diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c914f89934f..bf81cac3421 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -76,6 +76,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change logging in logs input to structure logging. Some log message formats have changed. {pull}25299[25299] - All url.* fields apart from url.original in the Apache, Nginx, IIS, Traefik, S3Access, Cisco, F5, Fortinet, Google Workspace, Imperva, Microsoft, Netscout, O365, Sophos, Squid, Suricata, Zeek, Zia, Zoom, and ZScaler modules are now url unescaped due to using the Elasticsearch uri_parts processor. {pull}24699[24699] - Deprecated the cyberark module (replaced by cyberarkpas). {issue}25261[25261] {pull}25505[25505] +- Change source field for `event.action` in `fortinet.firewall` module to `fortinet.firewall.action` instead of `fortinet.firewall.eventtype`. {pull}24816[24816] *Heartbeat* - Add support for screenshot blocks and use newer synthetics flags that only works in newer synthetics betas. {pull}25808[25808] @@ -601,6 +602,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add support for `copytruncate` method when rotating input logs with an external tool in `filestream` input. {pull}23457[23457] - Add `uri_parts` and `user_agent` ingest processors to `aws.elb` module. {issue}26435[26435] {pull}26441[26441] - Added dataset `recordedfuture` to the `threatintel` module to ingest indicators from Recorded Future Connect API {pull}26481[26481] +- Update `fortinet` ingest pipelines. {issue}22136[22136] {issue}25254[25254] {pull}24816[24816] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 131de488de8..ebb833130db 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -62763,6 +62763,16 @@ type: keyword ESP Transform +type: keyword + +-- + +*`fortinet.firewall.eventtype`*:: ++ +-- +UTM Event Type + + type: keyword -- @@ -65243,6 +65253,16 @@ type: integer Security action performed by UTM +type: keyword + +-- + +*`fortinet.firewall.utmref`*:: ++ +-- +Reference to UTM + + type: keyword -- diff --git a/x-pack/filebeat/module/fortinet/fields.go b/x-pack/filebeat/module/fortinet/fields.go index 60f2d21f39d..6220d292baf 100644 --- a/x-pack/filebeat/module/fortinet/fields.go +++ b/x-pack/filebeat/module/fortinet/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFortinet returns asset data. // This is the base64 encoded gzipped contents of module/fortinet. func AssetFortinet() string { - return "eJzsvetzG7eWL/p9/grcfDhxUra84zxmds7M3NJI9rbOyDK35cfUrV3FArsXSURooA2gSTF//S08utlvtSgsSp45+ZBKRHLhh9fCeq8X5AZ2v5OlVIYJMP9EiGGGw+/kzf4vKehEsdwwKX4n//5PhJDq++SdTAsO/0TIkgFP9e/uU/vPCyJoBr8TAWYr1c0JEwbUkiZwYv9efY0QuQG1VczA78Soov6J2eXwu8W3lSqt/T2FJS24mbshfydLyjU0Pu7ALf+5ohkQuSRmDSUwUgEj2zUocJ8ZRZdLlpA11WQBIIhcaFAbSE8681Oa3mMyKyWLfPpU2ou6H9ahFpQ3pjc8+tD4fUPsB8n0qvH38RGGN6yzKx/XTNvvEaZJoSElRpKE5qYI66/olmSgNV3Z/6eGJDIDbSct7ect0oRcyhU5h0SmoPon4mmxNqhDp1PShQ0IM7dTi0w4AEZe/bDk2q15IoUBYbS9H0xoQ4UpYehejIZlhwBMqWl/0EXHPCY7BKGGbNcsWRNKNGjNpCBrZjSh5ArMF2YEaF3u/knnaFST1WtZ8JQI2IAiC6jOXU6VBvIODLXQKFkqmdWGenYpV/rljCY3YPQPHfLnTEFi+O45MQE3JR/AMwt/wkUN5knvQnLYAD9gJbkU7fvZWMlzyBUk1AQkKSyZgJRIwR0sQxccSEbzflSZXs2jXZiRPX4X7vnF+U9kQ3kRbjxLQRi2ZOF0wi1NDOFy5fdLdTbCzY5Z8uG0uO/Z7cipMiwpOFXu92FjTwZPRof0QSel72R0KA+flMEt2Rx3T1793z0Z3xM7Ks6GPOz6ysUfczeR9rY8GXQbegjTQ4emQMtCJUhv78OXDev+PwyZNtRABsI8RXC0SJmZJ5y27vATgQfCqN1TBLa2MtVTBMbEYcBwJaaSczzdk5YCPYR74C7bEiCNqUMNyDV9embti6VZwKLpyCEdIeFhWkRLDulQv0OLGF7FlmnlSKsoalaV3uXzy9WZZqTlIz0reO/lS44hVheCfS1gL0arav7hT7umUnsmRWIfB2rkU9dsB9jNhuGyw/rqntlh2JIltH6fL+WKvN6AMOTaMWdSiBSUVUEUBEbVmfqS3UJKNBhLpPHj5hh6WGEpN6FD+8EKS7UJHdL32pSuJTC+femwg9mZ1z3W5H5rsJYaSV6tn8u3Ups6i+TtE6lBpEysyg9137Gp2ZC+nfVlhxywzo8GF/ZitvmF0DRVllcOXff24nZmb+S3urib37CX97f/uctrVwufN7T5gjek1a1lKaFkxTYgKiPZtysI2CU6zH6Bq4GkT1H4+zY8GoMGDZnv5gq+Iux13XnoNtjNe7Fzq/zaD01m7iI9D9ZsQ8nHXQ4koV0OsgACzKxBkU8Xwvz0G5GKvOGSmp9fkQXV7hSVDrIlWxXKiX53zPsQcfcbnrdzg+IpnxHsC/bXK4llZhvTjsuRv3kDg1RbqlI0oa7G0WrTrq/kxexzQ96jRAGn7S0lRO+0gSw8ogG2pbYGf1K1Xzz7/1KxFROUl79pSit3rAOW/DUSGHEx+/xbzxIE+J2VePgSVIi6qxzj9dkf1K7geOjrswaagjqK7/qtG4pcnD/ES+rx1p2ljsxhvtInbWTjyRzdzkZLQetiL2i5i2JVlzPJOSRGqm+RAdvVe4SYG3vmmCaJXzpILdKGoHop22ILGVnoJ6jxZcniqYiqmdQu2C2Tgix2nU0jRMHXArSxBDXLcr4L+2S/bBk9AZqsiWYpkGd/IWatCvLq119/IFuqiQYQ1SgjK/EkhNcJK6FzKTTgLUXyzZyKRBbCVDaFIlt4pmevsu6lQJ7RhdxAbTGY6I2sLNmbNgpoNnh/km/m2DzyUkHKiracFmOhvuuTHCvDAlsSZv5RvPrLT3/VnqW/zB0DLUH/ozObf1h98JLuQJFX5LVIaK4L7j0rVqW8F1/vo/5A50dPbGXfKD+/Iv9mp/uc/Pwz+TeSSGXlZTeLMOhz8r+4+d/2i0yT5qJ817uFQqbwZHVdsYV5Qjlf0OQGVwL24IQ07tpQ4/UKu4gg0lwyYZxqYqA/wNkdjjkoJZHi0/byoM4hYZQ7xA6pNlJZyVrsvNRhP9hQzlJ/MPpAEbKUhUjtC8PBgWdiFYSjO4MXmzeiQzmGLzBchxG30cAu7Lik6VN55wIcotmfQDIwiiU9WkdQhetfdrqwf+5LJmyffWr2Eq1cltt2Qt7Krd2ars7JBJHKKmNGkhuA/I5FexIv3jeyaEomoPV8w9J5iuV1fV1ynhUIUNS4S57aFazphRumTEG5VdobtnfRY+JgGbNqt/OVu8XwswhX/eKcKMuttTOouEWjagWm+tqdK6EVUtDTo6+Ej4QbXwmF4grqMv6L89L2+gEyaYBch/OeKHAP7WI3xCjtP6Uj5htwvISR5jrnDDOy4Umr85p1xP4nIZtZnot43t2ts29AOOvlqSu1lvCE/PfwMHr2smT8EXz0dlSrHM3OTmdB9k2osMvDslyqtsRL3BP5zYVBFE/D/PHJP1VOEXeqe58ptanKF/uf7BV2L+c4zfyEvPr1N7J1654BFYRy3m8rcEZ9Jybt7UdkCwo8WWoIB6oNkaKVLtJcxEcXE7/tRey5qxhu27B2X6RK3cK5qCZI1kJyudq1HXFLpjpSLCG/kmRNFU2MX0R7qXcOvzOaC1KIENPDGzbzwYza2And3lGP6UQY8V06jSKzQqYUpRtB0e0gT3OctSVW0sRJrN5HIYLNQSZJoUqK2lCRUpUSIVVGOfuzL75Xqqx3fdIQ5XDwEsli0XmS7rVIe9QVmJecLcHNuEfB15BIkQ4I2PvtnmuDaWcZmRATicxyDqb3AAwaUakT4I1iLTZYyzdT5pEO8rUdu/c4Dx3l5skcPH6ZFGYdaZv2+amxYl72UU7pIy38a5FiLLsl+acU2NUWRtiiHb0UMX147cf2CndYFNqNPiUGbk24fGQDStfSKdKxOLCe/X3oYdsBjTXNfZpeIlUKKd47GIJswjOlqxFLGaOMtKm+WPevd18rJbMTR7VwSfk6AUEVk16szwpu2AvDQBGa57zMftnXssmooKu+1FxCuHPvlPqiB+WxasLM95rIrfCeMUOzvG0ZDIjtaBZi9/YZTZI1s9qNTEGfkHeFNk5NqhO1t5KagbhcauDATRplYMulxb2BY0hCbpPLAf3aKViCApH4A0GtaJ2yDUutZOPOQz8juy4Z2cfW4vVP8jZn6mgz3O+n9wXd2pPIDN/5yWrL9Ky8ZkG5AzpuG4246YMmnOeWG1f87KQzZBVOJovYHCjrCHIPpVitf+yr4iTIrwUURztK9nT7U7Tnj1uqiQORDpwbB+6n2IsaUShoLCgCT1tlBuH1XWUYWPM5AtR8jiE95zFZUZPoq+hUEWSl2ivyOCpkS33sfWM6z+W93pxD2eZdfO0QZ8H+gWhVQ4htCKJJR4iPIVjrgmO7nQa0KFmYRGbw0mOolBcXlS2XnRNCRViChgI5cEBgA4oZzNSRkYmVo4ckwJpnZ8zkg5u82Kkd6F/pKtPFUnN+pxwStmR7xadfuvXOnKGaKkFWxo9m6tmAysTI0n3CRGmiSoOTpRd3UJuPtQmfm1p6XROUiry/DqGxTJcBAW27mhu/3KGhLEmdS80iMo5JZ8up0yL1FaZcKH95dwer8BTczPFKF92TFYkiA8WS+/Ki3rkdIYttZGL1TLbqZni25O93Z2obEKlUIWB2dGZy8ccjVK8pXbty8Qck/Xq0BYafC95ZbstBx4F5To9Zq+677oUMWf+BzQQr15pWscVCGkLJOlS86A+g5XI1LwNVHoWplwfx3kz9GDVTGrzvby7cylWtduyjX/CXnCU77NszwhdmDkAori34boAvFxwzbrp/AT8UHBywfnYqhYFbbIm1AnQhvL1uXw+Vpqm2/3KPKuUloL4CMHc8zsmaihXMBWyxecGQ4xK2NVe/E0KMUWxRGKhxiG6MvvbQrbRef/76WYfOaTRmV60cZ2hlK8cWzSmC7fgiD6Yuv/Uoty4DzC5YWXBQ72O+1AbUCbkGvymFBnVCV+BKeYdI96VUJYYO7ZKMl9sT93vif1+rWyEVWSi5tZ+Vfw2yple7ButJX6QzqkxsM11FOLZFJdwp2ckOPdadkjytxEasKyVzCA5FrLf4VBDKQZkqukjtBw1/8+6twD5qRQBcEFKPwJwSIcULBTk4TWYs+sGpDcd8cpJCKXthKn3F7aST414y72Er3T+dmW2ZWQdh2fN6cu4GXLhsE0GkeLGS9r9HXgInpMx7BEfEedOaM/ClA2BByiWx3MEw0Cfkes9T2o0N6plVOIjPfDpfoa0S41NGfbBNGthvWHhKEl5oUx7I8D+dbXI/YdruZMiJDvYNK/i6T4dFoKNLP/6G9Wv0viwTnlD2/V2Kl0V57lAQqrVMmLOX2t3o1Sfdhl2yG/idUJKvd5ollJOU6ZvnJFeuJ8pzAib5vl9Qpooeknt5z4fe59komoEBpUlOtavipV0hB1+LIJFZZrmYbDjtu6k1YJJRcc+/B48l8dX2EOFh8uw7kVledO8gwrZRsmUildsQT5tIkUBunleRFIOL0ZnmsuB8R74WlHvjZyozykTgGqI2EJcDT1fd6hlLXBqZuhUJL5m4gTTkApWB6FQ761RQUOwn31XQTlg6tnG8UxUCldXVOzt5s0QbQAnv/fVj4XqfB8srue6W66mczqAy1m7shG1iDWM6tP78j0vaP0eWtJeM49/xaspv3GjVNVaQFgmQ0nME/eY2DYpRPu95TdEekWs3ZCk2t9/H2gNoX5hBuwAkN/qgkgMxLMZhdPvQraleVzfUioU9WYZFsvaRv2WOTZVmeFZSapUIsxOphjnRKrG/qv6/m2lKLD8XhLmYu0IkHKiyf3KF8PbQQgJhsHaqMrHzbu+DZ35Ft87Tk36xEpktmKjqZtcfrJA2qu7xem2YKvSxLX11acQBGLb4HcdB2nMlzvzovibjsKXUa3DopvFq+byV+eKcXHlO8ywUbiC+215I+rXYfuiXq70B+jFs+TXz88W5W9KQ8laxia71oOmR82GAfgon/hBZXrBlul9J3egdZi37plc3JGh7cWHUji288n3EU2OX/qwamFyc3ynJxrLP3SHJWmCvRLqXaE/Imc/PDPVOuf9gXJp1AFXzGz99F8xxi8JUmZvSVI9RIThovzLSPyhbSTZUMbrgnSxAX5SBCZJzOsAINAiNWh+lsaF1UdWPfGI5lZUwyvxCZvf5+uXFrC1Dk1Ay1lsUhvKyD2woODkXcu9p8SDJhTDkmq0Edcxi4IjmUmEWr/2+w7/sIZ2Vspt0VR3df1ogtbvsTlkqew7O1fuPhImEFylYdhYa2dqfn5Bnr29plnP4ncy8QcSTddz7pN8u4jxzR/dtOuPU/mnpR8b0jRW5D8B1j1S8mhnzKjwNH5i+GXG5GsVWK1B4Lez6l+xz3RcQMDjpdK1AryVP7enxuvpAp9GG6/0IloWu7z1w5WcfvIzxQ1WM4+K8P41ksnc+kVk+P3LclduVEHvl2rh6+54uFi8sHClcfurStZuRaZEMaWlBLH2kqLE68opbSuUqD1i+XuIb6BJHVbql6nEi9LpV9S13peEhspMYKI38zDJRSt7RpKyn3C/cWhZ0VD1GihelgKrGuZDXNaM3tVZAdfTYYG2oKWIJzpU9ijL+aGqHHXwhbwlLXw6/X/ZlLY6B0CL61Cl87O+CRdF/dct3DLn7XueQn3f77h3ynDEhi1g+zloeiV5Fv1OWk8Y0OnQssr9EJoxdmbFxJE45t3yP6CJJQOtlwclrOz5JZAraHomy2G+/ZsFECreRF4AzbQ6TPB/IW9zAThVTJYgFKOffzKhi3EXw9FjwvP9drAh1i/jC/rZ3ZgLhHMqFLy70SBJxGJ08q+I5c1A6D0m3nsN0liyICPuA+LLC0w8DSYbezNV9j7EDSrzwVQV5BVuV/7b9kDKhSQqGMt5jZFjIwtR+NzA1yY8em1labGkVx+ZwDD+kBrKco0XznJIUljS4gELly9KHH6I1rVS8AcXpziVyGRkeV/Ks50baD5zWHX4NyzIL3NvqtWGmcIUZSe/E9rpBt2DTQ69rVC9Wzb6T0NhIEXhVIrPM3iecY3TmqRNWC/bNldyw1NvPyipyGejBQKhUJoc7Gu9vLXvD+F5qTOpxef2iwW3ugp4eh9eXo+Py+j/k4kC708HT+z9yERww/bcrZ3iFc89dQLHf+evZBbnoCFR1GGhVa0N2yTiCiIldVTbsKqoifR97WIit7hfuPYuYL2SKnfHVybhrCx0BC7FYBsSjdfxqCd5lcITM85oJOKQO+wDayh/CViytXDkDRrwsttbYSQOP8PLHE/KqeecF5jNVdveeffLVc0pHlAvWuIWkqFsRfOjXAvrSW8sqTGOBG0cwhPRaxdOmQaTKrqQbyjjtOjJIZQonLr9yCUoNdFrwd+gQW388v1tQVrJQAMo7YDtTCuEGmq1OBjgiy+aLIk130e0zLJtHzQOq0S00HFbofNRKFZ+iYjJilYNWit1cF8dISGC6Hr3qa67SImWmyqzb10ULiPoa2+0zNjwr2bsXxifpo8Rir+DmaFr52efX5FnIlfhccCsrLxh3CRwuDuz1bS61/eYP5EXX0CDaXpgbIbeioQhpSApXzGLTpD7QaTOhRzDBtcNCz8os96uQmnQJK5rsyKdBdY2zhaKPkZQfBm4sMRMko0wsFc1gNBwjp8p17cWvk9AQLmduWHIlUx8cvS8LWIs66wFF7pC+XKiAXQgsDalZN+4KtuRtIZwq+U6mwMkzJjYnPz4nTCbPycL+C+y/qKB8p5k++bHfv2iSfL7ktNM5P7YM1ZTwz2bEDepsXY5P7srmV3I5WqjBSFSk/q+LgLMsg6BB2YPcC2iTxeW7LWSf332hCshHHwD844+f3305/fD6xx99zO2GKsoGz+RWqpuYKct3XrAv5YB1D9ugEYyK2EJEyNmJW6Wkeg5oYp+LHYIKs5QKhGZJTAZSMyUhIM7iW0F6/AOxiM63lHWbEz/YOuBqn8cmaq9P7BR1XSyQLoVZpNqo2JnvLl8bzSBWf0ujvaNlzgeekfTQZJd9Y7COSBOSTfZ5LyHfxZJYskFDUzlVNEPsoVPtrUbUM812ek8/Uz64nuD9DRcWfJD/P3RH3YvMvvPfoxyxtGajD0BGQT7K4Sj9uGP4pDxC0FZjZ2t66TNTRbSXUXauTuYPzuzWObl3e6bLktXsGP4wl/S1pIzbtS6LucwCz7g4r+e2uUpcVh00sOopYTAcVVjGXM+tiHjAfA4JvHbh1iH76ExmWSHalqgOOnFY4aaHoruCW/M36JepK2z6MMn6odiuqUj/Q/Z7zfbYDDXsEM7wYHTdgRvgdKFzljAZLUr0WBq8Q7+lSnSdDk8duhZZPpdYzPj66t2MvPd21H1Qaj+Qr0cNJbj++yX5WoAaqN1acDFX0K7UiRvcUDOI7siHMumsN6yrktKTiA9pnaiM3UbAEs0PMhzdRdX0OMceTDeN36CBcqoyhN2yZBHMCzSPmIBcES3SaF1pGzTjVrtqkE6paUuFD6W7AJGsM6pipZVUdHc57bQvfrD3iSadcKooNOfr6GchgWXcBKqK8HLlSi0hkJWLPxCo5jR6JwxfcSr68XJO9zmL/eCEym0ZWNEzOmgxp4lrjBI//cTS1iKi8l4jvFjlm1/ErVlHf98TMU+Mmqc6at31GnVL+TDP0wTCG06jcwwxB7FiImJSZJc0Rmy0mC/nestMEp1/iPmSy62mWfzYlTptYTZ41BG8LomYM4HJTpjIQWWLXbSA9w7tPLnBIb6hHOOssHyeK2nkPL5LylHf/DJ3Fsf4tDna3eRyNU8xFtsSjh//loh5Rm/nxsQyGzQJ2xPNAeFRyJhAAs0EHuic6zlf8Hlst2iD9l8QiUevDF6jHbsWYp127KzeOu1fEWn/hkj7nxFp/wsi7b/i0DYy53QBGCyloh5fPRPzrOBO+F7sEN7Jknh+gyCXZAVnqyzHkb6tlEn5KnYQUqDMMIQSDV+T+LYRMdc+IBFhB7VKcLRJSxhHm9Q7XeQIvUgTUaVVo6iqRhqresAtAgsx0ljFDIu2U2tQiBeC3QoqpIYE4RBufrOrgvQobH6TuVkDTRHMajLL5wlHsGFbwghOEkdXLXYmvlnUUtYolPNijuDTSBQzLKEcIYFIz+kKRLKLGHVVpy0o3/0J6QID92buyoCiUPblYHBQ+8BaFOqLVb75DccGrecLZv6KUmgs0fO4veJahJWMzqo1yjV3VCFR8bPctLfxR+u1VSMMZu3t/PGNI564E/tQiPtq8vEqyNVoLxkHDB1Gz5cYm8iWMZOzm4QxZAM9Z7kLUpyjsDqWb35Jtck7xfwj0dYqQaHN2RIw1BjtDM0ZpCxawmiTNhM4pySTacFBJxJjtQNxtkLgTTLXW2qi9vyvUe+LII9CWMGKaaNofEvInjaCxKcgx1pqhbbW2lUiV0j81Ufm+yOOQN0ooBmCIOlTgbBg4wnX27Vkeu47zManvqOKohzwdCARNgblje9vH5su04aK6H2OU20WhYrVLLCkCr5XEAbVIjrW+HJ0mZMcm6zr3LCM3+z60EoDYzRXNE1j3wGWxnarlqWDEN4ils0TJWWGUpXIEkZQ01g2xwmODBWPMJY5v4leninX8UuWslznikUmyqlhpogefcaZgHgldvZUddSOOhVdl3wb36zFpa96Ol9yGf05r4gjhPxbnTc617FEETiO1aERoEaPTeByhXJ0xQrlAudSxWZg2aJYYVyzjOkEgy1kGuXAYvSBEGBccaXodKPzcF8AOnbEn6caOxxPbLexNRCUjDLpG0BH10RlfMlIKraa9/TjejDdrQAV/83K574pb3SyUTtT78n6Fq8ohwwhcTP0xInNDALZ2Nwgn3tDUnS4VGv74TxZx8rz75CG25xFdwTkoLKVosJ0au7GoLxFIRz/6fWVyD59anUBjUBYydWc6jxiw4A6aUVjU1VAOYZ8pyBx6+CrjiIRj7/IlnLcEq41ylKlCIjjGzI1gm1Ye9swQjyAhtiBAL7hMYJyouFr/APQV6A1GlUEVUqzFQLj1XlsK5tWCcY9UEkaXZDWKumrihuBsInXYqtOs9DRq2puEhE7UaK3W+xDifoinbGnb1Ym/rHyRON79KqenrHp7vLo1VqLdIESh14ojvAWFhrUPGWxs95R2laUniGMZTCJNjSLbQ3ezJnQhi4RJIMNUwZDDN/kAqF0k5GqEDHNrH1l0Xoqip4WRpIPhSCdoavoEcRmeZ8pZyk5U5AyQ86oSkM1Q+3Kv/fD8Z2zEFdpqEOoI+Oa6BNX3yCRnPSl6lTxEEzgrdzrLOdyB53Ggneu31IW0Yp6Tzxjdg29zcj1O1OwgluS0Xahhb0vVqyKdjMQdJCcadecoRw9bL0roER0kedSGdItPErIdk0NYYbkCpZDR+EBYbn3aULRt/BB66ggECZCZfeButCcCeyO/DWodrQ6Tk2MXIFZgzrZf1+vZdF50QgRsAFVtSMykuRUaSDvwFDXEdzfVVotwbNLudIvZz7t9QdyHlp8PSdm3dOlyBUD/gCh9bGDLcgVmC/MCND9+9w91CiLt3Qtu6tb5Ab3k9VAVbI+YYL14nM9d49QX7vFPl0vDBcM8ZLTQrhev6vC9XEti7j3F3Bv1WsfmRN+Oe5qTlUR7tC/eEDZtxsxj5jTNK3yqhuWfIRb427FkLngGN2oBxjSvnHdletQLfhAx0tXPRexHbirn6vBEAVfC9BmpGj34dHK96+V70UG15bHj+o5dtsiVcWdNs0pY5g8Iucba/zdVWjXv/fOPGbv/7v7G9rBLs5LpuDG7j8bTmuIF8R7zyNsH5cF1UB8uHaFhnRuVbVL4RePg1dUreAr5FL58vW9y0gI1UQDuHZndLxflaJC0+QI7X07Fab90MKJvftDkxTKdUAbA52DypgXN44Fej+kb8zBNozDCgiHDXBCtWYr4Tdu36+//+i7ksyPyL/d+CMnffEonZ4tskKwrwW02yTS/stXw3tYxcTDuqCUEg1L/YVMpBDgYivIlpn1EKMgpCczpJLYFRyUXnRv1cIup+Mn1RPF5YollBOLYED1cSgeF50baqBN4+OtXb7e6X54tXC2rWxFtcZ+4ClnVM/XEl0n8Epcpa65Xir7pkaWK9Zb8PTXAyD+0li07k0LjVgSDlSdnHItrSLeuG/nzllO3oZfnJBTsav+r0PdOF1eC0NoepLILC8MqH42jGLGtxPDU8++a++F67HY2BBm/lG8+stPf7W673ltO8oV+64Xdjin87ges6mGG7oDRf65ssnplwGGA9d/62Pn/+CfebHH3Dj1o/txYPDyXbzt+3bDFDvOCbl6//G1nTso8MYTZy9NmU4U5FQkOytVBvGMt2NBiFuh5+Tju9/JhTA/v3pOLq7OX//X7+TThTC//UKebdc7IoCZNSiSrKUOrdKkUpAY962ffvt//58fvu9dETBrRB7XXg/HU08y2t+ORyOfvnte82t/Fi9KUP1XPH1aoOu86Q7kBxaMm/zA9+FtCaZ77eQzU6agnFyeXvWC/VMKwLNlHXYy/j8p4KR/bS3cb4aFuonczTzdFjzFN3hkH1bUwJY+Qot0d7pn5DRNlbPT+lPeB6d6epMsP9TP+VBfyMXZu5l/lQbdYxnVR/R+NIxKXlINbze5mFkoA9Yvu4YHdoKIsoZ27OE1LCWxue+udVwGUYNL05TZL1O+d9jWevn3v3NHPABWJXQXXIYbft48Ah0o+1hrFLlu6pNGyVVAOJPKVCy5w3RT52BzG8DM7m7Oq4+89n4+TKzKx6Sc1ruhhRfQpzcey4ob0DnNl2otE2ZFTm836sg4xPJlRcUKTirVKZFiyVaFgpQsdo4miNRFDfXzmfzA0gOdpNEBabl30CVCvQMeUfavp3BFNwAoyKSBeYjsjh9nFH9pU6HndO5D8RFI50bhEF8iHIklQrYwx7gOWPVPcoRFpem8tMThieVtDd7O46Q9Wt2Y8AgS7GuzBiXAkI+7HJ6TT+UzdukMYD+TWWkA67wE74cktbJVzxGEiQHVuAQd7OLPCeW8V5jI9190AW5UucC8DSj7BjJhJNHGPeZMkE8XgwwlcQGyaPwqOsu2RGWO0PbNElagY0f0WrIIKS7+RYwdiu7s7QhofWuFOQexit4p0mG2wgeiFDoggXqRh/KaA0aQxIUTLAklb6TaUpV2+3QTcrpywV6KUHvjb10s3QLMFkD0i56Rqybe18ctDeV1V50HQ1zJeBcZ0ZkhEyHO1YUlZMxYthRabPRPccOpOIYff4KBsgwQqZkoOxNsmiz3npSN1WBXToFtvjyxPZWQuCoEm3j14KZ57KkyLCk4VcTViyYliGevb3+/lCu5XPZ3f4dkbtaAvr0NsB/tgP421nC/trgt3NPCrEGYECw+CFsXMSsnTAvo8UMOQ/+kQQ0CloVJ5HFXOgw5DPi6SBLQegCzqzx+WHG0wwJPHC5iRdyVVDvSk5jQwXYM5tTACC2Mlis5B5/OpbDviuVbfcJh9UPSEZSas9rEq0c38G5S4quWupwBziCt5hPsMC15mAmimSl6+CdxyQUQWHSguqaa0FTm9nUxa2CKyK3Yb5lfOENvpZDZQFyt68mhmS9Rf1whwgr3TKSW/0ilqwWg5A3jQE4DsJPOMkwx9opqYv5ODgaMV/N/lHCFwSW4DlELcVehb449CxEz3/0BC+Hj9a5DvkbslRgOCF1IzOyBnskvYE03TBZOukxkliuZsYEIRTg2uNeCLrhLIluSs3FsTGwqtoMIso2wIXWSXgANhFGbyxwAsGf8Ch/27tZe2f19Gzx2+zTLQph2OltsiT51aeDz5BC1fpIU5N7jFQhQLCmn5BbEBfq1QwuYWbuntq+3GwlgT5KfTrRRw87Pck6HlN16tDm9Gp9TEC/8WIjz6lVNKyXcsAy05ete2lOQw6ATKexCtKIQd26EKzz4wG1QE4/WIbW7H+1o/TxtTj/NdbQmp5OnFgzGd82wMzc34z1DmMAMvt3Zvbpzduqoe+cvWpS5qbt3Llot1eMwkDv4eMVAvt3j+PPdWxartcFxtmwaf1RH5SAx79gE/nHU4xhzbp3DWAn1LgWtZaeOnrlTmPU8A7OWj+AloQ1LMvEwwtcGN9zVUlIS1eo04tX5IHmw11ogI+cSyRLyXye//uUv5Nnl+ensB3LOtGFiVTC9htSlwvdi4XIl0esCjXnCXLTs0uMI2+y+OBAxpiSyVXEs/9Puah+C6sY4i3y0ps/3uS6JC/uv8n5rhj+Hqc9nSkVfmfR9pBjlsarTtSbygaas0H4EIhXRLGOcKs+eLNu0dyhx73p/epW755qlx6w0Uo+U/2QPQmlFbNXF3F9yvDyLUzF2151bI2Qa1uy/wUjkPumchWC4gVpaRtpvypQKMzCg47JxSy3Vigr250hUtcA7ClMX+4CVrp+pgeVeMtWbS4pU9eeNHc69Fr7El69d1IhqfguUm3VCFZBcQSozJmhvwl2NPc2oYSCMvjM8ntNjzvaSPupkfelHyJEOrr0631vGlVNlXDGk/VTH2eoRix0FZjOFoy4hBUUNpPNoQWUj58MynzfliJXzbKbkhqVV8bDwPZrnPEiqnYMRiv/YZ60p0/YLOPtJsvRIs6yGDLX+zG5gmr3NQ13k5IZ57/m6LbgPlICrhM6YTcHvK3nCrZOZaj+qZUKveibqZVQnsVJNtJHKc3xLLQND3Wjfu2+d2G993z/7jKUph+NxuXduvKl8rmd7a3zvID5Xtsc4znRnYbRahSGxK72zz0nOqd0y+z5LRUAkapcPWfldKOQR9MkJEXSq0i3fSm3IO5qsmRhQ6VKKxDm+a6/1J+Ei/XMFln1Y+cgXOdMn5DKlOfns/sfLR6kUPu/0H93Hk6zpBqzkxIEq8rUAtSOuBqHOpdBQSlT9yal2vnP3m+Pwy1ADL7GUFSurQAo/fV+XbxhnOaUjQN0foA+hOOpUpK7LE67BrH3Gy9LSjSJGVjcMDy/TRBVC9Oqx+nn18njPsy8jNZBjFyjOg4aJvxGUbJlI5VYTnUPCliyxnzzvyxMMcbLdC2Kn5/HuY27IM1cRFkSyf4ac6/KH2mqRQrh3/BJWNNmRT7pZ+LbywGbtRNro0bV2hCMo7AOvfV3VclBcrpo7ZPZF7Kx4VQegJ/u/kWnq0nm6y9ecNr5APVSd14vXPTN2M+w9aOE3B0z2OHG9Q1MNEb7B9F7yutdu6sNVQLuzOY7BrnIYNPdmH5Dpt6GzQ/0FKe5OfnZpAzFbAg5muLkpp7BkItjqHXNyVf0ymg8UHXToDkoUQ8K2N8C0xL/YjLGy2WLPPdRSGqhNWdmwjaHJOjtyCfz9qG7BSUc7qm8HSpOXBRPxOohFvRt2yi6pEPfx7GFS9bQdty2+jPY+vb+na2cHNe7bdwfqnKryTNk/P99PZbtmnVLqxN4Oq8v64PdJ0zPRe5b4shZS7fA2/F91TsW/31kxpgTSrKJeiud9T5Ndln996ajfMbdHE4k6syrrrY/PavAUzEEYJfNDWEcqi0XHuDDpjIcxrbYNd6QjOIw+u+O49/BMZjkVu+o+umvn2ul7fWUDyj5DcyaWsl8ooPoGO0foDv7R0iJLZFvArYq+/IoVI/Cm4HxH/l5QzpYMUnLu8p69cbAXyhYW80TKG/ZITvcvsCB+/L3+TPmQNB+92uzeHZ4XxoncB7Ywvfuuf6iGCF12gjna2+RPyMdd7qe+txzYxfE7OLx5CpbzqMVkW7AtBm+IUN/rvrK1bTDHMNVVwmUTnbcs5lKV1n7nYv5wObDltVo5kY9TuRY5bh+ikaWwI99puS9hKimRJJEmKDuO3Q+SU9NvmkzEnOqY3v4aYRXS6SNTLhSPuM01qhF3pVJG54WKZQ2p0dSg5nQVT6fck47+PDVJRw1/bJIOpx6BscCtAeFEq/jKiaUf7TRXgt5aQStUJrZE5Yc4Ri5hg+d+dMM68epl+O+zAOFl+I8Q19Rn9qccVH90XpjOI3rP/WTqznNnca21WutMJw0N0axKxcQSlBrwu3bnfZR51QX/O5e+1zx7BJBlXeJlbRt6rpRza0vUK9UzxNGO32vvt7fH7qOLIFb1P/0ndAO0hht+snwN6jj2CCuzh4inZ2eu9eMP5MyN3w8NlDlSsZSBdT4DFZp/QiMKc6Q4L6C6jmsLWdtwO+j3ulYpenSn2Z+HWiXvXxqlf7fJNfuz31rDbpB4ysV/viYCVtIwv4H5muqBDlA6OXZZodpW+sGHmwvarUbrANUJcGmdsbJwepl/0x+QotnqGBkVzfpGVdfDj4ONli03YVoX0YVOR9kFS+FZ6x7mQ3EIQSlUG2hnU+rc87UdnFw75/QYdzpKhERVGTx4kZ9du9DO8ceoxj0PA3l/7jmCcZiFas3nG8wXve1SDYbsXjDp3B49WkQv06ixCLMbCBo1UnGD7/btSuoPkuOtvxDt/HVSkYvr0/98NyMz+06R92Kg+8oeLVIm9SFoP25lP1rHhpI1JDf6ICPyNCaMW4Osr+lcVa+zKhHmwkBDC8I9FxyRckGxTlHIRxByPY6qKsig0uAwG2qKo3X4rKPcUM5SfxB7QLQZ4dGqWo8xQrdiN7DTbbYd6eSXAaSRaa+NyfWcuR60KKTdVmIsSEKfwG1iK1FmvkjFzO6OG5XILEOtEzcRt8cRDEL9KfhbpoC3Nc3YJpYtp2Ku9WM1vLUjex7+Jcy2zNHqRetTjee5ZMcIq+4D7BEQh8CB6tcG3LImaypEp3AGdrmpMKoDMuCzPVLZ5uphCT0Pv1yeXoV372Vr+OpBMVK1bf/Ra7YxfTPfSF5gLcBp2cdZhD43VWfssp1vIZjR5JkHoX9w1TpcYm/ZUbdFnjjQvbPhBRI3uwxYPwlmQrjASTPpYAPKRQosC04SKRLIjVWUr/0eDpRX2G4xua9feKuwly20LdBcKkOkXd+3/3HaF4Lbu+yxz51Uq+MHWLYTDBom1gX1xU56C8X87fX72cWMvKO3GRNp1da7f1vt3I4ehtloojgwrTCNzuzGplWJT/0pi9HDs32W43x5vITNx07CL6eMLnY0jGWBK1+chyq9AcUoQn68TXnkWgHljLP/9nnDVWKOSLuSZOzb7ewlVoV+pOjG0K7aafGVUzfzyb3PiS56QtSpJv+qjZJi9e8LTpMbzrSB9F9fhr89rz5lYglJ/0dLpmBLea8gQxe89htCRUq0JAPHUsGKaaN2VrM/JrPIqVmHYv0VBtLG0AHpjFLHgukToX2+ViJVrQp5JU9WyEGYWkxKFQUslWEC6jeg/4w3kDQD79+4w+9jM0p65I39j/fXtS+270jvOi4Zh5M11euTRCU/t+2tk5fq3zun7uzD2c+vyFuq12Wc+F1Aeo/vEAMgxCqvVMPvZAGmbRZJYUkLbuZuCX4nS8o72dl3wH8n04KD44c5VZqJlV9hu9R6p7lctSvM97Ek0tSkPVvqfGN8nSeAtf+c+lRi15nUMZ5nH07PLz5d/9C/7E1kN4Z1XqBYuDhVGTlNboTcckhXQD7WxxoBhbZQjcdpDEBfwFMUDNfOwFslq7TsL6OQeloZRQL19rQagGSgG1nlw5C6nSb3cDo9XSci6Yn5GAXQ55knkU5LyOFteOBHwaxU36wjQvlbgxmOYOnjmrGwnHsYzSKUI1iyTrh9LCSWtKs1NQFGJ8Z1D2KoQNAkEJalua48kEiRavLCFZ53RXIgJZqJBFwZtGYbuDGcHWsribNcriiXo09eEFid+P/+t+/eyT8Z5/Tlryd/+W4CQMvUO6okibOY/sWoFQwbgdGNKSWxnq066WEEgvKdYYnu8/5GgvLRmZi9f7mRuauLRegZ6LTrEso9UHsKeLCXnK6a4Dzoqe8dFvfyLoVZQxUdQZG/eDIPTJ6jCUYfnSiSFM6n56WfUHEjz11NCiX5JIRojGFfkm8ae7Df75h/SaR9q4E584vTqSM8hky13QsoyD4wfUMuYQOTdk4nFOmV/thqGHo6e+6z9YkdU0DqbBIpGGfdCNXRVoX94iTgWMLFPRlFb/QIApZ2hMgIJETOVQdkprGv4JmLrjGcli6/e6kO7ke9Qz4GmqEiLQThPQ4FityQ0BhzHB8Wy3K0pyoT7sv9/dki4bFrZRRbrUCRnBoDSmjHobydMrkBk1JDfc+HBdXw2y8ERCIbfaynTWDksYyxpFUtqZS89C2qp+JDe8U9sEkPeJGysQXqCdqYCsJSno5BJ7LHGxLtqHk0141BxgGN2usOXxZ37lktY86ONQWSWeOZPXycWfA0TzV+FGaNdrOabUymHSKzzpXsZNZFQvTR19c0MpE8dAkQzDBailLN+s3T4A4UhsZYwdZQg7AWVKRblnai4yOh+o8O+TEkAtK5KjrVPyJhuTo9I18LqqgwTICFZsWJD0Xw3U5G2I0QQQUYMuMuJgjtCyoGRo+zlRZOg8AwEmkEmN6SILHguBHqdXmmokIQTgOY+4imi55wVRLJExLq3l7DtOc4oZx3g1gigTmjnIOaiEMpBmoOSK+eZenBpUvO/FgERPrCh8GWsXZTGXo3e4TEEebOr673+SHT1q23WANBeVg6gw3DQmKTZ2ehWO3ku5akysnsWGrgWZf+MBYQRlEu6JgQ/qDzc+ZHIFenH6cdHzSD/1lPRtMoDESbcD1tYZphxQJaU40kGdXxNEYZxrNcUdNp0BgLjhRLtiqUv+R2HLYoJm3bciUXfxwDVKsJ2xiiTlksJEiNccYAoZkkmnhceejgZph09Zcrc5vL7YhS8jBW1ED38b9Ic6xhXL05J5FAVTk6Z61R7oKDx5yur99WGS8TmdOaas3GRMiHbZwnP+0Q9efpEjxPbenfmOYYStarNdAUFJIT4e3HjzPytjXCMBqeysUfiOxAuKq9gVtO20BXc2U+Gnb0IFRf2JKFUcoC/lNQySLFDBg7swNMDl1zcAqNZb7xYKaF3CSSF9nwojzo4n9+fzEjZ80BRoBkGRVYR/nygpy1BhhFUgi0ML7rq3czB6Y5xggc++654FEstaz5tLaHGkNmGQTrb2YcCZtTsn0lp5IjlRXIJiF0xkskaKW3rhyGZDKdiMoo2s3YjYTry+kbl+i+tzkr0EYxt3JTuKXXP1OmqcpGnMEPAunV7vL1na7y+i8i6nZ+AF/izoXXuDfZv/pT8Lmy2TjYPs+uyFmz8OoIkG6jLRJLEi+E0b5jtFcVJl7GQhiaj1hMHwJqX777NM/JmVGccLnShGotE+9qcd7gewV0e8gbdMSfY2FN2HL47EVCe3bx5joW3pSjH4fzy1k0tAJ9cc+voq1tX5et6Hh9oEokxMtuOd7IcJfLWFhZjn4WLmbRzoIeMT1GQnt9/TYeWvRze319GQvtlqIfWyvRxULbaqOCgRYWZMm4ARUDdF4gSTGzT63WnMMY1B22g4cB8cpNrRXJZDuCYoYllCPKevtdLQcjVk0Uqyl6RKetAYll4Giv2MQQ6kTxxhefCqrx+LUHbeC1zKD+vQlwNoBmUvz8epIVMaXQrUkWCcO5o03EpCiPlBqqqBjJS3sgFkOJo+/sCApyqcyEm5V2iyfEQzRlWVKh7whAOzT85dxKwFMjztJuLwYSaR3uc2N8XgSTord1STREYRDSGmUE1gY3nOMcXGzQ9DCOFDZMmL6yPpEQvT11YyRALoQBtaTJ1IC8FDZ4RqWwUNPsJOk6yeeZ7gsRjgHl7dmMvJuaPp7a7UK7YVUNLlZu1hREaHlZWksd5NTGKKNYuFypMW58eLD3OdM3VoBeMbEiahpf5jncGtUut0Ei7djljDjyvVWEhkHJZKCvdjRUSyZWoHLFhLHDFa6pcWvQEXwZZSIxiru46p7CRCSSoH/x5jqM5kK4SXOsiQBHuVRcfBP5VQUPM0a3A6412AR4CMG6DlWIG54SVb0Hg/cG1jFNlHIrVKXHCPmQBXR7B2LlqroP2IHy0yT+MnZGugOdt36w9BZnDQOqYGOZpFDVYOHlXDdxTVwwJF/ZuWt8Zo+WszmlTPswRJfQ0mxmP4LNzNG8tIfKP/ZXZqkkVmpLLy7SGG8MHGqgQh3b5DCFVJsjaEJ7YOm9tSIHEFP76ICb+LJrs6QZ6ymnGR3X+2vSGmoM1Xrb21wdAdfbL6Q11F24uu0Y8ICpaTZ0xzPA6A2esaSHZWifOjQJntR4D3nrmE19lozUR9vM99f32sy7TG8Pki1qsCab4bTBy0CrA7q+niTsaKOPdxG1XJotVd1OLGP4CmF1GCtWoqrGNZh+xJB8Bel07VibosDa20+f9p2e6mAvZtNje1M0dM5U9mnKiQOaS55g+eBen87eX4ayFq24rnFEeCJFA9I0YQJ8W0ecJfqyBtdQY1//gzBdDgkpkYoIOWXZqt6TSOu272051YoPueypSB3nYFnS+8LiXCbOtTsxFwJ03tMKj0RaqOtZK1t0EiCXtLSUCimBxKL62BliGNDtyM49CMg7yjh5fZusqVhBKDV9fnVNFOhcCg2ECr0FRTRMDCWAQOubgZu7SmS6bMGKtN9hGBcu1B1rDB7DUjVdQPzfCqpSV0ddsRTCeK40jDY0m1CAZUkzPc9p0am7TeKwlqoY96mgfKeZL8/0jgq6cvWsqsICswaGEbx/4nlaHFgH9E9Q5DK4XD5MMs4vEwOZxipwV89+eB2aM5Dr66tJuNAEozqqSfKRq72Og+Xq4yxU22uNMgKGgzdR4iD66Ou/GlBV+4lQD2Lnq/0sfY+Iic+s/daa6jVaqZg3YYDJKoGf3FjNiggOPbd+021o2Bb3PaZp591+FdGkcTkjquAw0Zjh4SAaGPerM00XcF0xVvYNsxIADqhTYZjOaeaEtmYXkjFcW6pSSJdYtkWf9hSU2/14E6B9TbHemL+fT3lPFM0A7whVifTdcUYgAaRM3/S1SKwDe5ggowBcoEeHzAguiaR/vLGCM9SP0DQ0803CCz324j0wxtSVFdswZQrKSRgrNLacgFDTDaiUYRXOfnN9StoDDIPZeqtnXzvQSHi+wILkSt7ugoF1IhdfUQNbOqxVHBrD8DdPl7C8zpfIbDaTr0vRykemTsCo6g0U2ggfpkNCJtVucmVl11wDq6SF69LgG2xMEQfW9EWu2HBxyQdheXtKZoq5Ts9TkMwRu468PZ1a/3NN53ge7Len5MMkd/WailSv6Q1aJZZL8rYzxAgarPpQrsuXE4GIXJJUbgWXNJ2sgawXqZgroBrLKvoWqDILoMZhI62hhnGx1Rox9eVtSZ4s6UKxhOgiy+gUZWQtsSJs3kptpr0WjGK6RTa/ETZBaGVJlif1mghxgdQ8RjPX0Nh7ki7O3s2md8iyGNGqZ3rBKH8QODyh25WT3uWOK9wTV9lMGkmivAKzleqGGEWXS5b0jTeMTcx1znBW7GJ2/fqMMLGQhUjJ9exiCpzEodegGOUCSQq4CKMQP8xk2btsWIqFKpi63r27no7FvkrjeXoPtuWUQ/lGTXxanl4t6h3Ta3+xH2aySY4JrDZR5YlnrqnJJN7ga5tjWVDeK7ZigrqiAyE01w3s23hXhqXKOTIFcDv6MirgD8BdxMU9gjzxsm4OArOhnKUZRbI/21fo3elZpXy6eN0wKHn/aQqLjR/YX67TlKB+hvhE73FMNK0OjxYBzX/6H+9DBjRQlUwoW3rDsEq7uSJzDfKDIDgVI9kph7sPL0+v7CsvMyZWe4lFkMXOwARLBadCFsPc+2G4ZGG8rHIALqBY3mEXWdWkPwyDJSA0zDlDa4X4jt6yrMhqxQ5qHk5vDbOi+6VHMgXyGNSH1VQMNtaQavEBvIRALhtDjiATSIzK3cMG+REQIxX5YvZ5nQBFJnREzDzw8bi0VC3Ldq01yWw2O6/VLpyCCin591Kuput4Tr7CwRFqBU1J3+Nyi2jjeeMtO51BBuGgSUGOJWY0me7YySi3isI8pZ3++iQSs7F3OgwDKWkMdDcstNoMPbDuV+Eko6JAkq/fWdI0MYWa7NfJqDagUm3QztY7N0L9dAXOtJbaeHk7K7hhOQciguWlUhAmnURLX6sEVUfwozRUhdosXFutNdUPnAmkrMjwGY4fZ2owdwbD/uQHoQk+tcI+CCEr0jnYmJ7WqDoDvc7Q7LtVTIAdZmJt3fC6IRYk9tzHDzNRJ8MsC+Oq006NJc9WmUFLU3A9hCsJ2uebSMX+hLSs177k0rXgtAzYxYEaH+4x5aShnTJv4Jp4umSK1lJudnbx4vz6uj3GCBbBjFQv8OIU3gLlZk3e+YEm1tEpYeFdwBasaZXAsxyrbEzFpd7Nrv9zAhC9Quw0GQr7kFlZ+ftqoh8gM0hlFt/RW58ykTFX8ZF8EsyQz9Pi8fDO9rTDLLBiXF0/rXt0+BOA2fUntPm4AjMlmkXAdo7ZSP0KtmXYkQz2/VZuyii0ZqhndGQtA8zEcwRb1DZEFljoQDT5xntMmI1/AqrJzX8EbDWXWIVMYUuuuTT3WJ9bY48hkrDkLVUG1IbymsmqMjba4Wuy+MkEwEtEqfdK7vtZTnxyhWRY9mPXBOiqQX8QhuQpKruq/JHXEyMTLSBEJlXhaXGqacYIyVNUTlWha49yByJMPlVhKpnVVBYheYrHsPbn6j5cy0JCMtq+5ym5vl90ieTpNlcSydZmAX2BBXnjU09mSk6LZ5Riy7AyRk/JktOVy/kSqe/IyXzg1+mMMB3GnpyPLnNQqBWV3ufg63n7ri5TohstJtROj3tM07s8YhaQ2eO59iayiawUt35MB9Xk+iOyMHgRcu8LMy0uThYGL8zForhHiEtOtYYU3+zrx5lq9rXf3mJpfU6jSr165QaSKr1fXVe8xrgzatZELgmXMvfNwWrt6XzYSVIoZnYhMnsCVsDK9v1yekVkbljG/gx9fGEKv7LfmgsrVOPA+jy7cmMQIe/TiD5fUw2vEHOfHC43yEQumq8lasjCrEF/GAaW8DlTMgE9TUHOJWfJDk/Jmzn6E9W7XErEIrZ2Z6TkUw+JHGk7/6DtuZQrUuRc0pSAUlKRaXlw9lsLGIufeFhcdVgdl1gQfC5GkuaIo+BgJB4PAxpMCdDLlVwAonX8kombym8ws4NVhvJJ4JK6rTYqsk8fLks1pj3OXYAMG7mDUViTHeF+/UnylirWhvUwLuWJTzS9BijzDVb86SH24AAKMRWzXCSfpHovVIjvSwA17YH5akfcjIXnPSgE9eqafC1Am7KB6dQaEV8LqvTNSMj5g5bo7wVVVBgmgNhBCNzmnIqJ0tvXQhoKtwlAitW292LpR3GhNgsAQTrjjcPL6HCJlsNDncsIXo+Nci63kJIXdcM6WzpG9mJBdfmRC4R2H/jgaP/ZxIngXZO/u0lMCy1xUAo9st2HL6rHUegDVtJ99MPd8BVNmVyg9X3/YMmTxaS27w4KlpTvgUyR8QOMhEsNI1nEUdAQy/q8aTKM5/5XyVVh/zgZrO9/hZVE2IN2u2bJmpTD3hs0VvO0KhTEg7EDTX1VFN2OxvE+8BpsfZTs/cBgRRxUcCbdh2STpsDRlgYSYBtIAwdrjjQMCrEYwikHZSbXQFABP87Vu/b1aW5gVxUI7Y54JzbkIp1jIO9TtFNhyUwhyrZmXLVPppq2hEtQivICq5VqrVdv31gjwDI51ifr4LRLS5bMZrN71QD3aLYmH1WGH8goHDIXeWBfpEIT2qhPTBpjj0C1OjRmwqizvEyTHhV8xUTi9KvpUOy3MU3P7y9m5TAT7YoKdMGRQgArS3h7lGE0aBWTLJaZw/JqYqcfpfWwA/Fh4l6DdXOijQKxcinhzqE+pRWL0lrObwDJZ/7h9Pzi0zW5vn5PqPFdpabLeQUHREGv4DAxTcsCQbz7Fsi0i68TKgSWAFNr+O+HIe/eXU94UCyo0bfkcK26BDLtudCJxNqjWiHx92Uh8evGcMOogv/1KGpUZ7ARWEIzwzZoyK73AziDeNVrtNaAdBpMrOooV6dnDuXkfA0NwiDqV9d2de6lW2n4igXlawEigcnRa76UEtIZr8IGdNVrqT7YHaBGykg9VJe6T3zfHY2oHqYHn5flUd/8/fyKSDWpFosGl2UyR6vo5ulPMl0ELFg2xS+n5/eEY4ocqYNCiePajjGxc4KGDeA9Itdt6sM41jQHlSqZq2STWl6FLNgGdqhknrv/Cwjug9RybTykdaZ9KMocFMvtr/FgnlfYLNIcLIc4ECie1vkx1N3xg7mRyTOPdYJ/xP/KnsvjIvTe/nBeg09nKlp7No+P1o56P6RMrHxAFRaDbkH1g01j1U71RXo2mtL16eyiPdwIrD8xHg/fE8ESv0d1KrzEC5dvMVkCwqqQ04xwvW9ZTy3uciA+DN1VWc627jqU93TEaXGn4zAeyge5DLXIQK9zqgCrG/geqyt20RpqGBhuodtJgfxaJXhd0kMF5XvE8muV4DZIb0OaaDHVKkHN5AmwJrdF1yrBbO4d4Ext6q1VgtvUO+BZU5WGbr3TunoHYIiJPF1kE/N43ElHbOvdOeiTO3prleBJgAHWNA+OVglmt+yAZWqjbIsGrVF2wDKtR7ZFcpRjff/22FoleB2nA6pPk9oWao15jK/Ppp5htCPzH1RD1YnzGsw05URz2ixkGRXT9fUlOZ1YKFNrPl7B84E22nOHpjnEGJg7oiKioGmNMQzHUMSExr1jzdWokEK/9EW+pqhuZqxbWwSxdWKhem0oWsHCf/nLq5OfbsvFaZQNHcODdXhO04yJUDG/OcwoGqyaGVNLZWjDDFYL7dPCyLLLghuGGMVWK5gUl6WLxR+A1a8u2ENaQ4xhwaxLd9bIvr0uFi/eudGm+heLRVtsjArv9HPfEGNw8KIeLuWqM8AIEp2zhMmROxYr9KEaaWr0w9beB8REvKo8XQjXvFfeud6JBLWiz8c1uEHKKmSuQK6pKtBORIh3zCp8Lm3pAHS6QAyUDNUoWkMMokF8g02rsYhclpUIjQH1nLAlEVLAc/tFUbrnJiygWSugiCGcXy7Or8MgE2Oo8HbT1SkLlknYTLJJYjEN/ywaObXPu5HIbW/TWv+5Q3vfGmmwHD0fLWmSueDziUBCxAImntqz5Aeb8B4ZRRNAD+lIONVrP9YkPdgoKlKG1b786vSjG0FzWqWoTsOEVifNlZp2I3j9f/IqhTmgNaS8uq7azzt0/B7onMh/ZA1jCq4CEi4MQmerN4zDfrkKKItzT4muMoUQwLHOl1fe/RjTds/Dib9GTSSTFwZPJGgAmsgK0MAE/W8ajALJQektGq0UnE8XU1G56vSFBoXZyfGTqOEri21NbelYjLV0fFhdD7m1OIo857vmMMNgFPcsg6XD6fsPa6n+4bLkSlOufgWIM6wghxqixiBjmFBP0x7P5DOkEHlSDc/ESzdWpiCSreOTds0SJwiVFs18KdW4ov4gWPueX1VZ54krZTJUF0sZXBTkuBxU6KW02JFPH9/dDXBDkcTespzOlKicDc3x2oLsgUzsDYKra7b1yynd10tE8wwaymhUYJ9bwFpj3Q0O0evRxjbR8/GkSkVhRv4eBsgFzqAlpH8uuABFF4xbBqUTKsKIE53lqDENn6fGMGyw6kOVWzZFKdkwhWUi/2xJT90R+10sndEDuTgnzwrBvhbgRyOuFz5bMlATguw3kuVzRG+HSzzPJxca3ORYp3d2Vf/aJCRe5cTBczHTkJDPuSAfvWI7kQHlAte34twqweZt16y1BsPA1HAx34cd8g9vJhuUNwUXCVbboiZzPqMGVpOMyxYUGgdoYJqiO1o0iI9qA89EFrlFM6p9/nI5bVG2/GtBOVo+nsXRHmAMDGrQgAUzOWRgs803nOKd3y8z8vny9GrSLm2RWth/eVgL+y0VMjc0zxGdoqdX5H29zvppnvOq9M4krXqL1Wj/i2+0v5IHrh7Qmy3kbIO0ckBvyBfIyYVghvkF++w6vt0N7ZYWZo1Ypva/TguzvleR2tvScIsJ6JOGqfUTbtHSu8s8vf/q5Qzd/ygRhb7HJ1Xc/knrsZMbUFvFTPAz/VMbdncBU1jSgpu587z/TpaUNzp7jczGLmIpS3UaMpPtGhR4u1i4NVVZWeliuiA96cxPaXqPybQP7x1TcX/Wv9f+Ug7rULezModHHxq/b4j9IJlus6CxEcZPfGNXPq6ZdiXymPYVXY0kCc1NEdZf0e2+qfGaGpLIDLSdtMvq65zQS7ki55DItHW8q4l4Wp3Lceh0SrouBqWvt/xDCQfAyKsflly7NU+kMCCMC0xiQhsqTAlD92LsCfOZAjDtGti66JjH5Gq9UxPSJWlZw4KsmdGEkiswX5gRli2F3T/pHI1qsnotC54SARtQZAHVucup0kDegaG+DOhSyaw21LNLudIvZzS5AaN/6JA/ZwoSw3fPiQm4KfkAnln4Ey5qME96F5LDpqPUTlnJHhGhsZLnkCvwvj6LJIUlE5ASKbiDZeiCA8lo3o8q06tukEvMExj2uGwSfHH+ky9b5m98ZTPx34JbmhjC5crvV/cVc7NjTpzwp8V9z25HTpVhScGpcr8PG3syeDI6pA86KX0no0N5+KQMbsnmuHvy6v/uyfie9JTPi7QhD7u+cvHHvDfX8Mmg6zZTeBLQFPS6zZ8ENrtsWPf/YcicMyvrFiR4EuBokTIzTzjtNMx5EvCgJw3/SQBbJ12H9pMAxsRhwHAlppJzPN2TlgI9hHvgLtsSII2pQw3INX16Zu2LpVnAounIIR0h4WFaREsO6VC/Q4sYXsUeP8IRVlHUrCq9y+eXqzPNSMtHelbw3suXHEOsDk7hvTu4mn/4066p1J5JkdjHgRr51DXbAXazYbjssL66Z3aYqrtoeSAv5Yq83oAwZbGFQqSgrAqiIDCqztSX7BZSosFYIo0fN8fQwwpLuQkd2g9WWKpN6JC+16b0mdFj25cOO5ided1jTe63BmvZidZFOJdvpTZ1FsnbJ1KDSJ2vxn+o+45NzYb07axvJ+xoyup2fjS4sBezzS/1dMre695e3M7sjfxWF3fzG/by/vY/d3l7fMcIvKHNF7whrW4tSwklK7YBURnJvl1BwC7RYfYLXA0kfYrC37fh0Rg0aMh8N1ed4vkx9rruPHQb7Oa92LlVfu2HJjN3kZ4Ha7ahrssrSWiXgyyAADNrUOTThTA//UakIm+4pObnV8T3lAyd/hqN/++Y9yHi7jc8b+cGxVM+I9gXknZ0YFSAY9pxOfI3b2CQaktViibU1Thabdr1lbyYfW7Ie5Qo4LQbIah9zQ//iAbYociuO6naL579f6nYirm+Tv43TWnljnXAkr9GAiMuZp9/61mCAL+zEg9fggpRd5VjvD77g9oVHA99fdZAU1BH8V2/dUORi/OHeEk93rqz1JE5zFf6pI1sPJmj29loKWhd7AUtd1Gs6nImOXexht8iA7ar9wgxN/bMMU0Sv3SQWqQNQfVSdgNVhxf6CWp8WbJ4KqJqJrULdsukj9ftzL7sGMk00SzL+S7sk/2yS+sFmqyJZimQZ38hZq0K8urXX38gW6qJBhDVKCMr8SSE1wkroXMpNOAtRfLNnApXWrWyKVTp5/Yq614K5BldyA3UFoOJ3sjKkr1po4Bmg/cn+WaOzSMvFaSsaMtpMRbquz7JsTIssCVh5h/Fq7/89FftWfrL3DHQEvQ/OrP5h9UHL+kOFHlFXouE5roIxZ+sSnkvvt5H/YHOj57Yyr5Rfn5F/s1O9zn5+WfybySRysrLvgiSH/Q5+V/c/G/7RaZJc1G+691CIVN4srqu2MI8oZwvaHKDKwF7cEIad22o8XqFXUQQaS6ZME41abdTKYG6wzEHpTodFqLLgzqHhFHuEDuk2khlJWux81KH/WBDOUv9wegDRchSFiK1LwwHB56JVRCO7gxebN6IDuUYvsBwHUbcRgO7sOOSpk/lnQtwfPOlDIxiSY/WEVTh+pedLuyf+5IJ22efmr1EK5fltp2Qt3Jrt6arczJBpLLKmJHkBiC/Y9GexIv3jSyakgloPd+wdJ5ieV1fl5xnBQIUNe6Su0JXNb2wrF1ycd60vYseEwfLmFW7na/cLYafRbjqF+dEWW6tnUHFLRpVKzDV1+5cCa2Qgp4efSV8JNz4SigUV1CX8V+cl7bXD65bwb7GpgL30C52Q4zS/lM6Yr4Bx0vZb1bnvFOu7X9McIdmHbH/SchmPf0KY553d+vsGxDOennqSq0lPCH/PTyMnr0sWafNwBF89HZUqxzNzk5nQfZNqLDLw7Jcqr4Ggi5x8dsKgyiehvnjk3+qnCLe30Cmo8oX+5/sFXYv5zjN/IS8+vU3snXrngEVhHLebytwRn0nJu3tR2QLCjxZaggHqg2RopUu0lzERxcTv+1F7LmrGG7bsHZfpErdwrmoJkjWQnK52rUdcUumeip9/kqSNVU0MX4R7aXeOfzOaC5IIUJMD2/YzAczamMndHtHPaYTYcR36TSKzAqZUpRuBEW3gzzNcdaWWEkTJ7F6H4UINgeZJIUqKWpDRUpVSoRUGeXsz774Xqmy3vVJQ5TDwUski0XnSbrXIu1RV2BecrYEN+MeBV9DIkU6IGDvt3uuDaadZWRCro5LzsH0HoBBIyp1ArxRrMUGa/lmyjzSQb62Y/ce56Gj3DyZg8cvk8K0+0s9tJJA2gmQeHDRA5E+0sK/FinGsluSf0qBXW1hhC3a0UsR04fXfmyvcIdFod3oU2Lg1oTLV1awLNGlY3FgPfv70MO2Axprmvs0vUSqFFK8dzAE2YRnSlcjljJGGWlTfbHuX+++VkpmJ45q4ZLydQKCKia9WJ8V3LAXhoEitFaDal/LJqOCrvpScwnhzr1T6oselMeqCTPfayK3wnvGDM3ytmUwIHb1pJXsBh8xo0myZla7kSnoE/Ku0MapSXWivtXWQFwuNXDgJo0ysOXS4t7AMSQht8nlgH7tFCxBgUj8gaBWtE7ZhqVWsml2NaqW0jKy65KRfWwtXv8kb3OmjjbD/X56X9CtPYnM8J2frLZMz8prFpQ7oOO20YibPmjCeW65ccXPTjpDVuFksojNgbKOIPdQitX6x74qToL8WkBxtKPkeny5U7Tnj1uqiQORDpwbB+6n2IsaUShoLCgCT1tlBuH1XWUYWPM5AtR8jiE95zFZUZPoq+hUEWSl2ivyOCpkS33sfWM6z+W93pxD2eZdfO0QZ8H+gWhVQ4htCOrt5/FwwVoXHNvtNKBFycIkMoOXHkOlvLiobNkthE1F2W2krkAOHBDYgOpWIj7SxMrRQxJgzbMzZvLBTV7s1A70r3SV6eJKllPtHbBLtld8+qVb78wZqqkSZGX8aKaeDahMjCzdJ0yUJqo0OFl6cfc3fkDbhM9NLb2uCUpF3l+H0Fimy4CAtl3NjV/u0FCWpM6lZhEZx6Sz5dRpkfoKUy6Uv7y7g1V4Cm7meKWL7smKRJGBYsl9eVHv3I6QxTYysXomW3UzPFvy97sztdArhd3Nt+Tij0eoXlO6dmW3f34dGH4ueGe5Q9OHEWCe02PWqvuueyFD1n+9BbOTxsrYYiENoWQdKl70B9ByuZqXgSqPwtTLg3hvpn6MmikN3rcvRe7ZR7/gLzlLdti3Z4QvzByAUFxb8N0AXy44Ztx0/wJ+KDg0S6fXIbmSx7fYEmsF6EJ4e92+HipNU23/5R5VyktAfQVg7nickzUVK5gL2GLzgiHHJWxrrn4nhBij2KIwUOMQ3Rh97aFbab3+/PWzDp3TaMyuWjnXcPj4N8cpgu34otD9uCa/9Si3LgPMLlhZcFDvY77UBtQJuQa/KYUGdUJX4Ep5h0j3pVQlhg7tkoyX2xPfItb/vla3QiqyUHKrXeM//9ekbCxt1a7BetIX6YwqE9tMVxGObVEJd0p2skOPdackTyuxEetKyRyCQxHrLT4VhHJQpoouUvtBw9+8eyuwj1oRABeE1CMwp0RI8UJBDk6TGYt+6GvoiFtHv1DKXphKX3E76eS4l8x72Er3T2dmW2bWQVj2vJ6cuwEXLttEECle+LYuIy+BE1LmPYIj4rxpzRn40gGwIOWSWO5gGOgTcr3nKe3GBvXMKhzEZz6dr9BWifEpoz7YJg3sNyw8LZtz+gM51EPV/YRpu5MhJzrYN6zg6z4dFoGOLv20WrWRblkmPKHs+7sUL4vy3KEgVGuZMGcvtbvRq0+6DbtkN/A7oSRf7zRLKCcp0zfPSa5cT5TnBEzyfb+gTBU9JPfyng+9z7NRNAMDSpOcalfFS7tCDr4WQSKzzHIx2XDad1NrwCSj4p5/Dx5L4qvtIcLD5Nl3IrO86N5BhG2jZMtEKrchnjaRIoHcPK8iKQYXozPNZcH5zreXc8bP1De09VxD1AbicuDpqls9Y4lLI1O3IuElEzeQhlygMhCdamedCgqK/eS7CtoJS8c2jneqQqCyunpnJ2+WaAMo4b2/fixc7/NgeSXX3XI9ldMZVMbajZ2wTaxhTIfWn/9xSfvnyJK2b9x/rCm/caNV11hBWiRASs8R9JvbNChG+bznNUV7RK7dkKXY3H4faw+gfWEG7QKQ3OiDSg7EsBiH0e1Dt6Z6Xd1QKxb2ZBkWydpH/pY5NlWa4VlJqVUizE6kGuZEq8T+qvr/bqYpsfxcEOZi7gqRcKDK/skVwttDCwmEwdqpysTOu70Pnvn1dAR80i9WIrMFE1Xd7PqDFdJG1T1eL9f0+tiWvro00m013rD4HcdB2nMlzvzovibjsKXUa3DopvFq+byV+eKcXHlO8ywUbiC+215I+rXYfuiXq70B+jFs+TXz88W5W9KQ8laxia71oOmR82GAfgon/hBZXrBlul9J3egdZi37plc3JGh7cWHUji288n3EU2OX/qwauN4VlAxIsrHsc3dIshbYK5HuJdoTcubzM0O9U+4/GJdmHUDV/MZP3wVz3KIwVeamNNVjVAjXItUZfPyDspVkQxWjC97JAvRFGZggOacDjECD0Kj1URobWhdV/cgnllNZCaPML2R2n69fXszaMjQJJWO9RWEoL/vAhoKTcyH3nhYPklwIQ67ZSlDHLAaOaC4VZvHa7zv8yx7SWSm7SVfV0f2nBVK7y+6UpbLn4Fy9/0iYSHiRgmVnoZGt/fkJefb6lmY5h9/JzBtEPFnHvU/67SLOM3d036YzTu2fln5kTN9YkfsAXPdIxauZMa/C0/CB6ZsRl6tRbLUChdfCrn/JPtd9AQGDk07XCvRa8tSeHq+rD3Qabbjej2BZ6PreA1d+9sHLGD9UxTguzvvTSCZ75xOZ5fMjx125XQmxV66Nq7fv6WLxwsKRwuWnLl27GZkWyZCWFsTSR4oaqyOvuKVUrvKA5eslvoEucVSlW6oeJ0KvW1XfclcaHiI7iYHSyM8sE6XkHU3Kesr9wq1lQUfVY6R4UQqoapwLeV0zelNrBVRHjw3WhpoiluBc2aMo44+mdtjBF/KWsPTl8PtlX9biGAgtok+dwsf+LlgU/Ve3fMeQu+91Dvl5t+/eIc8ZE7KI5eOs5ZHoVfQ7ZTlpTKNDxyL7S2TC2JUZG0filHPL94gukgS0XhacvLbjk0SmoO2RKIv99msWTKRwG3kBONPmMMnzgbzFDexUMVWCWIBy/s2MKsZdBE+PBc/738WKULeIL+xve2cmEM6hXPjiQo8kEYfRybMqnjMHpfOQdOs5TGfJgoiwD4gvKzz9MJBk6M1c3fcYO6DEC19VkFewVflv2w8pE5qkYCjjPUaGhSxM7XcDU5P86LGZpcWWVnFsDsfwQ2ogyzlaNM8pSWFJgwsoVL4sffghWtNKxRtQnO5cIpeR4XElz3pupP3Aad3h17Ass8C9rV4bZgpXmJH0TmyvG3QLNj30ukb1YtXsOwmNjRSBVyUyy+x9wjlGZ546YbVg31zJDUu9/aysIpeBHgyESmVyuKPx/tayN4zvpcakHpfXLxrc5i7o6XF4fTk6Lq//Qy4OtDsdPL3/IxfBAdN/u3KGVzj33AUU+52/nl2Qi45AVYeBVrU2ZJeMI4iY2FVlw66iKtL3sYeF2Op+4d6ziPlCptgZX52Mu7bQEbAQi2VAPFrHr5bgXQZHyDyvmYBD6rAPoK38IWzF0sqVM2DEy2JrjZ008Agvfzwhr5p3XmA+U2V379knXz2ndES5YI1bSIq6FcGHfi2gL721rMI0FrhxBENIr1U8bRpEquxKuqGM064jg1SmcOLyK5eg1ECnBX+HDrH1x/O7BWUlCwWgvAO2M6UQbqDZ6mSAI7JsvijSdBfdPsOyedQ8oBrdQsNhhc5HrVTxKSomI1Y5aKXYzXVxjIQEpuvRq77mKi1SZqrMun1dtICor7HdPmPDs5K9e2F8kj5KLPYKbo6mlZ99fk2ehVyJzwW3svKCcZfA4eLAXt/mUttv/kBedA0Nou2FuRFyKxqKkIakcMUsNk3qA502E3oEE1w7LPSszHK/CqlJl7CiyY58GlTXOFso+hhJ+WHgxhIzQTLKxFLRDEbDMXKqXNde/DoJDeFy5oYlVzL1wdH7soC1qLMeUOQO6cuFCtiFwNKQmnXjrmBL3hbCqZLvZAqcPGNic/Ljc8Jk8pws7L/A/osKynea6ZMf+/2LJsnnS047nfNjy1BNCf9sRtygztbl+OSubH4ll6OFGoxERer/ugg4yzIIGpQ9yL2ANllcvttC9vndF6qAfPQBwD/++Pndl9MPr3/80cfcbqiibPBMbqW6iZmyfOcF+1IOWPewDRrBqIgtRIScnbhVSqrngCb2udghqDBLqUBolsRkIDVTEgLiLL4VpMc/EIvofEtZtznxg60DrvZ5bKL2+sROUdfFAulSmEWqjYqd+e7ytdEMYvW3NNo7WuZ84BlJD0122TcG64g0Idlkn/cS8l0siSUbNDSVU0UzxB461d5qRD3TbKf39DPlg+sJ3t9wYcEH+f9Dd9S9yOw7/z3KEUtrNvoAZBTkoxyO0o87hk/KIwRtNXa2ppc+M1VEexll5+pk/uDMbp2Te7dnuixZzY7hD3NJX0vKuF3rspjLLPCMi/N6bpurxGXVQQOrnhIGw1GFZcz13IqIB8znkMBrF24dso/OZJYVom2J6qAThxVueii6K7g1f4N+mbrCpg+TrB+K7ZqK9D9kv9dsj81Qww7hDA9G1x24AU4XOmcJk9GiRI+lwTv0W6pE1+nw1KFrkeVzicWMr6/ezch7b0fdB6X2A/l61FCC679fkq8FqIHarQUXcwXtSp24wQ01g+iOfCiTznrDuiopPYn4kNaJythtBCzR/CDD0V1UTY9z7MF00/gNGiinKkPYLUsWwbxA84gJyBXRIo3WlbZBM261qwbplJq2VPhQugsQyTqjKlZaSUV3l9NO++IHe59o0gmnikJzvo5+FhJYxk2gqggvV67UEgJZufgDgWpOo3fC8BWnoh8v53Sfs9gPTqjcloEVPaODFnOauMYo8dNPLG0tIirvNcKLVb75RdyadfT3PRHzxKh5qqPWXa9Rt5QP8zxNILzhNDrHEHMQKyYiJkV2SWPERov5cq63zCTR+YeYL7ncaprFj12p0xZmg0cdweuSiDkTmOyEiRxUtthFC3jv0M6TGxziG8oxzgrL57mSRs7ju6Qc9c0vc2dxjE+bo91NLlfzFGOxLeH48W+JmGf0dm5MLLNBk7A90RwQHoWMCSTQTOCBzrme8wWfx3aLNmj/BZF49MrgNdqxayHWacfO6q3T/hWR9m+ItP8Zkfa/INL+Kw5tI3NOF4DBUirq8dUzMc8K7oTvxQ7hnSyJ5zcIcklWcLbKchzp20qZlK9iByEFygxDKNHwNYlvGxFz7QMSEXZQqwRHm7SEcbRJvdNFjtCLNBFVWjWKqmqksaoH3CKwECONVcywaDu1BoV4IditoEJqSBAO4eY3uypIj8LmN5mbNdAUwawms3yecAQbtiWM4CRxdNViZ+KbRS1ljUI5L+YIPo1EMcMSyhESiPScrkAku4hRV3XagvLdn5AuMHBv5q4MKAplXw4GB7UPrEWhvljlm99wbNB6vmDmryiFxhI9j9srrkVYyeisWqNcc0cVEhU/y017G3+0Xls1wmDW3s4f3zjiiTuxD4W4ryYfr4JcjfaSccDQYfR8ibGJbBkzObtJGEM20HOWuyDFOQqrY/nml1SbvFPMPxJtrRIU2pwtAUON0c7QnEHKoiWMNmkzgXNKMpkWHHQiMVY7EGcrBN4kc72lJmrP/xr1vgjyKIQVrJg2isa3hOxpI0h8CnKspVZoa61dJXKFxF99ZL4/4gjUjQKaIQiSPhUICzaecL1dS6bnvsNsfOo7qijKAU8HEmFjUN74/vax6TJtqIje5zjVZlGoWM0CS6rgewVhUC2iY40vR5c5ybHJus4Ny/jNrg+tNDBGc0XTNPYdYGlst2pZOgjhLWLZPFFSZihViSxhBDWNZXOc4MhQ8QhjmfOb6OWZch2/ZCnLda5YZKKcGmaK6NFnnAmIV2JnT1VH7ahT0XXJt/HNWlz6qqfzJZfRn/OKOELIv9V5o3MdSxSB41gdGgFq9NgELlcoR1esUC5wLv9/9r7uyY0byfP9/gqsH07ShIayZY/3xuedjd7u9rhvWnKvWrInNiaiAqwCixihgBKAIpv+6y+QQH2jSDYbKEp7Nw8TVpNMJL4S+flLGVqAFcsqj3HNCqrSGGKhUFEObIw+EJxoAFcKTje4DLcA0KEz/izV0Ol4fLsNbYFEqSgTtgF0cEtUhNeMhKR54unH9WS6W05k+DerTGxT3uBkg3ambsnaFq9RDlmEwk3XEye0MHBkQ0uDMrGOpODsYqXMh0m6DlXnPyJNHkoaPBBQElnkEnM9wtwNQXkbhXD4p9cikX34MOgCGoCwFHmCVRmwYUCXtMShqUqCWQz9TpIU1sGijkYiHn6RDeWwEK4dykJmETgO78hUEXzDyvqGI+QDKBI6EcA2PI5gnCjyKfwB8AG0BqMawZRSNI8geFUZ2sumZBrjHsg0C65IK5n6UHEDENbhWmx1aVYqOKrmJuWhCyW83WKfStSCdIaevs51+GNliYaP6DU9PUPT3ZXB0VqrbBklD72SLMJbWCkik4yGrnqP0raijgzFWAadKo2L0N7gTUK50ngVQTPYUKljqOGbkkeAbtJCVjykm9UHi+ZBFL2otEDvKo5GQzfZIxGb5f2KGc3QpSQZ1egSy8yhGSqAf/ezYztnRVylqQ6hQAaa6CPAN0gFQ75SnSYfgvJ4K3ddlEzsyKix4MH1W4kqGKj3kWfMrKH1GUG/M0ly8oAKPARaaGOxPK+GzUCiM8moguYM9ehu6wFACamqLIXUaAw8itB2jTWiGpWSrKaOwhPSch/ThMK38M7qaFhAlDtk9wlcaEZ57I78HVbNaF0+FdIiJ3pN5KL9vlqLavSiIcTJhsimHZEWqMRSEfSGaAwdwe1dxc0SPL8VuXp1Z8teX6Ar1+LrJdJrT5ciAAN+R1zrY2Cbo7dE/0Y1J8q/z+NDHWXxVtCyu7lFMLidrCJYpusF5dTLH/TcnQFfeyA+oRcGJEO8Yrji0Os3r6CPaw3i7gdwH+C175lTfDjuZk4NCLfrXzxh7JuNSALWNB2HvArDovfkQcOtmHIXzNGNekIgtY3r3kKHas4mOl4Cem7EduCAn6uIRpJ8qojSe0C7T89WfjxWvlUZoC2PHdVK7KFHqsk77btT9vFkOYLYWO/vgNCufvDOPGTv/8P9Dc1gN1e1UICx/WcDrIZwSbyPPMLmcVliRZBN1264QaNb1eyS+8V5+OVNK/iGcyEtfL13GRHCCilCoN0Z3t+vSmKucDpDe98RwrQdmoPa2x6atJLQAW0f0yWRBbXqxlxMt0Paxhx0QxnJCWJkQxjCStGc241r+/X7jz5AMp9RfsP4e0768iydng1nFaefKjJsk4j9l6/D72mIiad1Qak1GprZC5kKzgnkVqAt1espQYGQpzKk0dglOam86NGmhVlOkCfNE8VETlPMkOFgwvQBLs7LHQw10abxfGtXrnfKz14nnW0rBlmtoR94zChWyVpEtwmsEdeYa9BLpW1qZKRitwWPHw8A2UtjuIU3zTViSRnBcnHBlDCGeO++XUGwHP3sfrFAF3zX/GtEXYMtr7hGOFukoigrTaRfDEdx45uJxTPPvhruBfRY7G0I1f+oXn/9zZ+N7XvV2Y56xb7ysu3OaRI2Ynas4wbviET/2vjk1CvHBjDnv/Wh63/in3ne8tw79Xv348Tk5UOy7dmwYYoZZ4He/vL+2sydSGKdJ+AvzahKJSkxT3dGq3TqGRvmgiBYoZfo/Zsf0A3X375+iW7eXl3//Qf04Ybr779Dz7frHeKE6jWRKF0L5VqlCSlJquFb33z/7//y4pl3RYheR5Rxw/UAmboosL8dj4p8+h55ze/tWbypmfJf8ezzYrormw5wfiJg3NEPvI/fgWLaWie/UqkrzNDtxVsvs78LTuL5sk47Gf8lOFn419aw+8WIUJjIYeEJW/A5vsF79iHHmmzxGVqkw+m+QxdZJsFPa0+5j53m6U2L8tQ451NjITeXb+7sqzQZHiuwmjH60XMqWU3Vvd3o5s6wMuH9Mmt4YieIIGtoxp5ew1oTS2x3rXkFRIddnGXUfBmzNmDb6eXvf+dmPADGJIQLLtwNv+ofgRErba51FL3u2CcNo7eOwzshdSOSR0I3gwAbbADVu8OSV8289nY+lOf1Y1JP683UwnPisxvn8uI67sDyxUqJlBqV0/qNRjoOMnJZYp6TRWM6pYKvaF5JkqHlDmgSnkHWkF/OlCdCD4yKRie0Ze+gqwh4Byyg7t8t4QruAJCkEJokLrM7fJ5R+KXNuEpwYlPxI5AutYxDfBXhSKwiVAuzGNchFv5JGWFRcZbUnrh4avnQgjfzWAxH6zoTzqDBXus1kZxo9H5XkpfoQ/2M3YID7Ft0VzvARi/BL1OaWt2qZwZlYsI0rpl2fvGXCDPmVSbK9ouQ4IYlJOZtiDRvIOVaIKXhMaccfbiZFCgpJMhGk1fBRbYhKsoIbd8MYUlU6IxeQzZCiYt9EUOnooO/PQK3trVCwgjPg3eKBJ6N8hFRC53QQK3Kg1knAMNRCukEK4TRT0JusczGfboRusgh2UsibG78A+TSLYneEsL9qmdg1MTHxriFxqwbqrPMIICMh8yI0Qwpd3mukJZQUG3Ekmux4Z/ihmE+Rxz/CAdlnSDScVGOJth3WbaRlI2xYHMwYPsvT+hIJUkBhWATDg/uuIg9lpqmFcMSAV40qpl4fv3ww63IxWrl7/5O0kSvSfTt7TH73gxob2OH72vDt2H3otJrwrVLFp9kW1UhkROOS+ixQ06z/kEROcmwqHQq5l1pN+Q0w/dVmhKlJngG5PHTwNFOSzwBvpBRcXMhd8hTmDDibQ7h1OORDHg0UgkCfKoU3LwrRm75lMPmh2ikKPVntQmHRzfxbmJkUUuhZoBRkjXzcX6YgT5MOVJUVx75iaC4gDgR7aiusUI4E6V5XfSaUInElrdbZhdO4wfBRTGRVws9ORS1EPXzKhFGuac8M/JHSNUsAEY/UUbQhWNsMVqGY5y9vJmYvZOTCePN/M+SrjC5BPcuayHsKvjm6FmIkPXuT1gIm6937+o1Qq/EdELoUsSsHvBMfknWeENFBdplKopSioJOZCiSuZm75njJoIhshS7380b5phE7EZkcctjTOpGXgR6HQZvLnMCgZ/yGv9i723ll2/s2eezaMsuK62E5W2iNPoMy8CQ9xaw/SguC9zgnnEia1lOCBYFEv2FqAdVreGp9vd2QY3aRfrNQWk4HP+s5nQK7dbY5vd4/J6de2LEizstrmjZGuKYFUUauW21PkpJMBpHcLgQDhTi4EQA8+MRtkEcerVOwu892tL49bk7fJCpYk9Ojp+YcxodmOJobzLgVCEcIgy93dq8Pzk7Ounf2ogWZmzy8c8GwVOcRIAfkeCNAvtzj+O3hLQvV2mCeLTtOPspZJUjIO3aE/Jj1OIac2+gwNko9lKAN/NTBK3cqvU4KotfiDFES3PMkI8uG+9rkhgOWkhRRvU57ojrvBHP+WsPInnMZyRPy98Wfvv4aPb+9urh7ga6o0pTnFVVrkkEpvJcXJnIRHRdoXyQMsmVXlg+3zfDFiYwxKSJ7FffVf5pd9XHQ3BjwyAdr+vyY65JC2n9T99tx/AFPvpgp5j6Y9DZTDLNQ6HSDibzDGa2UHQEJiRQtKMPSiicjNs0dSuFd95dXwT1XNJsTaaSbKf/BHITaizjAxWwvebw6iwu+765DWMNVGnb8v85JBJ+MzoJz3JBOWUbmd2UKGTMxYBSygaUWMsec/r4nq5rHOwrHLvYJK909UxPLvaLSW0saCfXnJzMcvBYW4stiF/Wymn8mmOl1iiVBpSSZKCjH3oK7jni6w5oSrtXB9HiG55ztLT7rZC30IykjHVxzdZ4ZwVViqQEMqZ3qfrE6I9iREzbHSNQVyYjEmmRJsKSyPefDCJ+f6hGb4NmdFBuaNeBh7nu4LJnTVEcHw4H/mGetr9P6FZx2kjSbaZbNkA7rT+8mpultHgqZkxtqo+froeI+AQHXKJ0hm4I/VvMkD6AzdX7UqYTOPRO1OiporFghpYW0Et9QK4jGMNoz+NbCfOuZf/YFzTJG5pNyb2C8Y+WcZ3s7cu8kOVe3x5hnundutA7CEN/V0dmXqGTYbJl5n4VEhKdyV055+SEVcgZ78ogMOtnYlj8LpdEbnK4pnzDpMhxJcnw1XOsPHDL9S0mM+DD6kQU5Uwt0m+ES/Qr/sPpRJritO/3H+PFEa7whRnNiBEv0qSJyhwCDUJWCK1JrVP7iVDPfBH4zj7x0GHipoSxpjQLJ7fQtLt80n/WUZmC1PUDvHDjqsZxCl6e4DrPhGa+hpXsgRsY2dA8vVUhWnHvtWPWyeXls5NnCSE3U2DmKibMw428ERlvKM7FVSJUkpSuamk9e+uoEXZ7s+IKY6Vl+25wb9BwQYQlP22cIQpcvOquFKg7v+C3JcbpDH1Qf+LaJwBbDQtrg2bVmhBkM9onXvmtqAStQqwaHzLyIoxVvcAA81f+9SlMo5xkvX3/a8RXqKXReq157Zgwz9B4095sTJjtPXu/UVF2Gr3O917LuGqY+jQI6ns08DrsmYNDfmzYh027DaIf8gBSHi5+hbCBkS8DJCjeYckZWlDtfPQgnQPUrcDkBOgjcnVQoFom31gEzUP9CC8bGZxt77g5LaQKbsvFha43TdTEzBH47Kiw4GllH3e2I0uRlSXm4DmJB74aZMhQVxn08PUKqW7YD22JhtNvyfk/XzhHXcd++A1yXWNZnyvz5ZTuV7ZqOoNSRuR3GlrXJ70dNTwfvWWJhLYTcxdvwH1WJ+V8OIsbUjPRR1Gv13Pc0mWX58RVQPzC3s6lEo1nVeOv7ZzV5ChLCtRTlKaIjE9Vy5Fw46oy7MY21TQ6UIwCPtrpj3nt4KYoS811zH+HaQTt9a69siDTPUEL5SviVAqw+xq4ROiA/BlZkzdmWxEVFX32KlSPwU8XYDv1nhRldUZKhK6h7ts5BLytbskxSIT7SMwXdfyNLZMdv7WfMprT54GizbTi8rDSo3Ce2MD181981Q7guO84dbX3yC/R+V9qpt54Dszh2B6c3T5JVEhRMdsC24cE6IuQz5YOtHTIzh6uuUS773FnPYilk7e2HEPO724kt72DlBD5O9VqUcfsQ7VkKM/JBz33NphQikibSZ8qMY/YDlVj7XZMpT7AKGe3vEJaunD4w5UqygNvcoRpwVxpjNKlkKG9Ih6YiMsF5OJuyJR38eeqTDpr+2CftTn0EwUIeNOGgWoU3Tgz9YKe5UfTWkgxSZUJrVHaIOWoJezL3PQwL6tUr99+XjoVX7j9cXpPP7Y8Zkf7sPDedM0bP7WS6wXPwuHZarY2mk7mGaMakonxFpJyIu47nPcu8uor/waX3umdnYLLGJV51tsFzpSCsLaJeKc8Qsx2/axu3N8fuPWQQy+6f/kbGCVrTDT9puSZyHn+E0dldxtPzS2j9+AJdwvh+1ojUM4GlTKzzJZGu+SfpZWHuAeclUUPHnYXsbLgZ9JnqIEXv3Wn6+6leycdDo/h3G93T3/3eGvoxkky5+ds14iQXmtoNLNdYTXSAUuncsEKdrbSDTzcXNFsdrQPUKMFlcMZq4PS6/safkKJoPkdFRR/fqOl6+H6y0bKRJlSpKrjSCZQhWSqet+5pMRTgkEgZ1Qc62pSu9Lw2g6N7CE7vk06zZEg0yOAuivz8HlI79z9GHel5GpOPl557eJwWoUqxZBPzRR+GVJ0j28tMlpijh6vgMI0qFmH6kTiLOhK4wVdtu5LugwSy9TukIF4nJLq5v/jbmzt0Z94p9Auf6L7SchupkvoUbt9vhZ9bEEPpmqQf1UlO5OOEcFwMMl/TuQavs4EIgzRQ14KwlYJ7tFwi6QgU8gxKruWjQQWZNBqAZ411NVuHzy6XG8xoZg+ih4mhIJwN1XqfIIQV+0h2aii2A538OoE0MO211qVKKPSgjUIatjLGgqT4M7hNNOd15YuQVO8O3KhUFEVUnLgj+bZ8OIeQvwR/SyVhQ0sztItlyzBPlDpXw1szspXhv7nZ1jVaXm5tqXFSCjpHWrWPYcsBAg6AKb81AMuarjHnI+CM2HBTblRgZCJmOxNsc/OwuJ6Hv91evHXv3qvB8M2DooUc+v6DY7ZR9THZCFbFWoCLuo8zd31ums7YdTvfilOt0HPLhHoBaB1Q2Ft31B2QR8C0dzasiiTNbh2vHzjVLl1g0S862BAJmQKriqFU8JSU2hjK93YPJ+AVttuY0tcuvDHY6xbahtFSSI2EWd+f/+PCl4LrXfbQ507IfP4Ey2GBQc/FusQW7MQLFPPX61/ubu7QG/xQUJ41bb3922rmNnsaZq+J4sS03DRGs9s3rUZ98pcsBk/PtlWOyWq+gs1zF+HXU46udvScZU4q31w5lF7HxV4O2XybcmasgHrGxX/7uuGmMIdnY00y9O0Gf4kxoc+U3ejaVYMV3wR1C1vc+xKpypOijhX6UWkpeP6XJcPpR0aVJtmPr9zfXjafUr4iqf+jFZVki5lXkcFL1vkNwjxDSqCJYylJTpWWO2PZzyksSqzXDqy/4QENeRgxCU6pudi0hdC2XisVsoNC3uiTDeeE605OSs23a8i4aLqpLQaXf5r3Kb4zssIV0wnciR/QCrNeKXJvSv0M/red5Ii6U2TbMr4tW9MSr1Y0hUYCS0I4EkvAjegAejX7ovAjJjO82AemMr71jcvYcM0jq5OFig2TNCFRJN6igiiFc4dLlAojv6GBmU+RvBU5uiKpyCbCPo5WcB+VxXwOmMA0YHhOaQRFmOZFEytEudKY65oNv42v6UmPeDZ+p7yqONxDaqxbbeuc2vYEaG1sW+iw+xvVnChV7/7hLgicbIjsAlSUWCqC3hCNQVN3NbfNUM9vRa5e3dmk2hcj8lcuHaxVKzB6R6ywsCecd9icQJIhmygunKdFmwuVx1We3R6/cff85uobF3CxsG+tdQ2YAA841YiJ3O7XGNcGZgedrN1pge+pft8h83u3sYvJkzEifdJJ8Z2MEeXpkzK5JZt59+T1/9+T/XtiRo2zIU+7vmL5z8SLdfXZcLeJFSp9GmuSxMyKffqyxbr/T+MMbL94BfdPYw5XGdUJ4FF/juz1DafPiLF1wI66QRmj/DTG4mpMteT4fE9aRk5qFht32VaEZLGLQKbDFl3YRAskSbKRHjJSEp5mRQz0kBH1A1bE9CrOX2c+bIzrXT67XKNpBlo+5FnBRy9fOoda7aIDjRotm/m7P+36Ru2l4Kl5HLAWn7tlOyFuAKQuojjsru6lGcYmv3Tu863IXVtXV8UAWHLGBJHECarR1Ff0gWRIEei02/txfww1bbDUmzCi/WSDpdmEEelHbcrYExjev3TawRzN6xFr8rg1CAixsOdc/lznlboTyYYnUhHeIA8zkSvfsen4kL6c9aWnHLDRjyYX9uZu812LBzhx3YeLO5q9Fl/q4m6+j7283/+/u7yRa5/cGg/lgnWkdb1lGcIopxvCGyfZl6sImCU6zX8R1wLJPkfl78uIaEw6NES5SyT5FGGvu8FD2GCYtwPzu3aYYndwkV46b7bGtsI6xWMJsiR18uiHG66/+R4JiX5iAutvX/fTvFLBVzSv5HR+SzvvU9TdL3jeEAb9XMsmwTKeATNjKjumrib60h0MQm6xzKIpdfs71VuF5NeevoeRJAyPU9MstKp7RB3bDgwTTqpqUT6EpDnlmNW/6WsrB9Yhlv61JzHi5u7X7z1LgLxosijAEjQcjVc5xOvTHtSx4njq67MmOItYXt8z7WAodHP1lCip5bcbLAUyp8VKP2snG0uT6H423OTgtooWXBRjulwKxgA39UsUwGb1zpBzY84cVSi1S1e3h+soqrdi3M5ieqE/Q4uvSJefi6paCKXrwr3lbrRpTScuQ1DRomQ7t0/my5DMTHC6RopmBD3/Gum1rNDrP/3pBdpi10qoHmXPSnwWyusRK+H66kRbivSLORW2qUrtU2hwV81VVl4K6Dleig3pLAb1l+jU4k1pSXAxeX/SL+bYnHmpSEZPAk04tFBf+TTHxrFAV4jqGvcHRPorCxNaMz1uZ/UPBPUiOyLRa3TNU1yqiuEGrOxRct1H/YnBD09upW+Ub1+jfzPTfYm+/Rb9G0qFNPqyxRyom6n9T6b/t/kiVai/KH74Cy4y8tnaunxLkhQztsTpx/ilTxnhQtet0cCuMItY17yAaTLVlQ4OR3QwIzgyALiNGXBs+9hrIY1mzXdW6zAfdMAofEwhtBIVz8wLw6AhgwJEgOOSF/s3YkQ5RCzQXYc9YaOJXdgxgbPP5Z1z7CBFf4dmlJKmHqvDmcLdL4MtbJ/7WgibZx/rVqMVq3rbFuhnsTVbM7Y5KUdCGmNMC/SRkPLAon0WL94Xsmi2MUWyidnw/LqWPNCWyvan5tCJv2MXbqiElqk3V33fO/e4OLo93WEx7CzcVb+5QtJIawUOlXFvkcnu/81KRKtnPvtK9PuRTOTLRQkFjQV/C371DtDwmx7NqSTYNQKaEJTmf3Ug5gsIvLiRElUyGhu95LM15xWNVQj7xBTp00Cjjj3vcOvMG1B3BHKnrrZa3BPy3yPCaMXLqF3QLDF6aAEkJLq7vLhzum+KuVkeWpRCDjVeBE/kF5cGUX0e7o8P9qkCQ9zX6haNTfmq/UlrsFs9ByzzBXr9p+/RFta9IJgjzJjfV1BXP69Q6z9CWyKJJYs1YgQrjQQflIv0F/HsauKXvYieuxojbOvW7jchM1g4yGoi6ZoLJvLdMBC3onKkxSL0J5SuscSptotIAL7IcGE7uKOKu5we1vOZT1bUhi7otoH6mEGEfd0WjEVRGCVT8DqMIPF2UqaBZB2olTgFjdXGKLjzOYg0rWRNUWnMMywzxIUsMKO/+/J7hSy865O5LIeTl+i4Xnh7FqnlumHmFaMrAjP2GPiKpIJnEwp2u92J0jMA2vsmRHkqipIR7T0Ak05UDAr8NNC00ljqMx3kezO29zhPHeX+yZw8foXgwZGQs1GCxJNBD3h2poW/5lmMZTckfxf8TOg59ei1imnTa98PV3gkoqLd6AsEzbhdC3IHh1tzl+3LA/Ps71MP227YCvzpJCVJhcxIFu8ddEk27plSzYi1jlFn2jRf7MbXx6+VFMUCqFZQlK9SwrGkwqr1RcU0/aOmRCJclqyufmmxbArMce4rzUWIQXinthctU5ZXhah+ppDYchsZ07goh55Bx3HdNWl8+7RC6Zoa60ZkRC3Qm0ppMJO6RC161kReLtbkxE3aK8BWK8P3hsyhCcEm1wPatbNN03hqDwQ2qnVGNzQzmg2cB78gu68F2fvB4vkn+VBSOdsM2/20saAHcxKpZjs7WWWEntHXDFNwQPf7RgNu+gG071qeLUZDtuhqVWgJVARvxdmsf+irAhrkp4pUsx0lc7rtKWrl4xZD29OqC8DVZbME5kK1emgWNaBS0FvQCDItL3SE1zcvYvBaJhFYLZMY2nMZUhT1iYZq9dFSjaArdV6R85iQA/PR+8aMnstHvTmnis1Dcu2UYEH7QAzQEEI7gnA6UuJDKNaqYmcCzReVTkVBXlkeGuPFNXAZnRDM3RL0DMiJA0I2RFIdGxp0Cn3aje6KAKdakw5cPjM3brOvdFPpYqhB3Mm2um8NH792a4M5U5gqTleOn83k2YDGxUizUWfYphOsl29fF5mIm/Br30rvWoJCol/uXWosVXVCwNCvBuPXOzRVJalKoWhAwXHU2QJzmmctunBzdydReCqmk3jQRY8URbwqiKTpY2WRd24zdX4+opKtuRlWLNn7PZrahvAM+iQflFti+c8zoNfUoV0x7k7bZSx+LfhouaEf8F7GrKSPiVX31WQnWCdmnJdrjZvcYi40wk0nNX8CLRN5UieqnEWo1wfx0UJ9DsyUnuz7K6RbAWr1GPa7UfwFo+lujm47E3LhDhhw4Nqc7SbkcsVi5k37F/Bd5cD//eJUcE0eYmusDUM3bauAuroqy5T5P3hUMasZ8gHAHHic0zXmOUk42caWBVOBS7LthPpBCdFa0mWlSUdCjHP0lWXdaOvd52+iKXGJgwm7ZuXYqEPHLDcHDMFhfpFlpqu/eYxbqAAzC1YDDqo250tuiFyge2I3pVJELnBOAMrbZbqvhKx5GNGuyVi9PYXfI/v7Dm6FkGgpxdZ8Vv81rfs4GrNrEk/6JrvDUod20zWEQ3tU3J0So+rQue6UYFnbgzTSlRIlcQHFWG/xBUeYEamb7CLZDur+ZsNbTnx0QAAgCcmjMGeIC/5HSUoClsy+7Ic5+qL0cfR93VCsHveK2ghbHf4Zzcw11WhlPbqCAZdQbcKR4H/MhfnvPS8BKCmJR3GMOG/cCQa+AgYMk2KFoMM8JWqB7luZMmxs0K2sisPxpS3nq5QxYmzJqE22yZz4bbqZpKxSuj6Q7h+jbYKfUGV20tVEO/+GUXzh02kVaHbtx94wv0VvYZniKWXPDhlehssr4AJhpURKwV9qdsNrT8KG3dKP5IdOI0NoXPgSlRJ6orxERKfP/IoyljhUw+oDQSwYimgiFSqxAhQvBUAOrpu0KAojxUQvaD8urSE63avu2ffgXBpfZw8jPExWfKeiKKvxHYywbRhtKc/E1uXTum6TL5tMisnFGE1zVTG2Q58qzKzzMxMFpq4RL8y7HoiJiaer6/WM1MB+1BqO8o8kc7VAdSI6VuCdcgaK+eSrhrUFzfZtHBuhQkQVdd3OTtYtMWSgZu+X+3Px9UvpPK/ofgzX0wSdiSzosLFTbBerG7PTJm+/pv1tYE17RVn8O95M+ScYrbnGkmRVSlAdOSJ+d5vtqZ94XtNoj8h9r43/8H3sPIDmhZn0C5D0ozoJciCEx9iNbh66NVbr5oYatdBTZVila5v5W9fYNGWGlzWlAUSYmUgzzELJ1Pyq+fe40hQZec4RhZy7iqeMYGn+BEB4LWuugLDu/FoXdh6OPljhV41xnj7rFysVxbJp37vqPViubFQ+4vXaUFmpuT19XW0EGJj2+M0TIPVciUs7usVknPaUWgtuvsa11st8c+VacKPnDrih7k1pi34Nby/8erV1QJ+rwb9zP99cdfu7NmJi7D3oR+RsGqCdwsIeIiMLtlT5jdSN2sXEsu9HdV2BtlUX9vqxuTW+Z253fNkMjG6uDmqyofxzBzRZw9hrnrUa7QJd2vpMh3fK7Af7tVlgUPa/8c1Xzh23rHRTuSl08xhVnBFlV0bYB2Ur0AZLipdsVAVoQRkoRyXDE4JAEa6i4qP0NrSrqtqRF0ZSGQ2jri+kZp/vX93cDXVo5CBjrUdhqi77xIaCR9dCtpEWyyS64Rrd05xjEBYTR7QUMiZ47bOR/DKH9K7W3QSgOsJ/GkY6dxlOWSY8B+ftL+8R5SmrMmLEmWtka36+QM+vH3BRMvIDurMOEUsWpPfC7xeByNzssU1wTrVPi58zqj4alfsEvh5RitdxY751T8M7qj7uCblqSfOcyHgt7PxL9ms3FuB4AO10LYlaC5aZ02Nt9YlOo73Q+wyehXHs3Unl5++sjvGiAeO4ufKXkRwdnU9FUSYz513BrrjcK2jjav17qlr+0bAjONSnrqDdjMiqdMpKc2rpmbLGupw30lJIQB4wcr3mb6JLHJbZFsvzZOiNUfWNdMXuITKTmIBGfm6EKEZvcFrjKfuVWyOCZrVjBP9jraDK/VLI2prBm1pLglXw3GClsa5CKc6NPwpTdjazwwy+FA+IZq+m3y/zslZzcGg4+jACPrZ3wXDhv7r1Oxa5+97okF+N++6d8pxRLqpQMc5OHYnKg98pI0lDOh1GHtnvAhOOjczYOxIXjBm5h1SVpkSpVcXQtRkfpSIjyhyJGuzXb1lQnpGHwAvAqNKnaZ5PlC0wMJhismZiSSTENwssKYMMHo8Hz8bfeY4wLOIfzW+9M+MRzqFYWnChM2nEbnT0vMnnLIlUpSu6tRJmtGRORWgT4muEpxcTRYbWzTV+j2MnlFjlq0nycr4q+23zIaZcoYxoTJnHybAUle78bmJqgs2em1l7bHGTxwZ8TD+kmhQli5bNc4EyssIuBOSQL+sYvsvWNFrxhkiGd1DIpYV7XNFzz400H4DV7X5NVnUVuPXVK011BcCMyDux1jYYAzY99boGjWJ1/DspDs1pBFmViqIw9ynOMbq01BHtJPuWUmxoZv1nNYpcQdRkIlQm0tMDjY/3lv1EWas1pt28PL9q8FBC0tN5ZH09elxZ/0+xPNHvdPL0/o9YugCM/3aVNB5w7hUkFNudv7+7QTcjharLRjTUWlddsp+DgIVdTTVsHtSQfow/zOVW+5V7KyKSpchiV3yNKu6GSofjBRleJtSjdXi0BBsymKHyvOMCdqXDNoG2iYfQnGZNKGfCiVeEthpHZeABXv5wSl4z77KK+UzV3b3vPlj0nDoQBckaDyStul4Em/q1JL7y1hqFaV/ixgyOEK9XPOs7RJrqSrzBlOFxIAM1rnAE9ZUrIuVEpwV7h07x9YeLuzljpXAAUDYAO5qSSzdQNF9MSERaJMsqy3bB/TO0SILWAXXoVoqcBnS+10sVnqKkIiDKwaDELlHVHAUJVHWzVy3mKq4yqpvKuhYXzXHka2zXVmxYUdKGF/ZP0maJhV7BzWxW+eWv1+i5q5X4tWJGV15SBgUckAd2/VAKZb75Av1x7GjgwyjMRy62vGcIKZJWAGax6VOf6LSZ4hlccMO00Mu6yv2tK026JTlOd+jDpLnG6FLicxTlu4F7S0w5KjDlK4kLsjcdo8QSuvbGx0noKZd3MCx6KzKbHN3CAnayzjxMoQPaF6QKmIWIZSH1cePeki36ueJgSr4RGWHoOeWbxR9eIirSl2hp/o+Y/8Mcs52iavEHf3xRp2WyYnjUOT+0DtXX8C/vEAwKvi6Qk7u6+ZVY7QVq0CIqp/avS8dnDYOgiDQH2cvQpggrdwec/frmNywJem8TgP/wh1/f/Hbx7voPf7A5txssMZ08k1shP4YsWT54wX6rB+xG2CadYJiHViJczU5YlJLmOcCpeS52EUyYlZCEK5qGFCAdV1IEjovwXhBPfCAU0WSL6bg58ZO9A4B9HpqouT6hS9RVtYx0KfQyU1qGrnyHeu1oDrHuWxrsHa1rPuI5SU8tdmkbg41UGlds0ta9uHoXQ2JFJx1N9VSjOWJPnaoXjcgzzWF5j18on4wn+HjHhWHe6f/vxqO2KrPt/HeWI5Z1fPSOkb1MnuVw1HHcffwJMUPSVm9nO3bpc91ktNdZdoCT+QLcbqOTezgyXUNW0zniYVD0tcKUmbWuwVzunMy4uerWtgESlzEHNck9EAbTWYV1znViVMQT5nNK4jWkW7vqo0tRFBUfeqJG3PHTgJueyt1b8qD/Svw6dcObOk2zfipv95hn/yH8UbOWN401PUUyPJm78cA95lSlSppSESxLdC4LHrjfYsnHQYfPnXXFizIRsYTx/ds3d+gX60dtk1L9jHyaNZXg/j9v0aeKyAns1orxRJIhUmfc5IaOQ3SH3tVFZ960rkZLTwM+pF2iInQbAUO0PMlxdIiq9gTHnkw3C9+gATMsiwi7ZchGcC/gMmABckO0yoJ1pe3RDIt21SOdYT3UCp9Kd0l4ui6wDFVW0tDdlXjUvvjJ0SecjtKpgtBM1sHPQkpWYQuoGsKrHKCWIpAVy39GoFri4J0wLOJU8OMFQfeEhn5wHHJbQYzqGZxpnuAUGqOELz8xtBUPaLx3CC/zcvMdf9Dr4O97ypNUyyRTQXHXO9QN5dMiT0cQ3jAcXGLwhPCc8oBFkWPSMXKjebJK1JbqNLj84MmKia3CRfjclS5trjfxqEeIuqQ8oTymOKG8JLJY7oIlvI9ol+nHOMQ3mMU4K7RMSim0SMKHpID65rsEPI7habNod5OJPMliLLYhHD7/LeVJgR8SrUO5DfqEzYlmJMKjUFAeiWnK4zFdMpWwJUtCh0V7tL+OSDw4MniHdmgsxC7t0FW9Xdp/ikj7+4i0/zUi7f8Vkfaf49DWomR4SWKIlIZ6ePOMJ0XFQPle7iK8kzXx8mMEvaSoGM2LMo72bbRMzPLQSUiOMo2hlCjyKQ3vG+GJsgmJEXZQyTSONWkIx7Em1U5VZYRepClvyqqjmKpaaGN6kIcIIkQLbQyzWLTBrIlCvOL0gWMuFEkjHMLN92ZVIj0Km+9FqdcEZxHcaqIok5RF8GEbwhGCJEBXLnc6vFvUUFZRKJdVEiGmkUqqaYpZhAIileCc8HQXMOuqS5tjtvudZMsYfG8SgAGNQtnCwcTh2ibWRqG+zMvN93F80CpZUv3nKEBjqUrC9oobEJYiuKhWUa45UCWpDF/lpqyPP1ivrQ5hotfWzx/eOWKJg9oXhbhFkw+HINehvaKMxLBhVLKKsYl0FbI4u084hm6gElpCkmISRdTRcvNdpnQ5AvMPRFvJNAptRlckhhmjwNFckIwGKxjt06Y8zikpRFYxolIRY7UdcZpHkE2iVFusg/b871D3ZZAHISxJTpWWOLwnpKUdQeOTpIy11DLaWitAIpeR5KvNzLdHPAJ1LQkuIiiSthQoFtvxlOvtWlCV2A6z4anvsMRRDng2UQgbgvLG9rcPTZcqjXnwPseZ0stKhmoWWFMltldQDKpVcF7D69F1TXJostC5YRW+2fWpSAP7aOY4y0LfAZqFDqvW0EER3iJaJKkUooiCSmQIRzDTaJHESY50iEcxlrn8GByeqVThIUtpqUpJAxNlWFNdBc8+Y5STcBA7LVUVtKNOQxeKb8O7tZiwqKfJiongz3lDPELKv7F5g0sdQzSCxDE2dARWg+cmMJFHObo8j3KBSyFDC7BiWeUxrllBVRpDLBQqyoGN0QeCEw3gSsHpBpfhFgA6dMafpRo6HY9vt6EtkCgVZcI2gA5uiYrwmpGQNE88/bieTHfLiQz/ZpWJbcobnGzQztQtWdviNcohi1C46XrihBYGjmxoaVAm1pEUnF2slPkwSdeh6vxHpMlDSYMHAkoii1xirkeYuyEob6MQDv/0WiSyDx8GXUADEJYiT7AqAzYM6JKWODRVSTCLod9JksI6WNTRSMTDL7KhHBbCtUNZyCwCx+EdmSqCb1hZ33CEfABFQicC2IbHEYwTRT6FPwA+gNZgVCOYUormEQSvKkN72ZRMY9wDmWbBFWklUx8qbgDCOlyLrS7NSgVH1dykPHShhLdb7FOJWpDO0NPXuQ5/rCzR8BG9pqdnaLq7Mjhaa5Uto+ShV5JFeAsrRWSS0dBV71HaVtSRoRjLoFOlcRHaG7xJKFcaryJoBhsqdQw1fFPyCNBNWsiKh3Sz+mDRPIiiF5UW6F3F0WjoJnskYrO8XzGjGbqUJKMaXWKZOTRDBfDvfnZs56yIqzTVIRTIQBN9BPgGqWDIV6rT5ENQHm/lrouSiR0ZNRY8uH4rUQUD9T7yjJk1tD4j6HcmSU4eUIGHQAttLJbn1bAZSHQmGVXQnKEe3W09ACghVZWlkBqNgUcR2q6xRlSjUpLV1FF4QlruY5pQ+BbeWR0NC4hyh+w+gQvNKI/dkb/Dqhmty6dCWuREr4lctN9Xa1GNXjSEONkQ2bQj0gKVWCqC3hCNoSO4vau4WYLntyJXr+5s2esLdOVafL1Eeu3pUgRgwO+Ia30MbHP0lujfqOZE+fd5fKijLN4KWnY3twgGt5NVBMt0vaCcevmDnrsz4GsPxCf0woBkiFcMVxx6/eYV9HGtQdz9AO4DvPY9c4oPx93MqQHhdv2LJ4x9sxFJwJqm45BXYVj0njxouBVT7oI5ulFPCKS2cd1b6FDN2UTHS0DPjdgOHPBzFdFIkk8VUXoPaPfp2cqPx8q3KgO05bGjWok99Eg1ead9d8o+nixHEBvr/R0Q2tUP3pmH7P1/uL+hGezmqhYKMLb/bIDVEC6J95FH2DwuS6wIsunaDTdodKuaXXK/OA+/vGkF33AupIWv9y4jQlghRQi0O8P7+1VJzBVOZ2jvO0KYtkNzUHvbQ5NWEjqg7WO6JLKgVt2Yi+l2SNuYg24oIzlBjGwIQ1gpmnO7cW2/fv/RB0jmM8pvGH/PSV+epdOz4azi9FNFhm0Ssf/ydfg9DTHxtC4otUZDM3shU8E5gdwKtKV6PSUoEPJUhjQauyQnlRc92rQwywnypHmimMhpihkyHEyYPsDFebmDoSbaNJ5v7cr1TvnZ66SzbcUgqzX0A48ZxSpZi+g2gTXiGnMNeqm0TY2MVOy24PHjASB7aQy38Ka5RiwpI1guLpgSxhDv3bcrCJajn90vFuiC75p/jahrsOUV1whni1QUZaWJ9IvhKG58M7F45tlXw72AHou9DaH6H9Xrr7/5s7F9rzrbUa/YV1623TlNwkbMjnXc4B2R6F8bn5x65dgA5vy3PnT9T/wzz1uee6d+736cmLx8SLY9GzZMMeMs0Ntf3l+buRNJrPME/KUZVakkJebpzmiVTj1jw1wQBCv0Er1/8wO64frb1y/Rzdur67//gD7ccP39d+j5dr1DnFC9JhKla6FcqzQhJUk1fOub7//9X148864I0euIMm64HiBTFwX2t+NRkU/fI6/5vT2LNzVT/iuefV5Md2XTAc5PBIw7+oH38TtQTFvr5FcqdYUZur1462X2d8FJPF/WaSfjvwQnC//aGna/GBEKEzksPGELPsc3eM8+5FiTLT5Di3Q43XfoIssk+GntKfex0zy9aVGeGud8aizk5vLNnX2VJsNjBVYzRj96TiWrqbq3G93cGVYmvF9mDU/sBBFkDc3Y02tYa2KJ7a41r4DosIuzjJovY9YGbDu9/P3v3IwHwJiEcMGFu+FX/SMwYqXNtY6i1x37pGH01nF4J6RuRPJI6GYQYIMNoHp3WPKqmdfezofyvH5M6mm9mVp4Tnx241xeXMcdWL5YKZFSo3Jav9FIx0FGLkvMc7JoTKdU8BXNK0kytNwBTcIzyBryy5nyROiBUdHohLbsHXQVAe+ABdT9uyVcwR0AkhRCk8RldofPMwq/tBlXCU5sKn4E0qWWcYivIhyJVYRqYRbjOsTCPykjLCrOktoTF08tH1rwZh6L4WhdZ8IZNNhrvSaSE43e70ryEn2on7FbcIB9i+5qB9joJfhlSlOrW/XMoExMmMY1084v/hJhxrzKRNl+ERLcsITEvA2R5g2kXAukNDzmlKMPN5MCJYUE2WjyKrjINkRFGaHtmyEsiQqd0WvIRihxsS9i6FR08LdH4Na2VkgY4XnwTpHAs1E+ImqhExqoVXkw6wRgOEohnWCFMPpJyC2W2bhPN0IXOSR7SYTNjX+AXLol0VtCuF/1DIya+NgYt9CYdUN1lhkEkPGQGTGaIeUuzxXSEgqqjVhyLTb8U9wwzOeI4x/hoKwTRDouytEE+y7LNpKyMRZsDgZs/+UJHakkKaAQbMLhwR0XscdS07RiWCLAi0Y1E8+vH364FblYrfzd30ma6DWJvr09Zt+bAe1t7PB9bfg27F5Uek24dsnik2yrKiRywnEJPXbIadY/KCInGRaVTsW8K+2GnGb4vkpTotQEz4A8fho42mmJJ8AXMipuLuQOeQoTRrzNIZx6PJIBj0YqQYBPlYKbd8XILZ9y2PwQjRSl/qw24fDoJt5NjCxqKdQMMEqyZj7ODzPQhylHiurKIz8RFBcQJ6Id1TVWCGeiNK+LXhMqkdjydsvswmn8ILgoJvJqoSeHohaifl4lwij3lGdG/gipmgXA6CfKCLpwjC1Gy3CMs5c3E7N3cjJhvJn/WdIVJpfg3mUthF0F3xw9CxGy3v0JC2Hz9e5dvUbolZhOCF2KmNUDnskvyRpvqKhAu0xFUUpR0IkMRTI3c9ccLxkUka3Q5X7eKN80Yicik0MOe1on8jLQ4zBoc5kTGPSM3/AXe3c7r2x73yaPXVtmWXE9LGcLrdFnUAaepKeY9UdpQfAe54QTSdN6SrAgkOg3TC2geg1Pra+3G3LMLtJvFkrL6eBnPadTYLfONqfX++fk1As7VsR5eU3TxgjXtCDKyHWr7UlSkskgktuFYKAQBzcCgAefuA3yyKN1Cnb32Y7Wt8fN6ZtEBWtyevTUnMP40AxHc4MZtwLhCGHw5c7u9cHZyVn3zl60IHOTh3cuGJbqPALkgBxvBMiXexy/PbxloVobzLNlx8lHOasECXnHjpAfsx7HkHMbHcZGqYcStIGfOnjlTqXXSUH0WpwhSoJ7nmRk2XBfm9xwwFKSIqrXaU9U551gzl9rGNlzLiN5Qv6++NPXX6Pnt1cXdy/QFVWa8ryiak0yKIX38sJELqLjAu2LhEG27Mry4bYZvjiRMSZFZK/ivvpPs6s+DpobAx75YE2fH3NdUkj7b+p+O44/4MkXM8XcB5PeZophFgqdbjCRdzijlbIjICGRogVlWFrxZMSmuUMpvOv+8iq454pmcyKNdDPlP5iDUHsRB7iY7SWPV2dxwffddQhruErDjv/XOYngk9FZcI4b0inLyPyuTCFjJgaMQjaw1ELmmNPf92RV83hH4djFPmGlu2dqYrlXVHprSSOh/vxkhoPXwkJ8WeyiXlbzzwQzvU6xJKiUJBMF5dhbcNcRT3dYU8K1Opgez/Ccs73FZ52shX4kZaSDa67OMyO4Siw1gCG1U90vVmcEO3LC5hiJuiIZkViTLAmWVLbnfBjh81M9YhM8u5NiQ7MGPMx9D5clc5rq6GA48B/zrPV1Wr+C006SZjPNshnSYf3p3cQ0vc1DIXNyQ230fD1U3Ccg4BqlM2RT8MdqnuQBdKbOjzqV0LlnolZHBY0VK6S0kFbiG2oF0RhGewbfWphvPfPPvqBZxsh8Uu4NjHesnPNsb0funSTn6vYY80z3zo3WQRjiuzo6+xKVDJstM++zkIjwVO7KKS8/pELOYE8ekUEnG9vyZ6E0eoPTNeUTJl2GI0mOr4Zr/YFDpn8piREfRj+yIGdqgW4zXKJf4R9WP8oEt3Wn/xg/nmiNN8RoToxgiT5VRO4QYBCqUnBFao3KX5xq5pvAb+aRlw4DLzWUJa1RILmdvsXlm+azntIMrLYH6J0DRz2WU+jyFNdhNjzjNbR0D8TI2Ibu4aUKyYpzrx2rXjYvj408WxipiRo7RzFxFmb8jcBoS3kmtgqpkqR0RVPzyUtfnaDLkx1fEDM9y2+bc4OeAyIs4Wn7DEHo8kVntVDF4R2/JTlOd+iD6gPfNhHYYlhIGzy71owwg8E+8dp3TS1gBWrV4JCZF3G04g0OgKf6v1dpCuU84+XrTzu+Qj2FzmvVa8+MYYbeg+Z+c8Jk58nrnZqqy/B1rvda1l3D1KdRQMezmcdh1wQM+nvTJmTabRjtkB+Q4nDxM5QNhGwJOFnhBlPOyIpy56sH4QSofgUuJ0AHgbuTCsUi8dY6YAbqX2jB2PhsY8/dYSlNYFM2PmytcbouZobAb0eFBUcj66i7HVGavCwpD9dBLOjdMFOGosK4j6dHSHXLdmBbLIx2W97v6do54jru23eA6xLL+kyZP79sp7Jd0xGUOjK3w9iyNvn9qOnp4D1LLKyFkLt4G/6jKjH/y0HEmJqRPop6rZ77niazLD++AuoH5nY2lWg0qxpvff+sJk9BQriWojxFdGSiWo6cC0edcTemsbbJgXIE4NFWd8x7Dy9FUWK+a+4jXDtop2/tlQ2R5hlKKF8Jv1KA1cfYNUIH5MfAiqw525K4qOirT7FyBH6qGNuh/6wwoytKMnQFdc/WOehlZUuWSSrER3qmoPtvZIns+K39jNmUNh8cbbYNh5eVBpX7xBamh+/6u2YI12XHuaOtT36B3u9KO/XWc2AWx+7g9OZJskqCgskO2DY8WEeEfKZ8sLVDZuZw1TXKZZ8761kshay9/RBifnc7seUdrJzAx6leizJuH6I9S2FGPui5r9mUQkTSRPpMmXHMfqASa79rMuUJViGj/R3C0pXTB6ZcSRZwmztUA+5KY4wmlQzlDenQVEQmOA9nU7akgz9PfdJB0x/7pN2pjyBYyIMmHFSr8MaJoR/sNDeK3lqSQapMaI3KDjFHLWFP5r6HYUG9euX++9Kx8Mr9h8tr8rn9MSPSn53npnPG6LmdTDd4Dh7XTqu10XQy1xDNmFSUr4iUE3HX8bxnmVdX8T+49F737AxM1rjEq842eK4UhLVF1CvlGWK243dt4/bm2L2HDGLZ/dPfyDhBa7rhJy3XRM7jjzA6u8t4en4JrR9foEsY388akXomsJSJdb4k0jX/JL0szD3gvCRq6LizkJ0NN4M+Ux2k6L07TX8/1Sv5eGgU/26je/q731tDP0aSKTd/u0ac5EJTu4HlGquJDlAqnRtWqLOVdvDp5oJmq6N1gBoluAzOWA2cXtff+BNSFM3nqKjo4xs1XQ/fTzZaNtKEKlUFVzqBMiRLxfPWPS2GAhwSKaP6QEeb0pWe12ZwdA/B6X3SaZYMiQYZ3EWRn99Dauf+x6gjPU9j8vHScw+P0yJUKZZsYr7ow5Cqc2R7mckSc/RwFRymUcUiTD8SZ1FHAjf4qm1X0n2QQLZ+hxTE64REN/cXf3tzh+7MO4V+4RPdV1puI1VSn8Lt+63wcwtiKF2T9KM6yYl8nBCOi0HmazrX4HU2EGGQBupaELZScI+WSyQdgUKeQcm1fDSoIJNGA/Cssa5m6/DZ5XKDGc3sQfQwMRSEs6Fa7xOEsGIfyU4NxXagk18nkAamvda6VAmFHrRRSMNWxliQFH8Gt4nmvK58EZLq3YEblYqiiIoTdyTflg/nEPKX4G+pJGxoaYZ2sWwZ5olS52p4a0a2Mvw3N9u6RsvLrS01TkpB50ir9jFsOUDAATDltwZgWdM15nwEnBEbbsqNCoxMxGxngm1uHhbX8/C324u37t17NRi+eVC0kEPff3DMNqo+JhvBqlgLcFH3ceauz03TGbtu51txqhV6bplQLwCtAwp76466A/IImPbOhlWRpNmt4/UDp9qlCyz6RQcbIiFTYFUxlAqeklIbQ/ne7uEEvMJ2G1P62oU3BnvdQtswWgqpkTDr+/N/XPhScL3LHvrcCZnPn2A5LDDouViX2IKdeIFi/nr9y93NHXqDHwrKs6att39bzdxmT8PsNVGcmJabxmh2+6bVqE/+ksXg6dm2yjFZzVewee4i/HrK0dWOnrPMSeWbK4fS67jYyyGbb1POjBVQz7j4b1833BTm8GysSYa+3eAvMSb0mbIbXbtqsOKboG5hi3tfIlV5UtSxQj8qLQXP/7JkOP3IqNIk+/GV+9vL5lPKVyT1f7Sikmwx8yoyeMk6v0GYZ0gJNHEsJcmp0nJnLPs5hUWJ9dqB9Tc8oCEPIybBKTUXm7YQ2tZrpUJ2UMgbfbLhnHAtd//j/wYAAP//M4fDsw==" + return "eJzsvetzG7eWL/p9/grcfDhxUra84zxmds7M3NJI9rbOyDK35cfUrV3FArsXSURooA2gSTF//S08utlvtSgsSp45+ZBKRHLhh9fCeq8X5AZ2v5OlVIYJMP9EiGGGw+/kzf4vKehEsdwwKX4n//5PhJDq++SdTAsO/0TIkgFP9e/uU/vPCyJoBr8TAWYr1c0JEwbUkiZwYv9efY0QuQG1VczA78Soov6J2eXwu8W3lSqt/T2FJS24mbshfydLyjU0Pu7ALf+5ohkQuSRmDSUwUgEj2zUocJ8ZRZdLlpA11WQBIIhcaFAbSE8681Oa3mMyKyWLfPpU2ou6H9ahFpQ3pjc8+tD4fUPsB8n0qvH38RGGN6yzKx/XTNvvEaZJoSElRpKE5qYI66/olmSgNV3Z/6eGJDIDbSct7ect0oRcyhU5h0SmoPon4mmxNqhDp1PShQ0IM7dTi0w4AEZe/bDk2q15IoUBYbS9H0xoQ4UpYehejIZlhwBMqWl/0EXHPCY7BKGGbNcsWRNKNGjNpCBrZjSh5ArMF2YEaF3u/knnaFST1WtZ8JQI2IAiC6jOXU6VBvIODLXQKFkqmdWGenYpV/rljCY3YPQPHfLnTEFi+O45MQE3JR/AMwt/wkUN5knvQnLYAD9gJbkU7fvZWMlzyBUk1AQkKSyZgJRIwR0sQxccSEbzflSZXs2jXZiRPX4X7vnF+U9kQ3kRbjxLQRi2ZOF0wi1NDOFy5fdLdTbCzY5Z8uG0uO/Z7cipMiwpOFXu92FjTwZPRof0QSel72R0KA+flMEt2Rx3T1793z0Z3xM7Ks6GPOz6ysUfczeR9rY8GXQbegjTQ4emQMtCJUhv78OXDev+PwyZNtRABsI8RXC0SJmZJ5y27vATgQfCqN1TBLa2MtVTBMbEYcBwJaaSczzdk5YCPYR74C7bEiCNqUMNyDV9embti6VZwKLpyCEdIeFhWkRLDulQv0OLGF7FlmnlSKsoalaV3uXzy9WZZqTlIz0reO/lS44hVheCfS1gL0arav7hT7umUnsmRWIfB2rkU9dsB9jNhuGyw/rqntlh2JIltH6fL+WKvN6AMOTaMWdSiBSUVUEUBEbVmfqS3UJKNBhLpPHj5hh6WGEpN6FD+8EKS7UJHdL32pSuJTC+femwg9mZ1z3W5H5rsJYaSV6tn8u3Ups6i+TtE6lBpEysyg9137Gp2ZC+nfVlhxywzo8GF/ZitvmF0DRVllcOXff24nZmb+S3urib37CX97f/uctrVwufN7T5gjek1a1lKaFkxTYgKiPZtysI2CU6zH6Bq4GkT1H4+zY8GoMGDZnv5gq+Iux13XnoNtjNe7Fzq/zaD01m7iI9D9ZsQ8nHXQ4koV0OsgACzKxBkU8Xwvz0G5GKvOGSmp9fkQXV7hSVDrIlWxXKiX53zPsQcfcbnrdzg+IpnxHsC/bXK4llZhvTjsuRv3kDg1RbqlI0oa7G0WrTrq/kxexzQ96jRAGn7S0lRO+0gSw8ogG2pbYGf1K1Xzz7/1KxFROUl79pSit3rAOW/DUSGHEx+/xbzxIE+J2VePgSVIi6qxzj9dkf1K7geOjrswaagjqK7/qtG4pcnD/ES+rx1p2ljsxhvtInbWTjyRzdzkZLQetiL2i5i2JVlzPJOSRGqm+RAdvVe4SYG3vmmCaJXzpILdKGoHop22ILGVnoJ6jxZcniqYiqmdQu2C2Tgix2nU0jRMHXArSxBDXLcr4L+2S/bBk9AZqsiWYpkGd/IWatCvLq119/IFuqiQYQ1SgjK/EkhNcJK6FzKTTgLUXyzZyKRBbCVDaFIlt4pmevsu6lQJ7RhdxAbTGY6I2sLNmbNgpoNnh/km/m2DzyUkHKiracFmOhvuuTHCvDAlsSZv5RvPrLT3/VnqW/zB0DLUH/ozObf1h98JLuQJFX5LVIaK4L7j0rVqW8F1/vo/5A50dPbGXfKD+/Iv9mp/uc/Pwz+TeSSGXlZTeLMOhz8r+4+d/2i0yT5qJ817uFQqbwZHVdsYV5Qjlf0OQGVwL24IQ07tpQ4/UKu4gg0lwyYZxqYqA/wNkdjjkoJZHi0/byoM4hYZQ7xA6pNlJZyVrsvNRhP9hQzlJ/MPpAEbKUhUjtC8PBgWdiFYSjO4MXmzeiQzmGLzBchxG30cAu7Lik6VN55wIcotmfQDIwiiU9WkdQhetfdrqwf+5LJmyffWr2Eq1cltt2Qt7Krd2ars7JBJHKKmNGkhuA/I5FexIv3jeyaEomoPV8w9J5iuV1fV1ynhUIUNS4S57aFazphRumTEG5VdobtnfRY+JgGbNqt/OVu8XwswhX/eKcKMuttTOouEWjagWm+tqdK6EVUtDTo6+Ej4QbXwmF4grqMv6L89L2+gEyaYBch/OeKHAP7WI3xCjtP6Uj5htwvISR5jrnDDOy4Umr85p1xP4nIZtZnot43t2ts29AOOvlqSu1lvCE/PfwMHr2smT8EXz0dlSrHM3OTmdB9k2osMvDslyqtsRL3BP5zYVBFE/D/PHJP1VOEXeqe58ptanKF/uf7BV2L+c4zfyEvPr1N7J1654BFYRy3m8rcEZ9Jybt7UdkCwo8WWoIB6oNkaKVLtJcxEcXE7/tRey5qxhu27B2X6RK3cK5qCZI1kJyudq1HXFLpjpSLCG/kmRNFU2MX0R7qXcOvzOaC1KIENPDGzbzwYza2And3lGP6UQY8V06jSKzQqYUpRtB0e0gT3OctSVW0sRJrN5HIYLNQSZJoUqK2lCRUpUSIVVGOfuzL75Xqqx3fdIQ5XDwEsli0XmS7rVIe9QVmJecLcHNuEfB15BIkQ4I2PvtnmuDaWcZmRATicxyDqb3AAwaUakT4I1iLTZYyzdT5pEO8rUdu/c4Dx3l5skcPH6ZFGYdaZv2+amxYl72UU7pIy38a5FiLLsl+acU2NUWRtiiHb0UMX147cf2CndYFNqNPiUGbk24fGQDStfSKdKxOLCe/X3oYdsBjTXNfZpeIlUKKd47GIJswjOlqxFLGaOMtKm+WPevd18rJbMTR7VwSfk6AUEVk16szwpu2AvDQBGa57zMftnXssmooKu+1FxCuHPvlPqiB+WxasLM95rIrfCeMUOzvG0ZDIjtaBZi9/YZTZI1s9qNTEGfkHeFNk5NqhO1t5KagbhcauDATRplYMulxb2BY0hCbpPLAf3aKViCApH4A0GtaJ2yDUutZOPOQz8juy4Z2cfW4vVP8jZn6mgz3O+n9wXd2pPIDN/5yWrL9Ky8ZkG5AzpuG4246YMmnOeWG1f87KQzZBVOJovYHCjrCHIPpVitf+yr4iTIrwUURztK9nT7U7Tnj1uqiQORDpwbB+6n2IsaUShoLCgCT1tlBuH1XWUYWPM5AtR8jiE95zFZUZPoq+hUEWSl2ivyOCpkS33sfWM6z+W93pxD2eZdfO0QZ8H+gWhVQ4htCKJJR4iPIVjrgmO7nQa0KFmYRGbw0mOolBcXlS2XnRNCRViChgI5cEBgA4oZzNSRkYmVo4ckwJpnZ8zkg5u82Kkd6F/pKtPFUnN+pxwStmR7xadfuvXOnKGaKkFWxo9m6tmAysTI0n3CRGmiSoOTpRd3UJuPtQmfm1p6XROUiry/DqGxTJcBAW27mhu/3KGhLEmdS80iMo5JZ8up0yL1FaZcKH95dwer8BTczPFKF92TFYkiA8WS+/Ki3rkdIYttZGL1TLbqZni25O93Z2obEKlUIWB2dGZy8ccjVK8pXbty8Qck/Xq0BYafC95ZbstBx4F5To9Zq+677oUMWf+BzQQr15pWscVCGkLJOlS86A+g5XI1LwNVHoWplwfx3kz9GDVTGrzvby7cylWtduyjX/CXnCU77NszwhdmDkAori34boAvFxwzbrp/AT8UHBywfnYqhYFbbIm1AnQhvL1uXw+Vpqm2/3KPKuUloL4CMHc8zsmaihXMBWyxecGQ4xK2NVe/E0KMUWxRGKhxiG6MvvbQrbRef/76WYfOaTRmV60cZ2hlK8cWzSmC7fgiD6Yuv/Uoty4DzC5YWXBQ72O+1AbUCbkGvymFBnVCV+BKeYdI96VUJYYO7ZKMl9sT93vif1+rWyEVWSi5tZ+Vfw2yple7ButJX6QzqkxsM11FOLZFJdwp2ckOPdadkjytxEasKyVzCA5FrLf4VBDKQZkqukjtBw1/8+6twD5qRQBcEFKPwJwSIcULBTk4TWYs+sGpDcd8cpJCKXthKn3F7aST414y72Er3T+dmW2ZWQdh2fN6cu4GXLhsE0GkeLGS9r9HXgInpMx7BEfEedOaM/ClA2BByiWx3MEw0Cfkes9T2o0N6plVOIjPfDpfoa0S41NGfbBNGthvWHhKEl5oUx7I8D+dbXI/YdruZMiJDvYNK/i6T4dFoKNLP/6G9Wv0viwTnlD2/V2Kl0V57lAQqrVMmLOX2t3o1Sfdhl2yG/idUJKvd5ollJOU6ZvnJFeuJ8pzAib5vl9Qpooeknt5z4fe59komoEBpUlOtavipV0hB1+LIJFZZrmYbDjtu6k1YJJRcc+/B48l8dX2EOFh8uw7kVledO8gwrZRsmUildsQT5tIkUBunleRFIOL0ZnmsuB8R74WlHvjZyozykTgGqI2EJcDT1fd6hlLXBqZuhUJL5m4gTTkApWB6FQ761RQUOwn31XQTlg6tnG8UxUCldXVOzt5s0QbQAnv/fVj4XqfB8srue6W66mczqAy1m7shG1iDWM6tP78j0vaP0eWtJeM49/xaspv3GjVNVaQFgmQ0nME/eY2DYpRPu95TdEekWs3ZCk2t9/H2gNoX5hBuwAkN/qgkgMxLMZhdPvQraleVzfUioU9WYZFsvaRv2WOTZVmeFZSapUIsxOphjnRKrG/qv6/m2lKLD8XhLmYu0IkHKiyf3KF8PbQQgJhsHaqMrHzbu+DZ35Ft87Tk36xEpktmKjqZtcfrJA2qu7xem2YKvSxLX11acQBGLb4HcdB2nMlzvzovibjsKXUa3DopvFq+byV+eKcXHlO8ywUbiC+215I+rXYfuiXq70B+jFs+TXz88W5W9KQ8laxia71oOmR82GAfgon/hBZXrBlul9J3egdZi37plc3JGh7cWHUji288n3EU2OX/qwamFyc3ynJxrLP3SHJWmCvRLqXaE/Imc/PDPVOuf9gXJp1AFXzGz99F8xxi8JUmZvSVI9RIThovzLSPyhbSTZUMbrgnSxAX5SBCZJzOsAINAiNWh+lsaF1UdWPfGI5lZUwyvxCZvf5+uXFrC1Dk1Ay1lsUhvKyD2woODkXcu9p8SDJhTDkmq0Edcxi4IjmUmEWr/2+w7/sIZ2Vspt0VR3df1ogtbvsTlkqew7O1fuPhImEFylYdhYa2dqfn5Bnr29plnP4ncy8QcSTddz7pN8u4jxzR/dtOuPU/mnpR8b0jRW5D8B1j1S8mhnzKjwNH5i+GXG5GsVWK1B4Lez6l+xz3RcQMDjpdK1AryVP7enxuvpAp9GG6/0IloWu7z1w5WcfvIzxQ1WM4+K8P41ksnc+kVk+P3LclduVEHvl2rh6+54uFi8sHClcfurStZuRaZEMaWlBLH2kqLE68opbSuUqD1i+XuIb6BJHVbql6nEi9LpV9S13peEhspMYKI38zDJRSt7RpKyn3C/cWhZ0VD1GihelgKrGuZDXNaM3tVZAdfTYYG2oKWIJzpU9ijL+aGqHHXwhbwlLXw6/X/ZlLY6B0CL61Cl87O+CRdF/dct3DLn7XueQn3f77h3ynDEhi1g+zloeiV5Fv1OWk8Y0OnQssr9EJoxdmbFxJE45t3yP6CJJQOtlwclrOz5JZAraHomy2G+/ZsFECreRF4AzbQ6TPB/IW9zAThVTJYgFKOffzKhi3EXw9FjwvP9drAh1i/jC/rZ3ZgLhHMqFLy70SBJxGJ08q+I5c1A6D0m3nsN0liyICPuA+LLC0w8DSYbezNV9j7EDSrzwVQV5BVuV/7b9kDKhSQqGMt5jZFjIwtR+NzA1yY8em1labGkVx+ZwDD+kBrKco0XznJIUljS4gELly9KHH6I1rVS8AcXpziVyGRkeV/Ks50baD5zWHX4NyzIL3NvqtWGmcIUZSe/E9rpBt2DTQ69rVC9Wzb6T0NhIEXhVIrPM3iecY3TmqRNWC/bNldyw1NvPyipyGejBQKhUJoc7Gu9vLXvD+F5qTOpxef2iwW3ugp4eh9eXo+Py+j/k4kC708HT+z9yERww/bcrZ3iFc89dQLHf+evZBbnoCFR1GGhVa0N2yTiCiIldVTbsKqoifR97WIit7hfuPYuYL2SKnfHVybhrCx0BC7FYBsSjdfxqCd5lcITM85oJOKQO+wDayh/CViytXDkDRrwsttbYSQOP8PLHE/KqeecF5jNVdveeffLVc0pHlAvWuIWkqFsRfOjXAvrSW8sqTGOBG0cwhPRaxdOmQaTKrqQbyjjtOjJIZQonLr9yCUoNdFrwd+gQW388v1tQVrJQAMo7YDtTCuEGmq1OBjgiy+aLIk130e0zLJtHzQOq0S00HFbofNRKFZ+iYjJilYNWit1cF8dISGC6Hr3qa67SImWmyqzb10ULiPoa2+0zNjwr2bsXxifpo8Rir+DmaFr52efX5FnIlfhccCsrLxh3CRwuDuz1bS61/eYP5EXX0CDaXpgbIbeioQhpSApXzGLTpD7QaTOhRzDBtcNCz8os96uQmnQJK5rsyKdBdY2zhaKPkZQfBm4sMRMko0wsFc1gNBwjp8p17cWvk9AQLmduWHIlUx8cvS8LWIs66wFF7pC+XKiAXQgsDalZN+4KtuRtIZwq+U6mwMkzJjYnPz4nTCbPycL+C+y/qKB8p5k++bHfv2iSfL7ktNM5P7YM1ZTwz2bEDepsXY5P7srmV3I5WqjBSFSk/q+LgLMsg6BB2YPcC2iTxeW7LWSf332hCshHHwD844+f3305/fD6xx99zO2GKsoGz+RWqpuYKct3XrAv5YB1D9ugEYyK2EJEyNmJW6Wkeg5oYp+LHYIKs5QKhGZJTAZSMyUhIM7iW0F6/AOxiM63lHWbEz/YOuBqn8cmaq9P7BR1XSyQLoVZpNqo2JnvLl8bzSBWf0ujvaNlzgeekfTQZJd9Y7COSBOSTfZ5LyHfxZJYskFDUzlVNEPsoVPtrUbUM812ek8/Uz64nuD9DRcWfJD/P3RH3YvMvvPfoxyxtGajD0BGQT7K4Sj9uGP4pDxC0FZjZ2t66TNTRbSXUXauTuYPzuzWObl3e6bLktXsGP4wl/S1pIzbtS6LucwCz7g4r+e2uUpcVh00sOopYTAcVVjGXM+tiHjAfA4JvHbh1iH76ExmWSHalqgOOnFY4aaHoruCW/M36JepK2z6MMn6odiuqUj/Q/Z7zfbYDDXsEM7wYHTdgRvgdKFzljAZLUr0WBq8Q7+lSnSdDk8duhZZPpdYzPj66t2MvPd21H1Qaj+Qr0cNJbj++yX5WoAaqN1acDFX0K7UiRvcUDOI7siHMumsN6yrktKTiA9pnaiM3UbAEs0PMhzdRdX0OMceTDeN36CBcqoyhN2yZBHMCzSPmIBcES3SaF1pGzTjVrtqkE6paUuFD6W7AJGsM6pipZVUdHc57bQvfrD3iSadcKooNOfr6GchgWXcBKqK8HLlSi0hkJWLPxCo5jR6JwxfcSr68XJO9zmL/eCEym0ZWNEzOmgxp4lrjBI//cTS1iKi8l4jvFjlm1/ErVlHf98TMU+Mmqc6at31GnVL+TDP0wTCG06jcwwxB7FiImJSZJc0Rmy0mC/nestMEp1/iPmSy62mWfzYlTptYTZ41BG8LomYM4HJTpjIQWWLXbSA9w7tPLnBIb6hHOOssHyeK2nkPL5LylHf/DJ3Fsf4tDna3eRyNU8xFtsSjh//loh5Rm/nxsQyGzQJ2xPNAeFRyJhAAs0EHuic6zlf8Hlst2iD9l8QiUevDF6jHbsWYp127KzeOu1fEWn/hkj7nxFp/wsi7b/i0DYy53QBGCyloh5fPRPzrOBO+F7sEN7Jknh+gyCXZAVnqyzHkb6tlEn5KnYQUqDMMIQSDV+T+LYRMdc+IBFhB7VKcLRJSxhHm9Q7XeQIvUgTUaVVo6iqRhqresAtAgsx0ljFDIu2U2tQiBeC3QoqpIYE4RBufrOrgvQobH6TuVkDTRHMajLL5wlHsGFbwghOEkdXLXYmvlnUUtYolPNijuDTSBQzLKEcIYFIz+kKRLKLGHVVpy0o3/0J6QID92buyoCiUPblYHBQ+8BaFOqLVb75DccGrecLZv6KUmgs0fO4veJahJWMzqo1yjV3VCFR8bPctLfxR+u1VSMMZu3t/PGNI564E/tQiPtq8vEqyNVoLxkHDB1Gz5cYm8iWMZOzm4QxZAM9Z7kLUpyjsDqWb35Jtck7xfwj0dYqQaHN2RIw1BjtDM0ZpCxawmiTNhM4pySTacFBJxJjtQNxtkLgTTLXW2qi9vyvUe+LII9CWMGKaaNofEvInjaCxKcgx1pqhbbW2lUiV0j81Ufm+yOOQN0ooBmCIOlTgbBg4wnX27Vkeu47zManvqOKohzwdCARNgblje9vH5su04aK6H2OU20WhYrVLLCkCr5XEAbVIjrW+HJ0mZMcm6zr3LCM3+z60EoDYzRXNE1j3wGWxnarlqWDEN4ils0TJWWGUpXIEkZQ01g2xwmODBWPMJY5v4leninX8UuWslznikUmyqlhpogefcaZgHgldvZUddSOOhVdl3wb36zFpa96Ol9yGf05r4gjhPxbnTc617FEETiO1aERoEaPTeByhXJ0xQrlAudSxWZg2aJYYVyzjOkEgy1kGuXAYvSBEGBccaXodKPzcF8AOnbEn6caOxxPbLexNRCUjDLpG0BH10RlfMlIKraa9/TjejDdrQAV/83K574pb3SyUTtT78n6Fq8ohwwhcTP0xInNDALZ2Nwgn3tDUnS4VGv74TxZx8rz75CG25xFdwTkoLKVosJ0au7GoLxFIRz/6fWVyD59anUBjUBYydWc6jxiw4A6aUVjU1VAOYZ8pyBx6+CrjiIRj7/IlnLcEq41ylKlCIjjGzI1gm1Ye9swQjyAhtiBAL7hMYJyouFr/APQV6A1GlUEVUqzFQLj1XlsK5tWCcY9UEkaXZDWKumrihuBsInXYqtOs9DRq2puEhE7UaK3W+xDifoinbGnb1Ym/rHyRON79KqenrHp7vLo1VqLdIESh14ojvAWFhrUPGWxs95R2laUniGMZTCJNjSLbQ3ezJnQhi4RJIMNUwZDDN/kAqF0k5GqEDHNrH1l0Xoqip4WRpIPhSCdoavoEcRmeZ8pZyk5U5AyQ86oSkM1Q+3Kv/fD8Z2zEFdpqEOoI+Oa6BNX3yCRnPSl6lTxEEzgrdzrLOdyB53Ggneu31IW0Yp6Tzxjdg29zcj1O1OwgluS0Xahhb0vVqyKdjMQdJCcadecoRw9bL0roER0kedSGdItPErIdk0NYYbkCpZDR+EBYbn3aULRt/BB66ggECZCZfeButCcCeyO/DWodrQ6Tk2MXIFZgzrZf1+vZdF50QgRsAFVtSMykuRUaSDvwFDXEdzfVVotwbNLudIvZz7t9QdyHlp8PSdm3dOlyBUD/gCh9bGDLcgVmC/MCND9+9w91CiLt3Qtu6tb5Ab3k9VAVbI+YYL14nM9d49QX7vFPl0vDBcM8ZLTQrhev6vC9XEti7j3F3Bv1WsfmRN+Oe5qTlUR7tC/eEDZtxsxj5jTNK3yqhuWfIRb427FkLngGN2oBxjSvnHdletQLfhAx0tXPRexHbirn6vBEAVfC9BmpGj34dHK96+V70UG15bHj+o5dtsiVcWdNs0pY5g8Iucba/zdVWjXv/fOPGbv/7v7G9rBLs5LpuDG7j8bTmuIF8R7zyNsH5cF1UB8uHaFhnRuVbVL4RePg1dUreAr5FL58vW9y0gI1UQDuHZndLxflaJC0+QI7X07Fab90MKJvftDkxTKdUAbA52DypgXN44Fej+kb8zBNozDCgiHDXBCtWYr4Tdu36+//+i7ksyPyL/d+CMnffEonZ4tskKwrwW02yTS/stXw3tYxcTDuqCUEg1L/YVMpBDgYivIlpn1EKMgpCczpJLYFRyUXnRv1cIup+Mn1RPF5YollBOLYED1cSgeF50baqBN4+OtXb7e6X54tXC2rWxFtcZ+4ClnVM/XEl0n8Epcpa65Xir7pkaWK9Zb8PTXAyD+0li07k0LjVgSDlSdnHItrSLeuG/nzllO3oZfnJBTsav+r0PdOF1eC0NoepLILC8MqH42jGLGtxPDU8++a++F67HY2BBm/lG8+stPf7W673ltO8oV+64Xdjin87ges6mGG7oDRf65ssnplwGGA9d/62Pn/+CfebHH3Dj1o/txYPDyXbzt+3bDFDvOCbl6//G1nTso8MYTZy9NmU4U5FQkOytVBvGMt2NBiFuh5+Tju9/JhTA/v3pOLq7OX//X7+TThTC//UKebdc7IoCZNSiSrKUOrdKkUpAY962ffvt//58fvu9dETBrRB7XXg/HU08y2t+ORyOfvnte82t/Fi9KUP1XPH1aoOu86Q7kBxaMm/zA9+FtCaZ77eQzU6agnFyeXvWC/VMKwLNlHXYy/j8p4KR/bS3cb4aFuonczTzdFjzFN3hkH1bUwJY+Qot0d7pn5DRNlbPT+lPeB6d6epMsP9TP+VBfyMXZu5l/lQbdYxnVR/R+NIxKXlINbze5mFkoA9Yvu4YHdoKIsoZ27OE1LCWxue+udVwGUYNL05TZL1O+d9jWevn3v3NHPABWJXQXXIYbft48Ah0o+1hrFLlu6pNGyVVAOJPKVCy5w3RT52BzG8DM7m7Oq4+89n4+TKzKx6Sc1ruhhRfQpzcey4ob0DnNl2otE2ZFTm836sg4xPJlRcUKTirVKZFiyVaFgpQsdo4miNRFDfXzmfzA0gOdpNEBabl30CVCvQMeUfavp3BFNwAoyKSBeYjsjh9nFH9pU6HndO5D8RFI50bhEF8iHIklQrYwx7gOWPVPcoRFpem8tMThieVtDd7O46Q9Wt2Y8AgS7GuzBiXAkI+7HJ6TT+UzdukMYD+TWWkA67wE74cktbJVzxGEiQHVuAQd7OLPCeW8V5jI9190AW5UucC8DSj7BjJhJNHGPeZMkE8XgwwlcQGyaPwqOsu2RGWO0PbNElagY0f0WrIIKS7+RYwdiu7s7QhofWuFOQexit4p0mG2wgeiFDoggXqRh/KaA0aQxIUTLAklb6TaUpV2+3QTcrpywV6KUHvjb10s3QLMFkD0i56Rqybe18ctDeV1V50HQ1zJeBcZ0ZkhEyHO1YUlZMxYthRabPRPccOpOIYff4KBsgwQqZkoOxNsmiz3npSN1WBXToFtvjyxPZWQuCoEm3j14KZ57KkyLCk4VcTViyYliGevb3+/lCu5XPZ3f4dkbtaAvr0NsB/tgP421nC/trgt3NPCrEGYECw+CFsXMSsnTAvo8UMOQ/+kQQ0CloVJ5HFXOgw5DPi6SBLQegCzqzx+WHG0wwJPHC5iRdyVVDvSk5jQwXYM5tTACC2Mlis5B5/OpbDviuVbfcJh9UPSEZSas9rEq0c38G5S4quWupwBziCt5hPsMC15mAmimSl6+CdxyQUQWHSguqaa0FTm9nUxa2CKyK3Yb5lfOENvpZDZQFyt68mhmS9Rf1whwgr3TKSW/0ilqwWg5A3jQE4DsJPOMkwx9opqYv5ODgaMV/N/lHCFwSW4DlELcVehb449CxEz3/0BC+Hj9a5DvkbslRgOCF1IzOyBnskvYE03TBZOukxkliuZsYEIRTg2uNeCLrhLIluSs3FsTGwqtoMIso2wIXWSXgANhFGbyxwAsGf8Ch/27tZe2f19Gzx2+zTLQph2OltsiT51aeDz5BC1fpIU5N7jFQhQLCmn5BbEBfq1QwuYWbuntq+3GwlgT5KfTrRRw87Pck6HlN16tDm9Gp9TEC/8WIjz6lVNKyXcsAy05ete2lOQw6ATKexCtKIQd26EKzz4wG1QE4/WIbW7H+1o/TxtTj/NdbQmp5OnFgzGd82wMzc34z1DmMAMvt3Zvbpzduqoe+cvWpS5qbt3Llot1eMwkDv4eMVAvt3j+PPdWxartcFxtmwaf1RH5SAx79gE/nHU4xhzbp3DWAn1LgWtZaeOnrlTmPU8A7OWj+AloQ1LMvEwwtcGN9zVUlIS1eo04tX5IHmw11ogI+cSyRLyXye//uUv5Nnl+ensB3LOtGFiVTC9htSlwvdi4XIl0esCjXnCXLTs0uMI2+y+OBAxpiSyVXEs/9Puah+C6sY4i3y0ps/3uS6JC/uv8n5rhj+Hqc9nSkVfmfR9pBjlsarTtSbygaas0H4EIhXRLGOcKs+eLNu0dyhx73p/epW755qlx6w0Uo+U/2QPQmlFbNXF3F9yvDyLUzF2151bI2Qa1uy/wUjkPumchWC4gVpaRtpvypQKMzCg47JxSy3Vigr250hUtcA7ClMX+4CVrp+pgeVeMtWbS4pU9eeNHc69Fr7El69d1IhqfguUm3VCFZBcQSozJmhvwl2NPc2oYSCMvjM8ntNjzvaSPupkfelHyJEOrr0631vGlVNlXDGk/VTH2eoRix0FZjOFoy4hBUUNpPNoQWUj58MynzfliJXzbKbkhqVV8bDwPZrnPEiqnYMRiv/YZ60p0/YLOPtJsvRIs6yGDLX+zG5gmr3NQ13k5IZ57/m6LbgPlICrhM6YTcHvK3nCrZOZaj+qZUKveibqZVQnsVJNtJHKc3xLLQND3Wjfu2+d2G993z/7jKUph+NxuXduvKl8rmd7a3zvID5Xtsc4znRnYbRahSGxK72zz0nOqd0y+z5LRUAkapcPWfldKOQR9MkJEXSq0i3fSm3IO5qsmRhQ6VKKxDm+a6/1J+Ei/XMFln1Y+cgXOdMn5DKlOfns/sfLR6kUPu/0H93Hk6zpBqzkxIEq8rUAtSOuBqHOpdBQSlT9yal2vnP3m+Pwy1ADL7GUFSurQAo/fV+XbxhnOaUjQN0foA+hOOpUpK7LE67BrH3Gy9LSjSJGVjcMDy/TRBVC9Oqx+nn18njPsy8jNZBjFyjOg4aJvxGUbJlI5VYTnUPCliyxnzzvyxMMcbLdC2Kn5/HuY27IM1cRFkSyf4ac6/KH2mqRQrh3/BJWNNmRT7pZ+LbywGbtRNro0bV2hCMo7AOvfV3VclBcrpo7ZPZF7Kx4VQegJ/u/kWnq0nm6y9ecNr5APVSd14vXPTN2M+w9aOE3B0z2OHG9Q1MNEb7B9F7yutdu6sNVQLuzOY7BrnIYNPdmH5Dpt6GzQ/0FKe5OfnZpAzFbAg5muLkpp7BkItjqHXNyVf0ymg8UHXToDkoUQ8K2N8C0xL/YjLGy2WLPPdRSGqhNWdmwjaHJOjtyCfz9qG7BSUc7qm8HSpOXBRPxOohFvRt2yi6pEPfx7GFS9bQdty2+jPY+vb+na2cHNe7bdwfqnKryTNk/P99PZbtmnVLqxN4Oq8v64PdJ0zPRe5b4shZS7fA2/F91TsW/31kxpgTSrKJeiud9T5Ndln996ajfMbdHE4k6syrrrY/PavAUzEEYJfNDWEcqi0XHuDDpjIcxrbYNd6QjOIw+u+O49/BMZjkVu+o+umvn2ul7fWUDyj5DcyaWsl8ooPoGO0foDv7R0iJLZFvArYq+/IoVI/Cm4HxH/l5QzpYMUnLu8p69cbAXyhYW80TKG/ZITvcvsCB+/L3+TPmQNB+92uzeHZ4XxoncB7Ywvfuuf6iGCF12gjna2+RPyMdd7qe+txzYxfE7OLx5CpbzqMVkW7AtBm+IUN/rvrK1bTDHMNVVwmUTnbcs5lKV1n7nYv5wObDltVo5kY9TuRY5bh+ikaWwI99puS9hKimRJJEmKDuO3Q+SU9NvmkzEnOqY3v4aYRXS6SNTLhSPuM01qhF3pVJG54WKZQ2p0dSg5nQVT6fck47+PDVJRw1/bJIOpx6BscCtAeFEq/jKiaUf7TRXgt5aQStUJrZE5Yc4Ri5hg+d+dMM68epl+O+zAOFl+I8Q19Rn9qccVH90XpjOI3rP/WTqznNnca21WutMJw0N0axKxcQSlBrwu3bnfZR51QX/O5e+1zx7BJBlXeJlbRt6rpRza0vUK9UzxNGO32vvt7fH7qOLIFb1P/0ndAO0hht+snwN6jj2CCuzh4inZ2eu9eMP5MyN3w8NlDlSsZSBdT4DFZp/QiMKc6Q4L6C6jmsLWdtwO+j3ulYpenSn2Z+HWiXvXxqlf7fJNfuz31rDbpB4ysV/viYCVtIwv4H5muqBDlA6OXZZodpW+sGHmwvarUbrANUJcGmdsbJwepl/0x+QotnqGBkVzfpGVdfDj4ONli03YVoX0YVOR9kFS+FZ6x7mQ3EIQSlUG2hnU+rc87UdnFw75/QYdzpKhERVGTx4kZ9du9DO8ceoxj0PA3l/7jmCcZiFas3nG8wXve1SDYbsXjDp3B49WkQv06ixCLMbCBo1UnGD7/btSuoPkuOtvxDt/HVSkYvr0/98NyMz+06R92Kg+8oeLVIm9SFoP25lP1rHhpI1JDf6ICPyNCaMW4Osr+lcVa+zKhHmwkBDC8I9FxyRckGxTlHIRxByPY6qKsig0uAwG2qKo3X4rKPcUM5SfxB7QLQZ4dGqWo8xQrdiN7DTbbYd6eSXAaSRaa+NyfWcuR60KKTdVmIsSEKfwG1iK1FmvkjFzO6OG5XILEOtEzcRt8cRDEL9KfhbpoC3Nc3YJpYtp2Ku9WM1vLUjex7+Jcy2zNHqRetTjee5ZMcIq+4D7BEQh8CB6tcG3LImaypEp3AGdrmpMKoDMuCzPVLZ5uphCT0Pv1yeXoV372Vr+OpBMVK1bf/Ra7YxfTPfSF5gLcBp2cdZhD43VWfssp1vIZjR5JkHoX9w1TpcYm/ZUbdFnjjQvbPhBRI3uwxYPwlmQrjASTPpYAPKRQosC04SKRLIjVWUr/0eDpRX2G4xua9feKuwly20LdBcKkOkXd+3/3HaF4Lbu+yxz51Uq+MHWLYTDBom1gX1xU56C8X87fX72cWMvKO3GRNp1da7f1vt3I4ehtloojgwrTCNzuzGplWJT/0pi9HDs32W43x5vITNx07CL6eMLnY0jGWBK1+chyq9AcUoQn68TXnkWgHljLP/9nnDVWKOSLuSZOzb7ewlVoV+pOjG0K7aafGVUzfzyb3PiS56QtSpJv+qjZJi9e8LTpMbzrSB9F9fhr89rz5lYglJ/0dLpmBLea8gQxe89htCRUq0JAPHUsGKaaN2VrM/JrPIqVmHYv0VBtLG0AHpjFLHgukToX2+ViJVrQp5JU9WyEGYWkxKFQUslWEC6jeg/4w3kDQD79+4w+9jM0p65I39j/fXtS+270jvOi4Zh5M11euTRCU/t+2tk5fq3zun7uzD2c+vyFuq12Wc+F1Aeo/vEAMgxCqvVMPvZAGmbRZJYUkLbuZuCX4nS8o72dl3wH8n04KD44c5VZqJlV9hu9R6p7lctSvM97Ek0tSkPVvqfGN8nSeAtf+c+lRi15nUMZ5nH07PLz5d/9C/7E1kN4Z1XqBYuDhVGTlNboTcckhXQD7WxxoBhbZQjcdpDEBfwFMUDNfOwFslq7TsL6OQeloZRQL19rQagGSgG1nlw5C6nSb3cDo9XSci6Yn5GAXQ55knkU5LyOFteOBHwaxU36wjQvlbgxmOYOnjmrGwnHsYzSKUI1iyTrh9LCSWtKs1NQFGJ8Z1D2KoQNAkEJalua48kEiRavLCFZ53RXIgJZqJBFwZtGYbuDGcHWsribNcriiXo09eEFid+P/+t+/eyT8Z5/Tlryd/+W4CQMvUO6okibOY/sWoFQwbgdGNKSWxnq066WEEgvKdYYnu8/5GgvLRmZi9f7mRuauLRegZ6LTrEso9UHsKeLCXnK6a4Dzoqe8dFvfyLoVZQxUdQZG/eDIPTJ6jCUYfnSiSFM6n56WfUHEjz11NCiX5JIRojGFfkm8ae7Df75h/SaR9q4E584vTqSM8hky13QsoyD4wfUMuYQOTdk4nFOmV/thqGHo6e+6z9YkdU0DqbBIpGGfdCNXRVoX94iTgWMLFPRlFb/QIApZ2hMgIJETOVQdkprGv4JmLrjGcli6/e6kO7ke9Qz4GmqEiLQThPQ4FityQ0BhzHB8Wy3K0pyoT7sv9/dki4bFrZRRbrUCRnBoDSmjHobydMrkBk1JDfc+HBdXw2y8ERCIbfaynTWDksYyxpFUtqZS89C2qp+JDe8U9sEkPeJGysQXqCdqYCsJSno5BJ7LHGxLtqHk0141BxgGN2usOXxZ37lktY86ONQWSWeOZPXycWfA0TzV+FGaNdrOabUymHSKzzpXsZNZFQvTR19c0MpE8dAkQzDBailLN+s3T4A4UhsZYwdZQg7AWVKRblnai4yOh+o8O+TEkAtK5KjrVPyJhuTo9I18LqqgwTICFZsWJD0Xw3U5G2I0QQQUYMuMuJgjtCyoGRo+zlRZOg8AwEmkEmN6SILHguBHqdXmmokIQTgOY+4imi55wVRLJExLq3l7DtOc4oZx3g1gigTmjnIOaiEMpBmoOSK+eZenBpUvO/FgERPrCh8GWsXZTGXo3e4TEEebOr673+SHT1q23WANBeVg6gw3DQmKTZ2ehWO3ku5akysnsWGrgWZf+MBYQRlEu6JgQ/qDzc+ZHIFenH6cdHzSD/1lPRtMoDESbcD1tYZphxQJaU40kGdXxNEYZxrNcUdNp0BgLjhRLtiqUv+R2HLYoJm3bciUXfxwDVKsJ2xiiTlksJEiNccYAoZkkmnhceejgZph09Zcrc5vL7YhS8jBW1ED38b9Ic6xhXL05J5FAVTk6Z61R7oKDx5yur99WGS8TmdOaas3GRMiHbZwnP+0Q9efpEjxPbenfmOYYStarNdAUFJIT4e3HjzPytjXCMBqeysUfiOxAuKq9gVtO20BXc2U+Gnb0IFRf2JKFUcoC/lNQySLFDBg7swNMDl1zcAqNZb7xYKaF3CSSF9nwojzo4n9+fzEjZ80BRoBkGRVYR/nygpy1BhhFUgi0ML7rq3czB6Y5xggc++654FEstaz5tLaHGkNmGQTrb2YcCZtTsn0lp5IjlRXIJiF0xkskaKW3rhyGZDKdiMoo2s3YjYTry+kbl+i+tzkr0EYxt3JTuKXXP1OmqcpGnMEPAunV7vL1na7y+i8i6nZ+AF/izoXXuDfZv/pT8Lmy2TjYPs+uyFmz8OoIkG6jLRJLEi+E0b5jtFcVJl7GQhiaj1hMHwJqX777NM/JmVGccLnShGotE+9qcd7gewV0e8gbdMSfY2FN2HL47EVCe3bx5joW3pSjH4fzy1k0tAJ9cc+voq1tX5et6Hh9oEokxMtuOd7IcJfLWFhZjn4WLmbRzoIeMT1GQnt9/TYeWvRze319GQvtlqIfWyvRxULbaqOCgRYWZMm4ARUDdF4gSTGzT63WnMMY1B22g4cB8cpNrRXJZDuCYoYllCPKevtdLQcjVk0Uqyl6RKetAYll4Giv2MQQ6kTxxhefCqrx+LUHbeC1zKD+vQlwNoBmUvz8epIVMaXQrUkWCcO5o03EpCiPlBqqqBjJS3sgFkOJo+/sCApyqcyEm5V2iyfEQzRlWVKh7whAOzT85dxKwFMjztJuLwYSaR3uc2N8XgSTord1STREYRDSGmUE1gY3nOMcXGzQ9DCOFDZMmL6yPpEQvT11YyRALoQBtaTJ1IC8FDZ4RqWwUNPsJOk6yeeZ7gsRjgHl7dmMvJuaPp7a7UK7YVUNLlZu1hREaHlZWksd5NTGKKNYuFypMW58eLD3OdM3VoBeMbEiahpf5jncGtUut0Ei7djljDjyvVWEhkHJZKCvdjRUSyZWoHLFhLHDFa6pcWvQEXwZZSIxiru46p7CRCSSoH/x5jqM5kK4SXOsiQBHuVRcfBP5VQUPM0a3A6412AR4CMG6DlWIG54SVb0Hg/cG1jFNlHIrVKXHCPmQBXR7B2LlqroP2IHy0yT+MnZGugOdt36w9BZnDQOqYGOZpFDVYOHlXDdxTVwwJF/ZuWt8Zo+WszmlTPswRJfQ0mxmP4LNzNG8tIfKP/ZXZqkkVmpLLy7SGG8MHGqgQh3b5DCFVJsjaEJ7YOm9tSIHEFP76ICb+LJrs6QZ6ymnGR3X+2vSGmoM1Xrb21wdAdfbL6Q11F24uu0Y8ICpaTZ0xzPA6A2esaSHZWifOjQJntR4D3nrmE19lozUR9vM99f32sy7TG8Pki1qsCab4bTBy0CrA7q+niTsaKOPdxG1XJotVd1OLGP4CmF1GCtWoqrGNZh+xJB8Bel07VibosDa20+f9p2e6mAvZtNje1M0dM5U9mnKiQOaS55g+eBen87eX4ayFq24rnFEeCJFA9I0YQJ8W0ecJfqyBtdQY1//gzBdDgkpkYoIOWXZqt6TSOu272051YoPueypSB3nYFnS+8LiXCbOtTsxFwJ03tMKj0RaqOtZK1t0EiCXtLSUCimBxKL62BliGNAGNVT108d35PWmDFadAOd25CA9CMk7yjh5fZusqVhBqHx9fnVNFOhcCg2ECr0FRTRMjGyAQOubgZu7wmi67AiLdPzCMC56qTvWGDyGpfm6+Py/FVSlrqy7YimE8VylGm1oNqEezJJmep7TolMGnMThdFVt8FNB+U4zXy3qHRV05cprVXUOZg0MI3j/xHP8OLAO6J+gyGXwAH2Y5CtYJgYyjVVvr56M8Tr0iiDX11eTcKHJaXVUk8Q1VwoeB8vVx1ko/tcaZQQMB28xxUH00ZejNaCqbhihPMXOFx9a+pYVE199+6011Wu0yjVvwgCTNRQ/ubESGhH8i279ppv0sB0Ae0zTzrv9KqKF5XJGVMFhom3Fw0G0d+5XZ5pq4pp0rOwbZiUAHFCnwjCd08zJkM2mKGO4tlSlkC6xTJ0+Cyvo2vvxJkD7mmK9MX8/n/KeKJoB3hGq8vq744xAAkiZvunr2FgH9jBBRgG4uJMOmRFcEkkdemMFZ6gfoWlo5puEF3rsxXtgyKurcrZhyhSUkzBW6LM5AaGmG1Apw6rj/eb6lLQHGAaz9UbYvu6kkfB8gQXJlbzdBXvvRC6+oga2dFirODSk4m+eLmF5nS+R2WwmX5eilQ+UnYBR1fs5tBE+TIeETKrd5ELPrtcHVoUN1zTC9/uYIg6s6YtcseFalw/C8vaUzBRzjaenIJkjNkF5ezq1HOmazvEc6m9PyYdJ3vM1Fale0xu0wjCX5G1niBE0WOWqXNMxJwIRuSSp3AouaTpZA1kvUjFXQDWWkfYtUGUWQI3DRlpDDeNiqzViJs7bkjxZ0oViCdFFltEpyshaYgX8vJXaTHstGMX00mx+I2yC0MqSLE/qJRriAqk5sGauv7J3bF2cvZtNb9hlMaIV8/SCUf4gcHhCt6tuvcsdV7gnrrK3NZJEeQVmK9UNMYoulyzpG28Ym5jrnOGs2MXs+vUZYWIhC5GS69nFFDiJQ69BMcoFkhRwEUYhfpjJsnfZPxULVTB1vXt3PR2LfZXG0wYfbMsph/J9o/i0tMFaED5mEMHFfpjJJjkmsLpWlSeeuR4rk3iDL7WOZUF5r9iKCepqIIRIYTew7ypeGZYq58gUwO1g0KiAPwB3ASD3iDnFSwI6CMyGcpZmFMn+bF+hd6dnlfLpwofDoOT9pyksNn6eQblOU3IMGOITvccx0bQ6PFoENP/pf7yPYNBAVTKhiuoNw6o052reNcgPguBUjCTLHO4+vDy9sq+8zJhY7SUWQRY7AxMsFZwKWQxz74fhkoXxssoBuIBieYddoFeT/jAMloDQMOcMrTPjO3rLsiKr1V6oeTi9NcyK7pceyRTIY1AfVuIx2FhD5scH8BICuWwMOYJMIDEqdw8b5EdAjBQIjNl2dgIUmdARMfPAx+PSUrUs23X6JLPZ7LxWSnEKKqRc5Eu5mq7jOfkKB0coXTQlm5DLLaKN54237HQGGYSDJgU5lpjRZLpjJ6PcKgrzlHba/ZNIzMbe6TAMpKQx0N2w0EpF9MC6X8GVjIoCSb5+Z0nTxBRqsl8no9qASrVBO1vv3Aj10xU401pq4+XtrOCG5RyICJaXSkGYdBItfa0SVB3Bj9JQFWqzcF2+1lQ/cCaQsiLDZzh+nKmx5RkM+5MfhCb41Ar7IIQkTedgY3pa3+wM9DpDs+9WMQF2mImlfsPrhlgf2XMfP8xEnQyzSo0rljs1tD1bZQYta8K1NK4kaJ/+IhX7E9KyfPySS9cR1DJgFwdqfLjHlJOGdsq8gWvi6ZIpWoe72dnFi/Pr6/YYI1gEM1K9wItTeAuUmzV55weaWNanhIV3AVuwpoXiZzlWFZuKS72bXf/nBCB6hdj4MtQZIrOyEPnVRD9AZpCqPr6jtz6DI2OuACX5JJghn6fF4+Gd7WmHWWDFuLr2XvdoOCgAswlR6DpyBWZKNIuA7Ryzr/sVbMuwIxns+63clFFozVDP6MhaBpiJ5wi2qF2RLLDQEGnyjfeYMPsQBVSTexEJ2GouseqqwpZcc2nusT63xh5DJGHJW6oMqA3lNZNVZWy0w9dk8ZMJgJeIUu+V3LfXnPjkCsmw7MeuJ9FVg/4gDMlTVHZV+SOvJ0YmWkCITKrC0+JU04wRkqeonKpC1x7lDkSYfKrCVDKrqSxC8hSPYe3P1X24loWEZLR9z1Nyfb/oEsnTba4kkq3NAvoCC/LGp57MlJwWzyjFlmFljJ6SJacrl/MlUt8glPnAr9MZYTqMPTk9XuagUAs8vc/Blxf3TWamRDdaTKiNJ/eYpjedxKxns8dz7U1kE1kpbjmbDqrJ5VBkYfAi5N4XZlpcnCwMXpiLRXGPEJecag0pvtnXjzPV7Gu/vcXS+pxGlXr1yg0kVXq/MrN4fXpn1KyJXBIuZe57ldW65fmwk6RQzOxCZPYErICV7fvl9IrI3LCM/RnaCsMUfmW/NRdWqMaB9Xl25cYgQt6nL36+phpeIeY+OVxukIlcNF9L1JCFWYP+MAws4XOmZAJ6moKcS86SHZ6SN3P0J6p3uZSINXXtzkjJpx4SOdIF/0HbcylXpMi5pCkBpaQi0/Lg7LcWMBY/8bC46rA6LrEg+FyMJM0RR8HBSDweBjSYEqCXK7kAROv4JRM3ld9gZgerDOWTwCV1W21UZJ8+XJZqTHucuwAZNnIHo7AmO8L92qXkLVWsDethXMoTn2h6DVDmG6z400PswQEUYipmuUg+SfVeqBDflwBq2gPz1Y64GQvPe1AI6tU1+VqANmU/1ak1Ir4WVOmbkZDzBy3R3wuqqDBMALGDELjNORUTpbevhTQUbhOAFKuL8MXSj+JCbRYAgnTGG4eX0eESLYeHOpcRvB4b5VxuISUv6oZ1tnSM7MWC6vIjFwjtPvDB0f6ziRPBuyZ/d5OYFlrioBR6ZLsPX1SPo9AHrKT76Ie74SuaMrlAa0P/wZIni0ld6B0ULCnfA5ki4wcYCZcaRrKIo6AhlvV502QYz/2vkqvC/nEyWN+OCyuJsAftds2SNSmHvTdorF5uVSiIB2MHmvqqKLodjeN94DXY+ijZ+4HBijio4Ey6D8kmTYGjLQ0kwDaQBg7WHGkYFGIxhFMOykyugaACfpyrd+3r09zArioQ2h3xTmzIRTrHQN6naKfCkplClG3NuGqfTDVtCZegFOUFVmfXWuvgvrFGgGVyrG3XwWmXliyZzWb3Kknu0WxNPqoMP5BROGQu8sC+SIUmtFEumTTGHoFqdWjMhFFneZkmPSr4ionE6VfTodhvY5qe31/MymEm2hUV6IIjhQBWlvD2KMNo0ComWSwzh+XVxMZDSuthB+LDxL0G6+ZEGwVi5VLCnUN9SmcYpbWc3wCSz/zD6fnFp2tyff2eUOObXE2X8woOiIJewWFimpYFgnj3LZBpF18nVAgsAWaf0XvthyHv3l1PeFAsqNG35HCtugQy7bnQicTao1oh8fdlIfHrxnDDqIL/9ShqVGewEVhCM8M2aMiu9wM4g3jV+rTWD3UaTKzqKFenZw7l5HwNDcIg6lfXdnXupVtp+IoF5WsBIoHJ0Wu+lBLSGa/CBnTV+qk+2B2gRspIPVSXuk983x19sR6mB5+X5VHf/P38ikg1qRaLBpdlMker6ObpTzJdBCxYNsUvp+f3hGOKHKmDQonj2o4xsXOChg3gPSLXberDONY0B5Uqmatkk1pehSzYBnaoZJ67/wsI7oPUcm08pHWmfSjKHBTL7a/xYJ5X2CzSHCyHOBAontb5MdTd8YO5kckzj3WCf8T/yp7L4yL03v5wXoNPZypaezaPj9aOej+kTKx8QBUWg25B9YNNY9VO9UV6NprS9ensoj3cCKw/MR4P3xPBEr9HdSq8xAuXbzFZAsKqkNOMcL1vWU8t7nIgPgzdVVnOtu46lPd0xGlxp+MwHsoHuQy1yECvc6oAqzn5HqsrdtEaahgYbqHbSYH8WiV4TdtDBeV7xPJrleD2a29Dmmgx1SpBzeQJsCZ3adcqwew1HuBM7TGuVYLbYzzgWVOVhubB05qMB2CIiTxdZBPzeNxJR+wy3jnokxuMa5XgSYAB1jQPjlYJZvPugGVq326LBq1vd8AyrWW3RXKUY33/bt1aJXgNsAOqT5PaFmqNeYyvz6aeYbQj8x9UQ9WJ8xrMNOVEc9osZBkV0/X1JTmdWChTaz5ewfOBNtpzh6Y5xBiYO6IioqBpjTEMx1DEhMa9Y83VqJBCv/RFvqaobmasW1sEsXVioXptKFrBwn/5y6uTn27LxWmUDR3Dg3V4TtOMiVAxvznMKBqsmhlTS2VowwxWC+3Twsiyy4IbhhjFViuYFJeli8UfgNWvLthDWkOMYcGsS3fWyL69LhYv3rnRpvoXi0VbbIwK7/Rz3xBjcPCiHi7lqjPACBKds4TJkTsWK/ShGmlq9MPW3gfERLyqPF0I17xX3rneiQS1os/HNbhByipkrkCuqSrQTkSId8wqfC5t6QB0ukAMlAzVKFpDDKJBfINNq7GIXJaVCI0B9ZywJRFSwHP7RVG65yYsoFkroIghnF8uzq/DIBNjqPB209UpC5ZJ2EyySWIxDf8sGjm1z7uRyG1v01r/uUN73xppsBw9Hy1pkrng84lAQsQCJp7as+QHm/AeGUUTQA/pSDjVaz/WJD3YKCpShtW+/Or0oxtBc1qlqE7DhFYnzZWadiN4/X/yKoU5oDWkvLqu2s87dPwe6JzIf2QNYwquAhIuDEJnqzeMw365CiiLc0+JrjKFEMCxzpdX3v0Y03bPw4m/Rk0kkxcGTyRoAJrICtDABP1vGowCyUHpLRqtFJxPF1NRuer0hQaF2cnxk6jhK4ttTW3pWIy1dHxYXQ+5tTiKPOe75jDDYBT3LIOlw+n7D2up/uGy5EpTrn4FiDOsIIcaosYgY5hQT9Mez+QzpBB5Ug3PxEs3VqYgkq3jk3bNEicIlRbNfCnVuKL+IFj7nl9VWeeJK2UyVBdLGVwU5LgcVOiltNiRTx/fTQKoAK1F6RKUC9Q3chqaDUUSwsviPlNihDY0x2tSsgcysVMJrubb1nan9IIvEc0zaKjGUYF9bgFrjXU3OEQfTBvbRD/MkypchRmHfBggF8aDlh7/ueACFF0wbtmlTqgII0503aNGWHyeGlGxwapWVW7ZFBVpwxSWwf6zJT11R+x3sTRYD+TinDwrBPtagB+NuM78bMlATQj530iWzxF9Ly4NPp9c9nCTY53e2VX9a5OQeAUYB8/FTENCPueCfPRq9kQGlAtcT49z8gQLvF2z1hoMA1PD8tnDDvmHN5PN25uCiwSriVKTOZ9RA6tJpm4LCo0DNDBN0WQtGsRHtYFnIovcopn4Pn+5nLYoW/61oBwtO9DiaA8wBgY1hMGCmRzAsNnmG07xzu+XGfl8eXo1aZe2SA31vzysof6WCpkbmueILtrTK/K+XvX9NM95VQhoko6/xWr7/8W3/V/JA1cP6M0WcrZBWjmgN+QL5ORCMMP8gn12/efuhnZLC7NGLJr7X6eFWd+rZO5taUbGBPRJw9RqDrdoyeZl1uB/9XKG7n+UiEIX5pMqi+Ck9djJDaitYiZ4vf6pDbu7gCksacHN3MUB/E6WlDf6jI3Mxi5iKUt12kOT7RoUeCtduDVVkVvpIswgPenMT2l6j8m0D+8dU3F/1r/X/lIO61C3c0SHRx8av2+I/SCZbrOgsRHGT3xjVz6umXYF+5j29WWNJAnNTRHWX9HtvsXymhqSyAy0nbTLMeyc0Eu5IueQyLR1vKuJeFqdy3HodEq6LiKmr9P9QwkHwMirH5ZcuzVPpDAgjAuTYkIbKkwJQ/di7Ak6mgIw7RrYuuiYx+Qqz1MTkjdpWVGDrJnRhJIrMF+YEZYthd0/6RyNarJ6LQueEgEbUGQB1bnLqdJA3oGhvijpUsmsNtSzS7nSL2c0uQGjf+iQP2cKEsN3z4kJuCn5AJ5Z+BMuajBPeheSw6aj1E5ZyR4RobGS55Ar8J5HiySFJROQEim4g2XoggPJaN6PKtOrbshNzBMY9rhsWXxx/pMvouZvfGUz8d+CW5oYwuXK71f3FXOzY06c8KfFfc9uR06VYUnBqXK/Dxt7MngyOqQPOil9J6NDefikDG7J5rh78ur/7sn4nvQU84u0IQ+7vnLxx7w38/HJoOu2dngS0BT0OvGfBDa7bFj3/2HInDMr65ZHeBLgaJEyM0847bTveRLwoKcowJMAtk66Du0nAYyJw4DhSkwl53i6Jy0Fegj3wF22JUAaU4cakGv69MzaF0uzgEXTkUM6QsLDtIiWHNKhfocWMbyKPX6EI6yiqFlVepfPL1dnmpGWj/Ss4L2XLzmGWB2cwnt3cDX/8KddU6k9kyKxjwM18qlrtgPsZsNw2WF9dc/sMFWv0/JAXsoVeb0BYcrSD4VIQVkVREFgVJ2pL9ktpESDsUQaP26OoYcVlnITOrQfrLBUm9Ahfa9N6TOjx7YvHXYwO/O6x5rcbw3WshM7jHAu30pt6iySt0+kBpE6X43/UPcdm5oN6dtZ307Y0ZTV7fxocGEvZptf6smdvde9vbid2Rv5rS7u5jfs5f3tf+7y9viOEXhDmy94Q1rdWpYSSlZsA6Iykn27goBdosPsF7gaSPoUhb9vw6MxaNCQ+W6uOqX8Y+x13XnoNtjNe7Fzq/zaD01m7iI9D9ZsQ13PWZLQLgdZAAFm1qDIpwthfvqNSEXecEnNz6+I73AZ+g4m9UIod8z7EHH3G563c4PiKZ8R7AtJOzowKsAx7bgc+Zs3MEi1pSpFE+pqHK027fpKXsw+N+Q9ShRw2o0Q1L4CiX9EA+xQ8tedVO0Xz/6/VGzFXJcp/5umtHLHOmDJXyOBERezz7/1LEGA31mJhy9Bhai7yjFen/1B7QqOh74+a6ApqKP4rt+6ocjF+UO8pB5v3VnqyBzmK33SRjaezNHtbLQUtC72gpa7KFZ1OZOcu1jDb5EB29V7hJgbe+aYJolfOkgt0oageim7garDC/0ENb4sWTwVUTWT2gW7ZdLH63ZmX/avZJpoluV8F/bJftklGQNN1kSzFMizvxCzVgV59euvP5At1UQDiGqUkZV4EsLrhJXQuRQa8JYi+WZOhSv0WtkUqmR4e5V1LwXyjC7kBmqLwURvZGXJ3rRRQLPB+5N8M8fmkZcKUla05bQYC/Vdn+RYGRbYkjDzj+LVX376q/Ys/WXuGGgJ+h+d2fzD6oOXdAeKvCKvRUJzXYRSVFalvBdf76P+QOdHT2xl3yg/vyL/Zqf7nPz8M/k3kkhl5WVfkskP+pz8L27+t/0i06S5KN/1bqGQKTxZXVdsYZ5Qzhc0ucGVgD04IY27NtR4vcIuIog0l0wYp5q0m7uUQN3hmINSnX4P0eVBnUPCKHeIHVJtpLKStdh5qcN+sKGcpf5g9IEiZCkLkdoXhoMDz8QqCEd3Bi82b0SHcgxfYLgOI26jgV3YcUnTp/LOBTi+FVQGRrGkR+sIqnD9y04X9s99yYTts0/NXqKVy3LbTshbubVb09U5mSBSWWXMSHIDkN+xaE/ixftGFk3JBLSeb1g6T7G8rq9LzrMCAYoad8ld2a2aXljWLrk4b9reRY+Jg2XMqt3OV+4Ww88iXPWLc6Ist9bOoOIWjaoVmOprd66EVkhBT4++Ej4SbnwlFIorqMv4L85L2+sH1zthX/FTgXtoF7shRmn/KR0x34Djpex+q3PeKR73Pya4Q7OO2P8kZLOe7okxz7u7dfYNCGe9PHWl1hKekP8eHkbPXpas0/TgCD56O6pVjmZnp7Mg+yZU2OVhWS5VXztDl7j4bYVBFE/D/PHJP1VOEe9vZ9NR5Yv9T/YKu5dznGZ+Ql79+hvZunXPgApCOe+3FTijvhOT9vYjsgUFniw1hAPVhkjRShdpLuKji4nf9iL23FUMt21Yuy9SpW7hXFQTJGshuVzt2o64JVM9dUd/JcmaKpoYv4j2Uu8cfmc0F6QQIaaHN2zmgxm1sRO6vaMe04kw4rt0GkVmhUwpSjeCottBnuY4a0uspImTWL2PQgSbg0ySQpUUtaEipSolQqqMcvZnX3yvVFnv+qQhyuHgJZLFovMk3WuR9qgrMC85W4KbcY+CryGRIh0QsPfbPdcG084yMiFXxyXnYHoPwKARlToB3ijWYoO1fDNlHukgX9uxe4/z0FFunszB45dJYdrdrh5aSSDtBEg8uOiBSB9p4V+LFGPZLck/pcCutjDCFu3opYjpw2s/tle4w6LQbvQpMXBrwuUrK1iW6NKxOLCe/X3oYdsBjTXNfZpeIlUKKd47GIJswjOlqxFLGaOMtKm+WPevd18rJbMTR7VwSfk6AUEVk16szwpu2AvDQBFaq0G1r2WTUUFXfam5hHDn3in1RQ/KY9WEme81kVvhPWOGZnnbMhgQu+rWSnaDj5jRJFkzq93IFPQJeVdo49SkOlHf+GsgLpcaOHCTRhnYcmlxb+AYkpDb5HJAv3aqLHDtDgS1onXKNiy1kk2zx1K1lJaRXZeM7GNr8foneZszdbQZ7vfT+4Ju7Ulkhu/8ZLVlelZes6DcAR23jUbc9EETznPLjSt+dtIZsgonk0VsDpR1BLmHUqzWP/ZVcRLk1wKKox0l13HMnaI9f9xSTRyIdODcOHA/xV7UiEJBY0EReNoqMwiv7yrDwJrPEaDmcwzpOY/JippEX0WniiAr1V6Rx1EhW+pj7xvTeS7v9eYcyjbv4muHOAv2D0SrGkJsQ1Bvd5GHC9a64NhupwEtShYmkRm89Bgq5cVFZctuIWwqyt4ndQVy4IDABlS3EvGRJlaOHpIAa56dMZMPbvJip3agf6WrTBdXspxq74Bdsr3i0y/demfOUE2VICvjRzP1bEBlYmTpPmGiNFGlwcnSi7u/8QPaJnxuaul1TVAq8v46hMYyXQYEtO1qbvxyh4ayJHUuNYvIOCadLadOi9RXmHKh/OXdHazCU3AzxytddE9WJIoMFEvuy4t653aELLaRidUz2aqb4dmSv9+dqYVeKexuviUXfzxC9ZrStSu73fzrwPBzwTvLHZo+jADznB6zVt133QsZsv7rDaGdNFbGFgtpCCXrUPGiP4CWy9W8DFR5FKZeHsR7M/Vj1Exp8L59KXLPPvoFf8lZssO+PSN8YeYAhOLagu8G+HLBMeOm+xfwQ8GhWTq9DsmVPL7FllgrQBfC2+v29VBpmmr7L/eoUl4C6isAc8fjnKypWMFcwBabFww5LmFbc/U7IcQYxRaFgRqH6Mboaw/dSuv156+fdeicRmN21cq59sfHvzlOEWzHF4VezDX5rUe5dRlgdsHKgoN6H/OlNqBOyDX4TSk0qBO6AlfKO0S6L6UqMXRol2S83J74hrX+97W6FVKRhZJb7Rr/+b8mZZtrq3YN1pO+SGdUmdhmuopwbItKuFOykx16rDsleVqJjVhXSuYQHIpYb/GpIJSDMlV0kdoPGv7m3VuBfdSKALggpB6BOSVCihcKcnCazFj0Q19DR9w6+oVS9sJU+orbSSfHvWTew1a6fzoz2zKzDsKy5/Xk3A24cNkmgkjxwrd1GXkJnJAy7xEcEedNa87Alw6ABSmXxHIHw0CfkOs9T2k3NqhnVuEgPvPpfIW2SoxPGfXBNmlgv2Hhadmc0x/IoR6q7idM250MOdHBvmEFX/fpsAh0dOmn1aqNdMsy4Qll39+leFmU5w4FoVrLhDl7qd2NXn3Sbdglu4HfCSX5eqdZQjlJmb55TnLleqI8J2CS7/sFZaroIbmX93zofZ6NohkYUJrkVLsqXtoVcvC1CBKZZZaLyYbTvptaAyYZFff8e/BYEl9tDxEeJs++E5nlRfcOImwbJVsmUrkN8bSJFAnk5nkVSTG4GJ1pLgvOd769nDN+pr6hrecaojYQlwNPV93qGUtcGpm6FQkvmbiBNOQClYHoVDvrVFBQ7CffVdBOWDq2cbxTFQKV1dU7O3mzRBtACe/99WPhep8Hyyu57pbrqZzOoDLWbuyEbWINYzq0/vyPS9o/R5a0l4zj3/Fqym/caNU1VpAWCZDScwT95jYNilE+73lN0R6RazdkKTa338faA2hfmEG7ACQ3+qCSAzEsxmF0+9CtqV5XN9SKhT1ZhkWy9pG/ZY5NlWZ4VlJqlQizE6mGOdEqsb+q/r+baUosPxeEuZi7QiQcqLJ/coXw9tBCAmGwdqoysfNu74Nnfj0dAZ/0i5XIbMFEVTe7/mCFtFF1j9fLNb0+tqWvLo10W403LH7HcZD2XIkzP7qvyThsKfUaHLppvFo+b2W+OCdXntM8C4UbiO+2F5J+LbYf+uVqb4B+DFt+zfx8ce6WNKS8VWyiaz1oeuR8GKCfwok/RJYXbJnuV1I3eodZy77p1Q0J2l5cGLVjC698H/HU2KU/qwaudwUlA5JsLPvcHZKsBfZKpHuJ9oSc+fzMUO+U+w/GpVkHUDW/8dN3wRy3KEyVuSlN9RgVwrVIdQYf/6BsJdlQxeiCd7IAfVEGJkjO6QAj0CA0an2UxobWRVU/8onlVFbCKPMLmd3n65cXs7YMTULJWG9RGMrLPrCh4ORcyL2nxYMkF8KQa7YS1DGLgSOaS4VZvPb7Dv+yh3RWym7SVXV0/2mB1O6yO2Wp7Dk4V+8/EiYSXqRg2VloZGt/fkKevb6lWc7hdzLzBhFP1nHvk367iPPMHd236YxT+6elHxnTN1bkPgDXPVLxambMq/A0fGD6ZsTlahRbrUDhtbDrX7LPdV9AwOCk07UCvZY8tafH6+oDnUYbrvcjWBa6vvfAlZ998DLGD1Uxjovz/jSSyd75RGb5/MhxV25XQuyVa+Pq7Xu6WLywcKRw+alL125GpkUypKUFsfSRosbqyCtuKZWrPGD5eolvoEscVemWqseJ0OtW1bfclYaHyE5ioDTyM8tEKXlHk7Kecr9wa1nQUfUYKV6UAqoa50Je14ze1FoB1dFjg7WhpoglOFf2KMr4o6kddvCFvCUsfTn8ftmXtTgGQovoU6fwsb8LFkX/1S3fMeTue51Dft7tu3fIc8aELGL5OGt5JHoV/U5ZThrT6NCxyP4SmTB2ZcbGkTjl3PI9ooskAa2XBSev7fgkkSloeyTKYr/9mgUTKdxGXgDOtDlM8nwgb3EDO1VMlSAWoJx/M6OKcRfB02PB8/53sSLULeIL+9vemQmEcygXvrjQI0nEYXTyrIrnzEHpPCTdeg7TWbIgIuwD4ssKTz8MJBl6M1f3PcYOKPHCVxXkFWxV/tv2Q8qEJikYyniPkWEhC1P73cDUJD96bGZpsaVVHJvDMfyQGshyjhbNc0pSWNLgAgqVL0sffojWtFLxBhSnO5fIZWR4XMmznhtpP3Bad/g1LMsscG+r14aZwhVmJL0T2+sG3YJND72uUb1YNftOQmMjReBVicwye59wjtGZp05YLdg3V3LDUm8/K6vIZaAHA6FSmRzuaLy/tewN43upManH5fWLBre5C3p6HF5fjo7L6/+QiwPtTgdP7//IRXDA9N+unOEVzj13AcV+569nF+SiI1DVYaBVrQ3ZJeMIIiZ2Vdmwq6iK9H3sYSG2ul+49yxivpApdsZXJ+OuLXQELMRiGRCP1vGrJXiXwREyz2sm4JA67ANoK38IW7G0cuUMGPGy2FpjJw08wssfT8ir5p0XmM9U2d179slXzykdUS5Y4xaSom5F8KFfC+hLby2rMI0FbhzBENJrFU+bBpEqu5JuKOO068gglSmcuPzKJSg10GnB36FDbP3x/G5BWclCASjvgO1MKYQbaLY6GeCILJsvijTdRbfPsGweNQ+oRrfQcFih81ErVXyKismIVQ5aKXZzXRwjIYHpevSqr7lKi5SZKrNuXxctIOprbLfP2PCsZO9eGJ+kjxKLvYKbo2nlZ59fk2chV+Jzwa2svGDcJXC4OLDXt7nU9ps/kBddQ4Noe2FuhNyKhiKkISlcMYtNk/pAp82EHsEE1w4LPSuz3K9CatIlrGiyI58G1TXOFoo+RlJ+GLixxEyQjDKxVDSD0XCMnCrXtRe/TkJDuJy5YcmVTH1w9L4sYC3qrAcUuUP6cqECdiGwNKRm3bgr2JK3hXCq5DuZAifPmNic/PicMJk8Jwv7L7D/ooLynWb65Md+/6JJ8vmS007n/NgyVFPCP5sRN6izdTk+uSubX8nlaKEGI1GR+r8uAs6yDIIGZQ9yL6BNFpfvtpB9fveFKiAffQDwjz9+fvfl9MPrH3/0MbcbqigbPJNbqW5ipizfecG+lAPWPWyDRjAqYgsRIWcnbpWS6jmgiX0udggqzFIqEJolMRlIzZSEgDiLbwXp8Q/EIjrfUtZtTvxg64CrfR6bqL0+sVPUdbFAuhRmkWqjYme+u3xtNINY/S2N9o6WOR94RtJDk132jcE6Ik1INtnnvYR8F0tiyQYNTeVU0Qyxh061txpRzzTb6T39TPngeoL3N1xY8EH+/9AddS8y+85/j3LE0pqNPgAZBfkoh6P0447hk/IIQVuNna3ppc9MFdFeRtm5Opk/OLNb5+Te7ZkuS1azY/jDXNLXkjJu17os5jILPOPivJ7b5ipxWXXQwKqnhMFwVGEZcz23IuIB8zkk8NqFW4fsozOZZYVoW6I66MRhhZseiu4Kbs3foF+mrrDpwyTrh2K7piL9D9nvNdtjM9SwQzjDg9F1B26A04XOWcJktCjRY2nwDv2WKtF1Ojx16Fpk+VxiMePrq3cz8t7bUfdBqf1Avh41lOD675fkawFqoHZrwcVcQbtSJ25wQ80guiMfyqSz3rCuSkpPIj6kdaIydhsBSzQ/yHB0F1XT4xx7MN00foMGyqnKEHbLkkUwL9A8YgJyRbRIo3WlbdCMW+2qQTqlpi0VPpTuAkSyzqiKlVZS0d3ltNO++MHeJ5p0wqmi0Jyvo5+FBJZxE6gqwsuVK7WEQFYu/kCgmtPonTB8xanox8s53ecs9oMTKrdlYEXP6KDFnCauMUr89BNLW4uIynuN8GKVb34Rt2Yd/X1PxDwxap7qqHXXa9Qt5cM8TxMIbziNzjHEHMSKiYhJkV3SGLHRYr6c6y0zSXT+IeZLLreaZvFjV+q0hdngUUfwuiRizgQmO2EiB5UtdtEC3ju08+QGh/iGcoyzwvJ5rqSR8/guKUd988vcWRzj0+Zod5PL1TzFWGxLOH78WyLmGb2dGxPLbNAkbE80B4RHIWMCCTQTeKBzrud8weex3aIN2n9BJB69MniNduxaiHXasbN667R/RaT9GyLtf0ak/S+ItP+KQ9vInNMFYLCUinp89UzMs4I74XuxQ3gnS+L5DYJckhWcrbIcR/q2Uiblq9hBSIEywxBKNHxN4ttGxFz7gESEHdQqwdEmLWEcbVLvdJEj9CJNRJVWjaKqGmms6gG3CCzESGMVMyzaTq1BIV4IdiuokBoShEO4+c2uCtKjsPlN5mYNNEUwq8ksnyccwYZtCSM4SRxdtdiZ+GZRS1mjUM6LOYJPI1HMsIRyhAQiPacrEMkuYtRVnbagfPcnpAsM3Ju5KwOKQtmXg8FB7QNrUagvVvnmNxwbtJ4vmPkrSqGxRM/j9oprEVYyOqvWKNfcUYVExc9y097GH63XVo0wmLW388c3jnjiTuxDIe6rycerIFejvWQcMHQYPV9ibCJbxkzObhLGkA30nOUuSHGOwupYvvkl1SbvFPOPRFurBIU2Z0vAUGO0MzRnkLJoCaNN2kzgnJJMpgUHnUiM1Q7E2QqBN8lcb6mJ2vO/Rr0vgjwKYQUrpo2i8S0he9oIEp+CHGupFdpaa1eJXCHxVx+Z7484AnWjgGYIgqRPBcKCjSdcb9eS6bnvMBuf+o4qinLA04FE2BiUN76/fWy6TBsqovc5TrVZFCpWs8CSKvheQRhUi+hY48vRZU5ybLKuc8MyfrPrQysNjNFc0TSNfQdYGtutWpYOQniLWDZPlJQZSlUiSxhBTWPZHCc4MlQ8wljm/CZ6eaZcxy9ZynKdKxaZKKeGmSJ69BlnAuKV2NlT1VE76lR0XfJtfLMWl77q6XzJ5f/P3tc9uXEjeb7fX4H1w0ma0FC27PHe+Lyz0dvdHvdNS+5VS/bExkRUgFVgESMUUAJQZNN//QUSqG8UyWYDRWnv5mHCapKJxFciP38Z/DlviEdI+Tc2b3CpY4hGkDjGho7AavDcBCbyKEeX51EucClkaAFWLKs8xjUrqEpjiIVCRTmwMfpAcKIBXCk43eAy3AJAh874s1RDp+Px7Ta0BRKlokzYBtDBLVERXjMSkuaJpx/Xk+luOZHh36wysU15g5MN2pm6JWtbvEY5ZBEKN11PnNDCwJENLQ3KxDqSgrOLlTIfJuk6VJ3/iDR5KGnwQEBJZJFLzPUIczcE5W0UwuGfXotE9uHDoAtoAMJS5AlWZcCGAV3SEoemKglmMfQ7SVJYB4s6Gol4+EU2lMNCuHYoC5lF4Di8I1NF8A0r6xuOkA+gSOhEANvwOIJxosin8AfAB9AajGoEU0rRPILgVWVoL5uSaYx7INMsuCKtZOpDxQ1AWIdrsdWlWangqJqblIculPB2i30qUQvSGXr6Otfhj5UlGj6i1/T0DE13VwZHa62yZZQ89EqyCG9hpYhMMhq66j1K24o6MhRjGXSqNC5Ce4M3CeVK41UEzWBDpY6hhm9KHgG6SQtZ8ZBuVh8smgdR9KLSAr2rOBoN3WSPRGyW9ytmNEOXkmRUo0ssM4dmqAD+3c+O7ZwVcZWmOoQCGWiijwDfIBUM+Up1mnwIyuOt3HVRMrEjo8aCB9dvJapgoN5HnjGzhtZnBP3OJMnJAyrwEGihjcXyvBo2A4nOJKMKmjPUo7utBwAlpKqyFFKjMfAoQts11ohqVEqymjoKT0jLfUwTCt/CO6ujYQFR7pDdJ3ChGeWxO/J3WDWjdflUSIuc6DWRi/b7ai2q0YuGECcbIpt2RFqgEktF0BuiMXQEt3cVN0vw/Fbk6tWdLXt9ga5ci6+XSK89XYoADPgdca2PgW2O3hL9G9WcKP8+jw91lMVbQcvu5hbB4HayimCZrheUUy9/0HN3BnztgfiEXhiQDPGK4YpDr9+8gj6uNYi7H8B9gNe+Z07x4bibOTUg3K5/8YSxbzYiCVjTdBzyKgyL3pMHDbdiyl0wRzfqCYHUNq57Cx2qOZvoeAnouRHbgQN+riIaSfKpIkrvAe0+PVv58Vj5VmWAtjx2VCuxhx6pJu+0707Zx5PlCGJjvb8DQrv6wTvzkL3/D/c3NIPdXNVCAcb2nw2wGsIl8T7yCJvHZYkVQTZdu+EGjW5Vs0vuF+fhlzet4BvOhbTw9d5lRAgrpAiBdmd4f78qibnC6QztfUcI03ZoDmpve2jSSkIHtH1Ml0QW1KobczHdDmkbc9ANZSQniJENYQgrRXNuN67t1+8/+gDJfEb5DePvOenLs3R6NpxVnH6qyLBNIvZfvg6/pyEmntYFpdZoaGYvZCo4J5BbgbZUr6cEBUKeypBGY5fkpPKiR5sWZjlBnjRPFBM5TTFDhoMJ0we4OC93MNREm8bzrV253ik/e510tq0YZLWGfuAxo1glaxHdJrBGXGOuQS+VtqmRkYrdFjx+PABkL43hFt4014glZQTLxQVTwhjivft2BcFy9LP7xQJd8F3zrxF1Dba84hrhbJGKoqw0kX4xHMWNbyYWzzz7argX0GOxtyFU/6N6/fU3fza271VnO+oV+8rLtjunSdiI2bGOG7wjEv1r45NTrxwbwJz/1oeu/4l/5nnLc+/U792PE5OXD8m2Z8OGKWacBXr7y/trM3ciiXWegL80oyqVpMQ83Rmt0qlnbJgLgmCFXqL3b35AN1x/+/olunl7df33H9CHG66//w493653iBOq10SidC2Ua5UmpCSphm998/2//8uLZ94VIXodUcYN1wNk6qLA/nY8KvLpe+Q1v7dn8aZmyn/Fs8+L6a5sOsD5iYBxRz/wPn4HimlrnfxKpa4wQ7cXb73M/i44iefLOu1k/JfgZOFfW8PuFyNCYSKHhSdswef4Bu/ZhxxrssVnaJEOp/sOXWSZBD+tPeU+dpqnNy3KU+OcT42F3Fy+ubOv0mR4rMBqxuhHz6lkNVX3dqObO8PKhPfLrOGJnSCCrKEZe3oNa00ssd215hUQHXZxllHzZczagG2nl7//nZvxABiTEC64cDf8qn8ERqy0udZR9LpjnzSM3joO74TUjUgeCd0MAmywAVTvDkteNfPa2/lQntePST2tN1MLz4nPbpzLi+u4A8sXKyVSalRO6zca6TjIyGWJeU4WjemUCr6ieSVJhpY7oEl4BllDfjlTngg9MCoandCWvYOuIuAdsIC6f7eEK7gDQJJCaJK4zO7weUbhlzbjKsGJTcWPQLrUMg7xVYQjsYpQLcxiXIdY+CdlhEXFWVJ74uKp5UML3sxjMRyt60w4gwZ7rddEcqLR+11JXqIP9TN2Cw6wb9Fd7QAbvQS/TGlqdaueGZSJCdO4Ztr5xV8izJhXmSjbL0KCG5aQmLch0ryBlGuBlIbHnHL04WZSoKSQIBtNXgUX2YaoKCO0fTOEJVGhM3oN2QglLvZFDJ2KDv72CNza1goJIzwP3ikSeDbKR0QtdEIDtSoPZp0ADEcppBOsEEY/CbnFMhv36UboIodkL4mwufEPkEu3JHpLCPernoFREx8b4xYas26ozjKDADIeMiNGM6Tc5blCWkJBtRFLrsWGf4obhvkccfwjHJR1gkjHRTmaYN9l2UZSNsaCzcGA7b88oSOVJAUUgk04PLjjIvZYappWDEsEeNGoZuL59cMPtyIXq5W/+ztJE70m0be3x+x7M6C9jR2+rw3fht2LSq8J1y5ZfJJtVYVETjguoccOOc36B0XkJMOi0qmYd6XdkNMM31dpSpSa4BmQx08DRzst8QT4QkbFzYXcIU9hwoi3OYRTj0cy4NFIJQjwqVJw864YueVTDpsfopGi1J/VJhwe3cS7iZFFLYWaAUZJ1szH+WEG+jDlSFFdeeQnguIC4kS0o7rGCuFMlOZ10WtCJRJb3m6ZXTiNHwQXxUReLfTkUNRC1M+rRBjlnvLMyB8hVbMAGP1EGUEXjrHFaBmOcfbyZmL2Tk4mjDfzP0u6wuQS3LushbCr4JujZyFC1rs/YSFsvt69q9cIvRLTCaFLEbN6wDP5JVnjDRUVaJepKEopCjqRoUjmZu6a4yWDIrIVutzPG+WbRuxEZHLIYU/rRF4GehwGbS5zAoOe8Rv+Yu9u55Vt79vksWvLLCuuh+VsoTX6DMrAk/QUs/4oLQje45xwImlaTwkWBBL9hqkFVK/hqfX1dkOO2UX6zUJpOR38rOd0CuzW2eb0ev+cnHphx4o4L69p2hjhmhZEGblutT1JSjIZRHK7EAwU4uBGAPDgE7dBHnm0TsHuPtvR+va4OX2TqGBNTo+emnMYH5rhaG4w41YgHCEMvtzZvT44Oznr3tmLFmRu8vDOBcNSnUeAHJDjjQD5co/jt4e3LFRrg3m27Dj5KGeVICHv2BHyY9bjGHJuo8PYKPVQgjbwUwev3Kn0OimIXoszRElwz5OMLBvua5MbDlhKUkT1Ou2J6rwTzPlrDSN7zmUkT8jfF3/6+mv0/Pbq4u4FuqJKU55XVK1JBqXwXl6YyEV0XKB9kTDIll1ZPtw2wxcnMsakiOxV3Ff/aXbVx0FzY8AjH6zp82OuSwpp/03db8fxBzz5YqaY+2DS20wxzEKh0w0m8g5ntFJ2BCQkUrSgDEsrnozYNHcohXfdX14F91zRbE6kkW6m/AdzEGov4gAXs73k8eosLvi+uw5hDVdp2PH/OicRfDI6C85xQzplGZnflSlkzMSAUcgGllrIHHP6+56sah7vKBy72CesdPdMTSz3ikpvLWkk1J+fzHDwWliIL4td1Mtq/plgptcplgSVkmSioBx7C+464ukOa0q4VgfT4xmec7a3+KyTtdCPpIx0cM3VeWYEV4mlBjCkdqr7xeqMYEdO2BwjUVckIxJrkiXBksr2nA8jfH6qR2yCZ3dSbGjWgIe57+GyZE5THR0MB/5jnrW+TutXcNpJ0mymWTZDOqw/vZuYprd5KGRObqiNnq+HivsEBFyjdIZsCv5YzZM8gM7U+VGnEjr3TNTqqKCxYoWUFtJKfEOtIBrDaM/gWwvzrWf+2Rc0yxiZT8q9gfGOlXOe7e3IvZPkXN0eY57p3rnROghDfFdHZ1+ikmGzZeZ9FhIRnspdOeXlh1TIGezJIzLoZGNb/iyURm9wuqZ8wqTLcCTJ8dVwrT9wyPQvJTHiw+hHFuRMLdBthkv0K/zD6keZ4Lbu9B/jxxOt8YYYzYkRLNGnisgdAgxCVQquSK1R+YtTzXwT+M088tJh4KWGsqQ1CiS307e4fNN81lOagdX2AL1z4KjHcgpdnuI6zIZnvIaW7oEYGdvQPbxUIVlx7rVj1cvm5bGRZwsjNVFj5ygmzsKMvxEYbSnPxFYhVZKUrmhqPnnpqxN0ebLjC2KmZ/ltc27Qc0CEJTxtnyEIXb7orBaqOLzjtyTH6Q59UH3g2yYCWwwLaYNn15oRZjDYJ177rqkFrECtGhwy8yKOVrzBAfBU//cqTaGcZ7x8/WnHV6in0Hmteu2ZMczQe9Dcb06Y7Dx5vVNTdRm+zvVey7prmPo0Cuh4NvM47JqAQX9v2oRMuw2jHfIDUhwufoaygZAtAScr3GDKGVlR7nz1IJwA1a/A5QToIHB3UqFYJN5aB8xA/QstGBufbey5OyylCWzKxoetNU7XxcwQ+O2osOBoZB11tyNKk5cl5eE6iAW9G2bKUFQY9/H0CKlu2Q5si4XRbsv7PV07R1zHffsOcF1iWZ8p8+eX7VS2azqCUkfmdhhb1ia/HzU9HbxniYW1EHIXb8N/VCXmfzmIGFMz0kdRr9Vz39NkluXHV0D9wNzOphKNZlXjre+f1eQpSAjXUpSniI5MVMuRc+GoM+7GNNY2OVCOADza6o557+GlKErMd819hGsH7fStvbIh0jxDCeUr4VcKsPoYu0bogPwYWJE1Z1sSFxV99SlWjsBPFWM79J8VZnRFSYauoO7ZOge9rGzJMkmF+EjPFHT/jSyRHb+1nzGb0uaDo8224fCy0qByn9jC9PBdf9cM4brsOHe09ckv0Ptdaafeeg7M4tgdnN48SVZJUDDZAduGB+uIkM+UD7Z2yMwcrrpGuexzZz2LpZC1tx9CzO9uJ7a8g5UT+DjVa1HG7UO0ZynMyAc99zWbUohImkifKTOO2Q9UYu13TaY8wSpktL9DWLpy+sCUK8kCbnOHasBdaYzRpJKhvCEdmorIBOfhbMqWdPDnqU86aPpjn7Q79REEC3nQhINqFd44MfSDneZG0VtLMkiVCa1R2SHmqCXsydz3MCyoV6/cf186Fl65/3B5TT63P2ZE+rPz3HTOGD23k+kGz8Hj2mm1NppO5hqiGZOK8hWRciLuOp73LPPqKv4Hl97rnp2ByRqXeNXZBs+VgrC2iHqlPEPMdvyubdzeHLv3kEEsu3/6GxknaE03/KTlmsh5/BFGZ3cZT88vofXjC3QJ4/tZI1LPBJYysc6XRLrmn6SXhbkHnJdEDR13FrKz4WbQZ6qDFL13p+nvp3olHw+N4t9tdE9/93tr6MdIMuXmb9eIk1xoajewXGM10QFKpXPDCnW20g4+3VzQbHW0DlCjBJfBGauB0+v6G39CiqL5HBUVfXyjpuvh+8lGy0aaUKWq4EonUIZkqXjeuqfFUIBDImVUH+hoU7rS89oMju4hOL1POs2SIdEgg7so8vN7SO3c/xh1pOdpTD5eeu7hcVqEKsWSTcwXfRhSdY5sLzNZYo4eroLDNKpYhOlH4izqSOAGX7XtSroPEsjW75CCeJ2Q6Ob+4m9v7tCdeafQL3yi+0rLbaRK6lO4fb8Vfm5BDKVrkn5UJzmRjxPCcTHIfE3nGrzOBiIM0kBdC8JWCu7RcomkI1DIMyi5lo8GFWTSaACeNdbVbB0+u1xuMKOZPYgeJoaCcDZU632CEFbsI9mpodgOdPLrBNLAtNdalyqh0IM2CmnYyhgLkuLP4DbRnNeVL0JSvTtwo1JRFFFx4o7k2/LhHEL+EvwtlYQNLc3QLpYtwzxR6lwNb83IVob/5mZb12h5ubWlxkkp6Bxp1T6GLQcIOACm/NYALGu6xpyPgDNiw025UYGRiZjtTLDNzcPieh7+dnvx1r17rwbDNw+KFnLo+w+O2UbVx2QjWBVrAS7qPs7c9blpOmPX7XwrTrVCzy0T6gWgdUBhb91Rd0AeAdPe2bAqkjS7dbx+4FS7dIFFv+hgQyRkCqwqhlLBU1JqYyjf2z2cgFfYbmNKX7vwxmCvW2gbRkshNRJmfX/+jwtfCq532UOfOyHz+RMshwUGPRfrEluwEy9QzF+vf7m7uUNv8ENBeda09fZvq5nb7GmYvSaKE9Ny0xjNbt+0GvXJX7IYPD3bVjkmq/kKNs9dhF9PObra0XOWOal8c+VQeh0Xezlk823KmbEC6hkX/+3rhpvCHJ6NNcnQtxv8JcaEPlN2o2tXDVZ8E9QtbHHvS6QqT4o6VuhHpaXg+V+WDKcfGVWaZD++cn972XxK+Yqk/o9WVJItZl5FBi9Z5zcI8wwpgSaOpSQ5VVrujGU/p7AosV47sP6GBzTkYcQkOKXmYtMWQtt6rVTIDgp5o082nBOuOzkpNd+uIeOi6aa2GFz+ad6n+M7ICldMJ3AnfkArzHqlyL0p9TP433aSI+pOkW3L+LZsTUu8WtEUGgksCeFILAE3ogPo1eyLwo+YzPBiH5jK+NY3LmPDNY+sThYqNkzShESReIsKohTOHS5RKoz8hgZmPkXyVuToiqQimwj7OFrBfVQW8zlgAtOA4TmlERRhmhdNrBDlSmOuazb8Nr6mJz3i2fid8qricA+psW61rXNq2xOgtbFtocPub1RzolS9+4e7IHCyIbILUFFiqQh6QzQGTd3V3DZDPb8VuXp1Z5NqX4zIX7l0sFatwOgdscLCnnDeYXMCSYZsorhwnhZtLlQeV3l2e/zG3fObq29cwMXCvrXWNWACPOBUIyZyu19jXBuYHXSydqcFvqf6fYfM793GLiZPxoj0SSfFdzJGlKdPyuSWbObdk9f/f0/274kZNc6GPO36iuU/Ey/W1WfD3SZWqPRprEkSMyv26csW6/4/jTOw/eIV3D+NOVxlVCeAR/05stc3nD4jxtYBO+oGZYzy0xiLqzHVkuPzPWkZOalZbNxlWxGSxS4CmQ5bdGETLZAkyUZ6yEhJeJoVMdBDRtQPWBHTqzh/nfmwMa53+exyjaYZaPmQZwUfvXzpHGq1iw40arRs5u/+tOsbtZeCp+ZxwFp87pbthLgBkLqI4rC7updmGJv80rnPtyJ3bV1dFQNgyRkTRBInqEZTX9EHkiFFoNNu78f9MdS0wVJvwoj2kw2WZhNGpB+1KWNPYHj/0mkHczSvR6zJ49YgIMTCnnP5c51X6k4kG55IRXiDPMxErnzHpuND+nLWl55ywEY/mlzYm7vNdy0e4MR1Hy7uaPZafKmLu/k+9vJ+///u8kaufXJrPJQL1pHW9ZZlCKOcbghvnGRfriJglug0/0VcCyT7HJW/LyOiMenQEOUukeRThL3uBg9hg2HeDszv2mGK3cFFeum82RrbCusUjyXIktTJox9uuP7meyQk+okJrL993U/zSgVf0byS0/kt7bxPUXe/4HlDGPRzLZsEy3gGzIyp7Ji6muhLdzAIucUyi6bU7e9UbxWSX3v6HkaSMDxOTbPQqu4RdWw7MEw4qapF+RCS5pRjVv+mr60cWIdY+teexIibu1+/9ywB8qLJogBL0HA0XuUQr097UMeK46mvz5rgLGJ5fc+0g6HQzdVToqSW326wFMicFiv9rJ1sLE2i+9lwk4PbKlpwUYzpcikYA9zUL1EAm9U7Q86NOXNUodQuXd0erqOo3opxO4vphf4MLb4iXX4uqmohlK4L95a70aY1nbgMQUWLku3cPpkvQzIzwekaKZoR9PxrpNeyQq//9KcXaItdK6F6lD0r8Vkor0eshOurE20p0i/mVNimKrVPocFdNVdZeSmg53gpNqSzGNRfolOLN6UlwcXk/Um/mGNz5qUiGT0JNOHQQn3l0xwbxwJdIapr3B8Q6a8sTGjN9Lid1T8Q1IvsiESv0TVPcakqhhuwskfJdR/1JwY/PLmVvlG+fY3+zUz3Jfr2W/RvKBXS6MsWc6BupvY/mf7f5otUof6i+OEvuMjIZ2vr8i1JUszYEqcf45c+ZYQLXbdGA7vCLGJd8wKmyVRXOjgc0cGM4MgA4DZmwLHtY6+FNJo131mtw3zQAaPwMYXQSlQ8My8Mg4YMChABjkte7N+IEeUQsUB3HfaEjSZ2YccEzj6Xd86xgxT9HZpRSpp6rA5nCne/DLawfe5rIWyefaxbjVas6m1boJ/F1mzN2OakHAlpjDEt0EdCygOL9lm8eF/IotnGFMkmZsPz61ryQFsq25+aQyf+jl24oRJapt5c9X3v3OPi6PZ0h8Wws3BX/eYKSSOtFThUxr1FJrv/NysRrZ757CvR70cykS8XJRQ0Fvwt+NU7QMNvejSnkmDXCGhCUJr/1YGYLyDw4kZKVMlobPSSz9acVzRWIewTU6RPA4069rzDrTNvQN0RyJ262mpxT8h/jwijFS+jdkGzxOihBZCQ6O7y4s7pvinmZnloUQo51HgRPJFfXBpE9Xm4Pz7YpwoMcV+rWzQ25av2J63BbvUcsMwX6PWfvkdbWPeCYI4wY35fQV39vEKt/whtiSSWLNaIEaw0EnxQLtJfxLOriV/2InruaoywrVu734TMYOEgq4mkay6YyHfDQNyKypEWi9CfULrGEqfaLiIB+CLDhe3gjirucnpYz2c+WVEbuqDbBupjBhH2dVswFkVhlEzB6zCCxNtJmQaSdaBW4hQ0Vhuj4M7nINK0kjVFpTHPsMwQF7LAjP7uy+8VsvCuT+ayHE5eouN64e1ZpJbrhplXjK4IzNhj4CuSCp5NKNjtdidKzwBo75sQ5akoSka09wBMOlExKPDTQNNKY6nPdJDvzdje4zx1lPsnc/L4FYIHR0LORgkSTwY94NmZFv6aZzGW3ZD8XfAzoefUo9cqpk2vfT9c4ZGIinajLxA043YtyB0cbs1dti8PzLO/Tz1su2Er8KeTlCQVMiNZvHfQJdm4Z0o1I9Y6Rp1p03yxG18fv1ZSFAugWkFRvkoJx5IKq9YXFdP0j5oSiXBZsrr6pcWyKTDHua80FyEG4Z3aXrRMWV4VovqZQmLLbWRM46IcegYdx3XXpPHt0wqla2qsG5ERtUBvKqXBTOoStehZE3m5WJMTN2mvAFutDN8bMocmBJtcD2jXzjZN46k9ENio1hnd0MxoNnAe/ILsvhZk7weL55/kQ0nlbDNs99PGgh7MSaSa7exklRF6Rl8zTMEB3e8bDbjpB9C+a3m2GA3ZoqtVoSVQEbwVZ7P+oa8KaJCfKlLNdpTM6banqJWPWwxtT6suAFeXzRKYC9XqoVnUgEpBb0EjyLS80BFe37yIwWuZRGC1TGJoz2VIUdQnGqrVR0s1gq7UeUXOY0IOzEfvGzN6Lh/15pwqNg/JtVOCBe0DMUBDCO0IwulIiQ+hWKuKnQk0X1Q6FQV5ZXlojBfXwGV0QjB3S9AzICcOCNkQSXVsaNAp9Gk3uisCnGpNOnD5zNy4zb7STaWLoQZxJ9vqvjV8/NqtDeZMYao4XTl+NpNnAxoXI81GnWGbTrBevn1dZCJuwq99K71rCQqJfrl3qbFU1QkBQ78ajF/v0FSVpCqFogEFx1FnC8xpnrXows3dnUThqZhO4kEXPVIU8aogkqaPlUXeuc3U+fmISrbmZlixZO/3aGobwjPok3xQbonlP8+AXlOHdsW4O22Xsfi14KPlhn7Aexmzkj4mVt1Xk51gnZhxXq41bnKLudAIN53U/Am0TORJnahyFqFeH8RHC/U5MFN6su+vkG4FqNVj2O9G8ReMprs5uu1MyIU7YMCBa3O2m5DLFYuZN+1fwHeVA//3i1PBNXmIrbE2DN20rQLq6qosU+b/4FHFrGbIBwBz4HFO15jnJOFkG1sWTAUuybYT6gclRGtJl5UmHQkxztFXlnWjrXefv4mmxCUOJuyalWOjDh2z3BwwBIf5RZaZrv7mMW6hAswsWA04qNqcL7khcoHuid2UShG5wDkBKG+X6b4SsuZhRLsmY/X2FH6P7O87uBVCoqUUW/NZ/de07uNozK5JPOmb7A5LHdpN1xAO7VFxd0qMqkPnulOCZW0P0khXSpTEBRRjvcUXHGFGpG6yi2Q7qPubDW858dEBAYAkJI/CnCEu+B8lKQlYMvuyH+boi9LH0fd1Q7F63CtqI2x1+Gc0M9dUo5X16AoGXEK1CUeC/zEX5r/3vASgpCQexTHivHEnGPgKGDBMihWCDvOUqAW6b2XKsLFBt7IqDseXtpyvUsaIsSWjNtkmc+K36WaSskrp+kC6f4y2CX5CldlJVxPt/BtG8YVPp1Wg2bUfe8P8Fr2FZYqnlD07ZHgZLq+AC4SVEikFf6nZDa89CRt2Sz+SHzqNDKFx4UtUSuiJ8hIRnT7zK8pY4lANqw8EsWAooolUqMQKULwUADm4btKiKIwUE72g/bi0huh0r7pn34NzaXydPYzwMFnxnYqirMZ3MMK2YbSlPBNbl0/ruk2+bDIpJhdjNM1VxdgOfaows87PTBSYuka8MO96ICYmnq6u1zNSA/tRazjKP5LM1QLViehYgXfKGSjmk68a1hY027dxbIQKEVXUdTs7WbfEkIGavV/uz8XXL6XzvKL7MVxPE3QmsqDDxk6xXaxuzE6bvP2a9reBNe0VZfHveDPln2C05hpLklUpQXXkiPjdbbanfuJ5TaM9Ive9Nv7D97HzAJoXZtIvQNKP6iTIgRAeYze6eejWWK2bG2rUQk+VYZWubeZvXWPTlBle1pQGEGFmIs0wCyVT86vm3+NKU2TkOUcUcu4qnjKCpfkTAOG1rLkCwrrza13YeTj6YIVfNcZ5+qxfrFQUy6Z976r3YLmyUfmI12tDZaXm9vR1tRFgYNrjN0+A1HMlLu3oFpNx2lNqLbj5GtdaL/PNlWvBjZ474Ia6N6Ut+jW8vfDr1dYBfa4G/879fHPV7e/aiImx96AfkbNpgHYKC3uIjCzYUuU3UjdqFxPLvh/VdQXaVl3Y68fm1vieud3xZTMwurk6qMmG8s8d0GQNY6951mq0C3Rp6zMd3imzH+zXZoFB2f/GN185d9yy0k3lptDNY1RxRpRdGWEflK1AGywpXrJRFaAFZaAclQxPCAJFuIqKj9Lb0K6qakdeGEllNIy6vpCafb5/dXM31KGRg4y1HoWpuuwTGwoeXQvZRlosk+iGa3RPc45BWEwc0VLImOC1z0byyxzSu1p3E4DqCP9pGOncZThlmfAcnLe/vEeUp6zKiBFnrpGt+fkCPb9+wEXJyA/ozjpELFmQ3gu/XwQic7PHNsE51T4tfs6o+mhU7hP4ekQpXseN+dY9De+o+rgn5KolzXMi47Ww8y/Zr91YgOMBtNO1JGotWGZOj7XVJzqN9kLvM3gWxrF3J5Wfv7M6xosGjOPmyl9GcnR0PhVFmcycdwW74nKvoI2r9e+pavlHw47gUJ+6gnYzIqvSKSvNqaVnyhrrct5ISyEBecDI9Zq/iS5xWGZbLM+ToTdG1TfSFbuHyExiAhr5uRGiGL3BaY2n7FdujQia1Y4R/I+1gir3SyFrawZvai0JVsFzg5XGugqlODf+KEzZ2cwOM/hSPCCavZp+v8zLWs3BoeHowwj42N4Fw4X/6tbvWOTue6NDfjXuu3fKc0a5qELFODt1JCoPfqeMJA3pdBh5ZL8LTDg2MmPvSFwwZuQeUlWaEqVWFUPXZnyUiowocyRqsF+/ZUF5Rh4CLwCjSp+meT5RtsDAYIrJmoklkRDfLLCkDDJ4PB48G3/nOcKwiH80v/XOjEc4h2JpwYXOpBG70dHzJp+zJFKVrujWSpjRkjkVoU2IrxGeXkwUGVo31/g9jp1QYpWvJsnL+arst82HmHKFMqIxZR4nw1JUuvO7iakJNntuZu2xxU0eG/Ax/ZBqUpQsWjbPBcrICrsQkEO+rGP4LlvTaMUbIhneQSGXFu5xRc89N9J8AFa3+zVZ1VXg1levNNUVADMi78Ra22AM2PTU6xo0itXx76Q4NKcRZFUqisLcpzjH6NJSR7ST7FtKsaGZ9Z/VKHIFUZOJUJlITw80Pt5b9hNlrdaYdvPy/KrBQwlJT+eR9fXocWX9P8XyRL/TydP7P2LpAjD+21XSeMC5V5BQbHf+/u4G3YwUqi4b0VBrXXXJfg4CFnY11bB5UEP6Mf4wl1vtV+6tiEiWIotd8TWquBsqHY4XZHiZUI/W4dESbMhghsrzjgvYlQ7bBNomHkJzmjWhnAknXhHaahyVgQd4+cMpec28yyrmM1V39777YNFz6kAUJGs8kLTqehFs6teS+MpbaxSmfYkbMzhCvF7xrO8Qaaor8QZThseBDNS4whHUV66IlBOdFuwdOsXXHy7u5oyVwgFA2QDsaEou3UDRfDEhEWmRLKss2wX3z9AiCVoH1KFbKXIa0PleL1V4ipKKgCgHgxK7RFVzFCRQ1c1etZiruMqobirrWlw0x5GvsV1bsWFFSRte2D9JmyUWegU3s1nll79eo+euVuLXihldeUkZFHBAHtj1QymU+eYL9Mexo4EPozAfudjyniGkSFoBmMWmT32i02aKZ3DBDdNCL+sq97euNOmW5DjdoQ+T5hqjS4nPUZTvBu4tMeWowJSvJC7I3nSMEkvo2hsfJ6GnXN7BsOityGxydAsL2Mk68zCFDmhfkCpgFiKWhdTHjXtLtujnioMp+UZkhKHnlG8Wf3iJqEhfoqX5P2L+D3PMdoqqxR/88UWdlsmK4VHn/NA6VF/Dv7xDMCj4ukBO7urmV2K1F6hBi6ic2r8uHZ81DIIi0hxkL0ObIqzcHXD265vfsCTovU0A/sMffn3z28W76z/8webcbrDEdPJMboX8GLJk+eAF+60esBthm3SCYR5aiXA1O2FRSprnAKfmudhFMGFWQhKuaBpSgHRcSRE4LsJ7QTzxgVBEky2m4+bET/YOAPZ5aKLm+oQuUVfVMtKl0MtMaRm68h3qtaM5xLpvabB3tK75iOckPbXYpW0MNlJpXLFJW/fi6l0MiRWddDTVU43miD11ql40Is80h+U9fqF8Mp7g4x0Xhnmn/78bj9qqzLbz31mOWNbx0TtG9jJ5lsNRx3H38SfEDElbvZ3t2KXPdZPRXmfZAU7mC3C7jU7u4ch0DVlN54iHQdHXClNm1roGc7lzMuPmqlvbBkhcxhzUJPdAGExnFdY514lREU+YzymJ15Bu7aqPLkVRVHzoiRpxx08Dbnoqd2/Jg/4r8evUDW/qNM36qbzdY579h/BHzVreNNb0FMnwZO7GA/eYU5UqaUpFsCzRuSx44H6LJR8HHT531hUvykTEEsb3b9/coV+sH7VNSvUz8mnWVIL7/7xFnyoiJ7BbK8YTSYZInXGTGzoO0R16VxededO6Gi09DfiQdomK0G0EDNHyJMfRIaraExx7Mt0sfIMGzLAsIuyWIRvBvYDLgAXIDdEqC9aVtkczLNpVj3SG9VArfCrdJeHpusAyVFlJQ3dX4lH74idHn3A6SqcKQjNZBz8LKVmFLaBqCK9ygFqKQFYs/xmBaomDd8KwiFPBjxcE3RMa+sFxyG0FMapncKZ5glNojBK+/MTQVjyg8d4hvMzLzXf8Qa+Dv+8pT1Itk0wFxV3vUDeUT4s8HUF4w3BwicETwnPKAxZFjknHyI3mySpRW6rT4PKDJysmtgoX4XNXurS53sSjHiHqkvKE8pjihPKSyGK5C5bwPqJdph/jEN9gFuOs0DIppdAiCR+SAuqb7xLwOIanzaLdTSbyJIux2IZw+Py3lCcFfki0DuU26BM2J5qRCI9CQXkkpimPx3TJVMKWLAkdFu3R/joi8eDI4B3aobEQu7RDV/V2af8pIu3vI9L+14i0/1dE2n+OQ1uLkuEliSFSGurhzTOeFBUD5Xu5i/BO1sTLjxH0kqJiNC/KONq30TIxy0MnITnKNIZSosinNLxvhCfKJiRG2EEl0zjWpCEcx5pUO1WVEXqRprwpq45iqmqhjelBHiKIEC20Mcxi0QazJgrxitMHjrlQJI1wCDffm1WJ9ChsvhelXhOcRXCriaJMUhbBh20IRwiSAF253OnwblFDWUWhXFZJhJhGKqmmKWYRCohUgnPC013ArKsubY7Z7neSLWPwvUkABjQKZQsHE4drm1gbhfoyLzffx/FBq2RJ9Z+jAI2lKgnbK25AWIrgolpFueZAlaQyfJWbsj7+YL22OoSJXls/f3jniCUOal8U4hZNPhyCXIf2ijISw4ZRySrGJtJVyOLsPuEYuoFKaAlJikkUUUfLzXeZ0uUIzD8QbSXTKLQZXZEYZowCR3NBMhqsYLRPm/I4p6QQWcWISkWM1XbEaR5BNolSbbEO2vO/Q92XQR6EsCQ5VVri8J6QlnYEjU+SMtZSy2hrrQCJXEaSrzYz3x7xCNS1JLiIoEjaUqBYbMdTrrdrQVViO8yGp77DEkc54NlEIWwIyhvb3z40Xao05sH7HGdKLysZqllgTZXYXkExqFbBeQ2vR9c1yaHJQueGVfhm16ciDeyjmeMsC30HaBY6rFpDB0V4i2iRpFKIIgoqkSEcwUyjRRInOdIhHsVY5vJjcHimUoWHLKWlKiUNTJRhTXUVPPuMUU7CQey0VFXQjjoNXSi+De/WYsKiniYrJoI/5w3xCCn/xuYNLnUM0QgSx9jQEVgNnpvARB7l6PI8ygUuhQwtwIpllce4ZgVVaQyxUKgoBzZGHwhONIArBacbXIZbAOjQGX+Wauh0PL7dhrZAolSUCdsAOrglKsJrRkLSPPH043oy3S0nMvybVSa2KW9wskE7U7dkbYvXKIcsQuGm64kTWhg4sqGlQZlYR1JwdrFS5sMkXYeq8x+RJg8lDR4IKIkscom5HmHuhqC8jUI4/NNrkcg+fBh0AQ1AWIo8waoM2DCgS1ri0FQlwSyGfidJCutgUUcjEQ+/yIZyWAjXDmUhswgch3dkqgi+YWV9wxHyARQJnQhgGx5HME4U+RT+APgAWoNRjWBKKZpHELyqDO1lUzKNcQ9kmgVXpJVMfai4AQjrcC22ujQrFRxVc5Py0IUS3m6xTyVqQTpDT1/nOvyxskTDR/Sanp6h6e7K4GitVbaMkodeSRbhLawUkUlGQ1e9R2lbUUeGYiyDTpXGRWhv8CahXGm8iqAZbKjUMdTwTckjQDdpISse0s3qg0XzIIpeVFqgdxVHo6Gb7JGIzfJ+xYxm6FKSjGp0iWXm0AwVwL/72bGdsyKu0lSHUCADTfQR4BukgiFfqU6TD0F5vJW7LkomdmTUWPDg+q1EFQzU+8gzZtbQ+oyg35kkOXlABR4CLbSxWJ5Xw2Yg0ZlkVEFzhnp0t/UAoIRUVZZCajQGHkVou8YaUY1KSVZTR+EJabmPaULhW3hndTQsIModsvsELjSjPHZH/g6rZrQunwppkRO9JnLRfl+tRTV60RDiZENk045IC1RiqQh6QzSGjuD2ruJmCZ7fily9urNlry/QlWvx9RLptadLEYABvyOu9TGwzdFbon+jmhPl3+fxoY6yeCto2d3cIhjcTlYRLNP1gnLq5Q967s6Arz0Qn9ALA5IhXjFccej1m1fQx7UGcfcDuA/w2vfMKT4cdzOnBoTb9S+eMPbNRiQBa5qOQ16FYdF78qDhVky5C+boRj0hkNrGdW+hQzVnEx0vAT03YjtwwM9VRCNJPlVE6T2g3adnKz8eK9+qDNCWx45qJfbQI9XknfbdKft4shxBbKz3d0BoVz94Zx6y9//h/oZmsJurWijA2P6zAVZDuCTeRx5h87gssSLIpms33KDRrWp2yf3iPPzyphV8w7mQFr7eu4wIYYUUIdDuDO/vVyUxVzidob3vCGHaDs1B7W0PTVpJ6IC2j+mSyIJadWMuptshbWMOuqGM5AQxsiEMYaVozu3Gtf36/UcfIJnPKL9h/D0nfXmWTs+Gs4rTTxUZtknE/svX4fc0xMTTuqDUGg3N7IVMBecEcivQlur1lKBAyFMZ0mjskpxUXvRo08IsJ8iT5oliIqcpZshwMGH6ABfn5Q6GmmjTeL61K9c75Wevk862FYOs1tAPPGYUq2QtotsE1ohrzDXopdI2NTJSsduCx48HgOylMdzCm+YasaSMYLm4YEoYQ7x3364gWI5+dr9YoAu+a/41oq7BlldcI5wtUlGUlSbSL4ajuPHNxOKZZ18N9wJ6LPY2hOp/VK+//ubPxva96mxHvWJfedl25zQJGzE71nGDd0Sif218cuqVYwOY89/60PU/8c88b3nunfq9+3Fi8vIh2fZs2DDFjLNAb395f23mTiSxzhPwl2ZUpZKUmKc7o1U69YwNc0EQrNBL9P7ND+iG629fv0Q3b6+u//4D+nDD9fffoefb9Q5xQvWaSJSuhXKt0oSUJNXwrW++//d/efHMuyJEryPKuOF6gExdFNjfjkdFPn2PvOb39ize1Ez5r3j2eTHdlU0HOD8RMO7oB97H70Axba2TX6nUFWbo9uKtl9nfBSfxfFmnnYz/Epws/Gtr2P1iRChM5LDwhC34HN/gPfuQY022+Awt0uF036GLLJPgp7Wn3MdO8/SmRXlqnPOpsZCbyzd39lWaDI8VWM0Y/eg5laym6t5udHNnWJnwfpk1PLETRJA1NGNPr2GtiSW2u9a8AqLDLs4yar6MWRuw7fTy979zMx4AYxLCBRfuhl/1j8CIlTbXOoped+yThtFbx+GdkLoRySOhm0GADTaA6t1hyatmXns7H8rz+jGpp/VmauE58dmNc3lxHXdg+WKlREqNymn9RiMdBxm5LDHPyaIxnVLBVzSvJMnQcgc0Cc8ga8gvZ8oToQdGRaMT2rJ30FUEvAMWUPfvlnAFdwBIUghNEpfZHT7PKPzSZlwlOLGp+BFIl1rGIb6KcCRWEaqFWYzrEAv/pIywqDhLak9cPLV8aMGbeSyGo3WdCWfQYK/1mkhONHq/K8lL9KF+xm7BAfYtuqsdYKOX4JcpTa1u1TODMjFhGtdMO7/4S4QZ8yoTZftFSHDDEhLzNkSaN5ByLZDS8JhTjj7cTAqUFBJko8mr4CLbEBVlhLZvhrAkKnRGryEbocTFvoihU9HB3x6BW9taIWGE58E7RQLPRvmIqIVOaKBW5cGsE4DhKIV0ghXC6Ccht1hm4z7dCF3kkOwlETY3/gFy6ZZEbwnhftUzMGriY2PcQmPWDdVZZhBAxkNmxGiGlLs8V0hLKKg2Ysm12PBPccMwnyOOf4SDsk4Q6bgoRxPsuyzbSMrGWLA5GLD9lyd0pJKkgEKwCYcHd1zEHktN04phiQAvGtVMPL9++OFW5GK18nd/J2mi1yT69vaYfW8GtLexw/e14duwe1HpNeHaJYtPsq2qkMgJxyX02CGnWf+giJxkWFQ6FfOutBtymuH7Kk2JUhM8A/L4aeBopyWeAF/IqLi5kDvkKUwY8TaHcOrxSAY8GqkEAT5VCm7eFSO3fMph80M0UpT6s9qEw6ObeDcxsqilUDPAKMma+Tg/zEAfphwpqiuP/ERQXECciHZU11ghnInSvC56TahEYsvbLbMLp/GD4KKYyKuFnhyKWoj6eZUIo9xTnhn5I6RqFgCjnygj6MIxthgtwzHOXt5MzN7JyYTxZv5nSVeYXIJ7l7UQdhV8c/QsRMh69ycshM3Xu3f1GqFXYjohdCliVg94Jr8ka7yhogLtMhVFKUVBJzIUydzMXXO8ZFBEtkKX+3mjfNOInYhMDjnsaZ3Iy0CPw6DNZU5g0DN+w1/s3e28su19mzx2bZllxfWwnC20Rp9BGXiSnmLWH6UFwXucE04kTespwYJAot8wtYDqNTy1vt5uyDG7SL9ZKC2ng5/1nE6B3TrbnF7vn5NTL+xYEeflNU0bI1zTgigj1622J0lJJoNIbheCgUIc3AgAHnziNsgjj9Yp2N1nO1rfHjenbxIVrMnp0VNzDuNDMxzNDWbcCoQjhMGXO7vXB2cnZ907e9GCzE0e3rlgWKrzCJADcrwRIF/ucfz28JaFam0wz5YdJx/lrBIk5B07Qn7MehxDzm10GBulHkrQBn7q4JU7lV4nBdFrcYYoCe55kpFlw31tcsMBS0mKqF6nPVGdd4I5f61hZM+5jOQJ+fviT19/jZ7fXl3cvUBXVGnK84qqNcmgFN7LCxO5iI4LtC8SBtmyK8uH22b44kTGmBSRvYr76j/Nrvo4aG4MeOSDNX1+zHVJIe2/qfvtOP6AJ1/MFHMfTHqbKYZZKHS6wUTe4YxWyo6AhESKFpRhacWTEZvmDqXwrvvLq+CeK5rNiTTSzZT/YA5C7UUc4GK2lzxencUF33fXIazhKg07/l/nJIJPRmfBOW5Ipywj87syhYyZGDAK2cBSC5ljTn/fk1XN4x2FYxf7hJXunqmJ5V5R6a0ljYT685MZDl4LC/FlsYt6Wc0/E8z0OsWSoFKSTBSUY2/BXUc83WFNCdfqYHo8w3PO9hafdbIW+pGUkQ6uuTrPjOAqsdQAhtROdb9YnRHsyAmbYyTqimREYk2yJFhS2Z7zYYTPT/WITfDsTooNzRrwMPc9XJbMaaqjg+HAf8yz1tdp/QpOO0mazTTLZkiH9ad3E9P0Ng+FzMkNtdHz9VBxn4CAa5TOkE3BH6t5kgfQmTo/6lRC556JWh0VNFaskNJCWolvqBVEYxjtGXxrYb71zD/7gmYZI/NJuTcw3rFyzrO9Hbl3kpyr22PMM907N1oHYYjv6ujsS1QybLbMvM9CIsJTuSunvPyQCjmDPXlEBp1sbMufhdLoDU7XlE+YdBmOJDm+Gq71Bw6Z/qUkRnwY/ciCnKkFus1wiX6Ff1j9KBPc1p3+Y/x4ojXeEKM5MYIl+lQRuUOAQahKwRWpNSp/caqZbwK/mUdeOgy81FCWtEaB5Hb6Fpdvms96SjOw2h6gdw4c9VhOoctTXIfZ8IzX0NI9ECNjG7qHlyokK869dqx62bw8NvJsYaQmauwcxcRZmPE3AqMt5ZnYKqRKktIVTc0nL311gi5PdnxBzPQsv23ODXoOiLCEp+0zBKHLF53VQhWHd/yW5DjdoQ+qD3zbRGCLYSFt8OxaM8IMBvvEa981tYAVqFWDQ2ZexNGKNzgAnur/XqUplPOMl68/7fgK9RQ6r1WvPTOGGXoPmvvNCZOdJ693aqouw9e53mtZdw1Tn0YBHc9mHoddEzDo702bkGm3YbRDfkCKw8XPUDYQsiXgZIUbTDkjK8qdrx6EE6D6FbicAB0E7k4qFIvEW+uAGah/oQVj47ONPXeHpTSBTdn4sLXG6bqYGQK/HRUWHI2so+52RGnysqQ8XAexoHfDTBmKCuM+nh4h1S3bgW2xMNpteb+na+eI67hv3wGuSyzrM2X+/LKdynZNR1DqyNwOY8va5PejpqeD9yyxsBZC7uJt+I+qxPwvBxFjakb6KOq1eu57msyy/PgKqB+Y29lUotGsarz1/bOaPAUJ4VqK8hTRkYlqOXIuHHXG3ZjG2iYHyhGAR1vdMe89vBRFifmuuY9w7aCdvrVXNkSaZyihfCX8SgFWH2PXCB2QHwMrsuZsS+Kioq8+xcoR+KlibIf+s8KMrijJ0BXUPVvnoJeVLVkmqRAf6ZmC7r+RJbLjt/YzZlPafHC02TYcXlYaVO4TW5gevuvvmiFclx3njrY++QV6vyvt1FvPgVkcu4PTmyfJKgkKJjtg2/BgHRHymfLB1g6ZmcNV1yiXfe6sZ7EUsvb2Q4j53e3ElnewcgIfp3otyrh9iPYshRn5oOe+ZlMKEUkT6TNlxjH7gUqs/a7JlCdYhYz2dwhLV04fmHIlWcBt7lANuCuNMZpUMpQ3pENTEZngPJxN2ZIO/jz1SQdNf+yTdqc+gmAhD5pwUK3CGyeGfrDT3Ch6a0kGqTKhNSo7xBy1hD2Z+x6GBfXqlfvvS8fCK/cfLq/J5/bHjEh/dp6bzhmj53Yy3eA5eFw7rdZG08lcQzRjUlG+IlJOxF3H855lXl3F/+DSe92zMzBZ4xKvOtvguVIQ1hZRr5RniNmO37WN25tj9x4yiGX3T38j4wSt6YaftFwTOY8/wujsLuPp+SW0fnyBLmF8P2tE6pnAUibW+ZJI1/yT9LIw94Dzkqih485CdjbcDPpMdZCi9+40/f1Ur+TjoVH8u43u6e9+bw39GEmm3PztGnGSC03tBpZrrCY6QKl0blihzlbawaebC5qtjtYBapTgMjhjNXB6XX/jT0hRNJ+joqKPb9R0PXw/2WjZSBOqVBVc6QTKkCwVz1v3tBgKcEikjOoDHW1KV3pem8HRPQSn90mnWTIkGmRwF0V+fg+pnfsfo470PI3Jx0vPPTxOi1ClWLKJ+aIPQ6rOke1lJkvM0cNVcJhGFYsw/UicRR0J3OCrtl1J90EC2fodUhCvExLd3F/87c0dujPvFPqFT3RfabmNVEl9Crfvt8LPLYihdE3Sj+okJ/JxQjguBpmv6VyD19lAhEEaqGtB2ErBPVoukXQECnkGJdfy0aCCTBoNwLPGupqtw2eXyw1mNLMH0cPEUBDOhmq9TxDCin0kOzUU24FOfp1AGpj2WutSJRR60EYhDVsZY0FS/BncJprzuvJFSKp3B25UKooiKk7ckXxbPpxDyF+Cv6WSsKGlGdrFsmWYJ0qdq+GtGdnK8N/cbOsaLS+3ttQ4KQWdI63ax7DlAAEHwJTfGoBlTdeY8xFwRmy4KTcqMDIRs50Jtrl5WFzPw99uL966d+/VYPjmQdFCDn3/wTHbqPqYbASrYi3ARd3Hmbs+N01n7Lqdb8WpVui5ZUK9ALQOKOytO+oOyCNg2jsbVkWSZreO1w+capcusOgXHWyIhEyBVcVQKnhKSm0M5Xu7hxPwCtttTOlrF94Y7HULbcNoKaRGwqzvz/9x4UvB9S576HMnZD5/guWwwKDnYl1iC3biBYr56/Uvdzd36A1+KCjPmrbe/m01c5s9DbPXRHFiWm4ao9ntm1ajPvlLFoOnZ9sqx2Q1X8HmuYvw6ylHVzt6zjInlW+uHEqv42Ivh2y+TTkzVkA94+K/fd1wU5jDs7EmGfp2g7/EmNBnym507arBim+CuoUt7n2JVOVJUccK/ai0FDz/y5Lh9COjSpPsx1fuby+bTylfkdT/0YpKssXMq8jgJev8BmGeISXQxLGUJKdKy52x7OcUFiXWawfW3/CAhjyMmASn1Fxs2kJoW6+VCtlBIW/0yYZzwrXc/Y//GwAA//9WxwJp" } diff --git a/x-pack/filebeat/module/fortinet/firewall/_meta/fields.yml b/x-pack/filebeat/module/fortinet/firewall/_meta/fields.yml index aa1ec9eb99c..bc2ddf7602e 100644 --- a/x-pack/filebeat/module/fortinet/firewall/_meta/fields.yml +++ b/x-pack/filebeat/module/fortinet/firewall/_meta/fields.yml @@ -766,6 +766,11 @@ description: > ESP Transform + - name: eventtype + type: keyword + description: > + UTM Event Type + - name: exch type: keyword description: > @@ -2006,6 +2011,11 @@ description: > Security action performed by UTM + - name: utmref + type: keyword + description: > + Reference to UTM + - name: vap type: keyword description: > diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml index 734e2832f26..c19f8e832bb 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml @@ -3,6 +3,10 @@ processors: - set: field: event.kind value: event +- set: + field: event.action + value: "{{fortinet.firewall.action}}" + ignore_empty_value: true - set: field: event.outcome value: failure @@ -16,24 +20,29 @@ processors: value: - user - start + allow_duplicates: false if: "['FSSO-logon', 'auth-logon'].contains(ctx.fortinet?.firewall?.action)" - append: field: event.type value: - user - end + allow_duplicates: false if: "['FSSO-logoff', 'auth-logout'].contains(ctx.fortinet?.firewall?.action)" - append: field: event.type value: connection + allow_duplicates: false if: "ctx.fortinet?.firewall?.subtype == 'vpn'" - append: field: event.category value: network + allow_duplicates: false if: "ctx.fortinet?.firewall?.subtype == 'vpn'" - append: field: event.type value: info + allow_duplicates: false if: "ctx.fortinet?.firewall?.action == 'perf-stats'" - append: field: event.category @@ -42,16 +51,19 @@ processors: - append: field: event.type value: info + allow_duplicates: false if: "ctx.fortinet?.firewall?.subtype == 'update'" - append: field: event.category value: - host - malware + allow_duplicates: false if: "ctx.fortinet?.firewall?.subtype == 'update'" - append: field: event.category value: authentication + allow_duplicates: false if: "ctx.fortinet?.firewall?.subtype == 'user'" - rename: field: fortinet.firewall.dstip @@ -95,10 +107,6 @@ processors: target_field: destination.domain ignore_missing: true if: "ctx.destination?.address == null" -- rename: - field: fortinet.firewall.group - target_field: source.user.group.name - ignore_missing: true - convert: field: fortinet.firewall.sentbyte target_field: source.bytes @@ -144,10 +152,6 @@ processors: field: fortinet.firewall.saddr target_field: source.address ignore_missing: true -- rename: - field: fortinet.firewall.agent - target_field: user_agent.original - ignore_missing: true - rename: field: fortinet.firewall.file target_field: file.name @@ -167,18 +171,10 @@ processors: target_field: event.code ignore_missing: true if: "ctx.event?.code == null" -- rename: - field: fortinet.firewall.msg - target_field: message - ignore_missing: true - rename: field: fortinet.firewall.policyid target_field: rule.id ignore_missing: true -- rename: - field: fortinet.firewall.proto - target_field: network.iana_number - ignore_missing: true - rename: field: fortinet.firewall.dir target_field: network.direction @@ -207,21 +203,10 @@ processors: return } ctx.network.direction = k; -- rename: - field: fortinet.firewall.service - target_field: network.protocol - ignore_missing: true -- lowercase: - field: network.protocol - ignore_missing: true - rename: field: fortinet.firewall.error_num target_field: error.code ignore_missing: true -- rename: - field: fortinet.firewall.hostname - target_field: url.domain - ignore_missing: true - rename: field: fortinet.firewall.logdesc target_field: rule.description diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml index c103fd14700..24a47a80abf 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml @@ -24,7 +24,7 @@ processors: source: | def fw = ctx?.fortinet?.firewall; if (fw != null) { - fw.entrySet().removeIf(entry -> entry.getValue() == "N/A"); + fw.entrySet().removeIf(entry -> entry.getValue() == "N/A" || entry.getValue() == "undefined"); } - set: field: observer.vendor @@ -35,12 +35,6 @@ processors: - set: field: observer.type value: firewall -- set: - field: event.module - value: fortinet -- set: - field: event.dataset - value: fortinet.firewall - set: field: event.timezone value: "{{fortinet.firewall.tz}}" @@ -198,18 +192,7 @@ processors: ) - remove: field: - - _temp.time - - _temp - message - - syslog5424_sd - - syslog5424_pri - - fortinet.firewall.tz - - fortinet.firewall.date - - fortinet.firewall.devid - - fortinet.firewall.eventtime - - fortinet.firewall.time - - fortinet.firewall.duration - - host ignore_missing: true - pipeline: name: '{< IngestPipeline "event" >}' @@ -220,6 +203,73 @@ processors: - pipeline: name: '{< IngestPipeline "utm" >}' if: "ctx.fortinet?.firewall?.type == 'utm' || ctx.fortinet?.firewall?.type == 'dns'" +- rename: + field: fortinet.firewall.reason + target_field: event.reason + ignore_missing: true +- rename: + field: fortinet.firewall.msg + target_field: message + ignore_missing: true +- rename: + field: fortinet.firewall.proto + target_field: network.iana_number + ignore_missing: true +- script: + lang: painless + ignore_failure: true + if: ctx?.network?.iana_number != null + source: | + if (ctx?.network == null) { + ctx.network = new HashMap(); + } + def iana_number = ctx.network.iana_number; + if (iana_number == '1') { + ctx.network.transport = 'icmp'; + } else if (iana_number == '2') { + ctx.network.transport = 'igmp'; + } else if (iana_number == '6') { + ctx.network.transport = 'tcp'; + } else if (iana_number == '17') { + ctx.network.transport = 'udp'; + } else if (iana_number == '58') { + ctx.network.transport = 'ipv6-icmp'; + } +- rename: + field: fortinet.firewall.group + target_field: source.user.group.name + ignore_missing: true +- uri_parts: + field: fortinet.firewall.url + remove_if_successful: true + ignore_failure: true + if: "ctx.fortinet?.firewall?.url != null" +- set: + field: url.domain + value: "{{fortinet.firewall.hostname}}" + ignore_empty_value: true + if: "ctx?.url?.domain == null" +- rename: + field: fortinet.firewall.service + target_field: network.protocol + ignore_missing: true +- lowercase: + field: network.protocol + ignore_missing: true +- set: + field: network.type + value: ipv4 + if: (ctx.source?.ip != null && ctx.source?.ip.contains('.')) || (ctx.destination?.ip != null && ctx.destination?.ip.contains('.')) +- set: + field: network.type + value: ipv6 + if: ctx.source?.ip != null && ctx.source?.ip.contains(':') || (ctx.destination?.ip != null && ctx.destination?.ip.contains(':')) +- community_id: + ignore_missing: true + ignore_failure: true +- user_agent: + field: fortinet.firewall.agent + ignore_missing: true - convert: field: fortinet.firewall.quotamax type: long @@ -315,30 +365,37 @@ processors: - append: field: related.ip value: "{{source.ip}}" + allow_duplicates: false if: "ctx.source?.ip != null" - append: field: related.ip value: "{{destination.ip}}" + allow_duplicates: false if: "ctx.destination?.ip != null" - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" - append: field: related.user value: "{{destination.user.name}}" + allow_duplicates: false if: "ctx.destination?.user?.name != null" - append: field: related.hosts value: "{{destination.address}}" + allow_duplicates: false if: "ctx.destination?.address != null" - append: field: related.hosts value: "{{source.address}}" + allow_duplicates: false if: "ctx.source?.address != null" - append: field: related.hosts value: "{{dns.question.name}}" + allow_duplicates: false if: "ctx.dns?.question?.name != null" - script: lang: painless @@ -354,6 +411,45 @@ processors: } } } +- remove: + field: + - _temp + - syslog5424_sd + - syslog5424_pri + - fortinet.firewall.tz + - fortinet.firewall.date + - fortinet.firewall.devid + - fortinet.firewall.eventtime + - fortinet.firewall.time + - fortinet.firewall.duration + - host + - fortinet.firewall.hostname + - fortinet.firewall.agent + ignore_missing: true +- script: + lang: painless + description: This script processor iterates over the whole document to remove fields with null values. + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx); on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml index 5166332e2a1..c1fe4c56945 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml @@ -11,32 +11,39 @@ processors: field: event.outcome value: success if: "ctx.fortinet?.firewall?.action != null" +- append: + field: event.type + value: denied + allow_duplicates: false + if: "['block', 'blocked', 'deny', 'close', 'server-rst'].contains(ctx.fortinet?.firewall?.action) || ['block'].contains(ctx.fortinet?.firewall?.utmaction)" +- append: + field: event.type + value: allowed + allow_duplicates: false + if: "(ctx.fortinet?.firewall?.utmaction == null || ['allow'].contains(ctx.fortinet?.firewall?.action)) && !['block', 'blocked', 'deny', 'close', 'server-rst'].contains(ctx.fortinet?.firewall?.action)" - append: field: event.category value: network + allow_duplicates: false - append: field: event.type value: connection + allow_duplicates: false - append: field: event.type value: start + allow_duplicates: false if: "ctx.fortinet?.firewall?.action == 'start'" - append: field: event.type value: end + allow_duplicates: false if: "ctx.fortinet?.firewall?.action != null && ctx.fortinet?.firewall?.action !='start'" - append: field: event.type value: protocol + allow_duplicates: false if: "ctx.fortinet?.firewall?.app != null && ctx.fortinet?.firewall?.action != 'deny'" -- append: - field: event.type - value: allowed - if: "ctx.fortinet?.firewall?.utmaction == null && ctx.fortinet?.firewall?.action != 'deny'" -- append: - field: event.type - value: denied - if: "ctx.fortinet?.firewall?.utmaction == 'block'" - rename: field: fortinet.firewall.dstip target_field: destination.ip @@ -81,10 +88,6 @@ processors: field: fortinet.firewall.dstunauthuser target_field: destination.user.name ignore_missing: true -- rename: - field: fortinet.firewall.group - target_field: source.user.group.name - ignore_missing: true - convert: field: fortinet.firewall.sentbyte target_field: source.bytes @@ -151,10 +154,6 @@ processors: target_field: event.code ignore_missing: true if: "ctx.event?.code == null" -- rename: - field: fortinet.firewall.msg - target_field: message - ignore_missing: true - rename: field: fortinet.firewall.comment target_field: rule.description @@ -185,21 +184,6 @@ processors: pattern: "\\." replacement: "-" ignore_missing: true -- rename: - field: fortinet.firewall.proto - target_field: network.iana_number - ignore_missing: true -- rename: - field: fortinet.firewall.service - target_field: network.protocol - ignore_missing: true -- lowercase: - field: network.protocol - ignore_missing: true -- rename: - field: fortinet.firewall.url - target_field: url.path - ignore_missing: true - remove: field: - fortinet.firewall.dstport diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml index a788aa4c8bc..5ff1efe20ec 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml @@ -3,25 +3,42 @@ processors: - set: field: event.kind value: event +- set: + field: event.kind + value: alert + if: "['virus', 'ips'].contains(ctx.fortinet?.firewall?.subtype) || ctx.fortinet?.firewall?.attack != null" +- set: + field: event.action + value: "{{fortinet.firewall.action}}" + ignore_empty_value: true +- set: + field: event.outcome + value: success + if: "ctx.fortinet?.firewall?.action != null" +- append: + field: event.type + value: allowed + allow_duplicates: false + if: "['pass', 'passthrough', 'exempt'].contains(ctx.fortinet?.firewall?.action)" - append: field: event.type value: denied - if: "['block', 'blocked'].contains(ctx.fortinet?.firewall?.action)" + allow_duplicates: false + if: "['block', 'blocked', 'deny', 'close', 'server-rst', 'dropped'].contains(ctx.fortinet?.firewall?.action)" - append: field: event.type value: info + allow_duplicates: false if: "ctx.fortinet?.firewall?.subtype == 'dns'" -- append: - field: event.type - value: allowed - if: "['pass', 'passthrough'].contains(ctx.fortinet?.firewall?.action)" -- set: - field: event.outcome - value: success - if: "ctx.fortinet?.firewall?.action != null" - append: field: event.category value: network + allow_duplicates: false +- append: + field: event.category + value: intrusion_detection + allow_duplicates: false + if: ctx.fortinet?.firewall?.subtype == 'ips' - rename: field: fortinet.firewall.dstip target_field: destination.ip @@ -61,10 +78,6 @@ processors: field: fortinet.firewall.recipient target_field: destination.user.email ignore_missing: true -- rename: - field: fortinet.firewall.group - target_field: source.user.group.name - ignore_missing: true - rename: field: fortinet.firewall.locip target_field: source.ip @@ -126,10 +139,6 @@ processors: target_field: source.user.email ignore_missing: true if: "ctx.source?.user?.email == null" -- rename: - field: fortinet.firewall.agent - target_field: user_agent.original - ignore_missing: true - rename: field: fortinet.firewall.app target_field: network.application @@ -198,10 +207,6 @@ processors: target_field: event.id ignore_missing: true if: "ctx.event?.id == null" -- rename: - field: fortinet.firewall.eventtype - target_field: event.action - ignore_missing: true - rename: field: fortinet.firewall.filename target_field: file.name @@ -241,10 +246,6 @@ processors: target_field: file.extension ignore_missing: true if: "ctx.file?.extension == null" -- rename: - field: fortinet.firewall.hostname - target_field: url.domain - ignore_missing: true - rename: field: fortinet.firewall.ipaddr target_field: dns.resolved_ip @@ -262,10 +263,6 @@ processors: target_field: event.code ignore_missing: true if: "ctx.event?.code == null" -- rename: - field: fortinet.firewall.msg - target_field: message - ignore_missing: true - rename: field: fortinet.firewall.policy_id target_field: rule.id @@ -281,10 +278,6 @@ processors: target_field: rule.ruleset ignore_missing: true if: "ctx.rule?.ruleset == null" -- rename: - field: fortinet.firewall.proto - target_field: network.iana_number - ignore_missing: true - rename: field: fortinet.firewall.qclass target_field: dns.question.class @@ -297,17 +290,6 @@ processors: field: fortinet.firewall.qtype target_field: dns.question.type ignore_missing: true -- rename: - field: fortinet.firewall.service - target_field: network.protocol - ignore_missing: true -- lowercase: - field: network.protocol - ignore_missing: true -- rename: - field: fortinet.firewall.url - target_field: url.path - ignore_missing: true - rename: field: fortinet.firewall.xid target_field: dns.id diff --git a/x-pack/filebeat/module/fortinet/firewall/test/event.log b/x-pack/filebeat/module/fortinet/firewall/test/event.log new file mode 100644 index 00000000000..48b5d206117 --- /dev/null +++ b/x-pack/filebeat/module/fortinet/firewall/test/event.log @@ -0,0 +1,27 @@ +<189>date=2020-04-23 time=12:32:48 devname="testswitch3" devid="someotherrouteridagain" logid="0102043014" type="event" subtype="user" level="notice" vd="root" eventtime=1587231168439640874 tz="-0500" logdesc="FSSO logon authentication status" srcip=10.10.10.10 user="elasticouser" server="elasticserver" action="FSSO-logon" msg="FSSO-logon event from FSSO_elasticserver: user elasticouser logged on 10.10.10.10" +<187>date=2020-04-23 time=12:32:47 devname="testswitch3" devid="someotherrouteridagain" logid="0101037124" type="event" subtype="vpn" level="error" vd="root" eventtime=1587231168339114138 tz="-0500" logdesc="IPsec phase 1 error" msg="IPsec phase 1 error" action="negotiate" remip=8.8.4.4 locip=8.8.8.8 remport=500 locport=500 outintf="wan2" cookies="345hkjhdrs87/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="negotiate_error" reason="peer SA proposal not match local policy" peer_notif="NOT-APPLICABLE" +<189>date=2020-04-23 time=12:32:31 devname="testswitch3" devid="someotherrouteridagain" logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1587231151628960857 tz="-0500" logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=8.4.5.4 locip=9.9.9.9 remport=500 locport=500 outintf="wan1" cookies="df868dsg876d/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="elasticvpn" status="success" init="local" mode="main" dir="outbound" stage=1 role="initiator" result="OK" +<189>date=2020-04-23 time=14:32:09 devname="testswitch3" devid="someotherrouteridagain" logid="0100040704" type="event" subtype="system" level="notice" vd="root" eventtime=1587231129938795255 tz="-0300" logdesc="System performance statistics" action="perf-stats" cpu=0 mem=10 totalsession=23 disk=0 bandwidth="23/4" setuprate=0 disklograte=0 fazlograte=0 freediskstorage=331 sysuptime=25170 msg="Performance statistics: average CPU: 0, memory: 23, concurrent sessions: 20, setup-rate: 0" +<189>date=2020-04-23 time=12:32:09 devname="testswitch3" devid="someotherrouteridagain" logid="0102043039" type="event" subtype="user" level="notice" vd="root" eventtime=1587231130109462858 tz="-0500" logdesc="Authentication logon" srcip=10.10.10.10 user="elastiiiuser" authserver="FSSO_elastiauth" action="auth-logon" status="logon" msg="User elastiiiuser added to auth logon" +<189>date=2020-04-23 time=12:32:00 devname="testswitch3" devid="someotherrouteridagain" logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1587231120608961118 tz="-0500" logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=8.8.5.4 locip=7.6.3.4 remport=500 locport=500 outintf="wan1" cookies="345khj34566/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="testvpn" status="success" init="local" mode="main" dir="outbound" stage=1 role="initiator" result="OK" +<189>date=2020-04-23 time=14:24:13 devname="testswitch3" devid="someotherrouteridagain" logid="0100041006" type="event" subtype="system" level="notice" vd="root" eventtime=1587230655301863513 tz="-0300" logdesc="FortiSandbox AV database updated" version="1.522479" msg="FortiSandbox AV database updated" +<190>date=2020-04-23 time=12:23:47 devname="testswitch3" devid="someotherrouteridagain" logid="0107045057" type="event" subtype="endpoint" level="information" vd="root" eventtime=1587230627558979735 tz="-0500" logdesc="FortiClient connection added" action="add" status="success" license_limit="unlimited" used_for_type=3 connection_type="sslvpn" count=2 user="elastico" ip=172.16.0.2 name="somerouter" fctuid="645234fdd01F885824F764" msg="Add a FortiClient Connection." +<190>date=2020-04-23 time=12:23:47 devname="testswitch3" devid="someotherrouteridagain" logid="0101039943" type="event" subtype="vpn" level="information" vd="root" eventtime=1587230627334405765 tz="-0500" logdesc="SSL VPN new connection" action="ssl-new-con" tunneltype="ssl" tunnelid=2 remip=8.8.8.6 user="N/A" group="N/A" dst_host="N/A" reason="N/A" msg="SSL new connection" +<190>date=2020-04-23 time=12:23:47 devname="testswitch3" devid="someotherrouteridagain" logid="0101039947" type="event" subtype="vpn" level="information" vd="root" eventtime=1587230627698970007 tz="-0500" logdesc="SSL VPN tunnel up" action="tunnel-up" tunneltype="ssl-tunnel" tunnelid=2345 remip=8.8.5.4 tunnelip=10.10.10.10 user="someuser" group="somegroup" dst_host="N/A" reason="tunnel established" msg="SSL tunnel established" +<189>date=2020-04-23 time=14:16:42 devname="testswitch3" devid="someotherrouteridagain" logid="0102043015" type="event" subtype="user" level="notice" vd="root" eventtime=1587230204674924332 tz="-0300" logdesc="FSSO log off authentication status" srcip=192.168.1.1 user="elasticadmin" server="FSSO_somefssoserver" action="FSSO-logoff" msg="FSSO-logoff event from FSSO_somefssoserver: user elasticuser logged off 1192.168.1.1" +<189>date=2020-04-23 time=12:16:02 devname="testswitch3" devid="someotherrouteridagain" logid="0100022915" type="event" subtype="system" level="notice" vd="root" eventtime=1587230163121116383 tz="-0500" logdesc="FortiCloud server connected" server="9.9.9.9" action="connect" msg="FortiCloud 9.9.9.9 server is connected" +<189>date=2020-04-23 time=12:16:02 devname="testswitch3" devid="someotherrouteridagain" logid="0100022913" type="event" subtype="system" level="notice" vd="root" eventtime=1587230163375149856 tz="-0500" logdesc="FortiCloud server disconnected" server="4.4.4.4" action="disconnect" reason="connection reset" msg="FortiCloud 4.4.4.4 server is disconnected" +<190>date=2020-11-02 time=08:11:38 devname=testfirewall devid=newrouterid logid=0101037127 type="event" subtype=vpn level=notice vd=root logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action=negotiate remip=8.8.8.8 locip=10.10.10.10 remport=500 locport=500 outintf="port1" cookies="125cbf9ee8349965/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="P1_Test" status=success init=local mode=aggressive dir=outbound stage=1 role=initiator result=OK +<190>date=2019-05-13 time=11:20:54 logid="0100032001" type="event" subtype="system" level="information" vd="vdom1" eventtime=1557771654587081441 logdesc="Admin login successful" sn="1557771654" user="admin" ui="ssh(172.16.200.254)" method="ssh" srcip=172.16.200.254 dstip=172.16.200.2 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(172.16.200.254)" +<190>date=2019-05-13 time=14:21:42 logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1557782502722231889 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=50.1.1.101 locip=50.1.1.100 remport=500 locport=500 outintf="port14" cookies="9091f4d4837ea71c/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="test" status="success" init="local" mode="main" dir="outbound" stage=1 role="initiator" result="OK" +<190>date=2019-05-13 time=15:55:56 logid="0102043008" type="event" subtype="user" level="notice" vd="root" eventtime=1557788156913809277 logdesc="Authentication success" srcip=10.1.100.11 dstip=172.16.200.55 policyid=1 interface="port10" user="bob" group="local-group1" authproto="TELNET(10.1.100.11)" action="authentication" status="success" reason="N/A" msg="User bob succeeded in authentication" +<189>date=2019-05-14 time=08:32:13 logid="0107045057" type="event" subtype="endpoint" level="information" vd="root" eventtime=1557847933900764210 logdesc="FortiClient connection added" action="add" status="success" license_limit="unlimited" used_for_type=4 connection_type="sslvpn" count=1 user="skubas" ip=172.18.64.250 name="VAN-200957-PC" fctuid="52C66FE08F724FE0B116DAD5062C96CD" msg="Add a FortiClient Connection." +<189>date=2019-05-14 time=08:19:38 logid="0107045058" type="event" subtype="endpoint" level="information" vd="root" eventtime=1557847179037488154 logdesc="FortiClient connection closed" action="close" status="success" license_limit="unlimited" used_for_type=5 connection_type="sslvpn" count=1 user="skubas" ip=172.18.64.250 name="VAN-200957-PC" fctuid="52C66FE08F724FE0B116DAD5062C96CD" msg="Close a FortiClient Connection." +<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880370858 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="FCTEMS0000011111_AV-Running" msg="Updated tag FCTEMS0000011111_AV-Running." +<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880455433 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="MAC_FCTEMS0000011111_AV-Running" msg="Updated tag MAC_FCTEMS0000011111_AV-Running." +<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880744919 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="FCTEMS0000011111_Connected-to-EMS" msg="Updated tag FCTEMS0000011111_Connected-to-EMS." +<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880784143 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="MAC_FCTEMS0000011111_Connected-to-EMS" msg="Updated tag MAC_FCTEMS0000011111_Connected-to-EMS." +<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900027938 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="FCTEMS0000011111_AV-Running" msg="Updated tag FCTEMS0000011111_AV-Running." +<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900167367 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="MAC_FCTEMS0000011111_AV-Running" msg="Updated tag MAC_FCTEMS0000011111_AV-Running." +<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900749585 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="FCTEMS0000011111_Connected-to-EMS" msg="Updated tag FCTEMS0000011111_Connected-to-EMS." +<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900961834 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="MAC_FCTEMS0000011111_Connected-to-EMS" msg="Updated tag MAC_FCTEMS0000011111_Connected-to-EMS." diff --git a/x-pack/filebeat/module/fortinet/firewall/test/event.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/event.log-expected.json new file mode 100644 index 00000000000..12a32029605 --- /dev/null +++ b/x-pack/filebeat/module/fortinet/firewall/test/event.log-expected.json @@ -0,0 +1,1179 @@ +[ + { + "@timestamp": "2020-04-23T12:32:48.000-05:00", + "event.action": "FSSO-logon", + "event.category": [ + "authentication" + ], + "event.code": "0102043014", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:32:48.439-05:00", + "event.timezone": "-0500", + "event.type": [ + "start", + "user" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "FSSO-logon", + "fortinet.firewall.server": "elasticserver", + "fortinet.firewall.subtype": "user", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 0, + "message": "FSSO-logon event from FSSO_elasticserver: user elasticouser logged on 10.10.10.10", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.10.10.10" + ], + "related.user": [ + "elasticouser" + ], + "rule.description": "FSSO logon authentication status", + "service.type": "fortinet", + "source.ip": "10.10.10.10", + "source.user.name": "elasticouser", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:32:47.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 500, + "event.action": "negotiate", + "event.category": [ + "network" + ], + "event.code": "0101037124", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "failure", + "event.reason": "peer SA proposal not match local policy", + "event.start": "2020-04-18T12:32:48.339-05:00", + "event.timezone": "-0500", + "event.type": [ + "connection" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "negotiate", + "fortinet.firewall.cookies": "345hkjhdrs87/0000000000000000", + "fortinet.firewall.outintf": "wan2", + "fortinet.firewall.peer_notif": "NOT-APPLICABLE", + "fortinet.firewall.status": "negotiate_error", + "fortinet.firewall.subtype": "vpn", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "error", + "log.offset": 413, + "message": "IPsec phase 1 error", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "8.8.4.4", + "8.8.8.8" + ], + "rule.description": "IPsec phase 1 error", + "service.type": "fortinet", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "8.8.8.8", + "source.port": 500, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:32:31.000-05:00", + "destination.as.number": 3356, + "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.4.5.4", + "destination.port": 500, + "event.action": "negotiate", + "event.category": [ + "network" + ], + "event.code": "0101037127", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:32:31.628-05:00", + "event.timezone": "-0500", + "event.type": [ + "connection" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "negotiate", + "fortinet.firewall.cookies": "df868dsg876d/0000000000000000", + "fortinet.firewall.init": "local", + "fortinet.firewall.mode": "main", + "fortinet.firewall.outintf": "wan1", + "fortinet.firewall.result": "OK", + "fortinet.firewall.role": "initiator", + "fortinet.firewall.stage": "1", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "vpn", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "fortinet.firewall.vpntunnel": "elasticvpn", + "input.type": "log", + "log.level": "notice", + "log.offset": 981, + "message": "progress IPsec phase 1", + "network.direction": "outbound", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "8.4.5.4", + "9.9.9.9" + ], + "rule.description": "Progress IPsec phase 1", + "service.type": "fortinet", + "source.as.number": 19281, + "source.as.organization.name": "Quad9", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "FR", + "source.geo.country_name": "France", + "source.geo.location.lat": 48.8582, + "source.geo.location.lon": 2.3387, + "source.ip": "9.9.9.9", + "source.port": 500, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T14:32:09.000-03:00", + "event.action": "perf-stats", + "event.category": [ + "host" + ], + "event.code": "0100040704", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2020-04-18T14:32:09.938-03:00", + "event.timezone": "-0300", + "event.type": [ + "info" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "perf-stats", + "fortinet.firewall.bandwidth": "23/4", + "fortinet.firewall.cpu": "0", + "fortinet.firewall.disk": "0", + "fortinet.firewall.disklograte": "0", + "fortinet.firewall.fazlograte": "0", + "fortinet.firewall.freediskstorage": "331", + "fortinet.firewall.mem": 10, + "fortinet.firewall.setuprate": "0", + "fortinet.firewall.subtype": "system", + "fortinet.firewall.sysuptime": "25170", + "fortinet.firewall.totalsession": "23", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 1555, + "message": "Performance statistics: average CPU: 0, memory: 23, concurrent sessions: 20, setup-rate: 0", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "System performance statistics", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:32:09.000-05:00", + "event.action": "auth-logon", + "event.category": [ + "authentication" + ], + "event.code": "0102043039", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:32:10.109-05:00", + "event.timezone": "-0500", + "event.type": [ + "start", + "user" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "auth-logon", + "fortinet.firewall.authserver": "FSSO_elastiauth", + "fortinet.firewall.status": "logon", + "fortinet.firewall.subtype": "user", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 2045, + "message": "User elastiiiuser added to auth logon", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.10.10.10" + ], + "related.user": [ + "elastiiiuser" + ], + "rule.description": "Authentication logon", + "service.type": "fortinet", + "source.ip": "10.10.10.10", + "source.user.name": "elastiiiuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:32:00.000-05:00", + "destination.as.number": 3356, + "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.5.4", + "destination.port": 500, + "event.action": "negotiate", + "event.category": [ + "network" + ], + "event.code": "0101037127", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:32:00.608-05:00", + "event.timezone": "-0500", + "event.type": [ + "connection" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "negotiate", + "fortinet.firewall.cookies": "345khj34566/0000000000000000", + "fortinet.firewall.init": "local", + "fortinet.firewall.mode": "main", + "fortinet.firewall.outintf": "wan1", + "fortinet.firewall.result": "OK", + "fortinet.firewall.role": "initiator", + "fortinet.firewall.stage": "1", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "vpn", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "fortinet.firewall.vpntunnel": "testvpn", + "input.type": "log", + "log.level": "notice", + "log.offset": 2423, + "message": "progress IPsec phase 1", + "network.direction": "outbound", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "7.6.3.4", + "8.8.5.4" + ], + "rule.description": "Progress IPsec phase 1", + "service.type": "fortinet", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "7.6.3.4", + "source.port": 500, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T14:24:13.000-03:00", + "event.code": "0100041006", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2020-04-18T14:24:15.301-03:00", + "event.timezone": "-0300", + "fileset.name": "firewall", + "fortinet.firewall.subtype": "system", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "fortinet.firewall.version": "1.522479", + "input.type": "log", + "log.level": "notice", + "log.offset": 2993, + "message": "FortiSandbox AV database updated", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "FortiSandbox AV database updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:23:47.000-05:00", + "event.action": "add", + "event.code": "0107045057", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2020-04-18T12:23:47.558-05:00", + "event.timezone": "-0500", + "fileset.name": "firewall", + "fortinet.firewall.action": "add", + "fortinet.firewall.connection_type": "sslvpn", + "fortinet.firewall.count": "2", + "fortinet.firewall.fctuid": "645234fdd01F885824F764", + "fortinet.firewall.ip": "172.16.0.2", + "fortinet.firewall.license_limit": "unlimited", + "fortinet.firewall.name": "somerouter", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "endpoint", + "fortinet.firewall.type": "event", + "fortinet.firewall.used_for_type": "3", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 3297, + "message": "Add a FortiClient Connection.", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.user": [ + "elastico" + ], + "rule.description": "FortiClient connection added", + "service.type": "fortinet", + "source.user.name": "elastico", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:23:47.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.6", + "event.action": "ssl-new-con", + "event.category": [ + "network" + ], + "event.code": "0101039943", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2020-04-18T12:23:47.334-05:00", + "event.timezone": "-0500", + "event.type": [ + "connection" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "ssl-new-con", + "fortinet.firewall.subtype": "vpn", + "fortinet.firewall.tunnelid": "2", + "fortinet.firewall.tunneltype": "ssl", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 3767, + "message": "SSL new connection", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "8.8.8.6" + ], + "rule.description": "SSL VPN new connection", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:23:47.000-05:00", + "destination.as.number": 3356, + "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.5.4", + "event.action": "tunnel-up", + "event.category": [ + "network" + ], + "event.code": "0101039947", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.reason": "tunnel established", + "event.start": "2020-04-18T12:23:47.698-05:00", + "event.timezone": "-0500", + "event.type": [ + "connection" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "tunnel-up", + "fortinet.firewall.subtype": "vpn", + "fortinet.firewall.tunnelid": "2345", + "fortinet.firewall.tunnelip": "10.10.10.10", + "fortinet.firewall.tunneltype": "ssl-tunnel", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 4144, + "message": "SSL tunnel established", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "8.8.5.4" + ], + "related.user": [ + "someuser" + ], + "rule.description": "SSL VPN tunnel up", + "service.type": "fortinet", + "source.user.group.name": "somegroup", + "source.user.name": "someuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T14:16:42.000-03:00", + "event.action": "FSSO-logoff", + "event.category": [ + "authentication" + ], + "event.code": "0102043015", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T14:16:44.674-03:00", + "event.timezone": "-0300", + "event.type": [ + "end", + "user" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "FSSO-logoff", + "fortinet.firewall.server": "FSSO_somefssoserver", + "fortinet.firewall.subtype": "user", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 4575, + "message": "FSSO-logoff event from FSSO_somefssoserver: user elasticuser logged off 1192.168.1.1", + "network.type": "ipv4", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.1.1" + ], + "related.user": [ + "elasticadmin" + ], + "rule.description": "FSSO log off authentication status", + "service.type": "fortinet", + "source.ip": "192.168.1.1", + "source.user.name": "elasticadmin", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:16:02.000-05:00", + "event.action": "connect", + "event.code": "0100022915", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2020-04-18T12:16:03.121-05:00", + "event.timezone": "-0500", + "fileset.name": "firewall", + "fortinet.firewall.action": "connect", + "fortinet.firewall.server": "9.9.9.9", + "fortinet.firewall.subtype": "system", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 5000, + "message": "FortiCloud 9.9.9.9 server is connected", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "FortiCloud server connected", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:16:02.000-05:00", + "event.action": "disconnect", + "event.code": "0100022913", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.reason": "connection reset", + "event.start": "2020-04-18T12:16:03.375-05:00", + "event.timezone": "-0500", + "fileset.name": "firewall", + "fortinet.firewall.action": "disconnect", + "fortinet.firewall.server": "4.4.4.4", + "fortinet.firewall.subtype": "system", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 5320, + "message": "FortiCloud 4.4.4.4 server is disconnected", + "observer.name": "testswitch3", + "observer.product": "Fortigate", + "observer.serial_number": "someotherrouteridagain", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "FortiCloud server disconnected", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-11-02T08:11:38.000Z", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 500, + "event.action": "negotiate", + "event.category": [ + "network" + ], + "event.code": "0101037127", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.type": [ + "connection" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "negotiate", + "fortinet.firewall.cookies": "125cbf9ee8349965/0000000000000000", + "fortinet.firewall.init": "local", + "fortinet.firewall.mode": "aggressive", + "fortinet.firewall.outintf": "port1", + "fortinet.firewall.result": "OK", + "fortinet.firewall.role": "initiator", + "fortinet.firewall.stage": "1", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "vpn", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "fortinet.firewall.vpntunnel": "P1_Test", + "input.type": "log", + "log.level": "notice", + "log.offset": 5675, + "message": "progress IPsec phase 1", + "network.direction": "outbound", + "network.type": "ipv4", + "observer.name": "testfirewall", + "observer.product": "Fortigate", + "observer.serial_number": "newrouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.10.10.10", + "8.8.8.8" + ], + "rule.description": "Progress IPsec phase 1", + "service.type": "fortinet", + "source.ip": "10.10.10.10", + "source.port": 500, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-13T11:20:54.000Z", + "destination.ip": "172.16.200.2", + "event.action": "login", + "event.code": "0100032001", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.reason": "none", + "event.start": "2019-05-13T18:20:54.587Z", + "fileset.name": "firewall", + "fortinet.firewall.action": "login", + "fortinet.firewall.method": "ssh", + "fortinet.firewall.profile": "super_admin", + "fortinet.firewall.sn": "1557771654", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "system", + "fortinet.firewall.type": "event", + "fortinet.firewall.ui": "ssh(172.16.200.254)", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "information", + "log.offset": 6184, + "message": "Administrator admin logged in successfully from ssh(172.16.200.254)", + "network.type": "ipv4", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "172.16.200.2", + "172.16.200.254" + ], + "related.user": [ + "admin" + ], + "rule.description": "Admin login successful", + "service.type": "fortinet", + "source.ip": "172.16.200.254", + "source.user.name": "admin", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-13T14:21:42.000Z", + "destination.as.number": 7065, + "destination.as.organization.name": "Sonoma Interconnect", + "destination.geo.city_name": "North Highlands", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 38.6741, + "destination.geo.location.lon": -121.3768, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "50.1.1.101", + "destination.port": 500, + "event.action": "negotiate", + "event.category": [ + "network" + ], + "event.code": "0101037127", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-13T21:21:42.722Z", + "event.type": [ + "connection" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "negotiate", + "fortinet.firewall.cookies": "9091f4d4837ea71c/0000000000000000", + "fortinet.firewall.init": "local", + "fortinet.firewall.mode": "main", + "fortinet.firewall.outintf": "port14", + "fortinet.firewall.result": "OK", + "fortinet.firewall.role": "initiator", + "fortinet.firewall.stage": "1", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "vpn", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "fortinet.firewall.vpntunnel": "test", + "input.type": "log", + "log.level": "notice", + "log.offset": 6611, + "message": "progress IPsec phase 1", + "network.direction": "outbound", + "network.type": "ipv4", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "50.1.1.100", + "50.1.1.101" + ], + "rule.description": "Progress IPsec phase 1", + "service.type": "fortinet", + "source.as.number": 7065, + "source.as.organization.name": "Sonoma Interconnect", + "source.geo.city_name": "North Highlands", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 38.6741, + "source.geo.location.lon": -121.3768, + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", + "source.ip": "50.1.1.100", + "source.port": 500, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-13T15:55:56.000Z", + "destination.ip": "172.16.200.55", + "event.action": "authentication", + "event.category": [ + "authentication" + ], + "event.code": "0102043008", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2019-05-13T22:55:56.913Z", + "fileset.name": "firewall", + "fortinet.firewall.action": "authentication", + "fortinet.firewall.authproto": "TELNET(10.1.100.11)", + "fortinet.firewall.interface": "port10", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "user", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 7127, + "message": "User bob succeeded in authentication", + "network.type": "ipv4", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "172.16.200.55" + ], + "related.user": [ + "bob" + ], + "rule.description": "Authentication success", + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.11", + "source.user.group.name": "local-group1", + "source.user.name": "bob", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-14T08:32:13.000Z", + "event.action": "add", + "event.code": "0107045057", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2019-05-14T15:32:13.900Z", + "fileset.name": "firewall", + "fortinet.firewall.action": "add", + "fortinet.firewall.connection_type": "sslvpn", + "fortinet.firewall.count": "1", + "fortinet.firewall.fctuid": "52C66FE08F724FE0B116DAD5062C96CD", + "fortinet.firewall.ip": "172.18.64.250", + "fortinet.firewall.license_limit": "unlimited", + "fortinet.firewall.name": "VAN-200957-PC", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "endpoint", + "fortinet.firewall.type": "event", + "fortinet.firewall.used_for_type": "4", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 7526, + "message": "Add a FortiClient Connection.", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.user": [ + "skubas" + ], + "rule.description": "FortiClient connection added", + "service.type": "fortinet", + "source.user.name": "skubas", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-14T08:19:38.000Z", + "event.action": "close", + "event.code": "0107045058", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2019-05-14T15:19:39.037Z", + "fileset.name": "firewall", + "fortinet.firewall.action": "close", + "fortinet.firewall.connection_type": "sslvpn", + "fortinet.firewall.count": "1", + "fortinet.firewall.fctuid": "52C66FE08F724FE0B116DAD5062C96CD", + "fortinet.firewall.ip": "172.18.64.250", + "fortinet.firewall.license_limit": "unlimited", + "fortinet.firewall.name": "VAN-200957-PC", + "fortinet.firewall.status": "success", + "fortinet.firewall.subtype": "endpoint", + "fortinet.firewall.type": "event", + "fortinet.firewall.used_for_type": "5", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 7946, + "message": "Close a FortiClient Connection.", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.user": [ + "skubas" + ], + "rule.description": "FortiClient connection closed", + "service.type": "fortinet", + "source.user.name": "skubas", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.880+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "FCTEMS0000011111_AV-Running", + "fortinet.firewall.fctemssn": "FCTEMS0000011111", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 8371, + "message": "Updated tag FCTEMS0000011111_AV-Running.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EEF34CD12AB", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.880+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_AV-Running", + "fortinet.firewall.fctemssn": "FCTEMS0000011111", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 8717, + "message": "Updated tag MAC_FCTEMS0000011111_AV-Running.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EEF34CD12AB", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.880+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "FCTEMS0000011111_Connected-to-EMS", + "fortinet.firewall.fctemssn": "FCTEMS0000011111", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 9071, + "message": "Updated tag FCTEMS0000011111_Connected-to-EMS.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EEF34CD12AB", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.880+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_Connected-to-EMS", + "fortinet.firewall.fctemssn": "FCTEMS0000011111", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 9429, + "message": "Updated tag MAC_FCTEMS0000011111_Connected-to-EMS.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EEF34CD12AB", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.900+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "FCTEMS0000011111_AV-Running", + "fortinet.firewall.fctemssn": "(null)", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 9795, + "message": "Updated tag FCTEMS0000011111_AV-Running.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EAB12CD34EF", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.900+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_AV-Running", + "fortinet.firewall.fctemssn": "(null)", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 10131, + "message": "Updated tag MAC_FCTEMS0000011111_AV-Running.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EAB12CD34EF", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.900+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "FCTEMS0000011111_Connected-to-EMS", + "fortinet.firewall.fctemssn": "(null)", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 10475, + "message": "Updated tag FCTEMS0000011111_Connected-to-EMS.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EAB12CD34EF", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-05-07T08:31:14.000+01:00", + "event.code": "0112053203", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2021-05-07T08:31:14.900+01:00", + "event.timezone": "+0100", + "fileset.name": "firewall", + "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_Connected-to-EMS", + "fortinet.firewall.fctemssn": "(null)", + "fortinet.firewall.subtype": "connector", + "fortinet.firewall.type": "event", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 10823, + "message": "Updated tag MAC_FCTEMS0000011111_Connected-to-EMS.", + "observer.name": "firewall", + "observer.product": "Fortigate", + "observer.serial_number": "FG201EAB12CD34EF", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "rule.description": "Dynamic address updated", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log deleted file mode 100644 index 9cee313e6eb..00000000000 --- a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log +++ /dev/null @@ -1,40 +0,0 @@ -<188>date=2020-04-23 time=12:17:48 devname="testswitch1" devid="somerouterid" logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="root" eventtime=1587230269052907555 tz="-0500" policyid=100602 sessionid=1234 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 srcport=61930 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=443 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTPS" hostname="elastic.co" profile="elasticruleset" action="blocked" reqtype="direct" url="/config/" sentbyte=1152 rcvdbyte=1130 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=76 catdesc="Internet Telephony" -<189>date=2020-04-23 time=01:16:08 devname="testswitch1" devid="somerouterid" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="OPERATIONAL" eventtime=1592961368 srcip=10.10.10.10 srcport=60899 srcintf="srcintfname" srcintfrole="lan" dstip=8.8.8.8 dstport=161 dstintf="dstintfname" dstintfrole="lan" sessionid=155313 proto=17 action="deny" policyid=0 policytype="policy" service="SNMP" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high" -<189>date=2020-04-23 time=12:17:45 devname="testswitch1" devid="somerouterid" logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="root" eventtime=1587230266314799756 tz="-0500" policyid=38 sessionid=543234 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 srcport=65236 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=443 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTPS" hostname="elastic.co" profile="elasticruleset" action="passthrough" reqtype="direct" url="/" sentbyte=3545 rcvdbyte=6812 direction="outgoing" msg="URL belongs to an allowed category in policy" method="domain" cat=23 catdesc="Web-based Email" -<190>date=2020-04-23 time=13:17:35 devname="testswitch1" devid="somerouterid" logid="1059028704" type="utm" subtype="app-ctrl" eventtype="signature" level="information" vd="root" eventtime=1587230255061492894 tz="-0400" appid=40568 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 dstip=8.8.8.8 srcport=59790 dstport=443 srcintf="LAN" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 service="SSL" direction="outgoing" policyid=12 sessionid=453234 applist="elasticruleset" action="pass" appcat="Web.Client" app="HTTPS.BROWSER" hostname="elastic.co" incidentserialno=23465 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="test.elastic.co" -<190>date=2020-04-23 time=13:17:35 devname="testswitch1" devid="somerouterid" logid="1059028704" type="utm" subtype="app-ctrl" eventtype="signature" level="information" vd="root" eventtime=1591788391 tz="-0400" appid=40568 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 dstip=8.8.8.8 srcport=59790 dstport=443 srcintf="LAN" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 service="SSL" direction="outgoing" policyid=12 sessionid=453234 applist="elasticruleset" action="pass" appcat="Web.Client" app="HTTPS.BROWSER" hostname="elastic.co" incidentserialno=23465 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="test.elastic.co" -<189>date=2020-04-23 time=12:17:29 devname="testswitch1" devid="somerouterid" logid="1501054802" type="utm" subtype="dns" eventtype="dns-response" level="notice" vd="root" eventtime=1587230249360109339 tz="-0500" policyid=26 sessionid=543234 srcip=192.168.2.1 srcport=53430 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="test" xid=2234 qname="elastic.example.com" qtype="A" qtypeval=1 qclass="IN" ipaddr="8.8.8.8" msg="Domain is monitored" action="pass" cat=23 catdesc="Web-based Email" -<189>date=2020-04-23 time=12:17:29 devname="testswitch1" devid="somerouterid" logid="1501054802" type="utm" subtype="dns" eventtype="dns-response" level="notice" vd="root" eventtime=1587230249360109339 tz="-0500" policyid=26 sessionid=543234 srcip=192.168.2.1 srcport=53430 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="test" xid=2234 qname="elastic.example.com" qtype="A" qtypeval=1 qclass="IN" ipaddr="8.8.8.8, 8.8.4.4" msg="Domain is monitored" action="pass" cat=23 catdesc="Web-based Email" -<190>date=2020-04-23 time=12:17:11 devname="testswitch1" devid="somerouterid" logid="1059028704" type="utm" subtype="app-ctrl" eventtype="signature" level="information" vd="root" eventtime=1587230232148674303 tz="-0500" appid=40568 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 dstip=8.8.8.8 srcport=63012 dstport=443 srcintf="port1" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 service="SSL" direction="outgoing" policyid=100602 sessionid=543234 applist="elasticruleset" action="pass" appcat="Web.Client" app="HTTPS.BROWSER" hostname="elastic.no" incidentserialno=54323 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" -<189>date=2020-04-23 time=12:17:04 devname="testswitch1" devid="somerouterid" logid="1501054802" type="utm" subtype="dns" eventtype="dns-response" level="notice" vd="root" eventtime=1587230224712900694 tz="-0500" policyid=26 sessionid=5432 srcip=192.168.2.1 srcport=54438 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="elastictest" xid=2352 qname="elastic.co" qtype="A" qtypeval=1 qclass="IN" ipaddr="8.8.8.8" msg="Domain is monitored" action="pass" cat=93 catdesc="Remote Access" -<190>date=2020-04-23 time=12:17:12 devname="testswitch1" devid="somerouterid" logid="1500054000" type="utm" subtype="dns" eventtype="dns-query" level="information" vd="root" eventtime=1587230232658642672 tz="-0500" policyid=26 sessionid=543234 srcip=192.168.2.1 srcport=54788 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="elastictest" xid=235 qname="elastic.co" qtype="A" qtypeval=1 qclass="IN" -<189>date=2020-04-23 time=13:15:18 devname="testswitch2" devid="someotherid" logid="1700062001" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="notice" vd="root" eventtime=1587230118838592454 tz="-0400" policyid=12 sessionid=42346234 service="HTTPS" user="elasticuser2" group="elasticgroup2" profile="somecerts" srcip=192.168.2.1 srcport=59726 dstip=8.8.4.4 dstport=443 srcintf="LAN" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 action="passthrough" msg="Server certificate passed" reason="untrusted-cert" -<189>date=2020-04-23 time=12:32:48 devname="testswitch3" devid="someotherrouteridagain" logid="0102043014" type="event" subtype="user" level="notice" vd="root" eventtime=1587231168439640874 tz="-0500" logdesc="FSSO logon authentication status" srcip=10.10.10.10 user="elasticouser" server="elasticserver" action="FSSO-logon" msg="FSSO-logon event from FSSO_elasticserver: user elasticouser logged on 10.10.10.10" -<187>date=2020-04-23 time=12:32:47 devname="testswitch3" devid="someotherrouteridagain" logid="0101037124" type="event" subtype="vpn" level="error" vd="root" eventtime=1587231168339114138 tz="-0500" logdesc="IPsec phase 1 error" msg="IPsec phase 1 error" action="negotiate" remip=8.8.4.4 locip=8.8.8.8 remport=500 locport=500 outintf="wan2" cookies="345hkjhdrs87/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="negotiate_error" reason="peer SA proposal not match local policy" peer_notif="NOT-APPLICABLE" -<189>date=2020-04-23 time=12:32:31 devname="testswitch3" devid="someotherrouteridagain" logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1587231151628960857 tz="-0500" logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=8.4.5.4 locip=9.9.9.9 remport=500 locport=500 outintf="wan1" cookies="df868dsg876d/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="elasticvpn" status="success" init="local" mode="main" dir="outbound" stage=1 role="initiator" result="OK" -<189>date=2020-04-23 time=14:32:09 devname="testswitch3" devid="someotherrouteridagain" logid="0100040704" type="event" subtype="system" level="notice" vd="root" eventtime=1587231129938795255 tz="-0300" logdesc="System performance statistics" action="perf-stats" cpu=0 mem=10 totalsession=23 disk=0 bandwidth="23/4" setuprate=0 disklograte=0 fazlograte=0 freediskstorage=331 sysuptime=25170 msg="Performance statistics: average CPU: 0, memory: 23, concurrent sessions: 20, setup-rate: 0" -<189>date=2020-04-23 time=12:32:09 devname="testswitch3" devid="someotherrouteridagain" logid="0102043039" type="event" subtype="user" level="notice" vd="root" eventtime=1587231130109462858 tz="-0500" logdesc="Authentication logon" srcip=10.10.10.10 user="elastiiiuser" authserver="FSSO_elastiauth" action="auth-logon" status="logon" msg="User elastiiiuser added to auth logon" -<189>date=2020-04-23 time=12:32:00 devname="testswitch3" devid="someotherrouteridagain" logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1587231120608961118 tz="-0500" logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=8.8.5.4 locip=7.6.3.4 remport=500 locport=500 outintf="wan1" cookies="345khj34566/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="testvpn" status="success" init="local" mode="main" dir="outbound" stage=1 role="initiator" result="OK" -<189>date=2020-04-23 time=14:24:13 devname="testswitch3" devid="someotherrouteridagain" logid="0100041006" type="event" subtype="system" level="notice" vd="root" eventtime=1587230655301863513 tz="-0300" logdesc="FortiSandbox AV database updated" version="1.522479" msg="FortiSandbox AV database updated" -<190>date=2020-04-23 time=12:23:47 devname="testswitch3" devid="someotherrouteridagain" logid="0107045057" type="event" subtype="endpoint" level="information" vd="root" eventtime=1587230627558979735 tz="-0500" logdesc="FortiClient connection added" action="add" status="success" license_limit="unlimited" used_for_type=3 connection_type="sslvpn" count=2 user="elastico" ip=172.16.0.2 name="somerouter" fctuid="645234fdd01F885824F764" msg="Add a FortiClient Connection." -<190>date=2020-04-23 time=12:23:47 devname="testswitch3" devid="someotherrouteridagain" logid="0101039943" type="event" subtype="vpn" level="information" vd="root" eventtime=1587230627334405765 tz="-0500" logdesc="SSL VPN new connection" action="ssl-new-con" tunneltype="ssl" tunnelid=2 remip=8.8.8.6 user="N/A" group="N/A" dst_host="N/A" reason="N/A" msg="SSL new connection" -<190>date=2020-04-23 time=12:23:47 devname="testswitch3" devid="someotherrouteridagain" logid="0101039947" type="event" subtype="vpn" level="information" vd="root" eventtime=1587230627698970007 tz="-0500" logdesc="SSL VPN tunnel up" action="tunnel-up" tunneltype="ssl-tunnel" tunnelid=2345 remip=8.8.5.4 tunnelip=10.10.10.10 user="someuser" group="somegroup" dst_host="N/A" reason="tunnel established" msg="SSL tunnel established" -<189>date=2020-04-23 time=14:16:42 devname="testswitch3" devid="someotherrouteridagain" logid="0102043015" type="event" subtype="user" level="notice" vd="root" eventtime=1587230204674924332 tz="-0300" logdesc="FSSO log off authentication status" srcip=192.168.1.1 user="elasticadmin" server="FSSO_somefssoserver" action="FSSO-logoff" msg="FSSO-logoff event from FSSO_somefssoserver: user elasticuser logged off 1192.168.1.1" -<189>date=2020-04-23 time=12:16:02 devname="testswitch3" devid="someotherrouteridagain" logid="0100022915" type="event" subtype="system" level="notice" vd="root" eventtime=1587230163121116383 tz="-0500" logdesc="FortiCloud server connected" server="9.9.9.9" action="connect" msg="FortiCloud 9.9.9.9 server is connected" -<189>date=2020-04-23 time=12:16:02 devname="testswitch3" devid="someotherrouteridagain" logid="0100022913" type="event" subtype="system" level="notice" vd="root" eventtime=1587230163375149856 tz="-0500" logdesc="FortiCloud server disconnected" server="4.4.4.4" action="disconnect" reason="connection reset" msg="FortiCloud 4.4.4.4 server is disconnected" -<188>date=2020-04-23 time=12:14:09 devname="newfirewall" devid="newrouterid" logid="0000000011" type="traffic" subtype="forward" level="warning" vd="root" eventtime=1587230049761513222 tz="-0500" srcip=192.168.1.6 srcport=53438 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" sessionid=435234 proto=17 action="dns" policyid=26 policytype="policy" poluuid="2345de-b143-52134d8-6654f-4654sdfg16f431" policyname="elasticnewruleset" service="DNS" dstcountry="Netherlands" srccountry="Reserved" appcat="unscanned" crscore=5 craction=54144 crlevel="low" -<189>date=2020-04-23 time=12:11:51 devname="newfirewall" devid="newrouterid" logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1587229911390385486 tz="-0500" srcip=192.168.10.10 srcport=6000 srcintf="port1" srcintfrole="lan" dstip=8.6.4.7 dstport=6000 dstintf="wan1" dstintfrole="wan" sessionid=4352 proto=17 action="accept" policyid=3426 policytype="policy" poluuid="1765de8-5a13-765da73fdsfa1c" policyname="newruleelastic" service="portname" dstcountry="Netherlands" srccountry="Reserved" trandisp="snat" transip=123.123.123.123 transport=60964 appcat="unknown" applist="policylist" duration=5462 sentbyte=438650 rcvdbyte=65446 sentpkt=723417 rcvdpkt=1045601 vwlid=0 sentdelta=576 rcvddelta=728 -<189>date=2020-04-23 time=12:11:48 devname="newfirewall" devid="newrouterid" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" eventtime=1587229908751434997 tz="-0500" srcip=2001:4860:4860::8888 identifier=0 srcintf="port1" srcintfrole="lan" dstip=2001:4860:4860::8888 dstintf="unknown0" dstintfrole="undefined" sessionid=6542345 proto=58 action="accept" policyid=0 policytype="someotherpolicy" service="icmp6/1/0" trandisp="noop" app="icmp6/25/0" duration=42 sentbyte=3014 rcvdbyte=20 sentpkt=4 rcvdpkt=0 appcat="unscanned" -<189>date=2020-04-23 time=13:10:57 devname="newfirewall" devid="newrouterid" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" eventtime=1587229857509058693 tz="-0400" srcip=9.7.7.7 identifier=61 srcintf="wan1" srcintfrole="wan" dstip=8.8.8.8 dstintf="unknown0" dstintfrole="undefined" sessionid=123 proto=1 action="accept" policyid=0 policytype="rulepolicy" service="PING" dstcountry="Norway" srccountry="Netherlands" trandisp="noop" app="PING" duration=20 sentbyte=0 rcvdbyte=10 sentpkt=0 rcvdpkt=40 appcat="unscanned" -<188>date=2020-04-23 time=12:14:39 devname="firewall3" devid="oldfwid" logid="0000000011" type="traffic" subtype="forward" level="warning" vd="root" eventtime=1587230079841464445 tz="-0500" srcip=192.168.1.1 srcport=62493 srcintf="port1" srcintfrole="lan" dstip=192.168.100.100 dstport=1235 dstintf="newinterface" dstintfrole="undefined" sessionid=54234 proto=17 action="ip-conn" policyid=49 policytype="policy" poluuid="654cc-b6542-53467u8-e45234-1566casd35f7836" policyname="oldpolicyname" user="elasticsuper" authserver="FSSO_newfsso" service="udp/12302" dstcountry="Reserved" srccountry="Reserved" appcat="unscanned" crscore=5 craction=63332144 crlevel="low" -<189>date=2020-04-23 time=12:14:28 devname="firewall3" devid="oldfwid" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1587230069291463928 tz="-0500" srcip=192.168.50.50 srcport=56603 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=442 dstintf="wan1" dstintfrole="wan" sessionid=2345 proto=6 action="close" policyid=2365 policytype="policy" poluuid="654644c-b064-fdgdf3425-f003-1234ghdf682e05f" policyname="someoldpolicyname" user="elasticuser" group="testgroup" authserver="FSSO_something" service="HTTPS" dstcountry="Netherlands" srccountry="Reserved" trandisp="snat" transip=23.23.23.23 transport=603 appid=43540 app="Skype.Portals" appcat="Collaboration" apprisk="elevated" applist="someapplist" appact="detected" duration=126 sentbyte=923 rcvdbyte=77654 sentpkt=113 rcvdpkt=70 vwlid=4 vwlquality="Seq_num(3), alive, selected" wanin=1130 wanout=6671 lanin=1406 lanout=146506 utmaction="block" countweb=1 countapp=1 crscore=5 craction=6144 crlevel="low" -<190>date=2019-05-15 time=18:03:36 logid="1059028704" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="information" vd="root" eventtime=1557968615 appid=40568 srcip=10.1.100.22 dstip=195.8.215.136 srcport=50798 dstport=443 srcintf="port10" srcintfrole="lan" dstintf="port9" dstintfrole="wan" proto=6 service="HTTPS" direction="outgoing" policyid=1 sessionid=4414 applist="block-social.media" appcat="Web.Client" app="HTTPS.BROWSER" action="pass" hostname="www.dailymotion.com" incidentserialno=1962906680 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="*.dailymotion.com" scertissuer="DigiCert SHA2 High Assurance Server CA" -<190>date=2020-11-02 time=08:11:38 devname=testfirewall devid=newrouterid logid=0101037127 type="event" subtype=vpn level=notice vd=root logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action=negotiate remip=8.8.8.8 locip=10.10.10.10 remport=500 locport=500 outintf="port1" cookies="125cbf9ee8349965/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="P1_Test" status=success init=local mode=aggressive dir=outbound stage=1 role=initiator result=OK -<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880370858 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="FCTEMS0000011111_AV-Running" msg="Updated tag FCTEMS0000011111_AV-Running." -<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880455433 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="MAC_FCTEMS0000011111_AV-Running" msg="Updated tag MAC_FCTEMS0000011111_AV-Running." -<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880744919 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="FCTEMS0000011111_Connected-to-EMS" msg="Updated tag FCTEMS0000011111_Connected-to-EMS." -<190>devname="firewall" devid="FG201EEF34CD12AB" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674880784143 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="FCTEMS0000011111" addr="MAC_FCTEMS0000011111_Connected-to-EMS" msg="Updated tag MAC_FCTEMS0000011111_Connected-to-EMS." -<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900027938 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="FCTEMS0000011111_AV-Running" msg="Updated tag FCTEMS0000011111_AV-Running." -<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900167367 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="MAC_FCTEMS0000011111_AV-Running" msg="Updated tag MAC_FCTEMS0000011111_AV-Running." -<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900749585 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="FCTEMS0000011111_Connected-to-EMS" msg="Updated tag FCTEMS0000011111_Connected-to-EMS." -<190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900961834 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="MAC_FCTEMS0000011111_Connected-to-EMS" msg="Updated tag MAC_FCTEMS0000011111_Connected-to-EMS." diff --git a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json deleted file mode 100644 index bb0699e2ea1..00000000000 --- a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json +++ /dev/null @@ -1,2274 +0,0 @@ -[ - { - "@timestamp": "2020-04-23T12:17:48.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.bytes": 1130, - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 443, - "event.action": "ftgd_blk", - "event.category": [ - "network" - ], - "event.code": "0316013056", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:17:49.052-05:00", - "event.timezone": "-0500", - "event.type": [ - "denied" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "blocked", - "fortinet.firewall.authserver": "elasticauth", - "fortinet.firewall.cat": "76", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.method": "domain", - "fortinet.firewall.reqtype": "direct", - "fortinet.firewall.sessionid": "1234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "webfilter", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "warning", - "log.offset": 0, - "message": "URL belongs to a denied category in policy", - "network.bytes": 2282, - "network.direction": "outbound", - "network.iana_number": "6", - "network.protocol": "https", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "related.user": [ - "elasticuser" - ], - "rule.category": "Internet Telephony", - "rule.id": "100602", - "rule.ruleset": "elasticruleset", - "service.type": "fortinet", - "source.bytes": 1152, - "source.ip": "192.168.2.1", - "source.port": 61930, - "source.user.group.name": "elasticgroup", - "source.user.name": "elasticuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ], - "url.domain": "elastic.co", - "url.path": "/config/" - }, - { - "@timestamp": "2020-04-23T01:16:08.000Z", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.bytes": 0, - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 161, - "event.action": "deny", - "event.category": [ - "network" - ], - "event.code": "0000000013", - "event.dataset": "fortinet.firewall", - "event.duration": 0, - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-06-24T01:16:08.000Z", - "event.type": [ - "connection", - "end" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "deny", - "fortinet.firewall.craction": "131072", - "fortinet.firewall.crlevel": "high", - "fortinet.firewall.crscore": "30", - "fortinet.firewall.dstcountry": "Reserved", - "fortinet.firewall.dstintfrole": "lan", - "fortinet.firewall.sessionid": "155313", - "fortinet.firewall.srccountry": "Reserved", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "forward", - "fortinet.firewall.trandisp": "noop", - "fortinet.firewall.type": "traffic", - "fortinet.firewall.vd": "OPERATIONAL", - "input.type": "log", - "log.level": "notice", - "log.offset": 707, - "network.bytes": 0, - "network.iana_number": "17", - "network.protocol": "snmp", - "observer.egress.interface.name": "dstintfname", - "observer.ingress.interface.name": "srcintfname", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "10.10.10.10", - "8.8.8.8" - ], - "rule.category": "unscanned", - "rule.id": "0", - "rule.ruleset": "policy", - "service.type": "fortinet", - "source.bytes": 0, - "source.ip": "10.10.10.10", - "source.packets": 0, - "source.port": 60899, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:17:45.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.bytes": 6812, - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 443, - "event.action": "ftgd_allow", - "event.category": [ - "network" - ], - "event.code": "0317013312", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:17:46.314-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "passthrough", - "fortinet.firewall.authserver": "elasticauth", - "fortinet.firewall.cat": "23", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.method": "domain", - "fortinet.firewall.reqtype": "direct", - "fortinet.firewall.sessionid": "543234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "webfilter", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 1278, - "message": "URL belongs to an allowed category in policy", - "network.bytes": 10357, - "network.direction": "outbound", - "network.iana_number": "6", - "network.protocol": "https", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "related.user": [ - "elasticuser" - ], - "rule.category": "Web-based Email", - "rule.id": "38", - "rule.ruleset": "elasticruleset", - "service.type": "fortinet", - "source.bytes": 3545, - "source.ip": "192.168.2.1", - "source.port": 65236, - "source.user.group.name": "elasticgroup", - "source.user.name": "elasticuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ], - "url.domain": "elastic.co", - "url.path": "/" - }, - { - "@timestamp": "2020-04-23T13:17:35.000-04:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 443, - "event.action": "signature", - "event.category": [ - "network" - ], - "event.code": "1059028704", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T13:17:35.061-04:00", - "event.timezone": "-0400", - "event.type": [ - "allowed" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "pass", - "fortinet.firewall.appid": "40568", - "fortinet.firewall.apprisk": "medium", - "fortinet.firewall.authserver": "elasticauth", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.incidentserialno": "23465", - "fortinet.firewall.sessionid": "453234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "app-ctrl", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 1980, - "message": "Web.Client: HTTPS.BROWSER,", - "network.application": "HTTPS.BROWSER", - "network.direction": "outbound", - "network.iana_number": "6", - "network.protocol": "ssl", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "LAN", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "related.user": [ - "elasticuser" - ], - "rule.category": "Web-Client", - "rule.id": "12", - "rule.ruleset": "elasticruleset", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 59790, - "source.user.group.name": "elasticgroup", - "source.user.name": "elasticuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ], - "tls.server.x509.subject.common_name": "test.elastic.co", - "url.domain": "elastic.co", - "url.path": "/" - }, - { - "@timestamp": "2020-04-23T13:17:35.000-04:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 443, - "event.action": "signature", - "event.category": [ - "network" - ], - "event.code": "1059028704", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-06-10T07:26:31.000-04:00", - "event.timezone": "-0400", - "event.type": [ - "allowed" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "pass", - "fortinet.firewall.appid": "40568", - "fortinet.firewall.apprisk": "medium", - "fortinet.firewall.authserver": "elasticauth", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.incidentserialno": "23465", - "fortinet.firewall.sessionid": "453234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "app-ctrl", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 2683, - "message": "Web.Client: HTTPS.BROWSER,", - "network.application": "HTTPS.BROWSER", - "network.direction": "outbound", - "network.iana_number": "6", - "network.protocol": "ssl", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "LAN", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "related.user": [ - "elasticuser" - ], - "rule.category": "Web-Client", - "rule.id": "12", - "rule.ruleset": "elasticruleset", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 59790, - "source.user.group.name": "elasticgroup", - "source.user.name": "elasticuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ], - "tls.server.x509.subject.common_name": "test.elastic.co", - "url.domain": "elastic.co", - "url.path": "/" - }, - { - "@timestamp": "2020-04-23T12:17:29.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 53, - "dns.id": "2234", - "dns.question.class": "IN", - "dns.question.name": "elastic.example.com", - "dns.question.type": "A", - "dns.resolved_ip": [ - "8.8.8.8" - ], - "event.action": "dns-response", - "event.category": [ - "network" - ], - "event.code": "1501054802", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:17:29.360-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed", - "info" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "pass", - "fortinet.firewall.cat": "23", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.qtypeval": "1", - "fortinet.firewall.sessionid": "543234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "dns", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 3377, - "message": "Domain is monitored", - "network.iana_number": "17", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.hosts": [ - "elastic.example.com" - ], - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "rule.category": "Web-based Email", - "rule.id": "26", - "rule.ruleset": "test", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 53430, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:17:29.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 53, - "dns.id": "2234", - "dns.question.class": "IN", - "dns.question.name": "elastic.example.com", - "dns.question.type": "A", - "dns.resolved_ip": [ - "8.8.4.4", - "8.8.8.8" - ], - "event.action": "dns-response", - "event.category": [ - "network" - ], - "event.code": "1501054802", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:17:29.360-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed", - "info" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "pass", - "fortinet.firewall.cat": "23", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.qtypeval": "1", - "fortinet.firewall.sessionid": "543234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "dns", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 3927, - "message": "Domain is monitored", - "network.iana_number": "17", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.hosts": [ - "elastic.example.com" - ], - "related.ip": [ - "192.168.2.1", - "8.8.4.4", - "8.8.8.8" - ], - "rule.category": "Web-based Email", - "rule.id": "26", - "rule.ruleset": "test", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 53430, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:17:11.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 443, - "event.action": "signature", - "event.category": [ - "network" - ], - "event.code": "1059028704", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:17:12.148-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "pass", - "fortinet.firewall.appid": "40568", - "fortinet.firewall.apprisk": "medium", - "fortinet.firewall.authserver": "elasticauth", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.incidentserialno": "54323", - "fortinet.firewall.sessionid": "543234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "app-ctrl", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 4486, - "message": "Web.Client: HTTPS.BROWSER,", - "network.application": "HTTPS.BROWSER", - "network.direction": "outbound", - "network.iana_number": "6", - "network.protocol": "ssl", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "related.user": [ - "elasticuser" - ], - "rule.category": "Web-Client", - "rule.id": "100602", - "rule.ruleset": "elasticruleset", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 63012, - "source.user.group.name": "elasticgroup", - "source.user.name": "elasticuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ], - "url.domain": "elastic.no", - "url.path": "/" - }, - { - "@timestamp": "2020-04-23T12:17:04.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 53, - "dns.id": "2352", - "dns.question.class": "IN", - "dns.question.name": "elastic.co", - "dns.question.type": "A", - "dns.resolved_ip": [ - "8.8.8.8" - ], - "event.action": "dns-response", - "event.category": [ - "network" - ], - "event.code": "1501054802", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:17:04.712-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed", - "info" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "pass", - "fortinet.firewall.cat": "93", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.qtypeval": "1", - "fortinet.firewall.sessionid": "5432", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "dns", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 5166, - "message": "Domain is monitored", - "network.iana_number": "17", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.hosts": [ - "elastic.co" - ], - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "rule.category": "Remote Access", - "rule.id": "26", - "rule.ruleset": "elastictest", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 54438, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:17:12.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 53, - "dns.id": "235", - "dns.question.class": "IN", - "dns.question.name": "elastic.co", - "dns.question.type": "A", - "event.action": "dns-query", - "event.category": [ - "network" - ], - "event.code": "1500054000", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T12:17:12.658-05:00", - "event.timezone": "-0500", - "event.type": [ - "info" - ], - "fileset.name": "firewall", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.qtypeval": "1", - "fortinet.firewall.sessionid": "543234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "dns", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 5710, - "network.iana_number": "17", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "testswitch1", - "observer.product": "Fortigate", - "observer.serial_number": "somerouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.hosts": [ - "elastic.co" - ], - "related.ip": [ - "192.168.2.1", - "8.8.8.8" - ], - "rule.id": "26", - "rule.ruleset": "elastictest", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 54788, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T13:15:18.000-04:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.4.4", - "destination.port": 443, - "event.action": "ssl-anomalies", - "event.category": [ - "network" - ], - "event.code": "1700062001", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T13:15:18.838-04:00", - "event.timezone": "-0400", - "event.type": [ - "allowed" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "passthrough", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.reason": "untrusted-cert", - "fortinet.firewall.sessionid": "42346234", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "ssl", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 6169, - "message": "Server certificate passed", - "network.iana_number": "6", - "network.protocol": "https", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "LAN", - "observer.name": "testswitch2", - "observer.product": "Fortigate", - "observer.serial_number": "someotherid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.2.1", - "8.8.4.4" - ], - "related.user": [ - "elasticuser2" - ], - "rule.id": "12", - "rule.ruleset": "somecerts", - "service.type": "fortinet", - "source.ip": "192.168.2.1", - "source.port": 59726, - "source.user.group.name": "elasticgroup2", - "source.user.name": "elasticuser2", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:32:48.000-05:00", - "event.category": [ - "authentication" - ], - "event.code": "0102043014", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:32:48.439-05:00", - "event.timezone": "-0500", - "event.type": [ - "start", - "user" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "FSSO-logon", - "fortinet.firewall.server": "elasticserver", - "fortinet.firewall.subtype": "user", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 6699, - "message": "FSSO-logon event from FSSO_elasticserver: user elasticouser logged on 10.10.10.10", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "10.10.10.10" - ], - "related.user": [ - "elasticouser" - ], - "rule.description": "FSSO logon authentication status", - "service.type": "fortinet", - "source.ip": "10.10.10.10", - "source.user.name": "elasticouser", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:32:47.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.4.4", - "destination.port": 500, - "event.category": [ - "network" - ], - "event.code": "0101037124", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "failure", - "event.start": "2020-04-18T12:32:48.339-05:00", - "event.timezone": "-0500", - "event.type": [ - "connection" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "negotiate", - "fortinet.firewall.cookies": "345hkjhdrs87/0000000000000000", - "fortinet.firewall.outintf": "wan2", - "fortinet.firewall.peer_notif": "NOT-APPLICABLE", - "fortinet.firewall.reason": "peer SA proposal not match local policy", - "fortinet.firewall.status": "negotiate_error", - "fortinet.firewall.subtype": "vpn", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "error", - "log.offset": 7112, - "message": "IPsec phase 1 error", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "8.8.4.4", - "8.8.8.8" - ], - "rule.description": "IPsec phase 1 error", - "service.type": "fortinet", - "source.as.number": 15169, - "source.as.organization.name": "Google LLC", - "source.geo.continent_name": "North America", - "source.geo.country_iso_code": "US", - "source.geo.country_name": "United States", - "source.geo.location.lat": 37.751, - "source.geo.location.lon": -97.822, - "source.ip": "8.8.8.8", - "source.port": 500, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:32:31.000-05:00", - "destination.as.number": 3356, - "destination.as.organization.name": "Level 3 Parent, LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.4.5.4", - "destination.port": 500, - "event.category": [ - "network" - ], - "event.code": "0101037127", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:32:31.628-05:00", - "event.timezone": "-0500", - "event.type": [ - "connection" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "negotiate", - "fortinet.firewall.cookies": "df868dsg876d/0000000000000000", - "fortinet.firewall.init": "local", - "fortinet.firewall.mode": "main", - "fortinet.firewall.outintf": "wan1", - "fortinet.firewall.result": "OK", - "fortinet.firewall.role": "initiator", - "fortinet.firewall.stage": "1", - "fortinet.firewall.status": "success", - "fortinet.firewall.subtype": "vpn", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "fortinet.firewall.vpntunnel": "elasticvpn", - "input.type": "log", - "log.level": "notice", - "log.offset": 7680, - "message": "progress IPsec phase 1", - "network.direction": "outbound", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "8.4.5.4", - "9.9.9.9" - ], - "rule.description": "Progress IPsec phase 1", - "service.type": "fortinet", - "source.as.number": 19281, - "source.as.organization.name": "Quad9", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "FR", - "source.geo.country_name": "France", - "source.geo.location.lat": 48.8582, - "source.geo.location.lon": 2.3387, - "source.ip": "9.9.9.9", - "source.port": 500, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T14:32:09.000-03:00", - "event.category": [ - "host" - ], - "event.code": "0100040704", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T14:32:09.938-03:00", - "event.timezone": "-0300", - "event.type": [ - "info" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "perf-stats", - "fortinet.firewall.bandwidth": "23/4", - "fortinet.firewall.cpu": "0", - "fortinet.firewall.disk": "0", - "fortinet.firewall.disklograte": "0", - "fortinet.firewall.fazlograte": "0", - "fortinet.firewall.freediskstorage": "331", - "fortinet.firewall.mem": 10, - "fortinet.firewall.setuprate": "0", - "fortinet.firewall.subtype": "system", - "fortinet.firewall.sysuptime": "25170", - "fortinet.firewall.totalsession": "23", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 8254, - "message": "Performance statistics: average CPU: 0, memory: 23, concurrent sessions: 20, setup-rate: 0", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "System performance statistics", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:32:09.000-05:00", - "event.category": [ - "authentication" - ], - "event.code": "0102043039", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:32:10.109-05:00", - "event.timezone": "-0500", - "event.type": [ - "start", - "user" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "auth-logon", - "fortinet.firewall.authserver": "FSSO_elastiauth", - "fortinet.firewall.status": "logon", - "fortinet.firewall.subtype": "user", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 8744, - "message": "User elastiiiuser added to auth logon", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "10.10.10.10" - ], - "related.user": [ - "elastiiiuser" - ], - "rule.description": "Authentication logon", - "service.type": "fortinet", - "source.ip": "10.10.10.10", - "source.user.name": "elastiiiuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:32:00.000-05:00", - "destination.as.number": 3356, - "destination.as.organization.name": "Level 3 Parent, LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.5.4", - "destination.port": 500, - "event.category": [ - "network" - ], - "event.code": "0101037127", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:32:00.608-05:00", - "event.timezone": "-0500", - "event.type": [ - "connection" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "negotiate", - "fortinet.firewall.cookies": "345khj34566/0000000000000000", - "fortinet.firewall.init": "local", - "fortinet.firewall.mode": "main", - "fortinet.firewall.outintf": "wan1", - "fortinet.firewall.result": "OK", - "fortinet.firewall.role": "initiator", - "fortinet.firewall.stage": "1", - "fortinet.firewall.status": "success", - "fortinet.firewall.subtype": "vpn", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "fortinet.firewall.vpntunnel": "testvpn", - "input.type": "log", - "log.level": "notice", - "log.offset": 9122, - "message": "progress IPsec phase 1", - "network.direction": "outbound", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "7.6.3.4", - "8.8.5.4" - ], - "rule.description": "Progress IPsec phase 1", - "service.type": "fortinet", - "source.geo.continent_name": "North America", - "source.geo.country_iso_code": "US", - "source.geo.country_name": "United States", - "source.geo.location.lat": 37.751, - "source.geo.location.lon": -97.822, - "source.ip": "7.6.3.4", - "source.port": 500, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T14:24:13.000-03:00", - "event.code": "0100041006", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T14:24:15.301-03:00", - "event.timezone": "-0300", - "fileset.name": "firewall", - "fortinet.firewall.subtype": "system", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "fortinet.firewall.version": "1.522479", - "input.type": "log", - "log.level": "notice", - "log.offset": 9692, - "message": "FortiSandbox AV database updated", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "FortiSandbox AV database updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:23:47.000-05:00", - "event.code": "0107045057", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T12:23:47.558-05:00", - "event.timezone": "-0500", - "fileset.name": "firewall", - "fortinet.firewall.action": "add", - "fortinet.firewall.connection_type": "sslvpn", - "fortinet.firewall.count": "2", - "fortinet.firewall.fctuid": "645234fdd01F885824F764", - "fortinet.firewall.ip": "172.16.0.2", - "fortinet.firewall.license_limit": "unlimited", - "fortinet.firewall.name": "somerouter", - "fortinet.firewall.status": "success", - "fortinet.firewall.subtype": "endpoint", - "fortinet.firewall.type": "event", - "fortinet.firewall.used_for_type": "3", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 9996, - "message": "Add a FortiClient Connection.", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.user": [ - "elastico" - ], - "rule.description": "FortiClient connection added", - "service.type": "fortinet", - "source.user.name": "elastico", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:23:47.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.6", - "event.category": [ - "network" - ], - "event.code": "0101039943", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T12:23:47.334-05:00", - "event.timezone": "-0500", - "event.type": [ - "connection" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "ssl-new-con", - "fortinet.firewall.subtype": "vpn", - "fortinet.firewall.tunnelid": "2", - "fortinet.firewall.tunneltype": "ssl", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 10466, - "message": "SSL new connection", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "8.8.8.6" - ], - "rule.description": "SSL VPN new connection", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:23:47.000-05:00", - "destination.as.number": 3356, - "destination.as.organization.name": "Level 3 Parent, LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.5.4", - "event.category": [ - "network" - ], - "event.code": "0101039947", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T12:23:47.698-05:00", - "event.timezone": "-0500", - "event.type": [ - "connection" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "tunnel-up", - "fortinet.firewall.reason": "tunnel established", - "fortinet.firewall.subtype": "vpn", - "fortinet.firewall.tunnelid": "2345", - "fortinet.firewall.tunnelip": "10.10.10.10", - "fortinet.firewall.tunneltype": "ssl-tunnel", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 10843, - "message": "SSL tunnel established", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "8.8.5.4" - ], - "related.user": [ - "someuser" - ], - "rule.description": "SSL VPN tunnel up", - "service.type": "fortinet", - "source.user.group.name": "somegroup", - "source.user.name": "someuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T14:16:42.000-03:00", - "event.category": [ - "authentication" - ], - "event.code": "0102043015", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T14:16:44.674-03:00", - "event.timezone": "-0300", - "event.type": [ - "end", - "user" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "FSSO-logoff", - "fortinet.firewall.server": "FSSO_somefssoserver", - "fortinet.firewall.subtype": "user", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 11274, - "message": "FSSO-logoff event from FSSO_somefssoserver: user elasticuser logged off 1192.168.1.1", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.1.1" - ], - "related.user": [ - "elasticadmin" - ], - "rule.description": "FSSO log off authentication status", - "service.type": "fortinet", - "source.ip": "192.168.1.1", - "source.user.name": "elasticadmin", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:16:02.000-05:00", - "event.code": "0100022915", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T12:16:03.121-05:00", - "event.timezone": "-0500", - "fileset.name": "firewall", - "fortinet.firewall.action": "connect", - "fortinet.firewall.server": "9.9.9.9", - "fortinet.firewall.subtype": "system", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 11699, - "message": "FortiCloud 9.9.9.9 server is connected", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "FortiCloud server connected", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:16:02.000-05:00", - "event.code": "0100022913", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2020-04-18T12:16:03.375-05:00", - "event.timezone": "-0500", - "fileset.name": "firewall", - "fortinet.firewall.action": "disconnect", - "fortinet.firewall.reason": "connection reset", - "fortinet.firewall.server": "4.4.4.4", - "fortinet.firewall.subtype": "system", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 12019, - "message": "FortiCloud 4.4.4.4 server is disconnected", - "observer.name": "testswitch3", - "observer.product": "Fortigate", - "observer.serial_number": "someotherrouteridagain", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "FortiCloud server disconnected", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:14:09.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 53, - "event.action": "dns", - "event.category": [ - "network" - ], - "event.code": "0000000011", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:14:09.761-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed", - "connection", - "end" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "dns", - "fortinet.firewall.craction": "54144", - "fortinet.firewall.crlevel": "low", - "fortinet.firewall.crscore": "5", - "fortinet.firewall.dstcountry": "Netherlands", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.sessionid": "435234", - "fortinet.firewall.srccountry": "Reserved", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "forward", - "fortinet.firewall.type": "traffic", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "warning", - "log.offset": 12374, - "network.iana_number": "17", - "network.protocol": "dns", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "newfirewall", - "observer.product": "Fortigate", - "observer.serial_number": "newrouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.1.6", - "8.8.8.8" - ], - "rule.category": "unscanned", - "rule.id": "26", - "rule.name": "elasticnewruleset", - "rule.ruleset": "policy", - "rule.uuid": "2345de-b143-52134d8-6654f-4654sdfg16f431", - "service.type": "fortinet", - "source.ip": "192.168.1.6", - "source.port": 53438, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:11:51.000-05:00", - "destination.as.number": 40386, - "destination.as.organization.name": "Bloomip Inc.", - "destination.bytes": 65446, - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.6.4.7", - "destination.packets": 1045601, - "destination.port": 6000, - "event.action": "accept", - "event.category": [ - "network" - ], - "event.code": "0000000020", - "event.dataset": "fortinet.firewall", - "event.duration": 5462000000000, - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:11:51.390-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed", - "connection", - "end" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "accept", - "fortinet.firewall.applist": "policylist", - "fortinet.firewall.dstcountry": "Netherlands", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.rcvddelta": "728", - "fortinet.firewall.sentdelta": "576", - "fortinet.firewall.sessionid": "4352", - "fortinet.firewall.srccountry": "Reserved", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "forward", - "fortinet.firewall.trandisp": "snat", - "fortinet.firewall.type": "traffic", - "fortinet.firewall.vd": "root", - "fortinet.firewall.vwlid": "0", - "input.type": "log", - "log.level": "notice", - "log.offset": 12966, - "network.bytes": 504096, - "network.iana_number": "17", - "network.packets": 1769018, - "network.protocol": "portname", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "newfirewall", - "observer.product": "Fortigate", - "observer.serial_number": "newrouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.10.10", - "8.6.4.7" - ], - "rule.category": "unknown", - "rule.id": "3426", - "rule.name": "newruleelastic", - "rule.ruleset": "policy", - "rule.uuid": "1765de8-5a13-765da73fdsfa1c", - "service.type": "fortinet", - "source.as.number": 4808, - "source.as.organization.name": "China Unicom Beijing Province Network", - "source.bytes": 438650, - "source.geo.city_name": "Beijing", - "source.geo.continent_name": "Asia", - "source.geo.country_iso_code": "CN", - "source.geo.country_name": "China", - "source.geo.location.lat": 39.9288, - "source.geo.location.lon": 116.3889, - "source.geo.region_iso_code": "CN-BJ", - "source.geo.region_name": "Beijing", - "source.ip": "192.168.10.10", - "source.nat.ip": "123.123.123.123", - "source.nat.port": 60964, - "source.packets": 723417, - "source.port": 6000, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:11:48.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.bytes": 20, - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "2001:4860:4860::8888", - "destination.packets": 0, - "event.action": "accept", - "event.category": [ - "network" - ], - "event.code": "0001000014", - "event.dataset": "fortinet.firewall", - "event.duration": 42000000000, - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:11:48.751-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed", - "connection", - "end", - "protocol" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "accept", - "fortinet.firewall.dstintfrole": "undefined", - "fortinet.firewall.identifier": "0", - "fortinet.firewall.sessionid": "6542345", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "local", - "fortinet.firewall.trandisp": "noop", - "fortinet.firewall.type": "traffic", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 13700, - "network.application": "icmp6/25/0", - "network.bytes": 3034, - "network.iana_number": "58", - "network.packets": 4, - "network.protocol": "icmp6/1/0", - "observer.egress.interface.name": "unknown0", - "observer.ingress.interface.name": "port1", - "observer.name": "newfirewall", - "observer.product": "Fortigate", - "observer.serial_number": "newrouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "2001:4860:4860::8888", - "2001:4860:4860::8888" - ], - "rule.category": "unscanned", - "rule.id": "0", - "rule.ruleset": "someotherpolicy", - "service.type": "fortinet", - "source.as.number": 15169, - "source.as.organization.name": "Google LLC", - "source.bytes": 3014, - "source.geo.continent_name": "North America", - "source.geo.country_iso_code": "US", - "source.geo.country_name": "United States", - "source.geo.location.lat": 37.751, - "source.geo.location.lon": -97.822, - "source.ip": "2001:4860:4860::8888", - "source.packets": 4, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T13:10:57.000-04:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.bytes": 10, - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.packets": 40, - "event.action": "accept", - "event.category": [ - "network" - ], - "event.code": "0001000014", - "event.dataset": "fortinet.firewall", - "event.duration": 20000000000, - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T13:10:57.509-04:00", - "event.timezone": "-0400", - "event.type": [ - "allowed", - "connection", - "end", - "protocol" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "accept", - "fortinet.firewall.dstcountry": "Norway", - "fortinet.firewall.dstintfrole": "undefined", - "fortinet.firewall.identifier": "61", - "fortinet.firewall.sessionid": "123", - "fortinet.firewall.srccountry": "Netherlands", - "fortinet.firewall.srcintfrole": "wan", - "fortinet.firewall.subtype": "local", - "fortinet.firewall.trandisp": "noop", - "fortinet.firewall.type": "traffic", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "notice", - "log.offset": 14250, - "network.application": "PING", - "network.bytes": 10, - "network.iana_number": "1", - "network.packets": 40, - "network.protocol": "ping", - "observer.egress.interface.name": "unknown0", - "observer.ingress.interface.name": "wan1", - "observer.name": "newfirewall", - "observer.product": "Fortigate", - "observer.serial_number": "newrouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "8.8.8.8", - "9.7.7.7" - ], - "rule.category": "unscanned", - "rule.id": "0", - "rule.ruleset": "rulepolicy", - "service.type": "fortinet", - "source.bytes": 0, - "source.geo.continent_name": "North America", - "source.geo.country_iso_code": "US", - "source.geo.country_name": "United States", - "source.geo.location.lat": 37.751, - "source.geo.location.lon": -97.822, - "source.ip": "9.7.7.7", - "source.packets": 0, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:14:39.000-05:00", - "destination.ip": "192.168.100.100", - "destination.port": 1235, - "event.action": "ip-conn", - "event.category": [ - "network" - ], - "event.code": "0000000011", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:14:39.841-05:00", - "event.timezone": "-0500", - "event.type": [ - "allowed", - "connection", - "end" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "ip-conn", - "fortinet.firewall.authserver": "FSSO_newfsso", - "fortinet.firewall.craction": "63332144", - "fortinet.firewall.crlevel": "low", - "fortinet.firewall.crscore": "5", - "fortinet.firewall.dstcountry": "Reserved", - "fortinet.firewall.dstintfrole": "undefined", - "fortinet.firewall.sessionid": "54234", - "fortinet.firewall.srccountry": "Reserved", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "forward", - "fortinet.firewall.type": "traffic", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "warning", - "log.offset": 14796, - "network.iana_number": "17", - "network.protocol": "udp/12302", - "observer.egress.interface.name": "newinterface", - "observer.ingress.interface.name": "port1", - "observer.name": "firewall3", - "observer.product": "Fortigate", - "observer.serial_number": "oldfwid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.1.1", - "192.168.100.100" - ], - "related.user": [ - "elasticsuper" - ], - "rule.category": "unscanned", - "rule.id": "49", - "rule.name": "oldpolicyname", - "rule.ruleset": "policy", - "rule.uuid": "654cc-b6542-53467u8-e45234-1566casd35f7836", - "service.type": "fortinet", - "source.ip": "192.168.1.1", - "source.port": 62493, - "source.user.name": "elasticsuper", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2020-04-23T12:14:28.000-05:00", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.bytes": 77654, - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.packets": 70, - "destination.port": 442, - "event.action": "close", - "event.category": [ - "network" - ], - "event.code": "0000000013", - "event.dataset": "fortinet.firewall", - "event.duration": 126000000000, - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2020-04-18T12:14:29.291-05:00", - "event.timezone": "-0500", - "event.type": [ - "connection", - "denied", - "end", - "protocol" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "close", - "fortinet.firewall.appact": "detected", - "fortinet.firewall.appid": "43540", - "fortinet.firewall.applist": "someapplist", - "fortinet.firewall.apprisk": "elevated", - "fortinet.firewall.authserver": "FSSO_something", - "fortinet.firewall.countapp": "1", - "fortinet.firewall.countweb": "1", - "fortinet.firewall.craction": "6144", - "fortinet.firewall.crlevel": "low", - "fortinet.firewall.crscore": "5", - "fortinet.firewall.dstcountry": "Netherlands", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.lanin": "1406", - "fortinet.firewall.lanout": "146506", - "fortinet.firewall.sessionid": "2345", - "fortinet.firewall.srccountry": "Reserved", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "forward", - "fortinet.firewall.trandisp": "snat", - "fortinet.firewall.type": "traffic", - "fortinet.firewall.utmaction": "block", - "fortinet.firewall.vd": "root", - "fortinet.firewall.vwlid": "4", - "fortinet.firewall.vwlquality": "Seq_num(3), alive, selected", - "fortinet.firewall.wanin": "1130", - "fortinet.firewall.wanout": "6671", - "input.type": "log", - "log.level": "notice", - "log.offset": 15459, - "network.application": "Skype.Portals", - "network.bytes": 78577, - "network.iana_number": "6", - "network.packets": 183, - "network.protocol": "https", - "observer.egress.interface.name": "wan1", - "observer.ingress.interface.name": "port1", - "observer.name": "firewall3", - "observer.product": "Fortigate", - "observer.serial_number": "oldfwid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "192.168.50.50", - "8.8.8.8" - ], - "related.user": [ - "elasticuser" - ], - "rule.category": "Collaboration", - "rule.id": "2365", - "rule.name": "someoldpolicyname", - "rule.ruleset": "policy", - "rule.uuid": "654644c-b064-fdgdf3425-f003-1234ghdf682e05f", - "service.type": "fortinet", - "source.as.number": 14618, - "source.as.organization.name": "Amazon.com, Inc.", - "source.bytes": 923, - "source.geo.city_name": "Ashburn", - "source.geo.continent_name": "North America", - "source.geo.country_iso_code": "US", - "source.geo.country_name": "United States", - "source.geo.location.lat": 39.0481, - "source.geo.location.lon": -77.4728, - "source.geo.region_iso_code": "US-VA", - "source.geo.region_name": "Virginia", - "source.ip": "192.168.50.50", - "source.nat.ip": "23.23.23.23", - "source.nat.port": 603, - "source.packets": 113, - "source.port": 56603, - "source.user.group.name": "testgroup", - "source.user.name": "elasticuser", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2019-05-15T18:03:36.000Z", - "destination.as.number": 41690, - "destination.as.organization.name": "Dailymotion S.A.", - "destination.geo.continent_name": "Europe", - "destination.geo.country_iso_code": "FR", - "destination.geo.country_name": "France", - "destination.geo.location.lat": 48.8582, - "destination.geo.location.lon": 2.3387, - "destination.ip": "195.8.215.136", - "destination.port": 443, - "event.action": "app-ctrl-all", - "event.category": [ - "network" - ], - "event.code": "1059028704", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.start": "2019-05-16T01:03:35.000Z", - "event.type": [ - "allowed" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "pass", - "fortinet.firewall.appid": "40568", - "fortinet.firewall.apprisk": "medium", - "fortinet.firewall.dstintfrole": "wan", - "fortinet.firewall.incidentserialno": "1962906680", - "fortinet.firewall.sessionid": "4414", - "fortinet.firewall.srcintfrole": "lan", - "fortinet.firewall.subtype": "app-ctrl", - "fortinet.firewall.type": "utm", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 16463, - "message": "Web.Client: HTTPS.BROWSER,", - "network.application": "HTTPS.BROWSER", - "network.direction": "outbound", - "network.iana_number": "6", - "network.protocol": "https", - "observer.egress.interface.name": "port9", - "observer.ingress.interface.name": "port10", - "observer.product": "Fortigate", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "10.1.100.22", - "195.8.215.136" - ], - "rule.category": "Web-Client", - "rule.id": "1", - "rule.ruleset": "block-social.media", - "service.type": "fortinet", - "source.ip": "10.1.100.22", - "source.port": 50798, - "tags": [ - "fortinet-firewall", - "forwarded" - ], - "tls.server.issuer": "DigiCert SHA2 High Assurance Server CA", - "tls.server.x509.issuer.common_name": "DigiCert SHA2 High Assurance Server CA", - "tls.server.x509.subject.common_name": "*.dailymotion.com", - "url.domain": "www.dailymotion.com", - "url.path": "/" - }, - { - "@timestamp": "2020-11-02T08:11:38.000Z", - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.8.8", - "destination.port": 500, - "event.category": [ - "network" - ], - "event.code": "0101037127", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.outcome": "success", - "event.type": [ - "connection" - ], - "fileset.name": "firewall", - "fortinet.firewall.action": "negotiate", - "fortinet.firewall.cookies": "125cbf9ee8349965/0000000000000000", - "fortinet.firewall.init": "local", - "fortinet.firewall.mode": "aggressive", - "fortinet.firewall.outintf": "port1", - "fortinet.firewall.result": "OK", - "fortinet.firewall.role": "initiator", - "fortinet.firewall.stage": "1", - "fortinet.firewall.status": "success", - "fortinet.firewall.subtype": "vpn", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "fortinet.firewall.vpntunnel": "P1_Test", - "input.type": "log", - "log.level": "notice", - "log.offset": 17123, - "message": "progress IPsec phase 1", - "network.direction": "outbound", - "observer.name": "testfirewall", - "observer.product": "Fortigate", - "observer.serial_number": "newrouterid", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "related.ip": [ - "10.10.10.10", - "8.8.8.8" - ], - "rule.description": "Progress IPsec phase 1", - "service.type": "fortinet", - "source.ip": "10.10.10.10", - "source.port": 500, - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.880+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "FCTEMS0000011111_AV-Running", - "fortinet.firewall.fctemssn": "FCTEMS0000011111", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 17632, - "message": "Updated tag FCTEMS0000011111_AV-Running.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EEF34CD12AB", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.880+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_AV-Running", - "fortinet.firewall.fctemssn": "FCTEMS0000011111", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 17978, - "message": "Updated tag MAC_FCTEMS0000011111_AV-Running.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EEF34CD12AB", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.880+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "FCTEMS0000011111_Connected-to-EMS", - "fortinet.firewall.fctemssn": "FCTEMS0000011111", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 18332, - "message": "Updated tag FCTEMS0000011111_Connected-to-EMS.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EEF34CD12AB", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.880+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_Connected-to-EMS", - "fortinet.firewall.fctemssn": "FCTEMS0000011111", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 18690, - "message": "Updated tag MAC_FCTEMS0000011111_Connected-to-EMS.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EEF34CD12AB", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.900+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "FCTEMS0000011111_AV-Running", - "fortinet.firewall.fctemssn": "(null)", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 19056, - "message": "Updated tag FCTEMS0000011111_AV-Running.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EAB12CD34EF", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.900+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_AV-Running", - "fortinet.firewall.fctemssn": "(null)", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 19392, - "message": "Updated tag MAC_FCTEMS0000011111_AV-Running.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EAB12CD34EF", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.900+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "FCTEMS0000011111_Connected-to-EMS", - "fortinet.firewall.fctemssn": "(null)", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 19736, - "message": "Updated tag FCTEMS0000011111_Connected-to-EMS.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EAB12CD34EF", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - }, - { - "@timestamp": "2021-05-07T08:31:14.000+01:00", - "event.code": "0112053203", - "event.dataset": "fortinet.firewall", - "event.kind": "event", - "event.module": "fortinet", - "event.start": "2021-05-07T08:31:14.900+01:00", - "event.timezone": "+0100", - "fileset.name": "firewall", - "fortinet.firewall.addrgrp": "MAC_FCTEMS0000011111_Connected-to-EMS", - "fortinet.firewall.fctemssn": "(null)", - "fortinet.firewall.subtype": "connector", - "fortinet.firewall.type": "event", - "fortinet.firewall.vd": "root", - "input.type": "log", - "log.level": "information", - "log.offset": 20084, - "message": "Updated tag MAC_FCTEMS0000011111_Connected-to-EMS.", - "observer.name": "firewall", - "observer.product": "Fortigate", - "observer.serial_number": "FG201EAB12CD34EF", - "observer.type": "firewall", - "observer.vendor": "Fortinet", - "rule.description": "Dynamic address updated", - "service.type": "fortinet", - "tags": [ - "fortinet-firewall", - "forwarded" - ] - } -] \ No newline at end of file diff --git a/x-pack/filebeat/module/fortinet/firewall/test/traffic.log b/x-pack/filebeat/module/fortinet/firewall/test/traffic.log new file mode 100644 index 00000000000..5da8ddc11e0 --- /dev/null +++ b/x-pack/filebeat/module/fortinet/firewall/test/traffic.log @@ -0,0 +1,13 @@ +<189>date=2020-04-23 time=01:16:08 devname="testswitch1" devid="somerouterid" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="OPERATIONAL" eventtime=1592961368 srcip=10.10.10.10 srcport=60899 srcintf="srcintfname" srcintfrole="lan" dstip=8.8.8.8 dstport=161 dstintf="dstintfname" dstintfrole="lan" sessionid=155313 proto=17 action="deny" policyid=0 policytype="policy" service="SNMP" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high" +<188>date=2020-04-23 time=12:14:09 devname="newfirewall" devid="newrouterid" logid="0000000011" type="traffic" subtype="forward" level="warning" vd="root" eventtime=1587230049761513222 tz="-0500" srcip=192.168.1.6 srcport=53438 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" sessionid=435234 proto=17 action="dns" policyid=26 policytype="policy" poluuid="2345de-b143-52134d8-6654f-4654sdfg16f431" policyname="elasticnewruleset" service="DNS" dstcountry="Netherlands" srccountry="Reserved" appcat="unscanned" crscore=5 craction=54144 crlevel="low" +<189>date=2020-04-23 time=12:11:51 devname="newfirewall" devid="newrouterid" logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1587229911390385486 tz="-0500" srcip=192.168.10.10 srcport=6000 srcintf="port1" srcintfrole="lan" dstip=8.6.4.7 dstport=6000 dstintf="wan1" dstintfrole="wan" sessionid=4352 proto=17 action="accept" policyid=3426 policytype="policy" poluuid="1765de8-5a13-765da73fdsfa1c" policyname="newruleelastic" service="portname" dstcountry="Netherlands" srccountry="Reserved" trandisp="snat" transip=123.123.123.123 transport=60964 appcat="unknown" applist="policylist" duration=5462 sentbyte=438650 rcvdbyte=65446 sentpkt=723417 rcvdpkt=1045601 vwlid=0 sentdelta=576 rcvddelta=728 +<189>date=2020-04-23 time=12:11:48 devname="newfirewall" devid="newrouterid" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" eventtime=1587229908751434997 tz="-0500" srcip=2001:4860:4860::8888 identifier=0 srcintf="port1" srcintfrole="lan" dstip=2001:4860:4860::8888 dstintf="unknown0" dstintfrole="undefined" sessionid=6542345 proto=58 action="accept" policyid=0 policytype="someotherpolicy" service="icmp6/1/0" trandisp="noop" app="icmp6/25/0" duration=42 sentbyte=3014 rcvdbyte=20 sentpkt=4 rcvdpkt=0 appcat="unscanned" +<189>date=2020-04-23 time=13:10:57 devname="newfirewall" devid="newrouterid" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" eventtime=1587229857509058693 tz="-0400" srcip=9.7.7.7 identifier=61 srcintf="wan1" srcintfrole="wan" dstip=8.8.8.8 dstintf="unknown0" dstintfrole="undefined" sessionid=123 proto=1 action="accept" policyid=0 policytype="rulepolicy" service="PING" dstcountry="Norway" srccountry="Netherlands" trandisp="noop" app="PING" duration=20 sentbyte=0 rcvdbyte=10 sentpkt=0 rcvdpkt=40 appcat="unscanned" +<188>date=2020-04-23 time=12:14:39 devname="firewall3" devid="oldfwid" logid="0000000011" type="traffic" subtype="forward" level="warning" vd="root" eventtime=1587230079841464445 tz="-0500" srcip=192.168.1.1 srcport=62493 srcintf="port1" srcintfrole="lan" dstip=192.168.100.100 dstport=1235 dstintf="newinterface" dstintfrole="undefined" sessionid=54234 proto=17 action="ip-conn" policyid=49 policytype="policy" poluuid="654cc-b6542-53467u8-e45234-1566casd35f7836" policyname="oldpolicyname" user="elasticsuper" authserver="FSSO_newfsso" service="udp/12302" dstcountry="Reserved" srccountry="Reserved" appcat="unscanned" crscore=5 craction=63332144 crlevel="low" +<189>date=2020-04-23 time=12:14:28 devname="firewall3" devid="oldfwid" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1587230069291463928 tz="-0500" srcip=192.168.50.50 srcport=56603 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=442 dstintf="wan1" dstintfrole="wan" sessionid=2345 proto=6 action="close" policyid=2365 policytype="policy" poluuid="654644c-b064-fdgdf3425-f003-1234ghdf682e05f" policyname="someoldpolicyname" user="elasticuser" group="testgroup" authserver="FSSO_something" service="HTTPS" dstcountry="Netherlands" srccountry="Reserved" trandisp="snat" transip=23.23.23.23 transport=603 appid=43540 app="Skype.Portals" appcat="Collaboration" apprisk="elevated" applist="someapplist" appact="detected" duration=126 sentbyte=923 rcvdbyte=77654 sentpkt=113 rcvdpkt=70 vwlid=4 vwlquality="Seq_num(3), alive, selected" wanin=1130 wanout=6671 lanin=1406 lanout=146506 utmaction="block" countweb=1 countapp=1 crscore=5 craction=6144 crlevel="low" +<189>date=2019-03-31 time=06:42:54 logid="0002000012" type="traffic" subtype="multicast" level="notice" vd="vdom1" eventtime=1554039772 srcip=172.16.200.55 srcport=60660 srcintf="port25" srcintfrole="undefined" dstip=230.1.1.2 dstport=7878 dstintf="port3" dstintfrole="undefined" sessionid=1162 proto=17 action="accept" policyid=1 policytype="multicast-policy" service="udp/7878" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=22 sentbyte=5940 rcvdbyte=0 sentpkt=11 rcvdpkt=0 appcat="unscanned" +<189>date=2019-05-10 time=14:18:54 logid="0004000017" type="traffic" subtype="sniffer" level="notice" vd="root" eventtime=1557523134021045897 srcip=208.91.114.4 srcport=50463 srcintf="port1" srcintfrole="undefined" dstip=104.80.88.154 dstport=443 dstintf="port1" dstintfrole="undefined" sessionid=2193276 proto=6 action="accept" policyid=3 policytype="sniffer" service="HTTPS" dstcountry="United States" srccountry="Canada" trandisp="snat" transip=0.0.0.0 transport=0 duration=10 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 appcat="unscanned" utmaction="allow" countips=1 crscore=5 craction=32768 sentdelta=0 rcvddelta=0 utmref=65162-7772 +<189>date=2019-05-13 time=11:45:04 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1557773104815101919 srcip=10.1.100.11 srcport=60446 srcintf="port12" srcintfrole="undefined" dstip=172.16.200.55 dstport=80 dstintf="port11" dstintfrole="undefined" srcuuid="48420c8a-5c88-51e9-0424-a37f9e74621e" dstuuid="187d6f46-5c86-51e9-70a0-fadcfc349c3e" poluuid="3888b41a-5c88-51e9-cb32-1c32c66b4edf" sessionid=359260 proto=6 action="close" policyid=4 policytype="policy" service="HTTP" dstcountry="Reserved" srccountry="Reserved" trandisp="snat" transip=172.16.200.2 transport=60446 appid=15893 app="HTTP.BROWSER" appcat="Web.Client" apprisk="medium" applist="g-default" duration=1 sentbyte=412 rcvdbyte=2286 sentpkt=6 rcvdpkt=6 wanin=313 wanout=92 lanin=92 lanout=92 utmaction="block" countav=1 countapp=1 crscore=50 craction=2 osname="Ubuntu" mastersrcmac="a2:e9:00:ec:40:01" srcmac="a2:e9:00:ec:40:01" srcserver=0 utmref=65497-770 +<189>date=2019-05-13 time=16:29:50 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1557790190452146185 srcip=10.1.100.11 srcport=44258 srcintf="port12" srcintfrole="undefined" dstip=185.244.31.158 dstport=80 dstintf="port11" dstintfrole="undefined" srcuuid="ae28f494-5735-51e9-f247-d1d2ce663f4b" dstuuid="ae28f494-5735-51e9-f247-d1d2ce663f4b" poluuid="ccb269e0-5735-51e9-a218-a397dd08b7eb" sessionid=381780 proto=6 action="close" policyid=1 policytype="policy" service="HTTP" dstcountry="Germany" srccountry="Reserved" trandisp="snat" transip=172.16.200.2 transport=44258 duration=5 sentbyte=736 rcvdbyte=3138 sentpkt=14 rcvdpkt=5 appcat="unscanned" utmaction="block" countweb=1 crscore=30 craction=4194304 osname="Ubuntu" mastersrcmac="a2:e9:00:ec:40:01" srcmac="a2:e9:00:ec:40:01" srcserver=0 utmref=65497-796 +<189>date=2019-05-15 time=17:58:10 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1557968289 srcip=10.1.100.22 srcport=46810 srcintf="port10" srcintfrole="lan" dstip=172.16.200.55 dstport=80 dstintf="port9" dstintfrole="wan" poluuid="d8ce7a90-7763-51e9-e2be-741294c96f31" sessionid=4017 proto=6 action="close" policyid=1 policytype="policy" service="HTTP" dstcountry="Reserved" srccountry="Reserved" trandisp="snat" transip=172.16.200.10 transport=46810 duration=89 sentbyte=565 rcvdbyte=9112 sentpkt=9 rcvdpkt=8 appcat="unscanned" utmaction="block" countips=1 crscore=50 craction=4096 devtype="Unknown" devcategory="None" mastersrcmac="00:0c:29:51:38:5e" srcmac="00:0c:29:51:38:5e" srcserver=0 utmref=0-302 +<189>date=2019-05-15 time=17:45:34 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1557967534 srcip=10.1.100.22 srcport=50354 srcintf="port10" srcintfrole="lan" dstip=52.216.177.83 dstport=443 dstintf="port9" dstintfrole="wan" poluuid="d8ce7a90-7763-51e9-e2be-741294c96f31" sessionid=3423 proto=6 action="server-rst" policyid=1 policytype="policy" service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=172.16.200.10 transport=50354 duration=5 sentbyte=2314 rcvdbyte=5266 sentpkt=33 rcvdpkt=12 appcat="unscanned" wanin=43936 wanout=710 lanin=753 lanout=753 utmaction="block" countdlp=1 crscore=5 craction=262144 crlevel="low" devtype="Unknown" devcategory="None" mastersrcmac="00:0c:29:51:38:5e" srcmac="00:0c:29:51:38:5e" srcserver=0 utmref=0-152 diff --git a/x-pack/filebeat/module/fortinet/firewall/test/traffic.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/traffic.log-expected.json new file mode 100644 index 00000000000..69668eff862 --- /dev/null +++ b/x-pack/filebeat/module/fortinet/firewall/test/traffic.log-expected.json @@ -0,0 +1,1079 @@ +[ + { + "@timestamp": "2020-04-23T01:16:08.000Z", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 0, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 161, + "event.action": "deny", + "event.category": [ + "network" + ], + "event.code": "0000000013", + "event.dataset": "fortinet.firewall", + "event.duration": 0, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-06-24T01:16:08.000Z", + "event.type": [ + "connection", + "denied", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "deny", + "fortinet.firewall.craction": "131072", + "fortinet.firewall.crlevel": "high", + "fortinet.firewall.crscore": "30", + "fortinet.firewall.dstcountry": "Reserved", + "fortinet.firewall.dstintfrole": "lan", + "fortinet.firewall.sessionid": "155313", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.trandisp": "noop", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.vd": "OPERATIONAL", + "input.type": "log", + "log.level": "notice", + "log.offset": 0, + "network.bytes": 0, + "network.community_id": "1:5XHCUlirlh1DoTaoFuXEVxc6Obs=", + "network.iana_number": "17", + "network.protocol": "snmp", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "dstintfname", + "observer.ingress.interface.name": "srcintfname", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.10.10.10", + "8.8.8.8" + ], + "rule.category": "unscanned", + "rule.id": "0", + "rule.ruleset": "policy", + "service.type": "fortinet", + "source.bytes": 0, + "source.ip": "10.10.10.10", + "source.packets": 0, + "source.port": 60899, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:14:09.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "event.action": "dns", + "event.category": [ + "network" + ], + "event.code": "0000000011", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:14:09.761-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed", + "connection", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "dns", + "fortinet.firewall.craction": "54144", + "fortinet.firewall.crlevel": "low", + "fortinet.firewall.crscore": "5", + "fortinet.firewall.dstcountry": "Netherlands", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.sessionid": "435234", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "warning", + "log.offset": 571, + "network.community_id": "1:3UJ+CJ3YHclw01NEh4cnwf958wY=", + "network.iana_number": "17", + "network.protocol": "dns", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "newfirewall", + "observer.product": "Fortigate", + "observer.serial_number": "newrouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.1.6", + "8.8.8.8" + ], + "rule.category": "unscanned", + "rule.id": "26", + "rule.name": "elasticnewruleset", + "rule.ruleset": "policy", + "rule.uuid": "2345de-b143-52134d8-6654f-4654sdfg16f431", + "service.type": "fortinet", + "source.ip": "192.168.1.6", + "source.port": 53438, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:11:51.000-05:00", + "destination.as.number": 40386, + "destination.as.organization.name": "Bloomip Inc.", + "destination.bytes": 65446, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.6.4.7", + "destination.packets": 1045601, + "destination.port": 6000, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.code": "0000000020", + "event.dataset": "fortinet.firewall", + "event.duration": 5462000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:11:51.390-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed", + "connection", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "accept", + "fortinet.firewall.applist": "policylist", + "fortinet.firewall.dstcountry": "Netherlands", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.rcvddelta": "728", + "fortinet.firewall.sentdelta": "576", + "fortinet.firewall.sessionid": "4352", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.trandisp": "snat", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.vd": "root", + "fortinet.firewall.vwlid": "0", + "input.type": "log", + "log.level": "notice", + "log.offset": 1163, + "network.bytes": 504096, + "network.community_id": "1:1+gwRFW+FnJQJZjzI/5oD2giJeY=", + "network.iana_number": "17", + "network.packets": 1769018, + "network.protocol": "portname", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "newfirewall", + "observer.product": "Fortigate", + "observer.serial_number": "newrouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.10.10", + "8.6.4.7" + ], + "rule.category": "unknown", + "rule.id": "3426", + "rule.name": "newruleelastic", + "rule.ruleset": "policy", + "rule.uuid": "1765de8-5a13-765da73fdsfa1c", + "service.type": "fortinet", + "source.as.number": 4808, + "source.as.organization.name": "China Unicom Beijing Province Network", + "source.bytes": 438650, + "source.geo.city_name": "Beijing", + "source.geo.continent_name": "Asia", + "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", + "source.geo.location.lat": 39.9288, + "source.geo.location.lon": 116.3889, + "source.geo.region_iso_code": "CN-BJ", + "source.geo.region_name": "Beijing", + "source.ip": "192.168.10.10", + "source.nat.ip": "123.123.123.123", + "source.nat.port": 60964, + "source.packets": 723417, + "source.port": 6000, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:11:48.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 20, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "2001:4860:4860::8888", + "destination.packets": 0, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.code": "0001000014", + "event.dataset": "fortinet.firewall", + "event.duration": 42000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:11:48.751-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed", + "connection", + "end", + "protocol" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "accept", + "fortinet.firewall.identifier": "0", + "fortinet.firewall.sessionid": "6542345", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "local", + "fortinet.firewall.trandisp": "noop", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 1897, + "network.application": "icmp6/25/0", + "network.bytes": 3034, + "network.community_id": "1:ajyH1GcZSUXhLMFORcVo2L1sA1Y=", + "network.iana_number": "58", + "network.packets": 4, + "network.protocol": "icmp6/1/0", + "network.transport": "ipv6-icmp", + "network.type": "ipv6", + "observer.egress.interface.name": "unknown0", + "observer.ingress.interface.name": "port1", + "observer.name": "newfirewall", + "observer.product": "Fortigate", + "observer.serial_number": "newrouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "2001:4860:4860::8888" + ], + "rule.category": "unscanned", + "rule.id": "0", + "rule.ruleset": "someotherpolicy", + "service.type": "fortinet", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.bytes": 3014, + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "2001:4860:4860::8888", + "source.packets": 4, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T13:10:57.000-04:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 10, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 40, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.code": "0001000014", + "event.dataset": "fortinet.firewall", + "event.duration": 20000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T13:10:57.509-04:00", + "event.timezone": "-0400", + "event.type": [ + "allowed", + "connection", + "end", + "protocol" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "accept", + "fortinet.firewall.dstcountry": "Norway", + "fortinet.firewall.identifier": "61", + "fortinet.firewall.sessionid": "123", + "fortinet.firewall.srccountry": "Netherlands", + "fortinet.firewall.srcintfrole": "wan", + "fortinet.firewall.subtype": "local", + "fortinet.firewall.trandisp": "noop", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 2447, + "network.application": "PING", + "network.bytes": 10, + "network.community_id": "1:e4Ubz/EgdwpC5IEhMK4GmP2pwJM=", + "network.iana_number": "1", + "network.packets": 40, + "network.protocol": "ping", + "network.transport": "icmp", + "network.type": "ipv4", + "observer.egress.interface.name": "unknown0", + "observer.ingress.interface.name": "wan1", + "observer.name": "newfirewall", + "observer.product": "Fortigate", + "observer.serial_number": "newrouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "8.8.8.8", + "9.7.7.7" + ], + "rule.category": "unscanned", + "rule.id": "0", + "rule.ruleset": "rulepolicy", + "service.type": "fortinet", + "source.bytes": 0, + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "9.7.7.7", + "source.packets": 0, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:14:39.000-05:00", + "destination.ip": "192.168.100.100", + "destination.port": 1235, + "event.action": "ip-conn", + "event.category": [ + "network" + ], + "event.code": "0000000011", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:14:39.841-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed", + "connection", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "ip-conn", + "fortinet.firewall.authserver": "FSSO_newfsso", + "fortinet.firewall.craction": "63332144", + "fortinet.firewall.crlevel": "low", + "fortinet.firewall.crscore": "5", + "fortinet.firewall.dstcountry": "Reserved", + "fortinet.firewall.sessionid": "54234", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "warning", + "log.offset": 2993, + "network.community_id": "1:8S1phidNTgIiEGM89KsStyENoH8=", + "network.iana_number": "17", + "network.protocol": "udp/12302", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "newinterface", + "observer.ingress.interface.name": "port1", + "observer.name": "firewall3", + "observer.product": "Fortigate", + "observer.serial_number": "oldfwid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.1.1", + "192.168.100.100" + ], + "related.user": [ + "elasticsuper" + ], + "rule.category": "unscanned", + "rule.id": "49", + "rule.name": "oldpolicyname", + "rule.ruleset": "policy", + "rule.uuid": "654cc-b6542-53467u8-e45234-1566casd35f7836", + "service.type": "fortinet", + "source.ip": "192.168.1.1", + "source.port": 62493, + "source.user.name": "elasticsuper", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:14:28.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 77654, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.packets": 70, + "destination.port": 442, + "event.action": "close", + "event.category": [ + "network" + ], + "event.code": "0000000013", + "event.dataset": "fortinet.firewall", + "event.duration": 126000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:14:29.291-05:00", + "event.timezone": "-0500", + "event.type": [ + "connection", + "denied", + "end", + "protocol" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "close", + "fortinet.firewall.appact": "detected", + "fortinet.firewall.appid": "43540", + "fortinet.firewall.applist": "someapplist", + "fortinet.firewall.apprisk": "elevated", + "fortinet.firewall.authserver": "FSSO_something", + "fortinet.firewall.countapp": "1", + "fortinet.firewall.countweb": "1", + "fortinet.firewall.craction": "6144", + "fortinet.firewall.crlevel": "low", + "fortinet.firewall.crscore": "5", + "fortinet.firewall.dstcountry": "Netherlands", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.lanin": "1406", + "fortinet.firewall.lanout": "146506", + "fortinet.firewall.sessionid": "2345", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.trandisp": "snat", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.utmaction": "block", + "fortinet.firewall.vd": "root", + "fortinet.firewall.vwlid": "4", + "fortinet.firewall.vwlquality": "Seq_num(3), alive, selected", + "fortinet.firewall.wanin": "1130", + "fortinet.firewall.wanout": "6671", + "input.type": "log", + "log.level": "notice", + "log.offset": 3656, + "network.application": "Skype.Portals", + "network.bytes": 78577, + "network.community_id": "1:a9EOn6Ei99BmsI8Wi5+qyGjIUgI=", + "network.iana_number": "6", + "network.packets": 183, + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "firewall3", + "observer.product": "Fortigate", + "observer.serial_number": "oldfwid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.50.50", + "8.8.8.8" + ], + "related.user": [ + "elasticuser" + ], + "rule.category": "Collaboration", + "rule.id": "2365", + "rule.name": "someoldpolicyname", + "rule.ruleset": "policy", + "rule.uuid": "654644c-b064-fdgdf3425-f003-1234ghdf682e05f", + "service.type": "fortinet", + "source.as.number": 14618, + "source.as.organization.name": "Amazon.com, Inc.", + "source.bytes": 923, + "source.geo.city_name": "Ashburn", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 39.0481, + "source.geo.location.lon": -77.4728, + "source.geo.region_iso_code": "US-VA", + "source.geo.region_name": "Virginia", + "source.ip": "192.168.50.50", + "source.nat.ip": "23.23.23.23", + "source.nat.port": 603, + "source.packets": 113, + "source.port": 56603, + "source.user.group.name": "testgroup", + "source.user.name": "elasticuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-31T06:42:54.000Z", + "destination.bytes": 0, + "destination.ip": "230.1.1.2", + "destination.packets": 0, + "destination.port": 7878, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.code": "0002000012", + "event.dataset": "fortinet.firewall", + "event.duration": 22000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-03-31T13:42:52.000Z", + "event.type": [ + "allowed", + "connection", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "accept", + "fortinet.firewall.dstcountry": "Reserved", + "fortinet.firewall.sessionid": "1162", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.subtype": "multicast", + "fortinet.firewall.trandisp": "noop", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "notice", + "log.offset": 4660, + "network.bytes": 5940, + "network.community_id": "1:2HKGEYlW4AJ/Af+zmajWDRu3kog=", + "network.iana_number": "17", + "network.packets": 11, + "network.protocol": "udp/7878", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port25", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "172.16.200.55", + "230.1.1.2" + ], + "rule.category": "unscanned", + "rule.id": "1", + "rule.ruleset": "multicast-policy", + "service.type": "fortinet", + "source.bytes": 5940, + "source.ip": "172.16.200.55", + "source.packets": 11, + "source.port": 60660, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-10T14:18:54.000Z", + "destination.as.number": 20940, + "destination.as.organization.name": "Akamai International B.V.", + "destination.bytes": 0, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "104.80.88.154", + "destination.packets": 0, + "destination.port": 443, + "event.action": "accept", + "event.category": [ + "network" + ], + "event.code": "0004000017", + "event.dataset": "fortinet.firewall", + "event.duration": 10000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-10T21:18:54.021Z", + "event.type": [ + "connection", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "accept", + "fortinet.firewall.countips": "1", + "fortinet.firewall.craction": "32768", + "fortinet.firewall.crscore": "5", + "fortinet.firewall.dstcountry": "United States", + "fortinet.firewall.rcvddelta": "0", + "fortinet.firewall.sentdelta": "0", + "fortinet.firewall.sessionid": "2193276", + "fortinet.firewall.srccountry": "Canada", + "fortinet.firewall.subtype": "sniffer", + "fortinet.firewall.trandisp": "snat", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.utmaction": "allow", + "fortinet.firewall.utmref": "65162-7772", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 5177, + "network.bytes": 0, + "network.community_id": "1:xA35Yo5iuXuJBnFVsWZvOqdphyc=", + "network.iana_number": "6", + "network.packets": 0, + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port1", + "observer.ingress.interface.name": "port1", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "104.80.88.154", + "208.91.114.4" + ], + "rule.category": "unscanned", + "rule.id": "3", + "rule.ruleset": "sniffer", + "service.type": "fortinet", + "source.as.number": 40934, + "source.as.organization.name": "Fortinet Inc.", + "source.bytes": 0, + "source.geo.city_name": "Surrey", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "CA", + "source.geo.country_name": "Canada", + "source.geo.location.lat": 49.1963, + "source.geo.location.lon": -122.8106, + "source.geo.region_iso_code": "CA-BC", + "source.geo.region_name": "British Columbia", + "source.ip": "208.91.114.4", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, + "source.packets": 0, + "source.port": 50463, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-13T11:45:04.000Z", + "destination.bytes": 2286, + "destination.ip": "172.16.200.55", + "destination.packets": 6, + "destination.port": 80, + "event.action": "close", + "event.category": [ + "network" + ], + "event.code": "0000000013", + "event.dataset": "fortinet.firewall", + "event.duration": 1000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-13T18:45:04.815Z", + "event.type": [ + "connection", + "denied", + "end", + "protocol" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "close", + "fortinet.firewall.appid": "15893", + "fortinet.firewall.applist": "g-default", + "fortinet.firewall.apprisk": "medium", + "fortinet.firewall.countapp": "1", + "fortinet.firewall.countav": "1", + "fortinet.firewall.craction": "2", + "fortinet.firewall.crscore": "50", + "fortinet.firewall.dstcountry": "Reserved", + "fortinet.firewall.dstuuid": "187d6f46-5c86-51e9-70a0-fadcfc349c3e", + "fortinet.firewall.lanin": "92", + "fortinet.firewall.lanout": "92", + "fortinet.firewall.mastersrcmac": "a2:e9:00:ec:40:01", + "fortinet.firewall.osname": "Ubuntu", + "fortinet.firewall.sessionid": "359260", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcserver": "0", + "fortinet.firewall.srcuuid": "48420c8a-5c88-51e9-0424-a37f9e74621e", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.trandisp": "snat", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.utmaction": "block", + "fortinet.firewall.utmref": "65497-770", + "fortinet.firewall.vd": "vdom1", + "fortinet.firewall.wanin": "313", + "fortinet.firewall.wanout": "92", + "input.type": "log", + "log.level": "notice", + "log.offset": 5814, + "network.application": "HTTP.BROWSER", + "network.bytes": 2698, + "network.community_id": "1:mS2/WPDX46+WauGLEZvCIQ/IKK0=", + "network.iana_number": "6", + "network.packets": 12, + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port11", + "observer.ingress.interface.name": "port12", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "172.16.200.55" + ], + "rule.category": "Web-Client", + "rule.id": "4", + "rule.ruleset": "policy", + "rule.uuid": "3888b41a-5c88-51e9-cb32-1c32c66b4edf", + "service.type": "fortinet", + "source.bytes": 412, + "source.ip": "10.1.100.11", + "source.mac": "a2:e9:00:ec:40:01", + "source.nat.ip": "172.16.200.2", + "source.nat.port": 60446, + "source.packets": 6, + "source.port": 60446, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-13T16:29:50.000Z", + "destination.as.number": 42831, + "destination.as.organization.name": "UK Dedicated Servers Limited", + "destination.bytes": 3138, + "destination.geo.city_name": "Coventry", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 52.382, + "destination.geo.location.lon": -1.5874, + "destination.geo.region_iso_code": "GB-COV", + "destination.geo.region_name": "Coventry", + "destination.ip": "185.244.31.158", + "destination.packets": 5, + "destination.port": 80, + "event.action": "close", + "event.category": [ + "network" + ], + "event.code": "0000000013", + "event.dataset": "fortinet.firewall", + "event.duration": 5000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-13T23:29:50.452Z", + "event.type": [ + "connection", + "denied", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "close", + "fortinet.firewall.countweb": "1", + "fortinet.firewall.craction": "4194304", + "fortinet.firewall.crscore": "30", + "fortinet.firewall.dstcountry": "Germany", + "fortinet.firewall.dstuuid": "ae28f494-5735-51e9-f247-d1d2ce663f4b", + "fortinet.firewall.mastersrcmac": "a2:e9:00:ec:40:01", + "fortinet.firewall.osname": "Ubuntu", + "fortinet.firewall.sessionid": "381780", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcserver": "0", + "fortinet.firewall.srcuuid": "ae28f494-5735-51e9-f247-d1d2ce663f4b", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.trandisp": "snat", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.utmaction": "block", + "fortinet.firewall.utmref": "65497-796", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "notice", + "log.offset": 6777, + "network.bytes": 3874, + "network.community_id": "1:6Q3s77giRtaDlbjtG7Qfum6LzEk=", + "network.iana_number": "6", + "network.packets": 19, + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port11", + "observer.ingress.interface.name": "port12", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "185.244.31.158" + ], + "rule.category": "unscanned", + "rule.id": "1", + "rule.ruleset": "policy", + "rule.uuid": "ccb269e0-5735-51e9-a218-a397dd08b7eb", + "service.type": "fortinet", + "source.bytes": 736, + "source.ip": "10.1.100.11", + "source.mac": "a2:e9:00:ec:40:01", + "source.nat.ip": "172.16.200.2", + "source.nat.port": 44258, + "source.packets": 14, + "source.port": 44258, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-15T17:58:10.000Z", + "destination.bytes": 9112, + "destination.ip": "172.16.200.55", + "destination.packets": 8, + "destination.port": 80, + "event.action": "close", + "event.category": [ + "network" + ], + "event.code": "0000000013", + "event.dataset": "fortinet.firewall", + "event.duration": 89000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-16T00:58:09.000Z", + "event.type": [ + "connection", + "denied", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "close", + "fortinet.firewall.countips": "1", + "fortinet.firewall.craction": "4096", + "fortinet.firewall.crscore": "50", + "fortinet.firewall.devcategory": "None", + "fortinet.firewall.devtype": "Unknown", + "fortinet.firewall.dstcountry": "Reserved", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.mastersrcmac": "00:0c:29:51:38:5e", + "fortinet.firewall.sessionid": "4017", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.srcserver": "0", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.trandisp": "snat", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.utmaction": "block", + "fortinet.firewall.utmref": "0-302", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 7629, + "network.bytes": 9677, + "network.community_id": "1:h1lO9dsjUlBQibNPDwk2LSH5uV4=", + "network.iana_number": "6", + "network.packets": 17, + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port9", + "observer.ingress.interface.name": "port10", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.22", + "172.16.200.55" + ], + "rule.category": "unscanned", + "rule.id": "1", + "rule.ruleset": "policy", + "rule.uuid": "d8ce7a90-7763-51e9-e2be-741294c96f31", + "service.type": "fortinet", + "source.bytes": 565, + "source.ip": "10.1.100.22", + "source.mac": "00:0c:29:51:38:5e", + "source.nat.ip": "172.16.200.10", + "source.nat.port": 46810, + "source.packets": 9, + "source.port": 46810, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-15T17:45:34.000Z", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.bytes": 5266, + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.216.177.83", + "destination.packets": 12, + "destination.port": 443, + "event.action": "server-rst", + "event.category": [ + "network" + ], + "event.code": "0000000013", + "event.dataset": "fortinet.firewall", + "event.duration": 5000000000, + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-16T00:45:34.000Z", + "event.type": [ + "connection", + "denied", + "end" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "server-rst", + "fortinet.firewall.countdlp": "1", + "fortinet.firewall.craction": "262144", + "fortinet.firewall.crlevel": "low", + "fortinet.firewall.crscore": "5", + "fortinet.firewall.devcategory": "None", + "fortinet.firewall.devtype": "Unknown", + "fortinet.firewall.dstcountry": "United States", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.lanin": "753", + "fortinet.firewall.lanout": "753", + "fortinet.firewall.mastersrcmac": "00:0c:29:51:38:5e", + "fortinet.firewall.sessionid": "3423", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.srcserver": "0", + "fortinet.firewall.subtype": "forward", + "fortinet.firewall.trandisp": "snat", + "fortinet.firewall.type": "traffic", + "fortinet.firewall.utmaction": "block", + "fortinet.firewall.utmref": "0-152", + "fortinet.firewall.vd": "root", + "fortinet.firewall.wanin": "43936", + "fortinet.firewall.wanout": "710", + "input.type": "log", + "log.level": "notice", + "log.offset": 8377, + "network.bytes": 7580, + "network.community_id": "1:J2etn+6EN21BXHPPJZQeRpj+C3k=", + "network.iana_number": "6", + "network.packets": 45, + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port9", + "observer.ingress.interface.name": "port10", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.22", + "52.216.177.83" + ], + "rule.category": "unscanned", + "rule.id": "1", + "rule.ruleset": "policy", + "rule.uuid": "d8ce7a90-7763-51e9-e2be-741294c96f31", + "service.type": "fortinet", + "source.bytes": 2314, + "source.ip": "10.1.100.22", + "source.mac": "00:0c:29:51:38:5e", + "source.nat.ip": "172.16.200.10", + "source.nat.port": 50354, + "source.packets": 33, + "source.port": 50354, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/fortinet/firewall/test/utm.log b/x-pack/filebeat/module/fortinet/firewall/test/utm.log new file mode 100644 index 00000000000..32bce5c6cc4 --- /dev/null +++ b/x-pack/filebeat/module/fortinet/firewall/test/utm.log @@ -0,0 +1,28 @@ +<188>date=2020-04-23 time=12:17:48 devname="testswitch1" devid="somerouterid" logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="root" eventtime=1587230269052907555 tz="-0500" policyid=100602 sessionid=1234 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 srcport=61930 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=443 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTPS" hostname="elastic.co" profile="elasticruleset" action="blocked" reqtype="direct" url="/config/" sentbyte=1152 rcvdbyte=1130 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=76 catdesc="Internet Telephony" +<189>date=2020-04-23 time=12:17:45 devname="testswitch1" devid="somerouterid" logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="root" eventtime=1587230266314799756 tz="-0500" policyid=38 sessionid=543234 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 srcport=65236 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=443 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTPS" hostname="elastic.co" profile="elasticruleset" action="passthrough" reqtype="direct" url="/" sentbyte=3545 rcvdbyte=6812 direction="outgoing" msg="URL belongs to an allowed category in policy" method="domain" cat=23 catdesc="Web-based Email" +<190>date=2020-04-23 time=13:17:35 devname="testswitch1" devid="somerouterid" logid="1059028704" type="utm" subtype="app-ctrl" eventtype="signature" level="information" vd="root" eventtime=1587230255061492894 tz="-0400" appid=40568 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 dstip=8.8.8.8 srcport=59790 dstport=443 srcintf="LAN" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 service="SSL" direction="outgoing" policyid=12 sessionid=453234 applist="elasticruleset" action="pass" appcat="Web.Client" app="HTTPS.BROWSER" hostname="elastic.co" incidentserialno=23465 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="test.elastic.co" +<190>date=2020-04-23 time=13:17:35 devname="testswitch1" devid="somerouterid" logid="1059028704" type="utm" subtype="app-ctrl" eventtype="signature" level="information" vd="root" eventtime=1591788391 tz="-0400" appid=40568 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 dstip=8.8.8.8 srcport=59790 dstport=443 srcintf="LAN" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 service="SSL" direction="outgoing" policyid=12 sessionid=453234 applist="elasticruleset" action="pass" appcat="Web.Client" app="HTTPS.BROWSER" hostname="elastic.co" incidentserialno=23465 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="test.elastic.co" +<189>date=2020-04-23 time=12:17:29 devname="testswitch1" devid="somerouterid" logid="1501054802" type="utm" subtype="dns" eventtype="dns-response" level="notice" vd="root" eventtime=1587230249360109339 tz="-0500" policyid=26 sessionid=543234 srcip=192.168.2.1 srcport=53430 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="test" xid=2234 qname="elastic.example.com" qtype="A" qtypeval=1 qclass="IN" ipaddr="8.8.8.8" msg="Domain is monitored" action="pass" cat=23 catdesc="Web-based Email" +<189>date=2020-04-23 time=12:17:29 devname="testswitch1" devid="somerouterid" logid="1501054802" type="utm" subtype="dns" eventtype="dns-response" level="notice" vd="root" eventtime=1587230249360109339 tz="-0500" policyid=26 sessionid=543234 srcip=192.168.2.1 srcport=53430 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="test" xid=2234 qname="elastic.example.com" qtype="A" qtypeval=1 qclass="IN" ipaddr="8.8.8.8, 8.8.4.4" msg="Domain is monitored" action="pass" cat=23 catdesc="Web-based Email" +<190>date=2020-04-23 time=12:17:11 devname="testswitch1" devid="somerouterid" logid="1059028704" type="utm" subtype="app-ctrl" eventtype="signature" level="information" vd="root" eventtime=1587230232148674303 tz="-0500" appid=40568 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 dstip=8.8.8.8 srcport=63012 dstport=443 srcintf="port1" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 service="SSL" direction="outgoing" policyid=100602 sessionid=543234 applist="elasticruleset" action="pass" appcat="Web.Client" app="HTTPS.BROWSER" hostname="elastic.no" incidentserialno=54323 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" +<189>date=2020-04-23 time=12:17:04 devname="testswitch1" devid="somerouterid" logid="1501054802" type="utm" subtype="dns" eventtype="dns-response" level="notice" vd="root" eventtime=1587230224712900694 tz="-0500" policyid=26 sessionid=5432 srcip=192.168.2.1 srcport=54438 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="elastictest" xid=2352 qname="elastic.co" qtype="A" qtypeval=1 qclass="IN" ipaddr="8.8.8.8" msg="Domain is monitored" action="pass" cat=93 catdesc="Remote Access" +<190>date=2020-04-23 time=12:17:12 devname="testswitch1" devid="somerouterid" logid="1500054000" type="utm" subtype="dns" eventtype="dns-query" level="information" vd="root" eventtime=1587230232658642672 tz="-0500" policyid=26 sessionid=543234 srcip=192.168.2.1 srcport=54788 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=53 dstintf="wan1" dstintfrole="wan" proto=17 profile="elastictest" xid=235 qname="elastic.co" qtype="A" qtypeval=1 qclass="IN" +<189>date=2020-04-23 time=13:15:18 devname="testswitch2" devid="someotherid" logid="1700062001" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="notice" vd="root" eventtime=1587230118838592454 tz="-0400" policyid=12 sessionid=42346234 service="HTTPS" user="elasticuser2" group="elasticgroup2" profile="somecerts" srcip=192.168.2.1 srcport=59726 dstip=8.8.4.4 dstport=443 srcintf="LAN" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" proto=6 action="passthrough" msg="Server certificate passed" reason="untrusted-cert" +<190>date=2019-05-15 time=18:03:36 logid="1059028704" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="information" vd="root" eventtime=1557968615 appid=40568 srcip=10.1.100.22 dstip=195.8.215.136 srcport=50798 dstport=443 srcintf="port10" srcintfrole="lan" dstintf="port9" dstintfrole="wan" proto=6 service="HTTPS" direction="outgoing" policyid=1 sessionid=4414 applist="block-social.media" appcat="Web.Client" app="HTTPS.BROWSER" action="pass" hostname="www.dailymotion.com" incidentserialno=1962906680 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="*.dailymotion.com" scertissuer="DigiCert SHA2 High Assurance Server CA" +<190>date=2019-05-13 time=11:45:03 logid="0211008192" type="utm" subtype="virus" eventtype="infected" level="warning" vd="vdom1" eventtime=1557773103767393505 msg="File is infected." action="blocked" service="HTTP" sessionid=359260 srcip=10.1.100.11 dstip=172.16.200.55 srcport=60446 dstport=80 srcintf="port12" srcintfrole="undefined" dstintf="port11" dstintfrole="undefined" policyid=4 proto=6 direction="incoming" filename="eicar.com" quarskip="File-was-not-quarantined." virus="EICAR_TEST_FILE" dtype="Virus" ref="http://www.fortinet.com/ve?vn=EICAR_TEST_FILE" virusid=2172 url="http://172.16.200.55/virus/eicar.com" profile="g-default" agent="curl/7.47.0" analyticscksum="275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f" analyticssubmit="false" crscore=50 craction=2 crlevel="critical" +<189>date=2019-05-13 time=16:29:45 logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="vdom1" eventtime=1557790184975119738 policyid=1 sessionid=381780 srcip=10.1.100.11 srcport=44258 srcintf="port12" srcintfrole="undefined" dstip=185.244.31.158 dstport=80 dstintf="port11" dstintfrole="undefined" proto=6 service="HTTP" hostname="morrishittu.ddns.net" profile="test-webfilter" action="blocked" reqtype="direct" url="/" sentbyte=84 rcvdbyte=0 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=26 catdesc="Malicious Websites" crscore=30 craction=4194304 crlevel="high" +<189>date=2019-05-15 time=17:56:41 logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" eventtime=1557968201 severity="critical" srcip=10.1.100.22 srccountry="Reserved" dstip=172.16.200.55 srcintf="port10" srcintfrole="lan" dstintf="port9" dstintfrole="wan" sessionid=4017 action="dropped" proto=6 service="HTTP" policyid=1 attack="Adobe.Flash.newfunction.Handling.Code.Execution" srcport=46810 dstport=80 hostname="172.16.200.55" url="/ips/sig1.pdf" direction="incoming" attackid=23305 profile="block-critical-ips" ref="http://www.fortinet.com/ids/VID23305" incidentserialno=582633933 msg="applications3: Adobe.Flash.newfunction.Handling.Code.Execution," crscore=50 craction=4096 crlevel="critical" +<189>date=2019-05-13 time=17:05:59 logid="0720018433" type="utm" subtype="anomaly" eventtype="anomaly" level="alert" vd="vdom1" eventtime=1557792359461869329 severity="critical" srcip=10.1.100.11 srccountry="Reserved" dstip=172.16.200.55 srcintf="port12" srcintfrole="undefined" sessionid=0 action="clear_session" proto=1 service="PING" count=1 attack="icmp_flood" icmpid="0x1474" icmptype="0x08" icmpcode="0x00" attackid=16777316 policyid=1 policytype="DoS-policy" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50" crscore=50 craction=4096 crlevel="critical" +<189>date=2019-05-15 time=17:45:30 logid="0954024576" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root" eventtime=1557967528 filteridx=1 dlpextra="dlp-file-size11" filtertype="file-type" filtercat="file" severity="medium" policyid=1 sessionid=3423 epoch=1740880646 eventid=0 srcip=10.1.100.22 srcport=50354 srcintf="port10" srcintfrole="lan" dstip=52.216.177.83 dstport=443 dstintf="port9" dstintfrole="wan" proto=6 service="HTTPS" filetype="pdf" direction="incoming" action="block" hostname="fortinetweb.s3.amazonaws.com" url="/docs.fortinet.com/v2/attachments/be3d0e3d-4b62-11e9-94bf-00505692583a/FortiOS_6.2.0_Log_Reference.pdf" agent="Wget/1.17.1" filename="FortiOS_6.2.0_Log_Reference.pdf" filesize=16360 profile="dlp-file-type-test" +<189>date=2019-05-15 time=16:18:17 logid="1601061010" type="utm" subtype="ssh" eventtype="ssh-channel" level="warning" vd="vdom1" eventtime=1557962296 policyid=1 sessionid=344 profile="ssh-deepscan" srcip=10.1.100.11 srcport=43580 dstip=172.16.200.44 dstport=22 srcintf="port21" srcintfrole="undefined" dstintf="port23" dstintfrole="undefined" proto=6 action="blocked" direction="outgoing" login="root" channeltype="shell" +<189>date=2019-03-28 time=10:44:53 logid="1700062002" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="warning" vd="vdom1" eventtime=1553795092 policyid=1 sessionid=10796 service="HTTPS" srcip=10.1.100.66 srcport=43602 dstip=104.154.89.105 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="blocked" msg="Server certificate blocked" reason="block-cert-invalid" +<189>date=2019-03-28 time=10:51:17 logid="1700062002" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="warning" vd="vdom1" eventtime=1553795476 policyid=1 sessionid=11110 service="HTTPS" srcip=10.1.100.66 srcport=49076 dstip=172.16.200.99 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="blocked" msg="Server certificate blocked" reason="block-cert-untrusted" +<189>date=2019-03-28 time=10:55:43 logid="1700062002" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="warning" vd="vdom1" eventtime=1553795742 policyid=1 sessionid=11334 service="HTTPS" srcip=10.1.100.66 srcport=49082 dstip=172.16.200.99 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="blocked" msg="Server certificate blocked" reason="block-cert-req" +<189>date=2019-03-28 time=10:57:42 logid="1700062053" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="warning" vd="vdom1" eventtime=1553795861 policyid=1 sessionid=11424 service="SMTPS" profile="block-unsupported-ssl" srcip=10.1.100.66 srcport=41296 dstip=172.16.200.99 dstport=8080 srcintf="port2" srcintfrole="undefined" dstintf=unknown-0 dstintfrole="undefined" proto=6 action="blocked" msg="Connection is blocked due to unsupported SSL traffic" reason="malformed input" +<189>date=2019-03-28 time=11:00:17 logid="1700062002" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="warning" vd="vdom1" eventtime=1553796016 policyid=1 sessionid=11554 service="HTTPS" srcip=10.1.100.66 srcport=49088 dstip=172.16.200.99 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="blocked" msg="Server certificate blocked" reason="block-cert-sni-mismatch" +<189>date=2019-03-28 time=11:02:07 logid="1700062000" type="utm" subtype="ssl" eventtype="ssl-anomalies" level="warning" vd="vdom1" eventtime=1553796126 policyid=1 sessionid=11667 service="HTTPS" srcip=10.1.100.66 srcport=49096 dstip=172.16.200.99 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="blocked" msg="Certificate blacklisted" certhash="1115ec1857ed7f937301ff5e02f6b0681cf2ec4e" reason="Other" +<189>date=2019-03-28 time=11:06:05 logid="1701062003" type="utm" subtype="ssl" eventtype="ssl-exempt" level="notice" vd="vdom1" eventtime=1553796363 policyid=1 sessionid=11871 service="HTTPS" srcip=10.1.100.66 srcport=47384 dstip=50.18.221.132 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="exempt" msg="SSL connection exempted" reason="exempt-whitelist" +<189>date=2019-03-28 time=11:09:14 logid="1701062003" type="utm" subtype="ssl" eventtype="ssl-exempt" level="notice" vd="vdom1" eventtime=1553796553 policyid=1 sessionid=12079 service="HTTPS" srcip=10.1.100.66 srcport=49102 dstip=172.16.200.99 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="exempt" msg="SSL connection exempted" reason="exempt-addr" +<189>date=2019-03-28 time=11:10:55 logid="1701062003" type="utm" subtype="ssl" eventtype="ssl-exempt" level="notice" vd="vdom1" eventtime=1553796654 policyid=1 sessionid=12171 service="HTTPS" srcip=10.1.100.66 srcport=47390 dstip=50.18.221.132 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port3" dstintfrole="undefined" proto=6 action="exempt" msg="SSL connection exempted" reason="exempt-ftgd-cat" +<189>date=2019-05-15 time=16:28:17 logid="1800063000" type="utm" subtype="cifs" eventtype="cifs-filefilter" level="warning" vd="vdom1" eventtime=1557962895 msg="File was blocked by file filter." direction="incoming" action="blocked" service="CIFS" srcip=10.1.100.11 dstip=172.16.200.44 srcport=56348 dstport=445 srcintf="port21" srcintfrole="undefined" dstintf="port23" dstintfrole="undefined" policyid=1 proto=16 profile="cifs" filesize="13824" filename="sample\\test.xls" filtername="1" filetype="msoffice" +<189>date=2021-03-30 time=14:04:58 devname="htd-Kfgt1" devid="FGT50EXXXXXXXXXX" logid="0211008192" type="utm" subtype="virus" eventtype="infected" level="warning" vd="root" eventtime=1617080699214283280 tz="+0900" policyid=5 msg="File is infected." action="blocked" service="HTTP" sessionid=20572875 srcip=192.168.2.1 dstip=150.95.25.17 srcport=54987 dstport=80 srcintf="port10" srcintfrole="undefined" dstintf="wan1" dstintfrole="wan" proto=6 direction="incoming" filename="eicar_test_virus.zip" quarskip="File-was-not-quarantined." virus="EICAR_TEST_FILE" dtype="Virus" ref="http://www.fortinet.com/ve?vn=EICAR_TEST_FILE" virusid=2172 url="http://lhsp.s206.xrea.com/download/eicar_test_virus.zip" profile="default" agent="Chrome/89.0.4389.90" analyticscksum="8a18d44ed122e6257863169d9a219946f4229f57b1d49ca0493b8366338230e8" analyticssubmit="false" crscore=50 craction=2 crlevel="critical" diff --git a/x-pack/filebeat/module/fortinet/firewall/test/utm.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/utm.log-expected.json new file mode 100644 index 00000000000..0d1729a6ceb --- /dev/null +++ b/x-pack/filebeat/module/fortinet/firewall/test/utm.log-expected.json @@ -0,0 +1,1894 @@ +[ + { + "@timestamp": "2020-04-23T12:17:48.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 1130, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 443, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "0316013056", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:17:49.052-05:00", + "event.timezone": "-0500", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.authserver": "elasticauth", + "fortinet.firewall.cat": "76", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "ftgd_blk", + "fortinet.firewall.method": "domain", + "fortinet.firewall.reqtype": "direct", + "fortinet.firewall.sessionid": "1234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "webfilter", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "warning", + "log.offset": 0, + "message": "URL belongs to a denied category in policy", + "network.bytes": 2282, + "network.community_id": "1:jkPSHzqUyADbT5XNqPV58Do0VVg=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "related.user": [ + "elasticuser" + ], + "rule.category": "Internet Telephony", + "rule.id": "100602", + "rule.ruleset": "elasticruleset", + "service.type": "fortinet", + "source.bytes": 1152, + "source.ip": "192.168.2.1", + "source.port": 61930, + "source.user.group.name": "elasticgroup", + "source.user.name": "elasticuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "elastic.co", + "url.original": "/config/", + "url.path": "/config/" + }, + { + "@timestamp": "2020-04-23T12:17:45.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.bytes": 6812, + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 443, + "event.action": "passthrough", + "event.category": [ + "network" + ], + "event.code": "0317013312", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:17:46.314-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "passthrough", + "fortinet.firewall.authserver": "elasticauth", + "fortinet.firewall.cat": "23", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "ftgd_allow", + "fortinet.firewall.method": "domain", + "fortinet.firewall.reqtype": "direct", + "fortinet.firewall.sessionid": "543234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "webfilter", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 707, + "message": "URL belongs to an allowed category in policy", + "network.bytes": 10357, + "network.community_id": "1:6x4JdfgMVssswnIG5C8mkIbszLU=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "related.user": [ + "elasticuser" + ], + "rule.category": "Web-based Email", + "rule.id": "38", + "rule.ruleset": "elasticruleset", + "service.type": "fortinet", + "source.bytes": 3545, + "source.ip": "192.168.2.1", + "source.port": 65236, + "source.user.group.name": "elasticgroup", + "source.user.name": "elasticuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "elastic.co", + "url.original": "/", + "url.path": "/" + }, + { + "@timestamp": "2020-04-23T13:17:35.000-04:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 443, + "event.action": "pass", + "event.category": [ + "network" + ], + "event.code": "1059028704", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T13:17:35.061-04:00", + "event.timezone": "-0400", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "pass", + "fortinet.firewall.appid": "40568", + "fortinet.firewall.apprisk": "medium", + "fortinet.firewall.authserver": "elasticauth", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "signature", + "fortinet.firewall.incidentserialno": "23465", + "fortinet.firewall.sessionid": "453234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "app-ctrl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 1409, + "message": "Web.Client: HTTPS.BROWSER,", + "network.application": "HTTPS.BROWSER", + "network.community_id": "1:jz8Ul9WJmuEeHGbclqOri0hlDwI=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.protocol": "ssl", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "LAN", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "related.user": [ + "elasticuser" + ], + "rule.category": "Web-Client", + "rule.id": "12", + "rule.ruleset": "elasticruleset", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 59790, + "source.user.group.name": "elasticgroup", + "source.user.name": "elasticuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "tls.server.x509.subject.common_name": "test.elastic.co", + "url.domain": "elastic.co", + "url.original": "/", + "url.path": "/" + }, + { + "@timestamp": "2020-04-23T13:17:35.000-04:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 443, + "event.action": "pass", + "event.category": [ + "network" + ], + "event.code": "1059028704", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-06-10T07:26:31.000-04:00", + "event.timezone": "-0400", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "pass", + "fortinet.firewall.appid": "40568", + "fortinet.firewall.apprisk": "medium", + "fortinet.firewall.authserver": "elasticauth", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "signature", + "fortinet.firewall.incidentserialno": "23465", + "fortinet.firewall.sessionid": "453234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "app-ctrl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 2112, + "message": "Web.Client: HTTPS.BROWSER,", + "network.application": "HTTPS.BROWSER", + "network.community_id": "1:jz8Ul9WJmuEeHGbclqOri0hlDwI=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.protocol": "ssl", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "LAN", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "related.user": [ + "elasticuser" + ], + "rule.category": "Web-Client", + "rule.id": "12", + "rule.ruleset": "elasticruleset", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 59790, + "source.user.group.name": "elasticgroup", + "source.user.name": "elasticuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "tls.server.x509.subject.common_name": "test.elastic.co", + "url.domain": "elastic.co", + "url.original": "/", + "url.path": "/" + }, + { + "@timestamp": "2020-04-23T12:17:29.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "dns.id": "2234", + "dns.question.class": "IN", + "dns.question.name": "elastic.example.com", + "dns.question.type": "A", + "dns.resolved_ip": [ + "8.8.8.8" + ], + "event.action": "pass", + "event.category": [ + "network" + ], + "event.code": "1501054802", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:17:29.360-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed", + "info" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "pass", + "fortinet.firewall.cat": "23", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "dns-response", + "fortinet.firewall.qtypeval": "1", + "fortinet.firewall.sessionid": "543234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "dns", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 2806, + "message": "Domain is monitored", + "network.community_id": "1:TAkI/Dqjd84P0/IOYFsZ/dciGyk=", + "network.iana_number": "17", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.example.com" + ], + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "rule.category": "Web-based Email", + "rule.id": "26", + "rule.ruleset": "test", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 53430, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:17:29.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "dns.id": "2234", + "dns.question.class": "IN", + "dns.question.name": "elastic.example.com", + "dns.question.type": "A", + "dns.resolved_ip": [ + "8.8.4.4", + "8.8.8.8" + ], + "event.action": "pass", + "event.category": [ + "network" + ], + "event.code": "1501054802", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:17:29.360-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed", + "info" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "pass", + "fortinet.firewall.cat": "23", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "dns-response", + "fortinet.firewall.qtypeval": "1", + "fortinet.firewall.sessionid": "543234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "dns", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 3356, + "message": "Domain is monitored", + "network.community_id": "1:TAkI/Dqjd84P0/IOYFsZ/dciGyk=", + "network.iana_number": "17", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.example.com" + ], + "related.ip": [ + "192.168.2.1", + "8.8.4.4", + "8.8.8.8" + ], + "rule.category": "Web-based Email", + "rule.id": "26", + "rule.ruleset": "test", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 53430, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:17:11.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 443, + "event.action": "pass", + "event.category": [ + "network" + ], + "event.code": "1059028704", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:17:12.148-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "pass", + "fortinet.firewall.appid": "40568", + "fortinet.firewall.apprisk": "medium", + "fortinet.firewall.authserver": "elasticauth", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "signature", + "fortinet.firewall.incidentserialno": "54323", + "fortinet.firewall.sessionid": "543234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "app-ctrl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 3915, + "message": "Web.Client: HTTPS.BROWSER,", + "network.application": "HTTPS.BROWSER", + "network.community_id": "1:SnL1O7SJ70dFEAbmKNOL/cs7Yis=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.protocol": "ssl", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "related.user": [ + "elasticuser" + ], + "rule.category": "Web-Client", + "rule.id": "100602", + "rule.ruleset": "elasticruleset", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 63012, + "source.user.group.name": "elasticgroup", + "source.user.name": "elasticuser", + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "elastic.no", + "url.original": "/", + "url.path": "/" + }, + { + "@timestamp": "2020-04-23T12:17:04.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "dns.id": "2352", + "dns.question.class": "IN", + "dns.question.name": "elastic.co", + "dns.question.type": "A", + "dns.resolved_ip": [ + "8.8.8.8" + ], + "event.action": "pass", + "event.category": [ + "network" + ], + "event.code": "1501054802", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2020-04-18T12:17:04.712-05:00", + "event.timezone": "-0500", + "event.type": [ + "allowed", + "info" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "pass", + "fortinet.firewall.cat": "93", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "dns-response", + "fortinet.firewall.qtypeval": "1", + "fortinet.firewall.sessionid": "5432", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "dns", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 4595, + "message": "Domain is monitored", + "network.community_id": "1:oi4FzZ6cP1JOcUzJW8FLs4MB4BM=", + "network.iana_number": "17", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.co" + ], + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "rule.category": "Remote Access", + "rule.id": "26", + "rule.ruleset": "elastictest", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 54438, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T12:17:12.000-05:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "dns.id": "235", + "dns.question.class": "IN", + "dns.question.name": "elastic.co", + "dns.question.type": "A", + "event.category": [ + "network" + ], + "event.code": "1500054000", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.start": "2020-04-18T12:17:12.658-05:00", + "event.timezone": "-0500", + "event.type": [ + "info" + ], + "fileset.name": "firewall", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "dns-query", + "fortinet.firewall.qtypeval": "1", + "fortinet.firewall.sessionid": "543234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "dns", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 5139, + "network.community_id": "1:2iITe7baBXn6W2kcSCMlLR6YGNw=", + "network.iana_number": "17", + "network.transport": "udp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port1", + "observer.name": "testswitch1", + "observer.product": "Fortigate", + "observer.serial_number": "somerouterid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.co" + ], + "related.ip": [ + "192.168.2.1", + "8.8.8.8" + ], + "rule.id": "26", + "rule.ruleset": "elastictest", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 54788, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2020-04-23T13:15:18.000-04:00", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 443, + "event.action": "passthrough", + "event.category": [ + "network" + ], + "event.code": "1700062001", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "untrusted-cert", + "event.start": "2020-04-18T13:15:18.838-04:00", + "event.timezone": "-0400", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "passthrough", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "ssl-anomalies", + "fortinet.firewall.sessionid": "42346234", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "notice", + "log.offset": 5598, + "message": "Server certificate passed", + "network.community_id": "1:DPYPEQ6CL+DsivLJV6otkkVV6S8=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "LAN", + "observer.name": "testswitch2", + "observer.product": "Fortigate", + "observer.serial_number": "someotherid", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "192.168.2.1", + "8.8.4.4" + ], + "related.user": [ + "elasticuser2" + ], + "rule.id": "12", + "rule.ruleset": "somecerts", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 59726, + "source.user.group.name": "elasticgroup2", + "source.user.name": "elasticuser2", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-15T18:03:36.000Z", + "destination.as.number": 41690, + "destination.as.organization.name": "Dailymotion S.A.", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "FR", + "destination.geo.country_name": "France", + "destination.geo.location.lat": 48.8582, + "destination.geo.location.lon": 2.3387, + "destination.ip": "195.8.215.136", + "destination.port": 443, + "event.action": "pass", + "event.category": [ + "network" + ], + "event.code": "1059028704", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-16T01:03:35.000Z", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "pass", + "fortinet.firewall.appid": "40568", + "fortinet.firewall.apprisk": "medium", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "app-ctrl-all", + "fortinet.firewall.incidentserialno": "1962906680", + "fortinet.firewall.sessionid": "4414", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "app-ctrl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "information", + "log.offset": 6128, + "message": "Web.Client: HTTPS.BROWSER,", + "network.application": "HTTPS.BROWSER", + "network.community_id": "1:IOM2CCpAacVSdldWr1f2al8LJv4=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port9", + "observer.ingress.interface.name": "port10", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.22", + "195.8.215.136" + ], + "rule.category": "Web-Client", + "rule.id": "1", + "rule.ruleset": "block-social.media", + "service.type": "fortinet", + "source.ip": "10.1.100.22", + "source.port": 50798, + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "tls.server.issuer": "DigiCert SHA2 High Assurance Server CA", + "tls.server.x509.issuer.common_name": "DigiCert SHA2 High Assurance Server CA", + "tls.server.x509.subject.common_name": "*.dailymotion.com", + "url.domain": "www.dailymotion.com", + "url.original": "/", + "url.path": "/" + }, + { + "@timestamp": "2019-05-13T11:45:03.000Z", + "destination.ip": "172.16.200.55", + "destination.port": 80, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "0211008192", + "event.dataset": "fortinet.firewall", + "event.kind": "alert", + "event.module": "fortinet", + "event.outcome": "success", + "event.reference": "http://www.fortinet.com/ve?vn=EICAR_TEST_FILE", + "event.start": "2019-05-13T18:45:03.767Z", + "event.type": [ + "denied" + ], + "file.name": "eicar.com", + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.analyticscksum": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f", + "fortinet.firewall.analyticssubmit": "false", + "fortinet.firewall.craction": "2", + "fortinet.firewall.crlevel": "critical", + "fortinet.firewall.crscore": "50", + "fortinet.firewall.eventtype": "infected", + "fortinet.firewall.quarskip": "File-was-not-quarantined.", + "fortinet.firewall.sessionid": "359260", + "fortinet.firewall.subtype": "virus", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "fortinet.firewall.virus": "EICAR_TEST_FILE", + "fortinet.firewall.virusid": "2172", + "input.type": "log", + "log.level": "warning", + "log.offset": 6788, + "message": "File is infected.", + "network.community_id": "1:mS2/WPDX46+WauGLEZvCIQ/IKK0=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port11", + "observer.ingress.interface.name": "port12", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "172.16.200.55" + ], + "rule.id": "4", + "rule.ruleset": "g-default", + "service.type": "fortinet", + "source.ip": "10.1.100.11", + "source.port": 60446, + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "172.16.200.55", + "url.extension": "com", + "url.original": "http://172.16.200.55/virus/eicar.com", + "url.path": "/virus/eicar.com", + "url.scheme": "http", + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.47.0", + "user_agent.version": "7.47.0", + "vulnerability.category": "Virus" + }, + { + "@timestamp": "2019-05-13T16:29:45.000Z", + "destination.as.number": 42831, + "destination.as.organization.name": "UK Dedicated Servers Limited", + "destination.bytes": 0, + "destination.geo.city_name": "Coventry", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 52.382, + "destination.geo.location.lon": -1.5874, + "destination.geo.region_iso_code": "GB-COV", + "destination.geo.region_name": "Coventry", + "destination.ip": "185.244.31.158", + "destination.port": 80, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "0316013056", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-13T23:29:44.975Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.cat": "26", + "fortinet.firewall.craction": "4194304", + "fortinet.firewall.crlevel": "high", + "fortinet.firewall.crscore": "30", + "fortinet.firewall.eventtype": "ftgd_blk", + "fortinet.firewall.method": "domain", + "fortinet.firewall.reqtype": "direct", + "fortinet.firewall.sessionid": "381780", + "fortinet.firewall.subtype": "webfilter", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 7596, + "message": "URL belongs to a denied category in policy", + "network.bytes": 84, + "network.community_id": "1:6Q3s77giRtaDlbjtG7Qfum6LzEk=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port11", + "observer.ingress.interface.name": "port12", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "185.244.31.158" + ], + "rule.category": "Malicious Websites", + "rule.id": "1", + "rule.ruleset": "test-webfilter", + "service.type": "fortinet", + "source.bytes": 84, + "source.ip": "10.1.100.11", + "source.port": 44258, + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "morrishittu.ddns.net", + "url.original": "/", + "url.path": "/" + }, + { + "@timestamp": "2019-05-15T17:56:41.000Z", + "destination.ip": "172.16.200.55", + "destination.port": 80, + "event.action": "dropped", + "event.category": [ + "intrusion_detection", + "network" + ], + "event.code": "0419016384", + "event.dataset": "fortinet.firewall", + "event.kind": "alert", + "event.module": "fortinet", + "event.outcome": "success", + "event.reference": "http://www.fortinet.com/ids/VID23305", + "event.start": "2019-05-16T00:56:41.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "dropped", + "fortinet.firewall.attack": "Adobe.Flash.newfunction.Handling.Code.Execution", + "fortinet.firewall.attackid": "23305", + "fortinet.firewall.craction": "4096", + "fortinet.firewall.crlevel": "critical", + "fortinet.firewall.crscore": "50", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "signature", + "fortinet.firewall.incidentserialno": "582633933", + "fortinet.firewall.sessionid": "4017", + "fortinet.firewall.severity": "critical", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "ips", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "alert", + "log.offset": 8243, + "message": "applications3: Adobe.Flash.newfunction.Handling.Code.Execution,", + "network.community_id": "1:h1lO9dsjUlBQibNPDwk2LSH5uV4=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port9", + "observer.ingress.interface.name": "port10", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.22", + "172.16.200.55" + ], + "rule.id": "1", + "rule.ruleset": "block-critical-ips", + "service.type": "fortinet", + "source.ip": "10.1.100.22", + "source.port": 46810, + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "172.16.200.55", + "url.extension": "pdf", + "url.original": "/ips/sig1.pdf", + "url.path": "/ips/sig1.pdf" + }, + { + "@timestamp": "2019-05-13T17:05:59.000Z", + "destination.ip": "172.16.200.55", + "event.action": "clear_session", + "event.category": [ + "network" + ], + "event.code": "0720018433", + "event.dataset": "fortinet.firewall", + "event.kind": "alert", + "event.module": "fortinet", + "event.outcome": "success", + "event.reference": "http://www.fortinet.com/ids/VID16777316", + "event.start": "2019-05-14T00:05:59.461Z", + "fileset.name": "firewall", + "fortinet.firewall.action": "clear_session", + "fortinet.firewall.attack": "icmp_flood", + "fortinet.firewall.attackid": "16777316", + "fortinet.firewall.count": "1", + "fortinet.firewall.craction": "4096", + "fortinet.firewall.crlevel": "critical", + "fortinet.firewall.crscore": "50", + "fortinet.firewall.eventtype": "anomaly", + "fortinet.firewall.icmpcode": "0x00", + "fortinet.firewall.icmpid": "0x1474", + "fortinet.firewall.icmptype": "0x08", + "fortinet.firewall.policytype": "DoS-policy", + "fortinet.firewall.sessionid": "0", + "fortinet.firewall.severity": "critical", + "fortinet.firewall.srccountry": "Reserved", + "fortinet.firewall.subtype": "anomaly", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "alert", + "log.offset": 8980, + "message": "anomaly: icmp_flood, 51 > threshold 50", + "network.community_id": "1:/EwPCnPnhunCBJc8C73Iy8WlrhM=", + "network.iana_number": "1", + "network.protocol": "ping", + "network.transport": "icmp", + "network.type": "ipv4", + "observer.ingress.interface.name": "port12", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "172.16.200.55" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.11", + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-15T17:45:30.000Z", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "52.216.177.83", + "destination.port": 443, + "event.action": "block", + "event.category": [ + "network" + ], + "event.code": "0954024576", + "event.dataset": "fortinet.firewall", + "event.id": "0", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-16T00:45:28.000Z", + "event.type": [ + "denied" + ], + "file.extension": "pdf", + "file.name": "FortiOS_6.2.0_Log_Reference.pdf", + "file.size": 16360, + "fileset.name": "firewall", + "fortinet.firewall.action": "block", + "fortinet.firewall.dlpextra": "dlp-file-size11", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.epoch": "1740880646", + "fortinet.firewall.eventtype": "dlp", + "fortinet.firewall.filtercat": "file", + "fortinet.firewall.filteridx": "1", + "fortinet.firewall.filtertype": "file-type", + "fortinet.firewall.sessionid": "3423", + "fortinet.firewall.severity": "medium", + "fortinet.firewall.srcintfrole": "lan", + "fortinet.firewall.subtype": "dlp", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "input.type": "log", + "log.level": "warning", + "log.offset": 9581, + "network.community_id": "1:J2etn+6EN21BXHPPJZQeRpj+C3k=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port9", + "observer.ingress.interface.name": "port10", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.22", + "52.216.177.83" + ], + "rule.id": "1", + "rule.ruleset": "dlp-file-type-test", + "service.type": "fortinet", + "source.ip": "10.1.100.22", + "source.port": 50354, + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "fortinetweb.s3.amazonaws.com", + "url.extension": "pdf", + "url.original": "/docs.fortinet.com/v2/attachments/be3d0e3d-4b62-11e9-94bf-00505692583a/FortiOS_6.2.0_Log_Reference.pdf", + "url.path": "/docs.fortinet.com/v2/attachments/be3d0e3d-4b62-11e9-94bf-00505692583a/FortiOS_6.2.0_Log_Reference.pdf", + "user_agent.device.name": "Other", + "user_agent.name": "Wget", + "user_agent.original": "Wget/1.17.1", + "user_agent.version": "1.17.1" + }, + { + "@timestamp": "2019-05-15T16:18:17.000Z", + "destination.ip": "172.16.200.44", + "destination.port": 22, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1601061010", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-15T23:18:16.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.channeltype": "shell", + "fortinet.firewall.eventtype": "ssh-channel", + "fortinet.firewall.login": "root", + "fortinet.firewall.sessionid": "344", + "fortinet.firewall.subtype": "ssh", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 10337, + "network.community_id": "1:EfgLxImMmBMDbP6vbTV8jZe5r64=", + "network.direction": "outbound", + "network.iana_number": "6", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port23", + "observer.ingress.interface.name": "port21", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "172.16.200.44" + ], + "rule.id": "1", + "rule.ruleset": "ssh-deepscan", + "service.type": "fortinet", + "source.ip": "10.1.100.11", + "source.port": 43580, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T10:44:53.000Z", + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 38.6583, + "destination.geo.location.lon": -77.2481, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "104.154.89.105", + "destination.port": 443, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1700062002", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "block-cert-invalid", + "event.start": "2019-03-28T17:44:52.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.eventtype": "ssl-anomalies", + "fortinet.firewall.sessionid": "10796", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 10760, + "message": "Server certificate blocked", + "network.community_id": "1:3JAdUt0lSMifcZEPoVJn1SC8tdE=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "104.154.89.105" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 43602, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T10:51:17.000Z", + "destination.ip": "172.16.200.99", + "destination.port": 443, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1700062002", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "block-cert-untrusted", + "event.start": "2019-03-28T17:51:16.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.eventtype": "ssl-anomalies", + "fortinet.firewall.sessionid": "11110", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 11187, + "message": "Server certificate blocked", + "network.community_id": "1:+CuXSKFw5mhoSjpYrUOYxAYOzaU=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "172.16.200.99" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 49076, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T10:55:43.000Z", + "destination.ip": "172.16.200.99", + "destination.port": 443, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1700062002", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "block-cert-req", + "event.start": "2019-03-28T17:55:42.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.eventtype": "ssl-anomalies", + "fortinet.firewall.sessionid": "11334", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 11615, + "message": "Server certificate blocked", + "network.community_id": "1:xeLbgVy2CNJ3q/bxUWxBBt6cGKM=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "172.16.200.99" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 49082, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T10:57:42.000Z", + "destination.ip": "172.16.200.99", + "destination.port": 8080, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1700062053", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "malformed input", + "event.start": "2019-03-28T17:57:41.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.eventtype": "ssl-anomalies", + "fortinet.firewall.sessionid": "11424", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 12037, + "message": "Connection is blocked due to unsupported SSL traffic", + "network.community_id": "1:PohXhOT4cmeI1agRXluSxRuXkvM=", + "network.iana_number": "6", + "network.protocol": "smtps", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "unknown-0", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "172.16.200.99" + ], + "rule.id": "1", + "rule.ruleset": "block-unsupported-ssl", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 41296, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T11:00:17.000Z", + "destination.ip": "172.16.200.99", + "destination.port": 443, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1700062002", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "block-cert-sni-mismatch", + "event.start": "2019-03-28T18:00:16.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.eventtype": "ssl-anomalies", + "fortinet.firewall.sessionid": "11554", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 12521, + "message": "Server certificate blocked", + "network.community_id": "1:gg6I8tZchtWCopsLdNDN7E84ZbU=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "172.16.200.99" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 49088, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T11:02:07.000Z", + "destination.ip": "172.16.200.99", + "destination.port": 443, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1700062000", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "Other", + "event.start": "2019-03-28T18:02:06.000Z", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.certhash": "1115ec1857ed7f937301ff5e02f6b0681cf2ec4e", + "fortinet.firewall.eventtype": "ssl-anomalies", + "fortinet.firewall.sessionid": "11667", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 12952, + "message": "Certificate blacklisted", + "network.community_id": "1:/tDtPynm8PUjA7+AXhG5maLXczU=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "172.16.200.99" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 49096, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T11:06:05.000Z", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "San Jose", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.3388, + "destination.geo.location.lon": -121.8914, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "50.18.221.132", + "destination.port": 443, + "event.action": "exempt", + "event.category": [ + "network" + ], + "event.code": "1701062003", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "exempt-whitelist", + "event.start": "2019-03-28T18:06:03.000Z", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "exempt", + "fortinet.firewall.eventtype": "ssl-exempt", + "fortinet.firewall.sessionid": "11871", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "notice", + "log.offset": 13414, + "message": "SSL connection exempted", + "network.community_id": "1:o4PokgFFuw7PzgWghlu55zAVFAQ=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "50.18.221.132" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 47384, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T11:09:14.000Z", + "destination.ip": "172.16.200.99", + "destination.port": 443, + "event.action": "exempt", + "event.category": [ + "network" + ], + "event.code": "1701062003", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "exempt-addr", + "event.start": "2019-03-28T18:09:13.000Z", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "exempt", + "fortinet.firewall.eventtype": "ssl-exempt", + "fortinet.firewall.sessionid": "12079", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "notice", + "log.offset": 13830, + "message": "SSL connection exempted", + "network.community_id": "1:q6lEK+V8YAiHWchN6gVt5i1lbm8=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "172.16.200.99" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 49102, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-03-28T11:10:55.000Z", + "destination.as.number": 16509, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "San Jose", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.3388, + "destination.geo.location.lon": -121.8914, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", + "destination.ip": "50.18.221.132", + "destination.port": 443, + "event.action": "exempt", + "event.category": [ + "network" + ], + "event.code": "1701062003", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.reason": "exempt-ftgd-cat", + "event.start": "2019-03-28T18:10:54.000Z", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "fortinet.firewall.action": "exempt", + "fortinet.firewall.eventtype": "ssl-exempt", + "fortinet.firewall.sessionid": "12171", + "fortinet.firewall.subtype": "ssl", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "notice", + "log.offset": 14241, + "message": "SSL connection exempted", + "network.community_id": "1:fc1FAipY32n2Km+Fczx/L3cxBPE=", + "network.iana_number": "6", + "network.protocol": "https", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "port3", + "observer.ingress.interface.name": "port2", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.66", + "50.18.221.132" + ], + "rule.id": "1", + "service.type": "fortinet", + "source.ip": "10.1.100.66", + "source.port": 47390, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2019-05-15T16:28:17.000Z", + "destination.ip": "172.16.200.44", + "destination.port": 445, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "1800063000", + "event.dataset": "fortinet.firewall", + "event.kind": "event", + "event.module": "fortinet", + "event.outcome": "success", + "event.start": "2019-05-15T23:28:15.000Z", + "event.type": [ + "denied" + ], + "file.extension": "msoffice", + "file.name": "sample\\\\test.xls", + "file.size": 13824, + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.eventtype": "cifs-filefilter", + "fortinet.firewall.filtername": "1", + "fortinet.firewall.subtype": "cifs", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "vdom1", + "input.type": "log", + "log.level": "warning", + "log.offset": 14656, + "message": "File was blocked by file filter.", + "network.direction": "inbound", + "network.iana_number": "16", + "network.protocol": "cifs", + "network.type": "ipv4", + "observer.egress.interface.name": "port23", + "observer.ingress.interface.name": "port21", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "10.1.100.11", + "172.16.200.44" + ], + "rule.id": "1", + "rule.ruleset": "cifs", + "service.type": "fortinet", + "source.ip": "10.1.100.11", + "source.port": 56348, + "tags": [ + "fortinet-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2021-03-30T14:04:58.000+09:00", + "destination.as.number": 135161, + "destination.as.organization.name": "GMO-Z com NetDesign Holdings Co., Ltd.", + "destination.geo.continent_name": "Asia", + "destination.geo.country_iso_code": "SG", + "destination.geo.country_name": "Singapore", + "destination.geo.location.lat": 1.3667, + "destination.geo.location.lon": 103.8, + "destination.ip": "150.95.25.17", + "destination.port": 80, + "event.action": "blocked", + "event.category": [ + "network" + ], + "event.code": "0211008192", + "event.dataset": "fortinet.firewall", + "event.kind": "alert", + "event.module": "fortinet", + "event.outcome": "success", + "event.reference": "http://www.fortinet.com/ve?vn=EICAR_TEST_FILE", + "event.start": "2021-03-30T14:04:59.214+09:00", + "event.timezone": "+0900", + "event.type": [ + "denied" + ], + "file.name": "eicar_test_virus.zip", + "fileset.name": "firewall", + "fortinet.firewall.action": "blocked", + "fortinet.firewall.analyticscksum": "8a18d44ed122e6257863169d9a219946f4229f57b1d49ca0493b8366338230e8", + "fortinet.firewall.analyticssubmit": "false", + "fortinet.firewall.craction": "2", + "fortinet.firewall.crlevel": "critical", + "fortinet.firewall.crscore": "50", + "fortinet.firewall.dstintfrole": "wan", + "fortinet.firewall.eventtype": "infected", + "fortinet.firewall.quarskip": "File-was-not-quarantined.", + "fortinet.firewall.sessionid": "20572875", + "fortinet.firewall.subtype": "virus", + "fortinet.firewall.type": "utm", + "fortinet.firewall.vd": "root", + "fortinet.firewall.virus": "EICAR_TEST_FILE", + "fortinet.firewall.virusid": "2172", + "input.type": "log", + "log.level": "warning", + "log.offset": 15165, + "message": "File is infected.", + "network.community_id": "1:YYsQyWVI+C/2EYyLGlhTY/RydM8=", + "network.direction": "inbound", + "network.iana_number": "6", + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "observer.egress.interface.name": "wan1", + "observer.ingress.interface.name": "port10", + "observer.name": "htd-Kfgt1", + "observer.product": "Fortigate", + "observer.serial_number": "FGT50EXXXXXXXXXX", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "related.ip": [ + "150.95.25.17", + "192.168.2.1" + ], + "rule.id": "5", + "rule.ruleset": "default", + "service.type": "fortinet", + "source.ip": "192.168.2.1", + "source.port": 54987, + "tags": [ + "fortinet-firewall", + "forwarded" + ], + "url.domain": "lhsp.s206.xrea.com", + "url.extension": "zip", + "url.original": "http://lhsp.s206.xrea.com/download/eicar_test_virus.zip", + "url.path": "/download/eicar_test_virus.zip", + "url.scheme": "http", + "user_agent.device.name": "Other", + "user_agent.name": "Chrome", + "user_agent.original": "Chrome/89.0.4389.90", + "user_agent.version": "89.0.4389.90", + "vulnerability.category": "Virus" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/fortinet/fortimail/ingest/pipeline.yml b/x-pack/filebeat/module/fortinet/fortimail/ingest/pipeline.yml index e4ed20982ec..817ec9d3e14 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/ingest/pipeline.yml +++ b/x-pack/filebeat/module/fortinet/fortimail/ingest/pipeline.yml @@ -10,6 +10,11 @@ processors: - user_agent: field: user_agent.original ignore_missing: true + # Serial Number + - set: + field: observer.serial_number + value: "{{rsa.misc.hardware_id}}" + ignore_empty_value: true # IP Geolocation Lookup - geoip: field: source.ip diff --git a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json index 767991be1fa..74bbff2c61a 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json @@ -11,6 +11,7 @@ "log.level": "high", "log.offset": 0, "observer.product": "FortiMail", + "observer.serial_number": "pexe", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "boNemoe", @@ -42,6 +43,7 @@ "log.level": "very-high", "log.offset": 117, "observer.product": "FortiMail", + "observer.serial_number": "ehend", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -85,6 +87,7 @@ "log.level": "low", "log.offset": 355, "observer.product": "FortiMail", + "observer.serial_number": "doeiu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -127,6 +130,7 @@ "log.level": "high", "log.offset": 534, "observer.product": "FortiMail", + "observer.serial_number": "uipexea", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -167,6 +171,7 @@ "log.level": "very-high", "log.offset": 706, "observer.product": "FortiMail", + "observer.serial_number": "itati", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -207,6 +212,7 @@ "log.level": "high", "log.offset": 873, "observer.product": "FortiMail", + "observer.serial_number": "llamcorp", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -247,6 +253,7 @@ "log.level": "very-high", "log.offset": 1039, "observer.product": "FortiMail", + "observer.serial_number": "enimad", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -284,6 +291,7 @@ "log.level": "low", "log.offset": 1206, "observer.product": "FortiMail", + "observer.serial_number": "taliqu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -327,6 +335,7 @@ "log.level": "very-high", "log.offset": 1442, "observer.product": "FortiMail", + "observer.serial_number": "smo", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -367,6 +376,7 @@ "log.level": "low", "log.offset": 1619, "observer.product": "FortiMail", + "observer.serial_number": "ntutl", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "edquiano", @@ -399,6 +409,7 @@ "log.offset": 1745, "network.direction": "inbound", "observer.product": "FortiMail", + "observer.serial_number": "idestla", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -441,6 +452,7 @@ "log.level": "high", "log.offset": 2075, "observer.product": "FortiMail", + "observer.serial_number": "amvolup", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -487,6 +499,7 @@ "log.level": "low", "log.offset": 2254, "observer.product": "FortiMail", + "observer.serial_number": "estiae", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -524,6 +537,7 @@ "log.level": "medium", "log.offset": 2424, "observer.product": "FortiMail", + "observer.serial_number": "oluptas", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "equat", @@ -555,6 +569,7 @@ "log.level": "high", "log.offset": 2546, "observer.product": "FortiMail", + "observer.serial_number": "abi", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "veniamq", @@ -590,6 +605,7 @@ "log.offset": 2668, "network.direction": "inbound", "observer.product": "FortiMail", + "observer.serial_number": "orem", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -641,6 +657,7 @@ "log.level": "very-high", "log.offset": 3053, "observer.product": "FortiMail", + "observer.serial_number": "didunt", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -680,6 +697,7 @@ "log.level": "high", "log.offset": 3256, "observer.product": "FortiMail", + "observer.serial_number": "tvolu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -718,6 +736,7 @@ "log.level": "very-high", "log.offset": 3450, "observer.product": "FortiMail", + "observer.serial_number": "stru", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -754,6 +773,7 @@ "log.level": "high", "log.offset": 3632, "observer.product": "FortiMail", + "observer.serial_number": "uatD", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -795,6 +815,7 @@ "log.level": "very-high", "log.offset": 3829, "observer.product": "FortiMail", + "observer.serial_number": "tenimad", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -837,6 +858,7 @@ "log.level": "high", "log.offset": 4059, "observer.product": "FortiMail", + "observer.serial_number": "intoc", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -880,6 +902,7 @@ "log.level": "high", "log.offset": 4286, "observer.product": "FortiMail", + "observer.serial_number": "quamqua", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -921,6 +944,7 @@ "log.level": "high", "log.offset": 4458, "observer.product": "FortiMail", + "observer.serial_number": "dolore", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -960,6 +984,7 @@ "log.level": "low", "log.offset": 4705, "observer.product": "FortiMail", + "observer.serial_number": "uaUten", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1005,6 +1030,7 @@ "log.level": "low", "log.offset": 4884, "observer.product": "FortiMail", + "observer.serial_number": "aec", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -1048,6 +1074,7 @@ "log.level": "very-high", "log.offset": 5130, "observer.product": "FortiMail", + "observer.serial_number": "amcor", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1089,6 +1116,7 @@ "log.level": "very-high", "log.offset": 5319, "observer.product": "FortiMail", + "observer.serial_number": "tpersp", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1135,6 +1163,7 @@ "log.level": "very-high", "log.offset": 5501, "observer.product": "FortiMail", + "observer.serial_number": "dipisci", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1175,6 +1204,7 @@ "log.level": "low", "log.offset": 5672, "observer.product": "FortiMail", + "observer.serial_number": "nte", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1214,6 +1244,7 @@ "log.level": "very-high", "log.offset": 5854, "observer.product": "FortiMail", + "observer.serial_number": "ptateve", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1259,6 +1290,7 @@ "log.offset": 6048, "network.direction": "inbound", "observer.product": "FortiMail", + "observer.serial_number": "atione", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -1312,6 +1344,7 @@ "log.level": "medium", "log.offset": 6484, "observer.product": "FortiMail", + "observer.serial_number": "liquide", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1359,6 +1392,7 @@ "log.level": "very-high", "log.offset": 6680, "observer.product": "FortiMail", + "observer.serial_number": "taedict", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1400,6 +1434,7 @@ "log.level": "very-high", "log.offset": 6869, "observer.product": "FortiMail", + "observer.serial_number": "occ", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1439,6 +1474,7 @@ "log.level": "very-high", "log.offset": 7062, "observer.product": "FortiMail", + "observer.serial_number": "temUten", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1480,6 +1516,7 @@ "log.level": "medium", "log.offset": 7254, "observer.product": "FortiMail", + "observer.serial_number": "quide", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1517,6 +1554,7 @@ "log.level": "medium", "log.offset": 7432, "observer.product": "FortiMail", + "observer.serial_number": "inrepr", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1563,6 +1601,7 @@ "log.level": "very-high", "log.offset": 7619, "observer.product": "FortiMail", + "observer.serial_number": "riosa", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1609,6 +1648,7 @@ "log.level": "medium", "log.offset": 7804, "observer.product": "FortiMail", + "observer.serial_number": "undeom", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1649,6 +1689,7 @@ "log.level": "medium", "log.offset": 7970, "observer.product": "FortiMail", + "observer.serial_number": "edictasu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1689,6 +1730,7 @@ "log.level": "low", "log.offset": 8144, "observer.product": "FortiMail", + "observer.serial_number": "lumqu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1729,6 +1771,7 @@ "log.level": "low", "log.offset": 8301, "observer.product": "FortiMail", + "observer.serial_number": "uamqu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.email.email_dst": "emUte", @@ -1760,6 +1803,7 @@ "log.level": "very-high", "log.offset": 8447, "observer.product": "FortiMail", + "observer.serial_number": "umS", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1806,6 +1850,7 @@ "log.level": "low", "log.offset": 8642, "observer.product": "FortiMail", + "observer.serial_number": "urau", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1848,6 +1893,7 @@ "log.level": "very-high", "log.offset": 8825, "observer.product": "FortiMail", + "observer.serial_number": "upta", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "exerci", @@ -1879,6 +1925,7 @@ "log.level": "medium", "log.offset": 8954, "observer.product": "FortiMail", + "observer.serial_number": "mmodoco", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -1925,6 +1972,7 @@ "log.level": "medium", "log.offset": 9146, "observer.product": "FortiMail", + "observer.serial_number": "porinc", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -1966,6 +2014,7 @@ "log.level": "high", "log.offset": 9328, "observer.product": "FortiMail", + "observer.serial_number": "itse", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2009,6 +2058,7 @@ "log.level": "medium", "log.offset": 9547, "observer.product": "FortiMail", + "observer.serial_number": "iciade", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -2049,6 +2099,7 @@ "log.level": "high", "log.offset": 9718, "observer.product": "FortiMail", + "observer.serial_number": "colabori", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2090,6 +2141,7 @@ "log.level": "high", "log.offset": 9919, "observer.product": "FortiMail", + "observer.serial_number": "atcupid", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2127,6 +2179,7 @@ "log.level": "low", "log.offset": 10141, "observer.product": "FortiMail", + "observer.serial_number": "gna", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -2167,6 +2220,7 @@ "log.level": "high", "log.offset": 10309, "observer.product": "FortiMail", + "observer.serial_number": "uiineavo", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2210,6 +2264,7 @@ "log.level": "low", "log.offset": 10537, "observer.product": "FortiMail", + "observer.serial_number": "lupta", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.email.email_dst": "ulapa", @@ -2242,6 +2297,7 @@ "log.level": "low", "log.offset": 10701, "observer.product": "FortiMail", + "observer.serial_number": "obeataev", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -2278,6 +2334,7 @@ "log.level": "very-high", "log.offset": 10876, "observer.product": "FortiMail", + "observer.serial_number": "inim", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -2318,6 +2375,7 @@ "log.level": "low", "log.offset": 11044, "observer.product": "FortiMail", + "observer.serial_number": "itaedict", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "ptatemse", @@ -2349,6 +2407,7 @@ "log.level": "low", "log.offset": 11167, "observer.product": "FortiMail", + "observer.serial_number": "eleumi", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -2389,6 +2448,7 @@ "log.level": "very-high", "log.offset": 11329, "observer.product": "FortiMail", + "observer.serial_number": "nimadmin", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "tocca", @@ -2420,6 +2480,7 @@ "log.level": "very-high", "log.offset": 11455, "observer.product": "FortiMail", + "observer.serial_number": "usant", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2462,6 +2523,7 @@ "log.level": "very-high", "log.offset": 11652, "observer.product": "FortiMail", + "observer.serial_number": "conseq", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2505,6 +2567,7 @@ "log.level": "very-high", "log.offset": 11887, "observer.product": "FortiMail", + "observer.serial_number": "ugiatqu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2548,6 +2611,7 @@ "log.level": "medium", "log.offset": 12120, "observer.product": "FortiMail", + "observer.serial_number": "Bonoru", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2594,6 +2658,7 @@ "log.level": "very-high", "log.offset": 12305, "observer.product": "FortiMail", + "observer.serial_number": "mquameiu", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -2634,6 +2699,7 @@ "log.level": "medium", "log.offset": 12481, "observer.product": "FortiMail", + "observer.serial_number": "rumetMa", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2677,6 +2743,7 @@ "log.offset": 12656, "network.direction": "inbound", "observer.product": "FortiMail", + "observer.serial_number": "audant", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2730,6 +2797,7 @@ "log.level": "medium", "log.offset": 13066, "observer.product": "FortiMail", + "observer.serial_number": "emipsumq", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2776,6 +2844,7 @@ "log.level": "medium", "log.offset": 13249, "observer.product": "FortiMail", + "observer.serial_number": "lauda", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2816,6 +2885,7 @@ "log.level": "low", "log.offset": 13439, "observer.product": "FortiMail", + "observer.serial_number": "inibus", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -2852,6 +2922,7 @@ "log.level": "low", "log.offset": 13612, "observer.product": "FortiMail", + "observer.serial_number": "naaliq", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2899,6 +2970,7 @@ "log.level": "high", "log.offset": 13788, "observer.product": "FortiMail", + "observer.serial_number": "dolo", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2938,6 +3010,7 @@ "log.level": "high", "log.offset": 14016, "observer.product": "FortiMail", + "observer.serial_number": "imipsam", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -2988,6 +3061,7 @@ "log.offset": 14269, "network.protocol": "ipv6-icmp", "observer.product": "FortiMail", + "observer.serial_number": "econ", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3039,6 +3113,7 @@ "log.level": "very-high", "log.offset": 14586, "observer.product": "FortiMail", + "observer.serial_number": "atevelit", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3080,6 +3155,7 @@ "log.level": "low", "log.offset": 14795, "observer.product": "FortiMail", + "observer.serial_number": "ddo", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3128,6 +3204,7 @@ "log.offset": 15048, "network.direction": "internal", "observer.product": "FortiMail", + "observer.serial_number": "odit", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3181,6 +3258,7 @@ "log.level": "very-high", "log.offset": 15464, "observer.product": "FortiMail", + "observer.serial_number": "orsit", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3232,6 +3310,7 @@ "log.offset": 15674, "network.direction": "internal", "observer.product": "FortiMail", + "observer.serial_number": "quidol", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3285,6 +3364,7 @@ "log.level": "high", "log.offset": 16096, "observer.product": "FortiMail", + "observer.serial_number": "evelite", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "dolor", @@ -3316,6 +3396,7 @@ "log.level": "medium", "log.offset": 16221, "observer.product": "FortiMail", + "observer.serial_number": "itse", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "exeaco", @@ -3347,6 +3428,7 @@ "log.level": "medium", "log.offset": 16342, "observer.product": "FortiMail", + "observer.serial_number": "emvele", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3385,6 +3467,7 @@ "log.level": "very-high", "log.offset": 16528, "observer.product": "FortiMail", + "observer.serial_number": "aliq", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -3425,6 +3508,7 @@ "log.level": "high", "log.offset": 16695, "observer.product": "FortiMail", + "observer.serial_number": "pariatur", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3472,6 +3556,7 @@ "log.level": "low", "log.offset": 16891, "observer.product": "FortiMail", + "observer.serial_number": "imaven", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -3512,6 +3597,7 @@ "log.level": "medium", "log.offset": 17055, "observer.product": "FortiMail", + "observer.serial_number": "iade", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3559,6 +3645,7 @@ "log.level": "low", "log.offset": 17252, "observer.product": "FortiMail", + "observer.serial_number": "conse", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3605,6 +3692,7 @@ "log.level": "very-high", "log.offset": 17430, "observer.product": "FortiMail", + "observer.serial_number": "nvol", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "labor", @@ -3636,6 +3724,7 @@ "log.level": "medium", "log.offset": 17552, "observer.product": "FortiMail", + "observer.serial_number": "mwritte", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.user": [ @@ -3672,6 +3761,7 @@ "log.level": "high", "log.offset": 17731, "observer.product": "FortiMail", + "observer.serial_number": "vel", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "edutpers", @@ -3704,6 +3794,7 @@ "log.level": "medium", "log.offset": 17851, "observer.product": "FortiMail", + "observer.serial_number": "sBonoru", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3743,6 +3834,7 @@ "log.level": "medium", "log.offset": 18079, "observer.product": "FortiMail", + "observer.serial_number": "cid", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3790,6 +3882,7 @@ "log.level": "high", "log.offset": 18282, "observer.product": "FortiMail", + "observer.serial_number": "icta", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3839,6 +3932,7 @@ "log.level": "high", "log.offset": 18470, "observer.product": "FortiMail", + "observer.serial_number": "quaturve", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3886,6 +3980,7 @@ "log.offset": 18728, "network.direction": "unknown", "observer.product": "FortiMail", + "observer.serial_number": "eprehen", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3926,6 +4021,7 @@ "log.level": "low", "log.offset": 19025, "observer.product": "FortiMail", + "observer.serial_number": "tiumtot", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -3974,6 +4070,7 @@ "log.level": "medium", "log.offset": 19231, "observer.product": "FortiMail", + "observer.serial_number": "equ", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ @@ -4012,6 +4109,7 @@ "log.level": "very-high", "log.offset": 19466, "observer.product": "FortiMail", + "observer.serial_number": "sunt", "observer.type": "Firewall", "observer.vendor": "Fortinet", "rsa.internal.event_desc": "pta", @@ -4046,6 +4144,7 @@ "log.offset": 19589, "network.protocol": "igmp", "observer.product": "FortiMail", + "observer.serial_number": "ntutlabo", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ @@ -4097,6 +4196,7 @@ "log.level": "medium", "log.offset": 19902, "observer.product": "FortiMail", + "observer.serial_number": "int", "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ diff --git a/x-pack/filebeat/module/fortinet/fortimanager/ingest/pipeline.yml b/x-pack/filebeat/module/fortinet/fortimanager/ingest/pipeline.yml index b423b2203e4..146ed98dc9a 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/ingest/pipeline.yml +++ b/x-pack/filebeat/module/fortinet/fortimanager/ingest/pipeline.yml @@ -10,6 +10,11 @@ processors: - user_agent: field: user_agent.original ignore_missing: true + # Serial Number + - set: + field: observer.serial_number + value: "{{rsa.misc.hardware_id}}" + ignore_empty_value: true # URL - uri_parts: field: url.original diff --git a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json index 8c635f632f8..19c8aaf4af0 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json @@ -22,6 +22,7 @@ "observer.egress.interface.name": "enp0s3068", "observer.ingress.interface.name": "eth5722", "observer.product": "FortiManager", + "observer.serial_number": "olab", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -90,6 +91,7 @@ "observer.egress.interface.name": "enp0s2581", "observer.ingress.interface.name": "enp0s208", "observer.product": "FortiManager", + "observer.serial_number": "tur", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.410", @@ -190,6 +192,7 @@ "observer.egress.interface.name": "enp0s3491", "observer.ingress.interface.name": "eth4496", "observer.product": "FortiManager", + "observer.serial_number": "olorema", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -257,6 +260,7 @@ "observer.egress.interface.name": "eth3391", "observer.ingress.interface.name": "eth3676", "observer.product": "FortiManager", + "observer.serial_number": "emq", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -326,6 +330,7 @@ "observer.egress.interface.name": "eth6096", "observer.ingress.interface.name": "lo1567", "observer.product": "FortiManager", + "observer.serial_number": "atuse", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.5670", @@ -427,6 +432,7 @@ "observer.egress.interface.name": "lo1120", "observer.ingress.interface.name": "enp0s33", "observer.product": "FortiManager", + "observer.serial_number": "ivelits", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.152", @@ -528,6 +534,7 @@ "observer.egress.interface.name": "enp0s1462", "observer.ingress.interface.name": "lo2857", "observer.product": "FortiManager", + "observer.serial_number": "remagn", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4059", @@ -628,6 +635,7 @@ "observer.egress.interface.name": "lo821", "observer.ingress.interface.name": "eth2591", "observer.product": "FortiManager", + "observer.serial_number": "ctetura", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -696,6 +704,7 @@ "observer.egress.interface.name": "lo1616", "observer.ingress.interface.name": "eth6448", "observer.product": "FortiManager", + "observer.serial_number": "stlabo", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.3917", @@ -797,6 +806,7 @@ "observer.egress.interface.name": "lo4901", "observer.ingress.interface.name": "eth4502", "observer.product": "FortiManager", + "observer.serial_number": "adip", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.2580", @@ -897,6 +907,7 @@ "observer.egress.interface.name": "lo7114", "observer.ingress.interface.name": "lo4249", "observer.product": "FortiManager", + "observer.serial_number": "tquov", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -964,6 +975,7 @@ "observer.egress.interface.name": "lo2438", "observer.ingress.interface.name": "enp0s4046", "observer.product": "FortiManager", + "observer.serial_number": "tse", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -1032,6 +1044,7 @@ "observer.egress.interface.name": "lo4367", "observer.ingress.interface.name": "eth651", "observer.product": "FortiManager", + "observer.serial_number": "eFi", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.3319", @@ -1132,6 +1145,7 @@ "observer.egress.interface.name": "lo5047", "observer.ingress.interface.name": "eth267", "observer.product": "FortiManager", + "observer.serial_number": "nBCSedut", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -1200,6 +1214,7 @@ "observer.egress.interface.name": "eth4392", "observer.ingress.interface.name": "eth5968", "observer.product": "FortiManager", + "observer.serial_number": "ate", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.225", @@ -1300,6 +1315,7 @@ "observer.egress.interface.name": "enp0s3449", "observer.ingress.interface.name": "lo1208", "observer.product": "FortiManager", + "observer.serial_number": "atisund", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -1367,6 +1383,7 @@ "observer.egress.interface.name": "enp0s2700", "observer.ingress.interface.name": "lo3642", "observer.product": "FortiManager", + "observer.serial_number": "item", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -1435,6 +1452,7 @@ "observer.egress.interface.name": "lo7672", "observer.ingress.interface.name": "eth4185", "observer.product": "FortiManager", + "observer.serial_number": "siuta", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.1847", @@ -1536,6 +1554,7 @@ "observer.egress.interface.name": "eth3862", "observer.ingress.interface.name": "enp0s3071", "observer.product": "FortiManager", + "observer.serial_number": "hitec", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.760", @@ -1637,6 +1656,7 @@ "observer.egress.interface.name": "lo1586", "observer.ingress.interface.name": "eth7713", "observer.product": "FortiManager", + "observer.serial_number": "utaliqu", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4450", @@ -1738,6 +1758,7 @@ "observer.egress.interface.name": "eth1247", "observer.ingress.interface.name": "lo154", "observer.product": "FortiManager", + "observer.serial_number": "vol", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.7544", @@ -1839,6 +1860,7 @@ "observer.egress.interface.name": "lo3057", "observer.ingress.interface.name": "lo653", "observer.product": "FortiManager", + "observer.serial_number": "remips", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.1710", @@ -1940,6 +1962,7 @@ "observer.egress.interface.name": "lo3472", "observer.ingress.interface.name": "eth2940", "observer.product": "FortiManager", + "observer.serial_number": "cor", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.5380", @@ -2041,6 +2064,7 @@ "observer.egress.interface.name": "lo3706", "observer.ingress.interface.name": "lo7416", "observer.product": "FortiManager", + "observer.serial_number": "min", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2110,6 +2134,7 @@ "observer.egress.interface.name": "enp0s3903", "observer.ingress.interface.name": "eth5767", "observer.product": "FortiManager", + "observer.serial_number": "eddoei", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.2208", @@ -2212,6 +2237,7 @@ "observer.egress.interface.name": "enp0s1732", "observer.ingress.interface.name": "lo2990", "observer.product": "FortiManager", + "observer.serial_number": "itametco", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.3402", @@ -2313,6 +2339,7 @@ "observer.egress.interface.name": "enp0s3067", "observer.ingress.interface.name": "enp0s4064", "observer.product": "FortiManager", + "observer.serial_number": "oluptat", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.91", @@ -2414,6 +2441,7 @@ "observer.egress.interface.name": "enp0s5908", "observer.ingress.interface.name": "eth62", "observer.product": "FortiManager", + "observer.serial_number": "Duisa", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.7278", @@ -2514,6 +2542,7 @@ "observer.egress.interface.name": "lo6533", "observer.ingress.interface.name": "enp0s6659", "observer.product": "FortiManager", + "observer.serial_number": "mexercit", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2581,6 +2610,7 @@ "observer.egress.interface.name": "enp0s5873", "observer.ingress.interface.name": "enp0s7649", "observer.product": "FortiManager", + "observer.serial_number": "nesci", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2649,6 +2679,7 @@ "observer.egress.interface.name": "eth1576", "observer.ingress.interface.name": "lo6539", "observer.product": "FortiManager", + "observer.serial_number": "nturmag", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.5978", @@ -2749,6 +2780,7 @@ "observer.egress.interface.name": "enp0s7799", "observer.ingress.interface.name": "eth6814", "observer.product": "FortiManager", + "observer.serial_number": "mexer", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2816,6 +2848,7 @@ "observer.egress.interface.name": "eth1882", "observer.ingress.interface.name": "lo497", "observer.product": "FortiManager", + "observer.serial_number": "unt", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2883,6 +2916,7 @@ "observer.egress.interface.name": "eth1188", "observer.ingress.interface.name": "lo4891", "observer.product": "FortiManager", + "observer.serial_number": "nost", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -2950,6 +2984,7 @@ "observer.egress.interface.name": "lo1800", "observer.ingress.interface.name": "lo3230", "observer.product": "FortiManager", + "observer.serial_number": "teturad", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3018,6 +3053,7 @@ "observer.egress.interface.name": "lo4581", "observer.ingress.interface.name": "eth4543", "observer.product": "FortiManager", + "observer.serial_number": "conseq", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4713", @@ -3119,6 +3155,7 @@ "observer.egress.interface.name": "enp0s7442", "observer.ingress.interface.name": "enp0s2282", "observer.product": "FortiManager", + "observer.serial_number": "umiurer", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4481", @@ -3221,6 +3258,7 @@ "observer.egress.interface.name": "enp0s4580", "observer.ingress.interface.name": "enp0s4429", "observer.product": "FortiManager", + "observer.serial_number": "uredol", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4442", @@ -3322,6 +3360,7 @@ "observer.egress.interface.name": "enp0s6960", "observer.ingress.interface.name": "enp0s7206", "observer.product": "FortiManager", + "observer.serial_number": "xeaco", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.3804", @@ -3422,6 +3461,7 @@ "observer.egress.interface.name": "eth855", "observer.ingress.interface.name": "eth3784", "observer.product": "FortiManager", + "observer.serial_number": "saute", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3489,6 +3529,7 @@ "observer.egress.interface.name": "lo2402", "observer.ingress.interface.name": "lo6750", "observer.product": "FortiManager", + "observer.serial_number": "metMa", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3545,6 +3586,7 @@ "log.level": "low", "log.offset": 45638, "observer.product": "FortiManager", + "observer.serial_number": "roinBCS", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3604,6 +3646,7 @@ "observer.egress.interface.name": "enp0s5799", "observer.ingress.interface.name": "eth1805", "observer.product": "FortiManager", + "observer.serial_number": "enim", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.7318", @@ -3705,6 +3748,7 @@ "observer.egress.interface.name": "enp0s4999", "observer.ingress.interface.name": "lo1719", "observer.product": "FortiManager", + "observer.serial_number": "quipex", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4895", @@ -3805,6 +3849,7 @@ "observer.egress.interface.name": "enp0s7861", "observer.ingress.interface.name": "enp0s7374", "observer.product": "FortiManager", + "observer.serial_number": "boreetdo", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3872,6 +3917,7 @@ "observer.egress.interface.name": "enp0s1294", "observer.ingress.interface.name": "lo2867", "observer.product": "FortiManager", + "observer.serial_number": "tiumd", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -3939,6 +3985,7 @@ "observer.egress.interface.name": "enp0s6143", "observer.ingress.interface.name": "eth575", "observer.product": "FortiManager", + "observer.serial_number": "periam", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -4007,6 +4054,7 @@ "observer.egress.interface.name": "enp0s4446", "observer.ingress.interface.name": "lo259", "observer.product": "FortiManager", + "observer.serial_number": "amq", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4493", @@ -4108,6 +4156,7 @@ "observer.egress.interface.name": "enp0s20", "observer.ingress.interface.name": "lo7727", "observer.product": "FortiManager", + "observer.serial_number": "aliqu", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.6506", @@ -4208,6 +4257,7 @@ "observer.egress.interface.name": "lo7156", "observer.ingress.interface.name": "enp0s6940", "observer.product": "FortiManager", + "observer.serial_number": "onproid", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -4275,6 +4325,7 @@ "observer.egress.interface.name": "enp0s3868", "observer.ingress.interface.name": "lo6718", "observer.product": "FortiManager", + "observer.serial_number": "imadm", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -4343,6 +4394,7 @@ "observer.egress.interface.name": "enp0s2918", "observer.ingress.interface.name": "enp0s2674", "observer.product": "FortiManager", + "observer.serial_number": "tati", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.409", @@ -4444,6 +4496,7 @@ "observer.egress.interface.name": "enp0s1238", "observer.ingress.interface.name": "lo4523", "observer.product": "FortiManager", + "observer.serial_number": "ecatcu", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.5475", @@ -4545,6 +4598,7 @@ "observer.egress.interface.name": "eth7500", "observer.ingress.interface.name": "eth2121", "observer.product": "FortiManager", + "observer.serial_number": "henderi", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.142", @@ -4646,6 +4700,7 @@ "observer.egress.interface.name": "eth2068", "observer.ingress.interface.name": "eth6552", "observer.product": "FortiManager", + "observer.serial_number": "ius", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.1789", @@ -4747,6 +4802,7 @@ "observer.egress.interface.name": "lo5084", "observer.ingress.interface.name": "enp0s7638", "observer.product": "FortiManager", + "observer.serial_number": "uunturm", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -4815,6 +4871,7 @@ "observer.egress.interface.name": "enp0s4144", "observer.ingress.interface.name": "enp0s1897", "observer.product": "FortiManager", + "observer.serial_number": "ctas", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.6905", @@ -4916,6 +4973,7 @@ "observer.egress.interface.name": "enp0s390", "observer.ingress.interface.name": "enp0s3638", "observer.product": "FortiManager", + "observer.serial_number": "olab", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.1353", @@ -5016,6 +5074,7 @@ "observer.egress.interface.name": "enp0s4444", "observer.ingress.interface.name": "lo5821", "observer.product": "FortiManager", + "observer.serial_number": "BCSedut", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -5083,6 +5142,7 @@ "observer.egress.interface.name": "eth1592", "observer.ingress.interface.name": "lo1752", "observer.product": "FortiManager", + "observer.serial_number": "amre", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -5151,6 +5211,7 @@ "observer.egress.interface.name": "lo299", "observer.ingress.interface.name": "eth5742", "observer.product": "FortiManager", + "observer.serial_number": "dolorsit", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4261", @@ -5252,6 +5313,7 @@ "observer.egress.interface.name": "lo2390", "observer.ingress.interface.name": "enp0s1531", "observer.product": "FortiManager", + "observer.serial_number": "nderit", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.491", @@ -5352,6 +5414,7 @@ "observer.egress.interface.name": "lo7502", "observer.ingress.interface.name": "eth4741", "observer.product": "FortiManager", + "observer.serial_number": "vel", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -5419,6 +5482,7 @@ "observer.egress.interface.name": "lo3385", "observer.ingress.interface.name": "lo1640", "observer.product": "FortiManager", + "observer.serial_number": "tot", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -5487,6 +5551,7 @@ "observer.egress.interface.name": "lo105", "observer.ingress.interface.name": "eth2707", "observer.product": "FortiManager", + "observer.serial_number": "tdolorem", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.979", @@ -5576,6 +5641,7 @@ "log.level": "high", "log.offset": 71594, "observer.product": "FortiManager", + "observer.serial_number": "henderi", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -5635,6 +5701,7 @@ "observer.egress.interface.name": "lo6200", "observer.ingress.interface.name": "lo5820", "observer.product": "FortiManager", + "observer.serial_number": "oremquel", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4342", @@ -5736,6 +5803,7 @@ "observer.egress.interface.name": "enp0s7520", "observer.ingress.interface.name": "enp0s4931", "observer.product": "FortiManager", + "observer.serial_number": "remagna", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.6452", @@ -5836,6 +5904,7 @@ "observer.egress.interface.name": "lo1813", "observer.ingress.interface.name": "eth725", "observer.product": "FortiManager", + "observer.serial_number": "ittenbyC", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -5903,6 +5972,7 @@ "observer.egress.interface.name": "lo1291", "observer.ingress.interface.name": "eth1273", "observer.product": "FortiManager", + "observer.serial_number": "xcepte", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -5971,6 +6041,7 @@ "observer.egress.interface.name": "lo1570", "observer.ingress.interface.name": "eth4425", "observer.product": "FortiManager", + "observer.serial_number": "olorinr", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.5718", @@ -6072,6 +6143,7 @@ "observer.egress.interface.name": "enp0s1526", "observer.ingress.interface.name": "enp0s6255", "observer.product": "FortiManager", + "observer.serial_number": "uipexea", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.6603", @@ -6173,6 +6245,7 @@ "observer.egress.interface.name": "lo368", "observer.ingress.interface.name": "lo2279", "observer.product": "FortiManager", + "observer.serial_number": "tempora", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.2052", @@ -6274,6 +6347,7 @@ "observer.egress.interface.name": "enp0s7388", "observer.ingress.interface.name": "eth4604", "observer.product": "FortiManager", + "observer.serial_number": "avolup", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.2691", @@ -6374,6 +6448,7 @@ "observer.egress.interface.name": "enp0s454", "observer.ingress.interface.name": "lo4518", "observer.product": "FortiManager", + "observer.serial_number": "ori", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -6442,6 +6517,7 @@ "observer.egress.interface.name": "eth5820", "observer.ingress.interface.name": "lo568", "observer.product": "FortiManager", + "observer.serial_number": "onn", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.3052", @@ -6542,6 +6618,7 @@ "observer.egress.interface.name": "lo5835", "observer.ingress.interface.name": "lo7680", "observer.product": "FortiManager", + "observer.serial_number": "iusmodte", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -6609,6 +6686,7 @@ "observer.egress.interface.name": "enp0s2353", "observer.ingress.interface.name": "eth2546", "observer.product": "FortiManager", + "observer.serial_number": "sitametc", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -6677,6 +6755,7 @@ "observer.egress.interface.name": "eth7640", "observer.ingress.interface.name": "lo3023", "observer.product": "FortiManager", + "observer.serial_number": "maccusan", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.95", @@ -6777,6 +6856,7 @@ "observer.egress.interface.name": "lo5438", "observer.ingress.interface.name": "lo1917", "observer.product": "FortiManager", + "observer.serial_number": "itatio", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -6844,6 +6924,7 @@ "observer.egress.interface.name": "lo5287", "observer.ingress.interface.name": "enp0s11", "observer.product": "FortiManager", + "observer.serial_number": "lorsita", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -6911,6 +6992,7 @@ "observer.egress.interface.name": "lo2445", "observer.ingress.interface.name": "enp0s1885", "observer.product": "FortiManager", + "observer.serial_number": "uptasnul", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -6978,6 +7060,7 @@ "observer.egress.interface.name": "eth6468", "observer.ingress.interface.name": "eth1833", "observer.product": "FortiManager", + "observer.serial_number": "mquae", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7046,6 +7129,7 @@ "observer.egress.interface.name": "enp0s7218", "observer.ingress.interface.name": "lo1215", "observer.product": "FortiManager", + "observer.serial_number": "ant", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.1028", @@ -7147,6 +7231,7 @@ "observer.egress.interface.name": "eth2435", "observer.ingress.interface.name": "lo3887", "observer.product": "FortiManager", + "observer.serial_number": "ulapari", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4195", @@ -7247,6 +7332,7 @@ "observer.egress.interface.name": "lo4266", "observer.ingress.interface.name": "eth297", "observer.product": "FortiManager", + "observer.serial_number": "exercita", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7314,6 +7400,7 @@ "observer.egress.interface.name": "eth5315", "observer.ingress.interface.name": "enp0s5429", "observer.product": "FortiManager", + "observer.serial_number": "trud", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7381,6 +7468,7 @@ "observer.egress.interface.name": "enp0s7159", "observer.ingress.interface.name": "enp0s4820", "observer.product": "FortiManager", + "observer.serial_number": "iad", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7448,6 +7536,7 @@ "observer.egress.interface.name": "eth614", "observer.ingress.interface.name": "eth4759", "observer.product": "FortiManager", + "observer.serial_number": "isnos", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7516,6 +7605,7 @@ "observer.egress.interface.name": "enp0s5497", "observer.ingress.interface.name": "enp0s2181", "observer.product": "FortiManager", + "observer.serial_number": "msequine", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.2682", @@ -7616,6 +7706,7 @@ "observer.egress.interface.name": "lo6072", "observer.ingress.interface.name": "eth434", "observer.product": "FortiManager", + "observer.serial_number": "bori", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7672,6 +7763,7 @@ "log.level": "high", "log.offset": 97381, "observer.product": "FortiManager", + "observer.serial_number": "tena", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7730,6 +7822,7 @@ "observer.egress.interface.name": "enp0s1127", "observer.ingress.interface.name": "enp0s2388", "observer.product": "FortiManager", + "observer.serial_number": "alorumw", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7797,6 +7890,7 @@ "observer.egress.interface.name": "eth4236", "observer.ingress.interface.name": "enp0s5828", "observer.product": "FortiManager", + "observer.serial_number": "elaudan", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7864,6 +7958,7 @@ "observer.egress.interface.name": "enp0s2100", "observer.ingress.interface.name": "lo7358", "observer.product": "FortiManager", + "observer.serial_number": "rittenby", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -7931,6 +8026,7 @@ "observer.egress.interface.name": "lo7861", "observer.ingress.interface.name": "lo3071", "observer.product": "FortiManager", + "observer.serial_number": "ipsa", "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ @@ -8000,6 +8096,7 @@ "observer.egress.interface.name": "eth1762", "observer.ingress.interface.name": "enp0s1127", "observer.product": "FortiManager", + "observer.serial_number": "uamqu", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.802", @@ -8101,6 +8198,7 @@ "observer.egress.interface.name": "enp0s1149", "observer.ingress.interface.name": "eth5256", "observer.product": "FortiManager", + "observer.serial_number": "riamea", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.2314", @@ -8202,6 +8300,7 @@ "observer.egress.interface.name": "enp0s5751", "observer.ingress.interface.name": "lo3094", "observer.product": "FortiManager", + "observer.serial_number": "reetdo", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.4674", @@ -8303,6 +8402,7 @@ "observer.egress.interface.name": "enp0s6106", "observer.ingress.interface.name": "lo5632", "observer.product": "FortiManager", + "observer.serial_number": "ameius", "observer.type": "Configuration", "observer.vendor": "Fortinet", "observer.version": "1.1386",