From 632c086cd3905eeae929dc5eaf9af11109f00f6f Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Fri, 5 Jun 2020 17:36:20 -0500 Subject: [PATCH] Fix improper nesting of session_issuer in aws/cloudtrail (#18915) pipeline & fields.yml had session issuer outside of the session context object. session issuer only appears inside the session context object. Not a breaking change because prior to this the data was being skipped. Closes #18894 --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 26 ++++----- .../module/aws/cloudtrail/_meta/fields.yml | 54 +++++++++---------- .../module/aws/cloudtrail/ingest/pipeline.yml | 26 ++++----- .../test/assume-role-json.log-expected.json | 5 ++ .../cloudtrail/test/console-login-json.log | 2 +- .../test/console-login-json.log-expected.json | 10 ++-- .../test/delete-bucket-json.log-expected.json | 5 ++ x-pack/filebeat/module/aws/fields.go | 2 +- 9 files changed, 71 insertions(+), 60 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 532faa78410..ab349ea511e 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -171,6 +171,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix `o365.audit` failing to ingest events when ip address is surrounded by square brackets. {issue}18587[18587] {pull}18591[18591] - Fix Kubernetes Watcher goroutine leaks when input config is invalid and `input.reload` is enabled. {issue}18629[18629] {pull}18630[18630] - Okta module now sets the Elasticsearch `_id` field to the Okta UUID value contained in each system log to minimize the possibility of duplicating events. {pull}18953[18953] +- Fix improper nesting of session_issuer object in aws cloudtrail fileset. {issue}18894[18894] {pull}18915[18915] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 4b662b5117c..a695efaab3e 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -1149,22 +1149,13 @@ type: date -- -*`aws.cloudtrail.user_identity.invoked_by`*:: -+ --- -The name of the AWS service that made the request, such as Amazon EC2 Auto Scaling or AWS Elastic Beanstalk. - -type: keyword - --- - [float] === session_issuer If the request was made with temporary security credentials, an element that provides information about how the credentials were obtained. -*`aws.cloudtrail.user_identity.session_issuer.type`*:: +*`aws.cloudtrail.user_identity.session_context.session_issuer.type`*:: + -- The source of the temporary security credentials, such as Root, IAMUser, or Role. @@ -1173,7 +1164,7 @@ type: keyword -- -*`aws.cloudtrail.user_identity.session_issuer.principal_id`*:: +*`aws.cloudtrail.user_identity.session_context.session_issuer.principal_id`*:: + -- The internal ID of the entity that was used to get credentials. @@ -1182,7 +1173,7 @@ type: keyword -- -*`aws.cloudtrail.user_identity.session_issuer.arn`*:: +*`aws.cloudtrail.user_identity.session_context.session_issuer.arn`*:: + -- The ARN of the source (account, IAM user, or role) that was used to get temporary security credentials. @@ -1191,7 +1182,7 @@ type: keyword -- -*`aws.cloudtrail.user_identity.session_issuer.account_id`*:: +*`aws.cloudtrail.user_identity.session_context.session_issuer.account_id`*:: + -- The account that owns the entity that was used to get credentials. @@ -1200,6 +1191,15 @@ type: keyword -- +*`aws.cloudtrail.user_identity.invoked_by`*:: ++ +-- +The name of the AWS service that made the request, such as Amazon EC2 Auto Scaling or AWS Elastic Beanstalk. + +type: keyword + +-- + *`aws.cloudtrail.error_code`*:: + -- diff --git a/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml b/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml index 2d3fe16a9fb..72db20adc8b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/_meta/fields.yml @@ -46,38 +46,38 @@ type: date description: >- The date and time when the temporary security credentials were issued. + - name: session_issuer + type: group + description: >- + If the request was made with temporary security + credentials, an element that provides information about + how the credentials were obtained. + fields: + - name: type + type: keyword + description: >- + The source of the temporary security credentials, such + as Root, IAMUser, or Role. + - name: principal_id + type: keyword + description: >- + The internal ID of the entity that was used to get + credentials. + - name: arn + type: keyword + description: >- + The ARN of the source (account, IAM user, or role) + that was used to get temporary security credentials. + - name: account_id + type: keyword + description: >- + The account that owns the entity that was used to get + credentials. - name: invoked_by type: keyword description: >- The name of the AWS service that made the request, such as Amazon EC2 Auto Scaling or AWS Elastic Beanstalk. - - name: session_issuer - type: group - description: >- - If the request was made with temporary security - credentials, an element that provides information about - how the credentials were obtained. - fields: - - name: type - type: keyword - description: >- - The source of the temporary security credentials, such - as Root, IAMUser, or Role. - - name: principal_id - type: keyword - description: >- - The internal ID of the entity that was used to get - credentials. - - name: arn - type: keyword - description: >- - The ARN of the source (account, IAM user, or role) - that was used to get temporary security credentials. - - name: account_id - type: keyword - description: >- - The account that owns the entity that was used to get - credentials. - name: error_code type: keyword description: >- diff --git a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml index eef0c339b99..f39f5f2c264 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml @@ -52,29 +52,29 @@ processors: formats: - ISO8601 - rename: - field: "json.userIdentity.invokedBy" - target_field: "aws.cloudtrail.user_identity.invoked_by" - ignore_failure: true - - rename: - field: "json.userIdentity.sessionIssuer.type" - target_field: "aws.cloudtrail.user_identity.session_issuer.type" + field: "json.userIdentity.sessionContext.sessionIssuer.type" + target_field: "aws.cloudtrail.user_identity.session_context.session_issuer.type" ignore_failure: true # userIdentity.sessionIssuer.userName is only set with assumed roles. - rename: - field: "json.userIdentity.sessionIssuer.userName" + field: "json.userIdentity.sessionContext.sessionIssuer.userName" target_field: "user.name" ignore_failure: true - rename: - field: "json.userIdentity.sessionIssuer.principalId" - target_field: "aws.cloudtrail.user_identity.session_issuer.principal_id" + field: "json.userIdentity.sessionContext.sessionIssuer.principalId" + target_field: "aws.cloudtrail.user_identity.session_context.session_issuer.principal_id" ignore_failure: true - rename: - field: "json.userIdentity.sessionIssuer.arn" - target_field: "aws.cloudtrail.user_identity.session_issuer.arn" + field: "json.userIdentity.sessionContext.sessionIssuer.arn" + target_field: "aws.cloudtrail.user_identity.session_context.session_issuer.arn" ignore_failure: true - rename: - field: "json.userIdentity.sessionIssuer.accountId" - target_field: "aws.cloudtrail.user_identity.session_issuer.account_id" + field: "json.userIdentity.sessionContext.sessionIssuer.accountId" + target_field: "aws.cloudtrail.user_identity.session_context.session_issuer.account_id" + ignore_failure: true + - rename: + field: "json.userIdentity.invokedBy" + target_field: "aws.cloudtrail.user_identity.invoked_by" ignore_failure: true - rename: field: "json.eventSource" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json index 39eb927bc8a..f40ae78bb8d 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json @@ -10,6 +10,10 @@ "aws.cloudtrail.user_identity.arn": "arn:aws:sts::111111111111:assumed-role/JohnDoe/JohnRole1", "aws.cloudtrail.user_identity.session_context.creation_date": "2019-10-02T21:50:54.000Z", "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "111111111111", + "aws.cloudtrail.user_identity.session_context.session_issuer.arn": "arn:aws:iam::111111111111:role/JohnRole1", + "aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "AROAIN5ATK5U7KEXAMPLE", + "aws.cloudtrail.user_identity.session_context.session_issuer.type": "Role", "aws.cloudtrail.user_identity.type": "AssumedRole", "cloud.account.id": "111111111111", "cloud.region": "us-east-2", @@ -38,6 +42,7 @@ "forwarded" ], "user.id": "AROAIN5ATK5U7KEXAMPLE:JohnRole1", + "user.name": "JohnDoe", "user_agent.device.name": "Spider", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log index 457343adddd..14fb436a938 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log +++ b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log @@ -1,3 +1,3 @@ {"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"AIDACKCEVSQ6C2EXAMPLE","arn":"arn:aws:iam::111122223333:user/JohnDoe","accountId":"111122223333","userName":"JohnDoe"},"eventTime":"2014-07-16T15:49:27Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.110","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0","requestParameters":null,"responseElements":{"ConsoleLogin":"Success"},"additionalEventData":{"MobileVersion":"No","LoginTo":"https://console.aws.amazon.com/s3/","MFAUsed":"No"},"eventID":"3fcfb182-98f8-4744-bd45-10aEXAMPLE"} {"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"AIDACKCEVSQ6C2EXAMPLE","arn":"arn:aws:iam::111122223333:user/JaneDoe","accountId":"111122223333","userName":"JaneDoe"},"eventTime":"2014-07-08T17:35:27Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.100","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0","errorMessage":"Failed authentication","requestParameters":null,"responseElements":{"ConsoleLogin":"Failure"},"additionalEventData":{"MobileVersion":"No","LoginTo":"https://console.aws.amazon.com/sns","MFAUsed":"No"},"eventID":"11ea990b-4678-4bcd-8fbe-625EXAMPLE"} -{"eventVersion":"1.05","userIdentity":{"type":"AssumedRole","principalId":"AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName","arn":"arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName","accountId":"123456789012","accessKeyId":"AKIAIOSFODNN7EXAMPLE","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"20131102T010628Z"}},"sessionIssuer":{"type":"Role","principalId":"AROAIDPPEZS35WEXAMPLE","arn":"arn:aws:iam::123456789012:role/RoleToBeAssumed","accountId":"123456789012","userName":"RoleToBeAssumed"}},"eventTime":"2014-07-08T17:35:27Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.100","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0","errorMessage":"Failed authentication","requestParameters":null,"responseElements":{"ConsoleLogin":"Failure"},"additionalEventData":{"MobileVersion":"No","LoginTo":"https://console.aws.amazon.com/sns","MFAUsed":"No"},"eventID":"11ea990b-4678-4bcd-8fbe-625EXAMPLE"} +{"eventVersion":"1.05","userIdentity":{"type":"AssumedRole","principalId":"AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName","arn":"arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName","accountId":"123456789012","accessKeyId":"AKIAIOSFODNN7EXAMPLE","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"20131102T010628Z"},"sessionIssuer":{"type":"Role","principalId":"AROAIDPPEZS35WEXAMPLE","arn":"arn:aws:iam::123456789012:role/RoleToBeAssumed","accountId":"123456789012","userName":"RoleToBeAssumed"}}},"eventTime":"2014-07-08T17:35:27Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-2","sourceIPAddress":"192.0.2.100","userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0","errorMessage":"Failed authentication","requestParameters":null,"responseElements":{"ConsoleLogin":"Failure"},"additionalEventData":{"MobileVersion":"No","LoginTo":"https://console.aws.amazon.com/sns","MFAUsed":"No"},"eventID":"11ea990b-4678-4bcd-8fbe-625EXAMPLE"} diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json index 670a6dfd8b5..d80e8caba58 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json @@ -94,10 +94,10 @@ "aws.cloudtrail.user_identity.access_key_id": "AKIAIOSFODNN7EXAMPLE", "aws.cloudtrail.user_identity.arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName", "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", - "aws.cloudtrail.user_identity.session_issuer.account_id": "123456789012", - "aws.cloudtrail.user_identity.session_issuer.arn": "arn:aws:iam::123456789012:role/RoleToBeAssumed", - "aws.cloudtrail.user_identity.session_issuer.principal_id": "AROAIDPPEZS35WEXAMPLE", - "aws.cloudtrail.user_identity.session_issuer.type": "Role", + "aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "123456789012", + "aws.cloudtrail.user_identity.session_context.session_issuer.arn": "arn:aws:iam::123456789012:role/RoleToBeAssumed", + "aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "AROAIDPPEZS35WEXAMPLE", + "aws.cloudtrail.user_identity.session_context.session_issuer.type": "Role", "aws.cloudtrail.user_identity.type": "AssumedRole", "cloud.account.id": "123456789012", "cloud.region": "us-east-2", @@ -107,7 +107,7 @@ "event.id": "11ea990b-4678-4bcd-8fbe-625EXAMPLE", "event.kind": "event", "event.module": "aws", - "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"AssumedRole\",\"principalId\":\"AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName\",\"arn\":\"arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName\",\"accountId\":\"123456789012\",\"accessKeyId\":\"AKIAIOSFODNN7EXAMPLE\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"20131102T010628Z\"}},\"sessionIssuer\":{\"type\":\"Role\",\"principalId\":\"AROAIDPPEZS35WEXAMPLE\",\"arn\":\"arn:aws:iam::123456789012:role/RoleToBeAssumed\",\"accountId\":\"123456789012\",\"userName\":\"RoleToBeAssumed\"}},\"eventTime\":\"2014-07-08T17:35:27Z\",\"eventSource\":\"signin.amazonaws.com\",\"eventName\":\"ConsoleLogin\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"192.0.2.100\",\"userAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0\",\"errorMessage\":\"Failed authentication\",\"requestParameters\":null,\"responseElements\":{\"ConsoleLogin\":\"Failure\"},\"additionalEventData\":{\"MobileVersion\":\"No\",\"LoginTo\":\"https://console.aws.amazon.com/sns\",\"MFAUsed\":\"No\"},\"eventID\":\"11ea990b-4678-4bcd-8fbe-625EXAMPLE\"}", + "event.original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"AssumedRole\",\"principalId\":\"AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName\",\"arn\":\"arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/MySessionName\",\"accountId\":\"123456789012\",\"accessKeyId\":\"AKIAIOSFODNN7EXAMPLE\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"20131102T010628Z\"},\"sessionIssuer\":{\"type\":\"Role\",\"principalId\":\"AROAIDPPEZS35WEXAMPLE\",\"arn\":\"arn:aws:iam::123456789012:role/RoleToBeAssumed\",\"accountId\":\"123456789012\",\"userName\":\"RoleToBeAssumed\"}}},\"eventTime\":\"2014-07-08T17:35:27Z\",\"eventSource\":\"signin.amazonaws.com\",\"eventName\":\"ConsoleLogin\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"192.0.2.100\",\"userAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0\",\"errorMessage\":\"Failed authentication\",\"requestParameters\":null,\"responseElements\":{\"ConsoleLogin\":\"Failure\"},\"additionalEventData\":{\"MobileVersion\":\"No\",\"LoginTo\":\"https://console.aws.amazon.com/sns\",\"MFAUsed\":\"No\"},\"eventID\":\"11ea990b-4678-4bcd-8fbe-625EXAMPLE\"}", "event.outcome": "failure", "event.provider": "signin.amazonaws.com", "event.type": "info", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json index c7ed41a19c5..d9c4bc3c056 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json @@ -9,6 +9,10 @@ "aws.cloudtrail.user_identity.arn": "arn:aws:sts::777788889999:assumed-role/AssumeNothing/devdsk", "aws.cloudtrail.user_identity.session_context.creation_date": "2016-11-14T17:25:26.000Z", "aws.cloudtrail.user_identity.session_context.mfa_authenticated": "false", + "aws.cloudtrail.user_identity.session_context.session_issuer.account_id": "777788889999", + "aws.cloudtrail.user_identity.session_context.session_issuer.arn": "arn:aws:iam::777788889999:role/AssumeNothing", + "aws.cloudtrail.user_identity.session_context.session_issuer.principal_id": "AIDAQRSTUVWXYZEXAMPLE", + "aws.cloudtrail.user_identity.session_context.session_issuer.type": "Role", "aws.cloudtrail.user_identity.type": "AssumedRole", "cloud.account.id": "777788889999", "cloud.region": "us-east-2", @@ -31,6 +35,7 @@ "forwarded" ], "user.id": "AIDAQRSTUVWXYZEXAMPLE:devdsk", + "user.name": "AssumeNothing", "user_agent.device.name": "Spider", "user_agent.name": "aws-cli", "user_agent.original": "[aws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67]", diff --git a/x-pack/filebeat/module/aws/fields.go b/x-pack/filebeat/module/aws/fields.go index 22308cf2722..aee1d393f7b 100644 --- a/x-pack/filebeat/module/aws/fields.go +++ b/x-pack/filebeat/module/aws/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAws returns asset data. // This is the base64 encoded gzipped contents of module/aws. func AssetAws() string { - return "eJzcXN9z47Zzf7+/YicvX9+MpE4umU7HnXRG5/M1apyLa+mS9omBwJWEGgIYALRO99d3FgApUgQl25IuneohkUVy8dnF/sbyhvCI22tgG/sGwAkn8RrGf0zfABiUyCxewxwdewOQo+VGFE5odQ3/9gYA4FedlxJhoQ2smMqlUEuQemlhYfSayIzeACwEytxe+weGoNgaq+Xo47YFXsPS6LKIvyTWoc9HT6am7NcZxavNJZrLcKnL3BkmZH0ptSJ99rmtPjkuWCld5pe4hgWTFluXk2CbgLXxeG8Iy4ywtKCn4DdZwCdULntCY4VWrTsqTh5xu9Em37t2ABh9ZitsIor0QS/ArZAAhoUJ/Zq5URJaadFkIkflhNsmoe0LuQtsmERGlCeRMKDENUHhWjkmlIUcHRPSApvr0nm8tBroRYfWZPwrVADBrZiDNcvRP2LwrxKtGwBTOWxWgq+AG/T3MmlhgwY75EqL+QgmC3C4LrRhZtt5xt8z8CtUuO1Kbyys9IZ+7dDsENBz4hLz0d6tKSVp7gbJoHPxsI50tyNxQ9iRKGHPWM+WN6zb7Gvqy5F0FaOCMl6zr1rBA1pdGo7wia0RrsYPn95WAAsjFBcFk3t7zpmU+2JtoOYcrc0ecZuJFL5z4Q/rECGYfAgIN8x6xQGnwYqlampoP2CLlow2I8PAL64XcsoKnwt4smhi8UC9ODfCrRpmYJGXJqUS0FZxMrfaMDzrhdFPIkcLQgVfQ25oZ9mRxyTdWnTcIHOYe1frVtpic8nEo32m1BTuesEyVroVUeFEPXn3ca14rqAhascTkyWCsOAM/T+KX2vnnSJo452a/74hVnuJJT1TFNFuQ5m02suwxWvYXpYWO31+/TiGHJ8Ex38F7VZoNsLiIETHrsI25er3irQ2Z64PfJDpgRteIlAi4528E2uEzQqDdXV1tysxYW3ZdcQ7XoR60o+YZ/OU3p/LXdBSlWOjPMKiIbn3hTNb8hWwlNZD5Tlvb97BuHQappz5lC1mKLeSWSc4vEemrGPy8bjr8RIy/988T5JWDODPD9jwTE/TE7jhAs4lRsyoTYdNIKhSLzlm4UFrNyB39NmiGZAWPWh5xPzr0JyOsZdgWiiHRjFJ0TZy3swIm7F3iem9h7YuHWYxnf1cgrPxw6eKo7izV4xzXaqwLT5K+H0xWuLbXlIpMRxRjiMSCCC+3RbHBQMneqPs+Xe5rseM0SbjOt+32ecXY+map+nb/SJ18I8e0KArjbLej9H1Q/jWaC1bnhPi5DCYUPI0iNSm1g810soKZtgaHZr9qHWqSHeEByRMpraDqA3kty1FghBN+rLtHVJbaGUxiwHk3EAr+nWAojSNcXrGVoH+EYGvmFqihauQ8A66BWpB2Y43+RwlUuITiLxN88XyXNB1JjNf7ues1fs4lbVxTZ6yMNZI60NzobZMpR1tlotK0yFUaR25siiqwyrV8Tyn7lBIyz3gUP4uBNqW4oQAGw14jkItu7U+kxJzWKJCw5x/XthAuseYffMnkSCcZMlt/FVl39iSCmDe2CuDXJu8R40KcXKH6ijO8f2kblMxazUXu0rFX9/YcSFumJQdSp6DGfF5QNZrptjSW1+whXPaAbzXWiJTPWq0WSHVUA1pCwv7hggNhOGuPhNgeaaVTHfkTt6KHVZhQRekJ7QjBNgvPaSldxd6/anPV9J+9DVdwzFIYb3/qGnHRgvmINROtC9tq12ul1U3sMYPn7r12rNyqXPAGMfcaZcdVxKkTCpR3J214XhENN451ZZiqp0M9Zo/qLi+Zhs7jH536JFdU7AZ0qP+7x4N5KIQZOy9Aj7FYB6wMEgJRvBdbCdjb/sGOYon71+FPWTMka/gkbLY+L6cj63zT1puAEJxWeZCLWFDqJ0RyyWaEBbSTjY0WoIOlbKPqRUzmEeezir2f/88+dCIXvNt84zDaSiV+KtEua1Uqnk9zVA8cPLCYeuQpYecKnpxG/JIpyEXiwUa+iOcn7U/UQV6qoqngmeo8kKLc4tkb4d/v7+BaiGypnDyEXOY2NDwbRbPdjcG0fNOA1O+69csWurWU9Vmmv6Q5pVrZbXETOqlSOcLrwkA8bTNFsjFQnACeRMWuqN14m6+1Pkfz48Po+4iT/vgXaJ8683oA6XLVAQc5+EQH01e1nouJPbkaW1O5iFbObEwTyQNLW4o8fdaFpDBIWQVE15nMqe/QV/h88NdZwcOC3jBstIeOSi4mGjXpXQCFow7Kh13zXzyVJuefjDEM03IS0NePslq6yx9w1yrJ/h3nqX/QVhedJZ+qCuSOEE7YrhtEBXxUUdwyN/9/RK7vXkXJjOEagB/ruBEkbE8N2hfn3skq+rQmkUHkfouA/XxCE1CmnL+fGku2euEdff+RXrVyTJPFkzz0EdqlsOcSaY49nTSTuoQJAE0z/tbALyQnt7BHf34Pv7Yk9U4ZpboMr89o24hdSLERvc7LBT0YDeJdLStRyUjdkucE3F57YmUO+k+UvqjkPfXxoXRTnO9n4+eCKqimt7Tq5VzBWgDjhc9rcK6WWs0VdVCLTMn1jiyyJNIF1KzFzpUr3faMRmOaoUCi1wryuqE4rgnvdAMDH1BYXcyLpUTEkQrNWdgcElbQsXLnPFHVD2trHjx/xCbDTboSgQITkjZ+sE6ZpyN/VEq2o60sv9mDuuWd3Pv6lqrxWV7L714pOgtmXeiC3yt0zFL6k6D9mVcRUNq7pSCtZBSRGYHkdsAXxeosMUQl9runxrXnlPajPyYXbFHvCwf1UTI7G4K9ZIkaK7XhT9D2OMLdEJLV8zCHFEBWsfmUthVH2uV+Yn9WulEDze5388iKiXaaXrotxzzwBXCQpvXd4HTXlgbV/WwTkVHLntUn4ZYx1xpTzuXTEIOhIEId83zqnm1a6DhAYqHZL9Om9CL/bMX+p/pfpGVGRfF6tyBejq9g0A3VEFCkRH8k/+53oSe1IYwXSZS0/J1tH4xLr7SFlXG0biLZlxhHaB1xMIPjUHseIYz9oYSvBa+RSPYmYUbaIIq13M0F+ZFKK7XPrxKmzGJ53YmVDwt0cQzJb3wHtyv04io820qha/sOHDlD8cjx/3hiL7lWarJdSIfBNsTD/l7DwLDOJ7SGU0u7Sdnlasjxp//NRyvv6rhjFYbTvI/YYUs76u61lRCY56ZUlI6JXRiDu3ktD1Q3W2yz51KWc//eQjtEUCxoISX7omXe05tQ5KEX5CX3fnWE4HHHnlFPMxdtkLdbpbkaqHNhpl8AAvxBfNhFRkGraHU0Wj0dgQTB5yp6l0AsPiEhskgnh47NJgLg9xlpTmzN/n8cBc9tJd4XMcfUPOq8VaL4MC4zsggs+d+uyPMEAXK1ShRvR0R34IJ2URWR7cfwtnpxTst0x/88QGaair+JW2Xeckf0WWpU8pT/QJTWgnOZBi03h2N+rX2Zu4CjJ5kzV+7XG8o0A++YH9aNlob7faSCdU/27TWDrOedLzz83NsvyiYCdHy2e096LYavtmm1uv5wSkGQ6+epWqPxFdnZBcbPOqAHoN1vi/fOtGsT9fSB5rIdud5aaj1bMZ5xbubBfHNrxxWYYQecuSSUerPLEx/G9+P6jsH8HA7nY1+ns3uszW6lc5H1eyBH3oawB+376eT2e2hW7SB9+PZzc+jD7d3t7Pb0W/v/+P2ZpZm/RHPHJ+/e8Ttd83RtV0UpuCAiqqa3IP8bvhd5YZ3oso1huk3R0U38y8F1VOLhzWtNOK8vDwEwsPPD5MWRyT72rF0Tjma0Kiuy0I5d8ZehSrXaAQPOJoF525c5cBE4BnmddO1UG2Gtz7Q3ugcm/usdIzAmvPSmN5uyNahzWzfvNmrJRbLm7rL5tfxJfoA8Es11uFFumsNP6GhfLfJxlc0useNzP+HkiorvqYle0pjiojWIdevQ5WX18Devoh/0rfKLiLJVgdsP9QKBQsplivXmBbxac0/LBRobEFp4VOPhrrSqIwZXar8m8FnrqHAtqBg3UjOt7o0xwaiF2jMuSN0q8jxuvkQ14l12PFK1b+TzJanzG8+E9pni2Y4ppUOFolxquHspWs1Cjv5UDUU68jz3GATSUzyYyFnpc+c2RADX4Zs/XUo8uE7//5ZrY34xaHKdwkXTD70tODEUjFXmr6ZllNbRRX5Sk4DmIrl7x4tfflx0H2zpJkxtpzEq/PK0J/MbCk6L0Oe2mdETsxNNVUQFu7YFg1cTad3b6um6G48H5faifoVW1L/aYo1utDTa2gNpJw20Z6OG/G8un6vtT0BE97KH5du9bO31fCCRfueYMV2AP9ZotlOQ+pN9/1Ff1e5+FVhcEi6gTmleG9fv7XeqsKiZ678q/m+Si1jq5K+HpnNc9Jexppmhinrjz+Cok2rl8quZnfTt7U3a2ha7FzuH/U1JiYXUm+e36HoTNY8t0fx+/0N0FIv6k1cRIiE5CMhudNLWy3h/0GKrS5pt+NLWH5mKA5JhxezKvkKC+/qB8Ks5BYY8NI6ve57okdXzjA4nc6s/YhtPTBdnU9WW9DXbHdoFpfoEe/6BArdRpvH3VoeW5ig9VMohi0WgscTbW3yw53XizRcq6Hk1BsyEd8Axjc3t/cz/8LubX+xLPXyUDH3aqRSL5fkSWMpF4Vbbe8AfvtlAJ9++zCejX2o/WVyT9/7tt06pi6669USXrT/6Er2FVoxqHKzmrawvrXovd5Wlz2TQY8us4azPE8HjNf06gpG4X8o8QklXGkjlkIx+bbqbXYP1SM7/Qhz674JwpyKQRVCdwNm5S4O4nwq+AU1xs/Ikx3W/2LRWb2HLecKz+92d/jDApdkwfEiW0i2PLNnmQu3ZvYxFmt14NBS6g15nNnNPfhlr+HdT9P//jT4/l/of8PxzS+D73/6OPk0+PGnh+ksDflyI5ZBatcwuX/6cUD//Wdfw91+HI/e/G8AAAD///fyPwM=" + return "eJzMXN9z27aTf89fsdOXrzMj6aZp5+bGN70ZxXGuurqpz1LauycWAlcSzhDAAqAV5a+/WQCkSBGUbEtqvnpIbJFcfHaxv7H0EB5xew1sY98AOOEkXsP4j+kbAIMSmcVrmKNjbwBytNyIwgmtruE/3gAA/KrzUiIstIEVU7kUaglSLy0sjF4TmdEbgIVAmdtr/8AQFFtjtRx93LbAa1gaXRbxm8Q69PnoydSU/TqjeLW5RHMZLnWZO8OErC+lVqTPPrfVJ8cFK6XL/BLXsGDSYutyEmwTsDYe7w1hmRGWFvQU/CYL+ITKZU9orNCqdUfFySNuN9rke9cOAKPPbIVNRJE+6AW4FRLAsDChXzM3SkIrLZpM5KiccNsktH0hd4ENk8iI8iQSBpS4JihcK8eEspCjY0JaYHNdOo+XVgO96NCajH+FCiC4FXOwZjn6Rwz+VaJ1A2Aqh81K8BVwg/5eJi1s0GCHXGkxH8FkAQ7XhTbMbDvP+HsGfoUKt13pjYWV3tC3HZodAnpOXGI+2rs1pSTN3SAZdC4e1pHudiRuCDsSJewZ69nyhnWbfU19OZKuYlRQxmv2VSt4QKtLwxE+sTXC1fjh09sKYGGE4qJgcm/POZNyX6wN1JyjtdkjbjORwncu/GEdIgSTDwHhhlmvOOA0WLFUTQ3tB2zRktFmZBj4xfVCTlnhcwFPFk0sHqgX50a4VcMMLPLSpFQC2ipO5lYbhme9MPpJ5GhBqOBryA3tLDvymKRbi44bZA5z72rdSltsLpl4tM+UmsJdL1jGSrciKpyoJ+8+rhXPFTRE7XhiskQQFpyh/6P4tXbeKYI23qn5nzfEai+xpGeKItptKJNWexm2eA3by9Jip8+vH8eQ45Pg+O+g3QrNRlgchOjYVdimXP1ekdbmzPWBDzI9cMNLBEpkvJN3Yo2wWWGwrq7udiUmrC27jrjNT2WE/l5zkKE+O3wJR+ewR3i9TfbSi+Ht+eGs+hyyRTge3qrPc8wQXiBniNoTY0wMLIeVZgC25KuDJJmFB63dgIz4s0UzIIN+0LLHaJoCqINaOjpdWhBCOTSKSYpZURrNvKoZwZbYryfQ1r3jbKdziUtzO374VHEZNeCKca5LFbbO+1+/d0ZLfHuQXEo8RxTpGVIJYL6NKsTFA2d6o+zltKHiV6gn/Yh5Nk95tHMlZrRUtetUsVk0FOH6CgcydmCp/AKqHPX25h2MS6dhypkvjmMteCuZdYLDe2TKOiYf0wUWGqNNxnW+7/meX/il66smd36ROtGIccWgK42yPjLQ9UP41mgtW54T4uQwmFBeNYjUDqkfaqSVFcywNTo0+/t2qkh3hAckTKa2g2gLFAUtxdYQo/sy+x1SW2hlMYsh+dxAK/p1yKeUkHF6xlaq/ojAV0wt0cJVSK4H3WK4oMzKO8EcJVKSFYi8TfPF8lzQdSYz31rIWavPcipr45o8ZXysUUKERkbtl5R2tFkuKk2HUKV15NyjqA6rVMcHn7pDoQTwgEOpvRBoW4oTUpNowHMUatntKzApMYclKjTM+eeFDaR7jNk3mhJp1kmW3MZfdREaW1IBzBt7ZZBrk/eoUSFO7oYdxTm+n9QtMWat5mJXFfnrGzsuxA2TskPJczAjPg/Ies0UW3rrC7ZwTjuA91pLZKpHjTYrpHqtIW1hYd8QoYEw3NVnAizPtJLp7t/JW7HDKizogvSEdoQA+6WHtPTuQq8/9Rlc2o++pkM5Bims9x817djUwRyE2on2pS28y/XN6mbZ+OFTN2N5VlZ5DhjjmDnuaohKgpRHJsrnszY3j4jGO6faUky1k6EC9oci19dsY4fR7w49smsKNkN61P/eo4FcFIKMvVfApxjMAxYGKcEIvovtZOxt3yBH8eT9q7CHjDnyFTxSFpvsl/Oxdf5Jyw1AKC7LnHLkDaF2RiyXaEJYSDvZ0NQJOlTKPqZWzGAeeTqr2P/z8+RDI3rNt83zFKehVOKvEuW2Uqnm9TRD8XDLC4dKEcrSQ04VvbgNeaTTkIvFAg39Es7q2p+oAjYtkqeCZ6jyQotzi2Rvh3+/v4FqIbKmcMoSc5jYHvJllWe7G4PoeaeBKd9hbBYtdfFVFVrTH9K8cq2slphJvRTpfOE1ASCe7NkCuVgITiBvwkJ3tE7czZc6/+P58WHUXeRpH7xLlG+9GX2gdJmKgOM8HOKjyctaz4XEnjytzck8ZCuntkW7SUOLG0r8vZYFZHAIWcWE15nM6YPwz9P4//xw19mBwwJesKy0Rw4lLibadSmdgAXjjkrH3cEBeapNT0cE4vkp5KUhL59ktXVuv2Gu1U39luf2fxCWF53bH+qKJE7rjhhuG0RFfNQRHPJ3315itzfvwhSIUA3gzxWcKDKW5wbt63OPZFUdGtjoIFLfZaA+HqFJSFPOny/NJXudsO7ev0ivOlnmyYJptj2lZjnMmWSKY08n7aQOQRJAc7agBcAL6ekd3NGX7+OXPVmNY2aJLvPbM+oWUidCbJwHhIWCHuymno629ahkxG6JcyIurz2RcifdR0p/FPL+2rgw2mmu9/PRE0FVVNN7erVyrgBtwPGip1VYN2uNpqpaqGXmxBpHFnkS6UJq9kKH6vVOOybDsbBQYJFrRVmdUBz3pBeagaEvKOxOxqVyQoJopeYMDC5pS6h4mTP+iKqnlRUv/hOx2WCDrkSA4ISUrS+sY8bZ2B+lou1IK/sbc1i3vJt7V9daLS7be+nFI0VvybwTXeBrnY5ZUncatC/jKhpSc6cUrIWUIjI7iNwG+LpAhS2GuNR2/wy+9pzSZuTH7Io94mX5qKZPZndTqJckQXO9LvwZwh5foBNaumIW5ogK0Do2l8Ku+lirzE/s10onerjJ/X4WUSnRTtNDv+WYB64QFtq8vguc9sLauKqHdSo6ctmj+jTEOuZKe9q5ZBJyIAxEuGueV82rXQMND1A8JPt12oRe7J+90P9M94uszLgoVucO1NPpHQS6oQoSiozgX/zX9Sb0pDaE6TKRmpavo/WLcfGVtqgyjsZdNOMK6wCtIxZ+QA1ixzNMGDSU4LXwLRrBzizcQBNUuZ6juTAvQnG99uFV2oxJPLczoeJpiSaeKemF9+B+nUZEnW9TKXxlx4ErfzgeOe4PR/RTnqWaXCfyQbA98ZC/9yAwjOMpndHk0n5KV7k6Yvz5P8Px+qsazmi14ST/E1bI8r6qa00lNOaZKSWlU0InpvtOTtsD1d0m+9yplPUEjIfQHoIRC0p46Z54uefUNiRJ+AV52Z2lPRF47JFXxMOMZyvU7WZJrhbabJjJB7AQXzAfVpFh0BqAHY1Gb0cwccCZqt47AItPaJgM4umxQ4O5MMhdVpoze5PPD3fRQ3uJx3X8ATWvGm+1CA6M64wMMnvuN0nCDFGgXI0S1dsR8S2YkE1kdXT7IZydXrzTMv3BHx+gqSbwX9J2mZf8EV2WOqU81S8wpZXgTIah7t3RqF9rbwoxwOhJ1vy1y/WGAv3gC/ZnkKO10W4vmVD9s01r7TDrScc7Xz/H9ouCmRAtn93eg26r4W/b1Ho9PzjFYOjVs1Tt8fvqjOxig0cd0GOwzvflWyea9ela+kAT2e48Lw21ns04r3h3syC++ZXDKozrQ45cMkr9mYXpb+P7UX3nAB5up7PRz7PZfbZGt9L5qJo98ENPA/jj9v10Mrs9dIs28H48u/l59OH27nZ2O/rt/X/d3szSrD/imePzd4+4/a45uraLwhQcUFFVk3uQ3w2/q9zwTlS5xjD95qjoZv4FpHpq8bCmlUacl5eHQHj4+WHS4ohkXzuWzilHExrVdVko587Yq1DlGo3gAUez4NyNqxyYCDzDvG66FqrN8NYH2hudY3OflY4RWHNeGtPbDdk6tJntmzd7tcRieVN32fw6vkQfAH6pxjq8SHet4Sc0lO822fiKRve4kfn/UVJlxde0ZE9pTBHROuT6dajy8hrY2xfxT/pW2UUk2eqA7YdaoWAhxXLlGtMiPq35h4UCjS0oLXzq0VBXGpUxo0uV/23wmWsosC0oWDeS860uzbGB6AUac+4I3SpyvG4+xHViHXa8UvXvP7PlKfObz4T22aIZjmmlg0VinGo4e+lajcJOPlQNxTryPDfYRBKT/FjIWekzZzbEwJchW38dinz4zr+BUWsjfnGo8l3CBZMPPS04sVTMlaZvpuXUVlFFvpLTAKZi+btHSz/8OOi+V9PMGFtO4tV5ZehPZrYUnRcvT+0zIifmppoqCAt3bIsGrqbTu7dVU3Q3no9L7UT9Oi+p/zTFGl3o6TW0BlJOm2hPx414Xl2/Q9uegAl/AWBcutXP3lbDCxbte4IV2wH8d4lmOw2pN933F/1e5eJXhcEh6QbmlOK9ff3WeqsKi5658q/m+yq1jK1K+vHIbJ6T9jLWNDNMWX/8ERRtWr1idzW7m76tvVlD02Lncv+orzExuZB68/wORWey5rk9it/vb4CWelFv4iJCJCQfCcmdXtpqCf/HL7a6pN2OL2H5maE4JB1ezKrkKyy8qx8Is5JbYMBL6/S674keXTnD4HQ6s/YjtvXAdHU+WW1BX7PdoVlcoke86xModBttHndreWxhgtZPoRi2WAgeT7S1yQ93Xi/ScK2GklNvyER8Axjf3Nzez/xrzrf9xbLUy0PF3KuRSr1ckieNpVwUbrW9A/jtlwF8+u3DeDb2ofaXyT393Lft1jF10V2vlvCi/UdXsq/QikGVm9W0hfWtRe/1trrsmQx6dJk1nOV5OmC8pldXMAr/Q4lPKOFKG7EUism3VW+ze6ge2elHmFv3tyDMqRhUIXQ3YFbu4iDOp4JfUGP8jDzZYf3Xkc7qPWw5V3h+t7vDHxa4JAuOF9lCsuWZPctcuDWzj7FYqwOHllJvyOPMbu7BL3sN736a/u+nwff/Rv8Nxze/DL7/6ePk0+DHnx6mszTky41YBqldw+T+6ccB/fuvvoa7/Tgevfn/AAAA//8RgkyD" }