From d7614f02cad749919e46ab7a6f4d45b91e650f24 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Fri, 22 Jul 2022 08:59:41 +0930 Subject: [PATCH] x-pack/filebeat/module/checkpoint: add authentication operation outcome mapping (#32431) --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 40 ++++++++ x-pack/filebeat/module/checkpoint/fields.go | 2 +- .../checkpoint/firewall/_meta/fields.yml | 20 ++++ .../checkpoint/firewall/ingest/pipeline.yml | 40 ++++++++ .../module/checkpoint/firewall/test/R80.X.log | 2 + .../firewall/test/R80.X.log-expected.json | 91 +++++++++++++++++++ 7 files changed, 195 insertions(+), 1 deletion(-) create mode 100644 x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log create mode 100644 x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a35d26b65dd6..fca061e831b5 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -115,6 +115,7 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff] - Add references for CRI-O configuration in input-container and in our kubernetes manifests {issue}32149[32149] {pull}32151[32151] - httpjson input: Add `replaceAll` helper function to template context. {pull}32365[32365] - Optimize grok patterns in system.auth module pipeline. {pull}32360[32360] +- Checkpoint module: add authentication operation outcome enrichment. {issue}32230[32230] {pull}32431[32431] *Auditbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index a75f574429a9..66af34c3469e 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -16862,6 +16862,16 @@ type: integer -- +*`checkpoint.identity_src`*:: ++ +-- +The source for authentication identity information. + + +type: keyword + +-- + *`checkpoint.information`*:: + -- @@ -17438,6 +17448,16 @@ type: keyword Risk level we got from the engine. +type: keyword + +-- + +*`checkpoint.roles`*:: ++ +-- +The role of identity. + + type: keyword -- @@ -19878,6 +19898,16 @@ type: keyword Reports whether watermark is added to the cleaned file. +type: keyword + +-- + +*`checkpoint.snid`*:: ++ +-- +The Check Point session ID. + + type: keyword -- @@ -20408,6 +20438,16 @@ type: keyword Password authentication protocol used (PAP or EAP). +type: keyword + +-- + +*`checkpoint.auth_status`*:: ++ +-- +The authentication status for an event. + + type: keyword -- diff --git a/x-pack/filebeat/module/checkpoint/fields.go b/x-pack/filebeat/module/checkpoint/fields.go index e17db3cb7035..92984725101c 100644 --- a/x-pack/filebeat/module/checkpoint/fields.go +++ b/x-pack/filebeat/module/checkpoint/fields.go @@ -19,5 +19,5 @@ func init() { // AssetCheckpoint returns asset data. // This is the base64 encoded zlib format compressed contents of module/checkpoint. func AssetCheckpoint() string { - return "eJzUvU1zGznyJ3yfT4How2P/I2hrpp/Z/8GHjVBL6mnFWDbXlLt3TxVgVZLECAVUAyhS7E+/gQRQVZQpAbLNlLcvbUuk85d4SeR7vmF3sH/H6g3Ud50Wyv2NMSechHfsYvqzBmxtROeEVu/Y//wbY4wtdAuTL7JWN72EvzG2EiAb+w4/5P97wxRv4QGR9J/bd/COrY3uu8lPDUjg1v+CT356BET67waJs5U2rOPGCrWe4Gd2b6Vev5184yHGA5xarUQDqoZKwhbkwYcSYqEcrME8+J3egtkZ4eAdc6aHB799Ar//72Kgy5Aua8CBaYWChi337HZjgLsLqftm5OQ4A1zWlSd2FPkd7HfaNN8T+Xu9nn4kA6+xrqp1r5zZUwG8BOuE4v7XLJIuANlbMJX/KxXMC60U1A4a5kkjEqYVcxvw3xw4uJ5nwEPLhazEQ2wnw33l6THVt0swTChmW9f5a+SZyZ+HgNb2y/9A7aggfzRiLRSXgTqL1MuQgrVCK8L1vRiWkvW9yF1/2IKKN+woQKnV+nui+xD2Xa8CZcu4tboW3J/jnXAbPL8H8vcobLu3VQvW8jXZfVvsrYOWRar2aXxSr+l2/FnIVlzI3kAl2o7T3aDbDbBA0W993zXcAbNgtqKGBCmz5Y+s5wne1o9bMEY0wHjXSVFHOXqZw6dW2rT4YapVnWsp6j0TyjouZcBpHXe9ReWGM9tBLVaiZkvJm9wCS74nfsLee4pIvQiaF2e00D5/zm671OvHhPsJjuZnJf7sgXnNzwm3x22Wem0zIFsud9xAteKtkGSK1HnTCP87LqeXwyspndGu6LnX+PJWVtSkB/OG1xuhgC2uLzIAO7yCVbtuyWTpB9T0VvhS3nDF19CCcmwBZguGuQ13rMUfW+Y2wrIF1L3xh+Vf3MGO55TZyBHlck85kty6iCHwcpQHtgJXbyCn3YznjFABmw9E071jWTVsApRy4RfpfbBirbjrDUQ7IuwFd47Xd+XQPU4yjWLfIc6RvLeDGuY0msK1ex4HutbHbfcTHRBPLwKFJtltxVZQZ/T9vrKmrkR3/Ol5+ONvOyagGjDM6t7UwK7n7LVX3tluA37RhVoHQP+VQW2Cy+cI2u//UN5wlA9IMxqbBegqXlPqb+fh3Mbb1k4hi3AieF2DtVEe5myimquqEQZIeVjUXLGBag4iuTX8Xq9LzOBwtCttqXB9XLDdRtQbtgYFBs3fYnnl7z2xT+wikEMAM9aAEVto2MrodiK0JgKCN40Bm1NLPSPkfrPPg7esHjxoTo/Yn4bsRH0HjvAAR43/+pJ1YNhKyJyt5KStLOqC1UZbR6tPfLg+u/gQzgWo2uw7v7q37xfTU4LP9HLPPn96/ysaMDV3sNZG/MULRMgWTCMIHRdXDNTa2wKRMJtra8VSAtty2YN9x264FLXQvT37BZRYq7MrY3TutfHHnmxXwtEe3MTZFVaNNpUUltQ9FMiGm4mKf2f0VjRRMKbVD36NNi25P0QZdnawTPeBUj/9A5YskB3VvPio/3Z7O2cGbKeVzW1GLQUo2kt8gSTZ+cT5pQ1b6JVDW+YXyZu4QwNjniv055ZxswVjCVWUX3ohGxaJem1rwVXzCxqa52vPaoCV/GhTfbztepfVHOHegUK95qUZ86AfMrc0eudv/oAyww0+Gk4QegF1zSXzFNO6g2pCLLZwA4aNqzqjm752ZGrce2HRoz0enauE/fDC5FShmiz+6mXtBTdLrdiF7vZJVUvHB8NWOfOTG3+NO6O9dYIqHKWA+rhTYFiimoAHUCyCGn4a/xpcSUas12Ceo2v/YDx+Ize8b4SrQoiAzMj1NNkCab5lF1yxJbBFHwxbbdivRdEfjSFXx5ePuBBOcVE8Mb/yfLWKbhoEkbvKESqlL2wD+I8PfrtDwDm8nTdA0fWIfhJK1ANtpvq8iyaE1A3UovMPtvWAj6I9gUPpvPUmsF/hkT7bbXQbfTdCsh23zHoZ5HTO8O27zgtdaCqp18ev4il4WK8NrNHZMNpjIVa4EltgrVC9A5ueYeslT7CLZwc5JVw1rNMmd7Aw6EiqugbdtMDGoRWBH+/O/uBGCbUusg3tRhtHmpO18BSnHzr64PjzDfdQ9y4beJFarUk5uNEGHkYZpwy87m3PpdzHf2cp1JqB3wtmgFutvG0W8xBybmz0s3ot2VYb3R8Xlye4vGPmTB9cQgiBNb3xvAyhMw+pnIGGH3chvhz+JhugnMDfAdz9YPg9pJzvB79fJeuZ9BRdJpN9K8yXaSKepa85UQ85IjxWX8FQ/og95IfynH0FQwVnDi+N11LorwtqbekJAQOIJeYp/3T+y8SZx2sntsLtf4o+15w1M+SXPBYGPUV28IdF2IQCLWPyT5FZW2PODdx3kkeNbaN3QaVLeRTrmEcB/smsow353CzcjrdVdN6TRaJC+nAKGYB9+6VD3uM6U9qFP3QbYTdC5TJKA0u1Vs5oWXHF5d4KMg3xJuRuslpya/1Fx22beVsDxlCb5yf5yYtuCN56A7aXdC6xn65VsD5/OnugUPLCTE8d062rP3vogTDWNuR5d9q6lbiP+d4II5/DY4Q9/kicAOknYe9i4ccO2Fq7cECC87TgYOilBbPlS0lrn11/vJiQfpB1VA6Z7kQ8Cjh7GiZwa9228Eh+PSXm8qoboRovgjRtZN4DHyiXHIkR5gu8tIdov2ZtDazAgKpfaIEH8sWAKROwD7EWpPDwriP1OEzjo+W771HSpYufP6eAwUOz4tFs9h/oCtVgXFCSwGs36KGkwvzb7e18wRLVL5XPxYdr5pnRLRcqZDO8vvyQ8ylNOdpyKRraOhIDtbAQHGKzqYsscDtBl1Q41mNK6E/xAymDB9gOllY4sD+xFeCzk3MSY3iaNOA8vRUxIzHCwCh0zrUpWuEqA3/2YB2QXeXrcE/Ast0G3AYMa7jjAQ16ZgdE6DIIxp4tiPcHfrDU6SW5mQBGdnjtosPWnzoEmfU6N0Z3HTSV046TOTrGwFAkzzpe34Gz7PVSuw0Tqtatv0tcNUz3bq2FWmflQUiU8aAJk1Jj5s/HxWMpS3jCMtApNcbpTS7QFzujOy/KgC74PQE48Vk8DZP2EZ5AfGUn1sL1ZcxQ3ugdizJmOBbLbEk8oSZ2tF6zXJtAPdiAqSzIVUWo4n7+fH2ZAm11bzB9JV/6PMCNWTiURZF6fQA6QEHZNq58TjwANLbKvfonkNO/jC88SjJhJk9lseezlr11YCqhVppOLCPNaXhz4vXU+D37DhNpPJ0Y0TyLUDHWDazecLUGe3YxTzx4NfX/N/65Mi4bc9srumD0XtWpjNm/meGkYZD2tcUMoBnjDt1tuWd0JSTQl8T8KiRMSmKObFXfSc2bs0bvlP9D1gBHk6BCbqz4i+zK/JoIhhY4TFiGSJhWcs/EKtRmDr+z4JjT7O+5AgXdVdzUG7GFwBKpj8m/wzakdQUMeEje4SnzfxpTHSwod5Yc8LnnjjsetDVKZi69BYCJX0Jh2djSszYwEAvKclc7hharl+HhQred7lVz9i+j+47ZGhQ3Qs+CeYPMPZMhj5C0euEPbZoBHFvuR+gFLSPIpKrfZi69gpE6heQ82NFWqXpDVhr7+dN7ZkDyWJSF8sUjfu0fam+E5CR+I7sKKzlp2wVMi00L4sIe5JBFSIdSyEnyYgFG4jZLN+XNlTw68ns+3xhu4atuusfroO38ya5srQ1dbnCkOpGniJ8hilzfkCAoSJUOfwrOOm0d81QL1lWoGvuhkJpuQ1XmkeLtotuPMu5FsH9Ef9v15ReCVmfDxh76y6gJScQ+58KNSH+Ek/Ec5FuhQzunlwhs/p6ITz9oU1Rg9AkmhbPsuMOWKzduCdmrN1H4D1XNoPILpZIrHWFN0tTKtE3PXugaUQUjlYqx2Dyi3mgLKhrIBVhHLyS9lZJyxUoeS8OVFXRJE163PFvc3M7Pfr3Ndcxs+uDsIqyQXLOWmztoGLcj+WYWWrBgkpK3vzsp3OAy+aJlkgWwTDjmdqIg5h/fpaFq9EcV9PGWoifh/xkZPwVdObh3lYV1+6gxcBLXjlqD6YxQ7l1qxuqZgXvHEpapoosKgjN8tRL1c5jrwNSg3GN9Ok/NWVB1RxBpw8o4Qdk+JhnTNgf6gzsw/taffShTzHbpC1VnNOV1GJDGgBGGb0M8uUg36LQVTps9ZeYJXt2UiD5CeB5eo7WrOu42VLA/DbSZJ1uS/UvYhhb+7EE5weVEoHgMJQ5ILqtMdPYUWQiPeLBf/eNV6kPMdkJKprRjS2B2o3eKvRbYwwZjR61WfjuEWiOnrDN6bcDaIjfVeJAwYYHUyp6cpEIzewLXCxf7VLXwSetJkDp6vL/y2sZr/8JsJOHzFez0hjQ9LLR4i0QLlno1vsAVFoLSVtsi3Bg/fIOVqCzETZ8JPZThviR2RFAOfnLEQ/QRzbwXO+ATDN9yW3tlgNcbzKT/0dg6amd59adXmHvvtDfMS7Sg6cF7YbkUWnOsein33yKkHsjcO4GpeS/B2yLQnmglgZ0l1LwPriEc47IuF3FHXpOXO5uTDMTJ2Yy4cuk4iLTSqwqTf8lUr4fP+eh287rWcO6aHi8RVyE3OZtb5C1pb3z2EpoqNEQl9NN8QOsZRXgCEfKNeF1r02DNro6drkqjXEdOGr22uBB/QeGBemgiedn9orfjS43rOz1MSrujl5/e5TE/8G98/wfKdkCXGn4RMyHDPfKUn39LqmSHkV0QNP6Gbci2/1lWL9Bmv3jcxgQf+ciNfKHXakc9+uezjamiW26wUcFKGNhxKcOrlJ2+QYv2ejFnUqg7tuEWy3WyN0jYrvLfIHsnY0u7hDS/4bZfxtaOVBhjo7ptp86UVv7/WW+b64ISRQURe0lNs4JnbOfVKNRqGwTkBbw/Akwrpnvn9TxMB85lOW96dUfaLvdi06v6LrnnEbp1BnhbsupphpjQKrBHhfp2A2zJm5hivdd9UGGd2UddL066yjaEc3VXhbKharpNVHwsEP+QdVAAdiX5I33rTrHMF/NYVMWQLnu9+D8fZuz84t8zBq5+O8uWU8X0/q1w+yfmdJ4odBta+CjYTbugC8V2wgBrdXYwl+gq/XgGyCn84vOYqj6m3sbatoKTQXpw/fIaEMphEYqnf1DukG3c3AlDW3s6mc5YS42zUwpqTkXddo+L45PUZ4asGX5wZC27vriZz1LK+UqH6MgSGG+alEhWMr4R+al1Q8ZPjiOP5Zs4Ml2NRgcVQ0mueKnyaX4RT/0bDEDFWvSc2VTDG4/agzMrXgPtfL1H8GN5WcCfubuSd/YRq/QUT5BogXXcomIlVA0esXGll5dMsx6cHbEIedJCCrM4IJYW5x5M3rne0B4J3PpxHM5QmhegvA1WGCY8geJLmTrgxd+H30i9Xud7fTWCt+DAVLzrqutLqjvrtcWQeJAAPKNucsBctw2x6LxMaJV2jEupd9Ac1NrWum25avJNkQYmWrsmNS8GFqItXpKkVXdP+hlOstSf4wg7qb06Ey6DLKzXkXpdNSDpWm+iTJSwcmwJK40NpiSgJpZKHXIdZ7BnPXGIdVoBOOk9ieNLGDa3/nL+xCxYpSEu+5zhiGHmcYp7vQSL3tJYRXXnSe5kHGUxiceE1MY4wjJykq1Ob6HBcd4/BsteLPFJTJPVErjyZxS3kbvxs7OQDCQs48NijOzEdXneZJhhREO1JGuQ6V8ZNZkZ0YK3hYRtj02NeDjVR6eGoIyXD+ndONfZSijbxTmgWIBHncz3zCqc46Ap3fGHc2+fAd1rLfStTNKoGy4lW+leNeUNTcJa/3h9rcbdL+xM+sWhoU0J/gJ1IM9eX4cfnf2y9yZKGDKQ84mJmndVHMFP2JJuEYf+X1/OWM0V22lzx3bCbVjbSyc6CXFsmp0xZwBFLxbj49dyJ21ginioZBy+XdSz0oFRXNKGCq4j1XQV0Lgyul9KsButvdJWsLCtNvB455NTKMS/GoBQlIDhtzAEMKuCdHL/lFJ5Cn/Zxfk8EE5aojfRZgzert+yn//+d6YN+/nv/3zG6Y0HnvIA+2upcMArt2wttqBSqR+y9/nT9dPwW+EPV8VVUzWAwz9JbbzryfQPvtS9YxEFKoErbXbcNEfahd8gbOxpMmOXk68EfmZszg1mtYe/++fj9ReSOEjerMwdfG2kbUIgdPXC0s0IIGSvB87PVZOWKhdti/ObCb1C2Hku0n2TdTAsjb4DU3X9Ugq7eSzJ6LsOR5+MO066XEDBBhRst9HMbnjSulOfw2lDp8zCp0nJDZmygXOSG2H929B7NppgVhyfmpzvvHe/p5/1/NiwZ4RTirrl9UaoJ67sSZogIM1vhf4jHplCBv7sgW6oxOWHRSCY818qW/2QwCYmiXBwfCjeyeatgYQWR2+C8fIMn5kEJ3dMw1e48jYIepjIVMv54N6Yooh+rvLlpp5/wq5HpSPRxuvudK0l40q33CsyYyNPcLk61wk7xKWj80AuFo6iW7V2You6yuh/YkuQWq1tyWDFtuWEm7EI9IawAjqVlVZvat12UnDl8ArHcmPMosChp6GRas6axXa76JtquONUTCVHT6LODNTY4Sz0NM+B5sruwLwM5EB77M6ekMcwfuIImlJeerfRRrj9C7ETyXMntoNbJAd5rFd/GczjAKqH21DQrNOilkXu0wy+/bGD+nLP8m1AVq5DBYsK7K+382EgdC7jWLRQrYwmUwTYAlQD5pVNplAJQEfW/PD9EM7BXAhTiHJJN5U9Ifzl4iKBy8+M18qlLvFUOLFHXyQcguhfOlQmqQFnrfUIZujDO9u4Vs6YaPkaztZiVaCZoAHD14TTkxYOPTzY/UasMI83ygUs8k/xMg+MIbDCdt1U+D9Fegct+9kGeANmxjoDWwx372DJOq+xlN2EjXNdJXVNGr75BLbTysKAXgxTI/xr/vnT+1C/FAqeGA8MZXXEdG0aYbFoiHJm1MBAGsiYrpKwDO67wUhegrejO8n3aE1JoSD5YkPr9FzkeSvIXv7fBY87hLFzzJtc7tHOF2BjqIHXd/7+dL3ptAXUyPhWi4ZZUE28ZGAdFuRJrbuS8xgUIjLBEEI8eK0iuyjwZriHXpk8mD8dPNDo7ZvIjCELL8w4jDrdLE1a4KqR8XSXDdtIZ1mCWtO1oZmcY2RQ/DWEsb3UdPs3S93s048mK1ambv9FKmXOp0S/3N6Sg7jRdE1oLyeDpVK1TDiZQ8rOgeQXoZF5XixOnAAWnH/tbCUfSWg+nWicZB5h9x0cbCSBx6szibgkkLkbsu0U+ZCwG70UEtg5Zh09I8kTwVJ7lB4FW5IkSdgb/NZwZUPH2s+f3mfVrv9A7SjH6ESS7PoyHOFaG4MKzOh/0Aq8Bubv49hG9XD5MT6PikzO+rRv0OlHtvppPgLGsUaHIz5qQrE2sMGRi8kHyw8/pjXx+o6ysDc0cozKvog9EDeHk4Riyl90R0KTWG1gm2+kybtOkIa8Uk7ZwSykOGcEmm9mpjIQ94guve/orLg0JPqA0fBcRICha1tUt1YrgeMPGtiC1F1eFcFhmA2hAIlncfHb+YPzyIe79ayrtAVD2bf190Du2AX6Xsdv2LtqOi7zJS6X52FA88oeDMgcSib7mMtvxTpw/extPJhJT8XjFc4PL0llC/DSjAC6m3KFDY+HJIqGve6V+POwH6+QuVycgJ56xPz8aybLT6FSHvdjYAvOBflQp5uhigMVjxKIId2XuGX7ze35MD938tGi3Q82KV0jwuAGja4NrK6WMlj4eBginNw7ZIzYcklaYR2kQ6SM9ZnW8TbnUAqLTFuJdBny0aMXBRG8sqES9tjQuAak2IKBZsaa4ORtZiz21Zuxpe5V7f+w0bKZMQW7WWgAjHWq+FH/N1DNRHM7uhRhEarQuoJqLd5zG4ppB7M/0M9WFIZF2ZMesdt0qPx7EypS8dCFEalxl9hrvO5ChUQo9O2lmlX8eK6cT6g77JV2lKuTNkpD0sk+LYCKpXAb7Bn/MoAnAJ4Be1SvCONL0wCaPXbNJ7ychY34/7782RnmxGslc4lhXGLUBpqq04ZuvMDYknIAwBBAvu6c18KRlbBeRHpJcSzBiJ+pesrC4MMGf89bUsVdBfcb3ttwCugsiX++cX0nU03mgIF5DAWgTS+BUpqc344zNFfCWPecmjwPmDeNU5Ia9x9hBIyrN/51+Znx3umWO1EjbMtmzEKtVZxOGAZipCYnoaG9dhswO2HTmNf029wg18HyIxxjObTim8baIhAb6prgnredhHd+Qye9XjbcMtR+8jv5z/+mYsdj/Od/R5VrFvyo1mEps2U/YZ8LaH7KvWOqoVV/LubThQXVlLRBcXXntU9ik+tTGBztz8UD2LXUNl/xWa8V0MX2BoPAn4so5kWEn+b0Mtsvw8dyPszxg8dl0Xctg1mkSpDUDOLiXx/Ob3PRU9FA9QWO08KLM2qijEMnHV85MEWAcS6AN6iopPti2MPYcEgod4wFf0LK4IOiq/UdwXsh8U3QY3dEjoolvRob2ykV9sGLY2GoJwKu1wbWqBhKvcZqtAjEK12BgZw5bXRnX2yRsQK85tY9c7kt1L2Be0ndF/h2p5PdFps8Yq9t+N/vk0ryjv3jLbsR2DaM17VnNCQ7hbz0IHg2wLd7JjXH+EhsYcXs3jpo37Kf37Jf/5iO7WZ+k0M3eZ7aYvp1KuiBSb21Y7dDy/hoEh6cU9Tksl1eNWEd8fxwMm5hqx+uuNz/BU1Fd+EvNlDfsTk287ndGODuQuq+YWcM2l5yp4s6EoRaFFLgCzzboTnPGA2zLMYscdFDXZBX2pEXDB4WSK80ZIS2s3rM3sbihQSDrYxuD2PVHthzeKDM7J7WQiCV78nIhluy7MQDRjzh78pJ7EHxIswE2t/ITbpOhNf9uvXW+XCrbeiSXX6v4d6ZsY0a6a24xYugVyOGcRbSpOEYN/VGbPP9hg/4IC11+oCi6TSMUN7u8wAQL/YU+wO2nscA8aX+PZA70W5QtmwNKRffg4lWOGwuJJzAUbv1Y9NbTpTbyBuvfHCzZzjoODXwXxrgd1411myve8MUuJ02OV0wMAP3UPeUqexP8GF6NWl2WeebzgcWOq+QWQeKLnf6CSZaLjAdgeHQVq3dRsusKR74MGIrJKyhAltzSVpg8ARD68DMegPmDY4lYB2YVmBiU76E0jPWwAqUhQq2nDLb7wmeQlnPEvxfk2lRxEptoAnzg3+c628dcJks96jee6ul4xYLGws3SdjaIyTtAfoIR3DfaQtHSpVQvIHaCqNVm69rDJx5Bc5wWbV6iz1AfgwGpTbwdfzUWkog7en4BCcRDGu44/4txeZdYHFENa83ArwaJCxba56LpybusE83dmgjzip9ks227VVInsVGkLVuO6Nbgb320VOAKoU2DZjwBYTu7YnceKD0EK+EdLRDk7NCxe9qmU70eF8c6udXiQ5ttlk4i6bv3Cy0M7HO6H24c2nLvJwsYLLjBuLQ25cwJF7ZbzQlpvgpfU4jfqwF/C74CU2HEb43Ir4avRWtkIKbSuiaTGH4iFUo1/rCBvrcTCq8bOiOPHvoRG4PkpRL2OKmCu4rKr5+C86y0N35AWdfBd9iFjFx0vL3ZGB8mwifjg/Bxkzdnb+dGzd4OCqvkZtWKNKW9FcxGmHZSH7q0czpZjH2OwylwUopygbzX9QHxrBbmj1TIqnC1OZJJudR9CcaO6MeS5XlqigZedJVijLbK7iXDrzbZyHTGtMIuIFQ3L7cM960IlteHbslGGGPzzo9wer/6o+5J5jBpjugVVA/JoKs5Q34JQwhRHYVHuCCprS16ZdLaKhTqM9r7Ic2dCFKBXcoKEsw09ajDMvJOqOxPLrpTVHTX8SaqidJQeOpTZRDXQYGm1IjhbJVRolHmpkYTjCMS44YUigwVWDkkxUDAzyODKW0vQzYXrqhncrAydN4d9y/q9yQjXD+BJh7PpRkDwDGHkBRU8GBO/G9z606nq1KL/8DdAbvTUzyDlRjYxWVOlvXWvZtNu8Au4OF+cO04B+FP4FUyIPRHXG+2qXRHQskn1EOuRFk6UtjgdFGOJz9xEtqAVIVAeFUlTjaH/Fmq3ONddVGuMcl80nUIGOdX8bwmHh7vzcGO58pB2ab9WBK/gKosSrxG0AbwHoLWp154tlH5RgLFLVsJsnvltVcYXuMcfBU02PFb6elqLHRkuOyaBw47kzi9IVmKUfyUFSJwOPAr8eF3UlTIVHURrn3HKRVa8m6cR1HWziIsq6We/eI1+oEK/uL1l7FCO3aJj0ik2qCYMJVGBKmwhBcZkUDLLXmKzEe7x1lgesCjOByYryntmgh2XioCBkvdi6gEKQR2bM0N9jL3Z/QBN8/jplDL+GR+opT2JKeGAuxd706qPhjr/0yTyqGpF5nJ/xEb/oBl6deZCQZIIejMpv602P3UOk1hKLjsSLzjXwaIRemYOrerfV0WNmJEY4aYKIcxUlKwcTHtcc5/p/nb6RohWMrwMELhSwJVev2RVhKlL8bSzgrlTQ9k7EbTzMUEr3mfSP0jG1FA3qG3aX/K2NwCmqb5+q+k9grdrfZs1fR4BXdKyasejVO1572NX694arxRHOyZ6tFV7XgNprMM/4J1sLGyHphy1qDX8GhuKJ70220ogtwfRpos+v5mznSLllUA+swS4nybB8BW9KREwHXXErCAMkFl/LN9WXpUgq6CqSDA9ppkzudI8bukbLUE2O8ng+9NUuhdmDEI1f+5CuKpEuASk078f93fT1HXRlLWY5MKQjtWmfMX5VZlEplbnlTVyi2qqC6UHE0lDAHWVCy6N7eoRdcD4CWCK3GuhdZ08uJm/Q5C+s0/bIew/q8B6ERZAvrXwQWFBj8hFBnui8SvogUm6CRYn3Ydi2JiWcCd2BaWicY9uXDpIrYtFu0wEpa3iHoFIqkPReRKHsdWtNkreqo2Xrrwr/hVGCDbSGyucMTeI+pDSdD90x9Aayrat0A2WCjK+tEi3lwSLYI4z2Z6nV134miRx+BhdyZyv5FBe98SNbBIRvPwBg9x5SBhwnYGHy/zlf2T67Oj34s40gB6v5FGNYtihZElBgreKGIU9E7qdVKUEYyVmJdlnAzWFRPTBb6vm2JkjFl0hCXcZh4NkNlSzp98HOcPMh2G21haNDCDQyOQ63Y4uL3Atwv0Tjusjjo1tE94ee924ByqVF+aAOXXcAN0KmXhz2KA+2xbVOMR+WimL3bEPsl57E+D2lPVvhwbMnr+fmcacOuzuc5DTQOgafC//7n23mimYYjG7FeozcwRQG5Gv+MYwZx0IzIaqudqqI/n7ZJiufp7PrfV+yMvRfqji1AFkUt48NLPRfpweVMjdvLZAiAqURXdUYvhVpXL9JTm01eE2bSMMUiIRPxk2kQI85xEniM0ccAbMHwbwS95g52/JEGwt/17b7hAt21qSQAwIT+X8Lt2b8CjIIe3y97Rr76hKTQlXJgVpyuPcDVvfOKiGTXiXLIecQWmcHxOGDysv1DLyUTKxwGVJIgruDeVRvdEZ7+D3Dv2EZ3z1D+TH0He8ICGGzL4bRhi06wbKCnsY4UXhgU20AhPFC12eM/VkWhTgX0Jnbwi0lKQq0xDhwGZyZQ+NJk05HEHVSiIYucnkvJ/tcNE9mOB7Fiji5p/iIRHOWAX8/r+QJqTDxKalJvh9lN1/++2ubXl+x2/fvqRjfAXs9/O19c/WPG8P8/hwyGtznNtNb6TsA1vSgIhIvQfaKXBEXoWrumk1Lp8mflUzCVyK729XxxVSeiBU1E45BYwlrxCy7rXsZpjCvWNv9juMhzvN44jR2vP8d68mx1L/HcuIVwZRPVrG4wd5AU3Wd1p/ROxQzC56DkpK1SDnAWVSiOSCkDtQc4CwK0iFJpVeu2k4Krmnou2Qet3ozEyyxcBM2t1bWI42WkqAVdKtf5QJol0rlb3+13nNjnsQg0S25VgkeaqRHhFRxSrpyotsL0lhThuXKCIdmim6SakJexEgZ2GI8nxHqVXqJEvfjyp0FthMPnFjUvtDTCTceObMQY40zsBpTIl2egt4h6vzvsvR2rZXLuKQO1sFDhiG8qjL/d3s5Zx40/lki4SPckRRdI5rpnmDC/qtEtF3SNi8cyim4jLE5Ygi0oNwsjgBHMbOKzDJ3isR7aMtF2YKxWaOgXmM2lLRQe1cyrIeHqGQt0sATTuq8v/q2jdJtl9ViotIDeJXccB249nFZ9lFZwjZ5UCC3w3/Yb3iRo0SH7fwMAAP//OVlSEg==" + return "eJzUvU9zGznSJ3yfT4How2s/EbQ10+/sc/BhI9SSe1oxls015e7dUwVYlSQxQgHVAIoU+9NvIAFUFWXKAG0z5e1L2xLp/CWQAPJ/vmL3sH/D6g3U950Wyv2NMSechDfsavqzBmxtROeEVm/Y//wbY4wtdAuTL7JWN72EvzG2EiAb+wY/5P97xRRv4RGR9J/bd/CGrY3uu8lPDUjg1v+CT356BET67xaJs5U2rOPGCrWe4Gd2b6Vev5584zHGA5xarUQDqoZKwhbkwYcSYqEcrME8+p3egtkZ4eANc6aHR7/9An7/39VAlyFd1oAD0woFDVvu2d3GAHdXUvfNyMlxBrisK0/sKPJ72O+0ab4n8nd6Pf1IBl5jXVXrXjmzpwJ4DdYJxf2vWSRdALK3YCr/VyqYV1opqB00zJNGJEwr5jbgvzlwcDPPgIeWC1mJx9jOhvutp8dU3y7BMKGYbV3nj5FnJi8PAa3tl/+B2lFB/mDEWiguA3UWqZchBWuFVoTrezUsJet7kTv+sAUVT9hRgFKr9fdE9z7su14FypZxa3UtuJfjnXAblN+D+/cobLu3VQvW8jXZeVvsrYOWRar2y/ikXtPt+EnIVlzI3kAl2o7TnaC7DbBA0W993zXcAbNgtqKGBCmz5U+s5xne1g9bMEY0wHjXSVHHe/Q6iw+UE25fWXPKW1qwcFb3pg76Cu/dxpOJoBJNJtRKm5YXXKCTT1Jt/lxLUXuM1nEpA3LruOtt4InZDmqxEjVbSt7k5EDyPfFL+85TROpF0PytSwvt06esdEq9fuoNOsMJ+qTEnz2M4um3Weq1zYBsudxxA9WKt0KS6XuXTSP877icHg6vS3VGuyKtRKOCUFlRkwrmLa83QgFb3FxlAHZ4BKt23ZJd+e9RIV3hg37LFV9DC8qxBZgtGOY23LEWf2yZ2wjLFlD3xgvLv7iDHc/p3JEjyuWeciS5dRFD4OUoD2wFrt5ATgkb5YxQT5wPRNO5Y1ltcQKUcuEX6X2wYq246w1EcyfsBXeO1/fl0D1OMsVn3yHOkbw31xrmNFrstTuNA13r4y6GMwmIpxeBQpPMy2JjrTP6AfWhSnTHn57HP/42MQHVgEnq0s2cvfQ2BtttwC+6UOsA6L8yqE3wTB1B+/0fyluO9wPSjDZxAbqK15T622WQ23ja2ilkESSC1zVYG+/DnOlWc1U1wgApD4uaKzZQzUEkN9rf6XWJtR5Eu9KWCteHBdttRL1ha1Bg0Eovvq/8uSd23V0FcghgxhowYgsNWxndTi6tyQXBm8aAzamlnhFy996nwalXD44+p0fsX4bsRH0PjlCAo8Z/c806MGwlZM5WctJWFnXBaqOto9Un3t9cXL0PcgGqNvvOr+7du8VUSvCZXu7Zp4/vfkUDpuYO1tqIv0rM7C2YRhD6V94yUGtvC0TCbK6tFUsJbMtlD/YNu+VS1EL39uIXUGKtLt4ao3OvjRd7sl0Joj14s7MrrBptKiksqRcrkA0nExX/zuitaOLFmFY/+DXatOReiDLs7GCZzgOlfvoHLFkgO6p58VH/7e5uzgzYTiub24xaClC0h/gKSbLLiY9OG7bQK4e2zC+SN3GHBsY8V+h2LuNmC8YSqii/9EI2LBL12taCq+YXNDQv157VACv50ab6eNv1Lqs5woMDhXrNczPmQT9mbmn0zp/8AWWGG3w0nCD0AuqaS+YppnUH1YSQceEGDBtXdUY3fe3I1Lh3wqLjfRSdtwn74YHJqUI1WZjY37VX3Cy1Yle62ydVLYkPRtdy5ic3/hh3RnvrBFU4ygvqw06BYYlqAh5AsQhq+Gn8a3AlGbFegzlF1/7BePxGbnjfCFeFEAGZketpsgXSfM2uuGJLYIs+GLbasF+LglQaI8OOL59wIZzjoHhifuX5ahXdNAgid5QjVEpf2AbwHx/8doeAc3g7b4Ci6xH9JJSoB9pM9XkXTYj8G6hF5x9s6wEfRXsGh9Jl601gv8Ijfbbb6Db6boRkO26Z9XeQ0znDt+86f+lCU0m9Pn4Uz8HDem1gjc6G0R4LscKV2AJrheod2PQMW3/zBLt4dpD6wlXDOm1ygoVBR1LVNeimBTYO7RX44f7iD26UUOsi29ButHGkqWMLT3H6oaMPjpdveIC6d9nAi9RqTcrBrTbwOMo4ZeBlb3su5T7+O0uh1gz8XjAD3GrlbbOYLpFzY6Of1WvJttro/vh1eYbDOyb49MElhBBY0xvPyxA685DKGWj4cRfi8+FvsgHKCfwdwP0Pht9Dyvl+8PtVsp5Jpeg6mexbYT5PE/EsfY1EPeaIUKy+gqG8iD3mh1LOvoKhApnDQ+O1FPrjglpbekLAAGKJ6dQ/Xf4ycebx2omtcPufos81Z80M+SVPhUHPkcT8fhE2oUDLmPxTZNbWmHMDD53kUWPb6F1Q6VIexTrmUYB/MutoQ56aLNzxtorOe7JIVMhyTiEDsK8/d8h7XBdKu/CHbiPsRqhc4mtgqdbKGS0rrrjcW0GmId6GFFNWS26tP+i4bTNva8AYavP8JD950QnBU2/A9pLOJfbTjQrW508XjxRKXpiQqmNWePVnDz0QxtqGdPROW7cSDzEtHWHkc3iMsMcfiTMg/SjsfaxP2QFbaxcEJDhPCwTDaAmnSESBKe//SXSFxtzErJfEgtnypaS1EG8+XE1IP8p7KodMJ5NPAs7K4wRurdsWnihEoMRcXp4kVOMvQU2bG+CBD5RLRGKE+Qxv/SHar1lbAyswoOpnWuCBfDFgyhTwQ6wFSUS860h9HtMIbfnue5R0CeuXp1R6eGhWPJlP/wMdoRqMC2oaeP0KfaRUmH+7u5svWKL6ufq7eH/DPDO65UKFfIqX1+9zXq0pR1suRUNbyWKgFhaCS242ddIFbifokhLJekxK/Sl+IOUQAdvB0goH9ie2Anx2cm5qDJCThrynpyLmREYYGAfPOVdFK1xl4M8erAOyo3wTzglYttuA24BhDXc8oEHf8IAInRbB3LQFGQeBH6wJe05uJoCRHV676DL2Uocgs37vxuiug6Zy2nEyV8sYmorkWcfre3CWvVxqt2FC1br1Z4mrhunerbVQ6+x9EFJ1PGjCtNiYe/Rh8VTSFEpYBjqlxjg9yQX6Ymd056+yk4yv7wZw4jX5MkzaR3gC8YWdWAs31zFHeqN3LN4xg1gss70DCDWxo4Wt5doE6sEGTGVBripCFffTp5vrFOqre4MJNPka8QFuzAOiLMvU6wPQAQrebePK564HgMZWuVf/DPf0L+MLjzeZMJOnstj3WsveOjCVUCtNdy0jzYNq6FHx1Pg9+wZTeTydGFO9iFAx2g6s3nC1BntxNU88eDX1/zf+uTJZf5HdK7pw+F7VqZDav5lB0jBM/NJiDtKMcYcOv9wzuhIS6ItyfhUSJkU5R7aq76TmzUWjd8r/IWuAo0lQITdW/EV2ZH5NBEOvICYsQyRMK7lnYhWqQ4ffWXDMafb3XImE7ipu6o3YQmCJ1Mfk32EbEssCBhSSNyhl/k9jsoUF5S5SCCD33HHHg7ZGycy1twAw9UwoLFxbetYGBmJJW+5ox+Bm9Tw8XOm2071qLv5ldN8xW4PiRuhZMG+QuRMZ8ghJ6yf+0KYZwLHlfoRe0LSC7Fb128ylVzBSS5WcBzvaKlVvyIpzP318xwxIHsvC8H7xiF/6h9obIbkbv5FdhbWktA0LpuWuBZFpD3LIY6RDKeQkfbIAI3E/qtvyLlQeHfk5n28Mt/BVJ93jddB2XrIrW2tDl50cqU7uU8TPEEWuc0m4KEiVDi8FF522jnmqBesqVI1RT1LTbagLPVI+XnT68Y57Fuwf0N92c/3ZRauzgWsP/XnUhHTFnnLgRqQ/gmScgnwrdGgo9RyBzd8T8ekHbYoKjD7BpHCWiTtsuXLjlpC9ehOF/1DVDCq/UCq50hHWJFGuTNv07IW+FVUwUqkYi+0r6o22oKKBXIB19ELSWykpW63ksTRcWUGXNOF1y4vF7d384te7XGvRpg/OLsIazTVrubmHhnE7km9moQkMpkl5+7uTwg0uk8+aNlkAy4RjbicKYv7xXRrqVn/Uiz6eUvQk/D9zx09BVw4eXGVh3T5pDJzFtaPWYDojlHuTutZ6ZuDBsYRlquiiguAMX61EfQpzHZgalHuqoem5OQuq7ggibVgZJ3i3j2nOtO2J/uAOjD/1F+/LFLNd+kLVGU15HAakMWCE4dsQTy7SDTpthdNmT5l5gkc3pcKPEE7Da7R2Vcfdhgr2x4E282RL8o8J+/XCnz0oJ7icXCgeQ4kDkssqE509RxbCEx7sF/94kRo2s52Qkint2BKY3eidYi8FdtHB2FGrld8OodbIKeuMXhuwtshNNQoSJiyQWtkTSSo0sydw/eViv1SvfNaKFqSOHu+vPLbx2D8zG+ny+Qp2ekOaHhaazEWiBUu9Gl/gCktRaet9EW6MH77CWlgW4qYnQg+FwM+JHRGUg5+IeIg+opn3bAI+wfAtp7VXBni9wUz6H42to3aWV396hbn3TnvDvEQLmgreM99LoTnIqpdy/y2X1KM7915gat5z8LYItCdaSWBnCTXvg2sI592sy6+4I6/J88nmJANxIpsRVy4dB5FWelVh8i+Z6vX4OR/dbl7XGuSu6fEQcRVyk7O5Rd6S9sZnL6GpQktWQj/Ne7Se8QpPIEK+Ea9rbRqsGtax11ZplOuIpNFriwvxFxQK1GMTyd/dz3o6Pte4vtPDpLQ7evjpXR7zA//G93+gbAd0qeFXMRMynCNP+fRTUiU7jOyAoPE3bEO2AdGyeoZG/8UDPyb4yId+5Au9VjvqGUmfbEwV3XKDrRJWwsCOSxlepez8D1q0N4s5k0Ldsw23WK6TPUHCdpX/Btk7GZvqJaT5Dbf9MjaXpMIYW+VtO3WhtPL/z3rbXBeUKCqI2M1qmhU8YzuvRqFW2yAgf8F7EWBaMd07r+dhOnAuy3nTq3vShr1Xm17V98k9j9CtM8DbklVPw9aEVoE9KtR3G2BL3sQU673ugwrrzD7qenEkWLYlnau7KpQNVdNtouJjgfiHrIMCsCvJn+icd45lvprHoiqGdNnLxf95P2OXV/+eMXD161m2nCqm92+F239hoOmZQrehiZCC3bQPu1BsJwywVmdHg4mu0k9ngJzDLz6Pqepj6m2sbSuQDFLB9ctrQCiHRSie/kG5Q7Z1dCcMbe3pZIxlLTVObymoORV12z19HZ+lPjNkzfADkbXs5up2Pksp5ysdoiNLYLxpUiJZyZxL5KfWDRk/OY48lm/iyHQ1Gh1UDKV7xd8qH+dXUepfYQAq1qLnzKYaXnnUHpxZ8RpoJ/w9gR/LywL+zNmVvLNPWKXneIJEC6zjFhUroWrwiI0rPbxkmvXg7IhFyJMmVpjFAbG0OPdg8s71hlYkcOvHgTxDaV6A8jpYYZjwBIovZerBF38ffiP1ep3vNtYI3oIDU/Guq26uqc6s1xZD4kECcELd5IC5bhviq/M6oVXaMS6l3kFzUGtb67blqsk3RRqYaO2a1LwYWIi2eEmSVt190c9wlqX+FIfoSe3VmXAYZGG9jtTrqgFJ1/wT70QJK8eWsNLYYEoCamKp1CHXcQa75hOHWKcVgJPulzhAhWF77c8nYMyCVRrisqeMZwzDoVPc6zlY9JbGKqo7X+ROxmEak3hMSG2MQzQjJ9nq9BYanHv+Y7DsryU+iWmyWgJXXkZxG7kbPzsLyUDCMj4sxshOXJfTZtMMQyKqJVmLTv/KqMnUiha8LSRse2xuxeO5Qjq1JGW8fEzwxrnOVkLZLk4ixQI86mS+E6twjoOmdMcfTt49AbrXWuhbmaRhO1xKttK9asobmoS1/vH6Wo27X9gb9TOhoU0J/gx1IM9e3oQfXfyy9yZKGHOQ84mJmnc4mk3UTx7Wc0TKAkV2cz1jNVdsp8092wm3YW0vnegkxMFtdsacAbx6sRgfv5aTtIEp4rGWcfx3Uc9KB0ZxSRsquIlU01FA48rofinBbrT2SlvBwrbawNOdT86hEP9qAEJRAobfwhjCrArSyf2XlMpz+MuuLueBcNISvYk2Y/B6/Zr9/Pe/M23Yz3//5wnSGwWeUoD9sVQ4YpZbthZbUKnUD9n79PHmy/Bb4YWr4qqpGsDxo6Q23s1k/ghf6t6xiAKVwJU2O26aIw3LbxE29jSZsevJVwI/MzbnBrPaw9/98/Hys5s43LzZO3fwtZG2CYHQ1QtLNyOAkL0eOL9UTVqqXLQtTpAm9Aph57lI91XWwbA0+h5M1fVLKezmqSSj7zqefTJwOelyAQUbULDdRjO74UnrTn0Opw2dMgufZjU3ZMoGTmpuhPVvQ+/ZaIJZcXxuc77z3sOeftr0U+OmEU4p6pbXG6G+cGTP0gQBaX4r9B9RZAoZ+LMHurEW1+8XgWDOf6ls9UMCm5gkwsHxsXxnm/gGEloc/gnG32f4zCQ4OTENX+HK2yDoYSJTLeeDe2OKIvq5ypebegILuxmVjkQbj7vTtZaMK91yr8iMjTzB5epcJ+wQl47OA7lYOIpu1dqJLeoqo/+JLUFqtbYlox3blhNuxiLQG8IK6FRWWr2qddtJwZXDIxzLjTGLAseuhkaqOWsW2+2ib6rhjlMxlRw9iTozUGOHs9DTPAeaK7sD8zyQA+2xO3tCHsP4iSNoSnnp3UYb4fbPxE4kz53YDm6RHOSxXv15MI8jsB5vQ0GzTotaFrlPM/j2xw7qyz3LtwFZuQ4VLCqwv97Nh5HUuYxj0UK1MppMEWALUA2YFzaZQiUAHVnzw3dDOAdzIUwhyiXdXPiE8JerqwQuP7VeK5e6xFPhxB59kXAIon/uUJmkBly01iOYoQ/vYuNaOWOi5Wu4WItVgWaCBgxfE05PWjj08IQ5WivM4433Ahb5p3iZB8YQWGG7bir8HyO9g5b9bAO8ATNjnYEthrt3sGSd11jKTsLGua6SuiYN33wE22llYUAvhqkR/jX/9PFdqF8KBU+MB4ayOmI6No2wWDREOTNqYCCNhExHSVgGD91gJC/B29Gd5Hu0pqRQkHyxoXV6LvK8FWQv/++Cxx3C2DnmTS73aOcLsDHUwOt7f3663nTaAmpkfKtFwyyoJh4ysA4L8qTWXYk8BoWI7GIIIR48VpFdvPBmuIdemTyYgB080Ojtm9wZQxZemLIYdbpZmrTAVSOjdJcN20iyLEGt6drQTOQYGRR/DWHsMH3w1VI3+/SjyYqVqdt/kd4yl1Oin29viSBuNF0T2uvJYKlULRMkc0jZObj5RWhknr8WJ04AC86/draSTyQ0n+9qnGQeYfcdHGwkgcejM4m4JJC5E7LtFPmQsFu9FBLYJWYdnZDkiWCpPUpPgi1JkiTsDX5nuLKhY+2nj++yatd/oHaUY3QiSXZzHUS41sagAjP6H7QCr4H58zi2UT1cfozPoyKTsz7tK3T6ka1+mo+AcazR4YiPmlCsDWxw5GLywXLhx7QmXt9TFvaGRo5R2RexB+LmcJJQTPmL7khoEqsNbPONNHnXCdKQV8opO5iFFOeMQPPNzFQG4h7RpfcdnRWXxlQfMBqeiwgwdG2L6tZqJXD8QQNbkLrLqyI4DLMhvECiLC5+u3wkj3w4WycdpS0Yyr6tvwdyxw7Q9xK/Ye+q6bjM5zhcnocBzQt7MCBzKJnsYy6/FevA9cnbeDAVn4rHtzjBvCSVLcBLMwLoTspbbHg8JFE07GWvxJ+H/XiFzOXiBPTUQ+7nXzPbfgqVUtyPgS2QC/KhTrdDFQcqHiUQQ7ovccv227vLYX7u5KNFux9sUrpGhMENGl0bWF0tZbDwURginNw7ZIzYcklaYR1uh0gZ6zOt423OoRQWmbYS6Trko0cvCiJ4YUMl7LGhcQ1IsQUDzYw1wcnbzFjsqzdjS92r2v9ho2UzYwp2s9AAGOtU8aP+b6CaieZ2dCnCIlShdQXVWrzjNhTTDmZ/oJ+tKAyLsicVsbskVP69CRWpKHRhRGrcJfYSj7tQIREKfXupZhU/nivnE+oee6Ud5eqsjdKQdLJPC6BiKdwGe8Y/D+AJgBNgj+oVYXxpGkCzx475hJeLsBH/3+c/u8CceK1kLjGMS4zaQFN12tCNFxhbUg4AGALI153zWjiyEtarSC8pjiUY8TNVT1kYfNjg77QlVdxV8LDhvQ1SQGdJ/POV6zuZajIHDMxjKABtegmUt8nl3ThDcyWMdafU5HnAvGmcktS4/wgjYFy98a/Lz4z3TrfciRphWzZjFmqt4nTCMBAjNTkJDe2124DZCZvGvKbf5ga5DpYf4RjLoRXfNNYWgdhQ1wQPvO0kvPEbOun1suGWofaT38l//jcVOx7jP/87qlyz4Ee1DkuZLfsJ+1xA81PuHVMNrfpzNZ8uLKimpA2KqzuvfRKbXB/D4GgvF49g11LbfMVnvVZAF9sbDAIvF/GaFxF+mtPLbL8MH8v5MMcPHr+LvmsZzCJVgqRmEFf/en95l4ueigaqz3CcF16cURPvOHTS8ZUDUwQY5wJ4g4rqdl8MexgbDgnljrHgJaQMPii6Wt8RvL8kvgl67I7IUbGkV2NjO6XCPnhxLAz1RMD12sAaFUOp11iNFoF4pSswkDOnje7ssy0yVoDX3LoTl9tC3Rt4kNR9ge92Otltsckj9tqG//0uqSRv2D9es1uBbcN4XXtGQ7JTyEsPF88G+HbPpOYYH4ktrJjdWwfta/bza/brH9Ox3cxvcugmz1NbTL9OBT0wqbd27HZoGR9NwgM5RU0u2+VVE9YRzw8n4xa2+uGKy/1f0FR0B/5qA/U9m2Mzn7uNAe6upO4bdsGg7SV3uqgjQahFIQW+QNkOzXnGaJhlMWaJix7qgrzSjrxg8LDg9kpDRmg7q8fsbSxeSDDYyuj2MFbtgZ3CA2Vm97QWAql8T0Y23JJlJx4w4gl/V05iD4pnYSbQ/kZu0nEiPO43rbfOh1NtQ5fs8nMND86MbdRIT8UdHgS9GjGMs5AmDce4qTdim+83fMAHaanTe7yazsMI5em+DADxYE+xP2LrNAaID/XvgdyZdoOyZWtIufgeTLTCYXMh4QSO2q2fmt5yptxG3njlg5s9w0HHqYH/0gC/96qxZnvdG6bA7bTJ6YKBGXiAuqdMZf8CH6ZXk2aXdb7pfGCh8wqZdaDocqe/wETLBaYjMBzaqrXbaJk1xQMfRmyFhDVUYGsuSQsMvsDQOjCz3oB5hWMJWAemFZjYlC+h9Iw1sAJloYItp8z2+wJPoaxnCf6vybQoYqU20IT5wT/O8bcOuEyWe1TvvdXScYuFjYWbJGztEZL2AH2CI3jotIUjpUp4vYHaCqNVm69rDJx5Bc5wWbV6iz1AfgwGpTbwdfzUWkog7en4BU4iGNZwx/1bis27wOKIal5vBHg1SFi21jwXT03cYZ9u7NBGnFX6RTbbtlcheRYbQda67YxuBfbaR08BqhTaNGDCFxC6tydy44HSQ7wS0tEOTc5eKn5Xy3Sip/viUD+/SnRos82CLJq+c7PQzsQ6o/fhzKUt8/dkAZMdNxCH3j6HIfHCfqMpMcVP6XMa8WMt4HfBT2g6jPC9EfHV6K1ohRTcVELXZArDB6xCudFXNtDnZlLhZUN35NljJ3J7kKRcwhY3VXBfUfH1W3CWhe7Ojzj7KvgWs4iJk5a/JwPj20T4dLwPNmbq7vzt3LjBw1F5jdy0QpG2pH8boxGWjeSnHs2cbhZjv8NQGqyUomww/1l9YAy7pdkzJTdVmNo8yeQ8iv5MY2fUU6myXBUlI0+6SlFmewX30oF3+yJkWmMaATcQituXe8abVmTLq2O3BCPs8VmnZ1j9X72Ye4IZbLoDWgX1QyLIWt6AX8IQQmRvwwNc0JS2Nv1yCQ11CvVljf3Qhi5EqeAOL8oSzLT1KMNyss5oLI9uelPU9BexpupJUtAotYlyqMvAYFNqpFC2ynjjkWYmBgmGcckRQwoFpgqMfLJiYIDHkaGUtpcB20s3tFMZOPky3h337yo3ZCOcPwLmng8l2QOAsQdQ1FRw4E5873Orrk560wtWc5ohkQpGb65zMFDEK738D9DZ3bcx1zxQjf1dVGqwXWvZt9n0B2xSFsYg04J/Ev4EUiEPRnfEaXPXRncskDyhKnMjyLKoxjqnjXA4goqXlCSkYgbC4S5hhH9QNrNFwsa6aiPc0w/EWbQxY51fxvCmCcXq3hhswKYcmG3WkSr5M6DG4shvAG0Ayz5oVfdJgAF1dKyT1LKZ5OBbVnOFXTrG+VdNj4XHnZaixn5PjsuiqeS4M4nTZxrpHMlDUUEEj3PHnr7szpqRiVdtvPdOQVq1lqwp2HG0hfMw62q5d084z86wsr9o7TWd0DVu0qoyaUgIJhyFIW8rzOJlVjTAUofAEhv2wVHW2S7ACC4nPoTUnS3kPA+FKePBzsU1wm1E9izNDbaU9xKa4PvHMSP0Ep4o8ziHSeuJsZACoFcHhYfspV/mSeGS1OvsoKHo1D/g8tyLjCQD5CAqs6lbPzYxlV5DKBKPFZmL5uMIuTATVPduracz086McNQAE+V4naRMUHxce+t/8Wn+SopWOLYCnP9QyJJQtW6fhaVE+buxhCNbSbNEGbv1NEM900veN0LP2FY0oGfY5Pq/MganoLZ53j50ElvW7jZ79iIavKJ7wYRVL8Yh39P2yi83XDWeaO7u2WrRVS24jSZz0H+EtbAxwF/YOdfgV3A2r+hedRut6OJsHwfa7Gb+ao60SxbVwDqMdKKU7SNgSxqDIuCaS0kYp7niUr7KuneGpRR0hVAHAtppk5POEWP3RHXsmTHezIcWn6VQOzDiiSN/9hVF0iVApV6Tnp7f9c0cdWWsqDkyLCF0jZ0xf1Rm8VYqiw6YusJrqwqqCxVHQyV1uAtKFt3bO/QX1yOgJZdWY92zrOn1xE16ysI6Tb+sx7Ce9iA0gmxh/YvAggKDnxDqQvdFly8ixV5spFgfd39L18SJwB2YltYJhu0BMbcj9g4XLbCSznsIOkVEaeUiEmUvQ4ecrFUdNVtvXfg3nApssC1ENoV5Au8pteFs6E7UF8C6qtYNkM1XemudaDEdD8kWYXwgU73ePnSi6NFHYCGFp7J/UcG7HHKGcNbHCRij55gy8DABG3MAbvINBiZH50cXyzjZgLqNEoZ1i6IFESXGCp4p4lT0Tmq1EpSRjJVYl+X9DBbVFwYcfd/uSMmYMmmWzDjTPJsosyUdgvgpDkBku422MPSJ4QYGx6FWbHH1ewHu5+hfd10cdOvonvDL3m1AudSvP3Sjyy7gBujUy8NWyYH22D0qxqNyUczebYj9kvNYJoi0Jyt8OD3l5fxyzrRhby/nOQ0UeTi5S3VJyc8xEQgBPsVgW1A/FybWU63su5/v5olmmh5txHqNfsoUn+Rq/DPOYcRJPCKrR3eqipEG2i4ynqeLm3+/ZRfsnVD3bAGyKJ4aVQLqwVGPro3U2b7sdgMwleiqzuilUOvqWZqOs8k7x0yaNll0/UX8ZLrNiHMclR6zB2JouGA6OoJecwc7/kSH5e+qVdxygY7kVDMBYEKDNOH27F8BRkET9OeVka+WkBRUUw7MitP1T3j74LyKJNlNohyyMbGHaHCJDpj8q/O+l5KJFU5LKsmgV/Dgqo3uCKX/PTw4ttHdCWqpqe9hT1ghhH1LnDZs0Yl8hnFjHSm8MEm3gUJ4oGqzx3+sipc6FdDb2OIwpk8JtcYIdZgsmkDhS5NNlBL3UImGLKZ7KSX7X7dMZFtCxJJCuqqCq0RwvAf8et7MF1BjSlRSk3o7DLe6+ffbbX59yU7Xv9/e6gbYy/lvl4u3/5gx/P/PIbfidU5nrrW+F3BDfxUEwkXoPtLfBEXoWrumu6XS4c/eT8GIIzvaN/PF2zoRLeiyGqfoEhbTX3FZ9zKOq1yxtvkfw0Ge4/HGcfV4/DkW3GfLn4kH6y2EKxs5Z3WDWY2k6D6pe6V3KuY2noKSk/aSOcBZVMI5IqUMIR/gLAgdI0qlVa3bTgquaurBbe+1ejUSL7NwETS3Vtcizt+RohZ0SWaXA2mWSOdOfbffcWKfxyLQLDlVCR5pDkmEVyCkXDlRbYXpLSnCS+UEQ7JFJ0k1IWNkJQzsMFOAEOvb9BIl6sWHP02yI5zOt6h5oaURTjq2rCPGGIeGN6BEvnAEvUXU+91h6W2s48m5pwzUwkKFM9CpMP52dzdnHTdeLJFwke5Jii6QzLUXMWHAV6NbLug6O48FHt1GWBxBhdGCWZiRjGBmE59laKWPBeOWibYDY7VCQ7/AbC7tMfGkZl4NqWAnLNDBEkwr0j77t47SbZbVU0HcAnrX3HGcSPZ4nPdRWsE1etZLaBEiQ3qFvd0QWnTI/t8AAAD//3Pt5lE=" } diff --git a/x-pack/filebeat/module/checkpoint/firewall/_meta/fields.yml b/x-pack/filebeat/module/checkpoint/firewall/_meta/fields.yml index 4c629112a88f..b9ae9311424b 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/_meta/fields.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/_meta/fields.yml @@ -76,6 +76,11 @@ description: > Override application ID. + - name: identity_src + type: keyword + description: > + The source for authentication identity information. + - name: information type: keyword overwrite: true @@ -424,6 +429,11 @@ description: > Risk level we got from the engine. + - name: roles + type: keyword + description: > + The role of identity. + - name: observable_name type: keyword overwrite: true @@ -1888,6 +1898,11 @@ description: > Reports whether watermark is added to the cleaned file. + - name: snid + type: keyword + description: > + The Check Point session ID. + - name: source_object type: keyword overwrite: true @@ -2206,6 +2221,11 @@ description: > Password authentication protocol used (PAP or EAP). + - name: auth_status + type: keyword + description: > + The authentication status for an event. + - name: machine type: keyword overwrite: true diff --git a/x-pack/filebeat/module/checkpoint/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/checkpoint/firewall/ingest/pipeline.yml index 4ae4ead14bcf..5e47b9533de7 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/ingest/pipeline.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/ingest/pipeline.yml @@ -243,6 +243,34 @@ processors: field: event.category value: intrusion_detection if: "['Detect', 'Prevent'].contains(ctx.checkpoint?.rule_action)" + - set: + field: event.outcome + value: success + if: ctx.checkpoint?.action == 'Log In' + - set: + field: event.outcome + value: failure + if: ctx.checkpoint?.action == 'Failed Log In' + - append: + field: event.category + value: authentication + if: "['Log In', 'Failed Log In'].contains(ctx.checkpoint?.action)" + - append: + field: event.type + value: allowed + if: ctx.checkpoint?.action == 'Log In' + - set: + field: checkpoint.action + value: logged-in + if: ctx.checkpoint?.action == 'Log In' + - append: + field: event.type + value: denied + if: ctx.checkpoint?.action == 'Failed Log In' + - set: + field: checkpoint.action + value: logon-failed + if: ctx.checkpoint?.action == 'Failed Log In' - append: field: related.ip value: "{{source.ip}}" @@ -481,6 +509,18 @@ processors: field: checkpoint.origin target_field: observer.name ignore_missing: true + - rename: + field: checkpoint.mac_address + target_field: observer.mac + ignore_missing: true + - gsub: + field: observer.mac + ignore_missing: true + pattern: '[:]' + replacement: '-' + - uppercase: + field: observer.mac + ignore_missing: true - rename: field: checkpoint.origin_ip target_field: observer.ip diff --git a/x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log b/x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log new file mode 100644 index 000000000000..892946f69275 --- /dev/null +++ b/x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log @@ -0,0 +1,2 @@ +<134>1 2022-07-06T15:53:08Z checkpoint-logs CheckPoint 2700 - [action:"Failed Log In"; flags:"18688"; ifdir:"inbound"; loguid:"{0xf17d1a9b,0x453b1e67,0xf27bccbf,0x233793e1}"; origin:"216.160.83.56"; originsicname:"CN=xxx-dc-gw-1_gw-vp-ext-7,O=7checkpoint-mng..tstst7"; sequencenum:"3"; time:"1657122788"; version:"5"; mac_address:"aa:aa:aa:aa:aa:aa"; product:"Connectra"] +<134>1 2022-07-06T16:08:25Z checkpoint-logs CheckPoint 2700 - [action:"Log In"; flags:"150784"; ifdir:"inbound"; logid:"131073"; loguid:"{0xf40caad8,0x2dccf344,0xbf0fb0c8,0x6e943a48}"; origin:"216.160.83.56"; originsicname:"CN=xx-dc-gw-1_gw-vp-ext-5,O=7checkpoint-mng..tstst7"; sequencenum:"1"; time:"1657123705"; version:"5"; auth_method:"User Authentication (Active Directory)"; auth_status:"Successful Login"; client_name:"Active Directory Query"; client_version:"R80.30"; domain_name:"xxx.com"; endpoint_ip:"81.2.69.142"; identity_src:"AD Query"; identity_type:"user"; product:"Identity Awareness"; roles:"Remote_Access_AR"; snid:"ccaaffdd"; src:"81.2.69.192"; src_user_group:"Remote_Access_Users; Remote_Admins; All Users; AD_Users"; src_user_name:"usrTest (usrTest)"; user:"usrTest (usrTest)"] diff --git a/x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log-expected.json b/x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log-expected.json new file mode 100644 index 000000000000..19b85976384d --- /dev/null +++ b/x-pack/filebeat/module/checkpoint/firewall/test/R80.X.log-expected.json @@ -0,0 +1,91 @@ +[ + { + "@timestamp": "2022-07-06T15:53:08.000Z", + "event.action": "logon-failed", + "event.category": [ + "authentication", + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0xf17d1a9b,0x453b1e67,0xf27bccbf,0x233793e1}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "failure", + "event.sequence": 3, + "event.timezone": "-02:00", + "event.type": [ + "denied" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 0, + "network.direction": "inbound", + "observer.mac": "AA-AA-AA-AA-AA-AA", + "observer.name": "216.160.83.56", + "observer.product": "Connectra", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "service.type": "checkpoint", + "tags": [ + "checkpoint-firewall", + "forwarded" + ] + }, + { + "@timestamp": "2022-07-06T16:08:25.000Z", + "checkpoint.auth_method": "User Authentication (Active Directory)", + "checkpoint.auth_status": "Successful Login", + "checkpoint.client_name": "Active Directory Query", + "checkpoint.client_version": "R80.30", + "checkpoint.identity_src": "AD Query", + "checkpoint.identity_type": "user", + "checkpoint.logid": "131073", + "checkpoint.roles": "Remote_Access_AR", + "checkpoint.snid": "ccaaffdd", + "client.ip": "81.2.69.192", + "client.user.group.name": "Remote_Access_Users", + "dns.question.name": "xxx.com", + "event.action": "logged-in", + "event.category": [ + "authentication", + "network" + ], + "event.dataset": "checkpoint.firewall", + "event.id": "{0xf40caad8,0x2dccf344,0xbf0fb0c8,0x6e943a48}", + "event.kind": "event", + "event.module": "checkpoint", + "event.outcome": "success", + "event.sequence": 1, + "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], + "fileset.name": "firewall", + "input.type": "log", + "log.offset": 372, + "network.direction": "inbound", + "observer.ip": "81.2.69.142", + "observer.name": "216.160.83.56", + "observer.product": "Identity Awareness", + "observer.type": "firewall", + "observer.vendor": "Checkpoint", + "related.ip": [ + "81.2.69.192" + ], + "service.type": "checkpoint", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5142, + "source.geo.location.lon": -0.0931, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "81.2.69.192", + "source.user.group.name": "Remote_Access_Users", + "tags": [ + "checkpoint-firewall", + "forwarded" + ] + } +] \ No newline at end of file