.user.name}}}" if: ctx?.host?.user?.name != null && ctx?.host?.user?.name != '' allow_duplicates: false - append: field: related.user - value: "{{source.user.name}}" + value: "{{{source.user.name}}}" if: ctx?.source?.user?.name != null && ctx?.source?.user?.name != '' allow_duplicates: false - append: field: related.user - value: "{{destination.user.name}}" + value: "{{{destination.user.name}}}" if: ctx?.destination?.user?.name != null && ctx?.destination?.user?.name != '' allow_duplicates: false - append: @@ -1899,6 +1955,16 @@ processors: value: "{{source.domain}}" if: ctx.source?.domain != null && ctx.source?.domain != '' allow_duplicates: false + - append: + field: related.hosts + value: "{{source.user.domain}}" + if: ctx.source?.user?.domain != null && ctx.source?.user?.domain != '' + allow_duplicates: false + - append: + field: related.hosts + value: "{{destination.user.domain}}" + if: ctx.destination?.user?.domain != null && ctx.destination?.user?.domain != '' + allow_duplicates: false - script: lang: painless description: This script processor iterates over the whole document to remove fields with null values. @@ -1923,6 +1989,9 @@ processors: } } handleMap(ctx); + - community_id: + ignore_missing: true + ignore_failure: true on_failure: # Copy any fields under _temp_.cisco to its final destination. Those can help # with diagnosing the failure.