From 7c79a644a2b477aad2ef43ee9b589c320594df92 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:07:32 -0500 Subject: [PATCH 1/8] 8.17.0 Release notes (#6224) * First draft * Adds ver header * Adds latest info * Updates my areas * Edits * Minor adjustments * small tweaks * known issue for exceptions * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> * Applies same changes * ryland's input * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic * Update docs/release-notes/8.17.asciidoc Co-authored-by: Mark Hopkin * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic * Moar bugs * Adds two new features * revised ki summary * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * editorial fixes * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --------- Co-authored-by: Benjamin Ironside Goldstein Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Co-authored-by: Steph Milovic Co-authored-by: Mark Hopkin Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes.asciidoc | 2 + docs/release-notes/8.17.asciidoc | 130 +++++++++++++++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100644 docs/release-notes/8.17.asciidoc diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index c60a100248..49594201f1 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -69,6 +70,7 @@ This section summarizes the changes in each release. * <> * <> +include::release-notes/8.17.asciidoc[] include::release-notes/8.16.asciidoc[] include::release-notes/8.15.asciidoc[] include::release-notes/8.14.asciidoc[] diff --git a/docs/release-notes/8.17.asciidoc b/docs/release-notes/8.17.asciidoc new file mode 100644 index 0000000000..ed03b7b20d --- /dev/null +++ b/docs/release-notes/8.17.asciidoc @@ -0,0 +1,130 @@ +[[release-notes-header-8.17.0]] +== 8.17 + +[discrete] +[[release-notes-8.17.0]] +=== 8.17.0 + +[discrete] +[[known-issue-8.17.0]] +==== Known issues + +// tag::known-issue[201820] +[discrete] +.The **Exceptions** tab won't properly load if exceptions contain comments with newline characters (`\n`) +[%collapsible] +==== +*Details* + +On December 5, 2024, it was discovered that the **Exceptions** tab won't load properly if any exceptions contain comments with newline characters (`\n`). This issue occurs when you upgrade to 8.16.0 or later ({kibana-issue}201820[#201820]). + +*Workaround* + + +For custom rules: + +. From the **Rules** page, <> the rule or rules with the affected exception lists. +. Modify the `.ndjson` file so `comments` no longer contain newline characters. +. Return to the **Rules** page and <> the rules. Ensure you select the **Overwrite existing exception lists with conflicting "list_id"** option. + +For prebuilt rules: + +NOTE: If you only need to fix exceptions for the Elastic Endpoint rule, you can export and re-import its exception list from the <> page. + +. Follow these steps to fetch the affected exception list ID or IDs that are associated with the rule: +.. Find the affected rule's ID (`id`). From the **Rules** page, open the details of a rule, go to the page URL, and copy the string at the end. For example, in the URL http://host.name/app/security/rules/id/167a5f6f-2148-4792-8226-b5e7a58ef46e, the string at the end (`167a5f6f-2148-4792-8226-b5e7a58ef46e`) is the `id`. +.. Specify the `id` when fetching the rule's details using the {api-kibana}/operation/operation-readrule[Retrieve a detection rule API]. Here is an example request that includes the `id`: ++ +[source,console] +---- +curl -H 'Authorization: ApiKey API_KEY_HERE' -H 'kbn-xsrf: true' -H 'elastic-api-version: 2023-10-31' KIBANA_URL/api/detection_engine/rules?id=167a5f6f-2148-4792-8226-b5e7a58ef46e +---- ++ +.. The JSON response contains the `id`, `list_id`, and `namespace_type` values within the `exceptions_list` key (as shown below). You need these values when using the Exception list API to retrieve the affected exception list. ++ +[source,console] +---- +{ + "id": "167a5f6f-2148-4792-8226-b5e7a58ef46e", + "exceptions_list": [ + { + "id": "490525a2-eb66-4320-95b5-88bdd1302dc4", + "list_id": "f75aae6f-0229-413f-881d-81cb3abfbe2d", + "namespace_type": "single" + } + ] +} +---- ++ +. Use the export exceptions API to retrieve the affected exception list. Insert the values for the `id`, `list_id`, and `namespace_type` parameters into the following API call: ++ +[source,console] +---- +curl -XPOST -H 'Authorization: ApiKey API_KEY_HERE' -H 'kbn-xsrf: true' -H 'elastic-api-version: 2023-10-31' 'KIBANA_URL/api/exception_lists/_export?list_id=f75aae6f-0229-413f-881d-81cb3abfbe2d&id=490525a2-eb66-4320-95b5-88bdd1302dc4&namespace_type=single' -o list.ndjson +---- ++ +. Modify the exception list's `.ndjson` file to ensure `comments[].comment` values don't contain newline characters (`\n`). +. Re-import the modified exception list using **Import exception lists** option on the <> page. The import will initially fail because the exception list already exists, and an option to overwrite the existing list will appear. Select the option, then resubmit the request to import the corrected exception list. +==== +// end::known-issue[201820] + +// tag::known-issue[] +[discrete] +.Duplicate alerts can be produced from manually running threshold rules +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution. + +==== +// end::known-issue[] + +// tag::known-issue[] +[discrete] +.Manually running custom query rules with suppression could suppress more alerts than expected +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. + +==== +// end::known-issue[] + +[discrete] +[[features-8.17.0]] +==== New features +* Adds a signature option for trusted applications on macOS ({kibana-pull}197821[#197821]). +* Allows you to use alert suppression on EQL sequence alerts ({kibana-pull}189725[#189725]). +* Adds GA support for the case action feature, which lets rules automatically create cases ({kibana-pull}196973[#196973]). + +[discrete] +[[enhancements-8.17.0]] +==== Enhancements +* Checks user permissions before initializing the entity engine ({kibana-pull}198661[#198661]). +* Updates LangChain dependencies, adding support for the new Bedrock cross-region inference profiles ({kibana-pull}198622[#198622]). + +[discrete] +[[bug-fixes-8.17.0]] +==== Bug fixes +* Clears the error on the second entity engine initialization ({kibana-pull}202903[#202903]). +* Modifies the empty state message that appears when installing prebuilt rules ({kibana-pull}202226[#202226]). +* Rejects CEF logs from Automatic Import and instead redirects you to the CEF integration ({kibana-pull}201792[#201792], {kibana-pull}202994[#202994]). +* Fixes a bug in Automatic Import where icons did not display after the integration was installed ({kibana-pull}201139[#201139]). +* Removes an erroneous duplicate Preserve Original Event flag as one was additionally added from the common settings file ({kibana-pull}201622[#201622]). +* Turns off the **Install All** button on the **Add Elastic Rules** page while rules are being installed ({kibana-pull}201731[#201731]). +* Turns off the **Add note** button in the alert details flyout if you don't have the appropriate permission ({kibana-pull}201707[#201707]). +* Removes fields with an `@` from the script processor ({kibana-pull}201548[#201548]). +* Fixes an issue that could interfere with Knowledge Base setup ({kibana-pull}201175[#201175]). +* Fixes an issue with Gemini streaming in the AI Assistant ({kibana-pull}201299[#201299]). +* Updates LangChain dependencies, adding support for the new Bedrock cross-region inference endpoints ({kibana-pull}198622[#198622]). +* Fixes a bug with threshold rules that prevented cardinality details from appearing ({kibana-pull}201162[#201162]). +* Fixes a bug that caused an entity engine to get stuck in the `Installing` status if the default Security data view didn't exist. With this fix, engines now correctly report the `Error` state ({kibana-pull}201140[#201140]). +* Fixes an issue that prevented you from successfully importing TSV files with asset criticality data if you're on Windows ({kibana-pull}199791[#199791]). +* Fixes asset criticality index issue when setting up entity engines concurrently ({kibana-pull}199486[#199486]). +* Fixes a bug where the `@timestamp` field wouldn't update upon asset criticality soft delete ({kibana-pull}196722[#196722]). +* Fixes a bug that prevented the save notification from displaying on duplicated Timelines with changes ({kibana-pull}198652[#198652]). +* Improves the flow for the Insights section in the alert details flyout ({kibana-pull}197349[#197349]). +* Fixes an issue where users without the {fleet} `read` permission were blocked from interacting with any onboarding card ({kibana-pull}202413[#202413]). +* Improves {elastic-defend} for Linux endpoints by enabling process information enrichment for file and network events when process events are disabled. +* Improves {elastic-defend} by refactoring the kernel driver to work around a `CRITICAL_PROCESS_DIED` bug check (BSOD) that can occur due to a conflict with CrowdStrike Falcon. +* Fixes an issue in {elastic-defend} versions 8.15.2 and 8.15.3 which can result in Windows boot failure `0xC000007B` referencing `ElasticElam.sys` or recovery mode prompt at boot. We have only received reports of this happening when {elastic-defend} is installed alongside CrowdStrike Falcon. +* Fixes an {elastic-defend} bug where the Linux system call (`setsid`) wasn't properly gathered for RHEL 9/CentOS Stream 9 process events. +* Fixes an issue where {elastic-defend} can enter an infinite loop if an external application opens and retains handles to files within {elastic-defend}s directory while it is processing a `get-file` response action. This can result in {elastic-defend} flooding Elasticsearch with documents until the handles are closed. \ No newline at end of file From e85033d5cbeff2af7197d302aa23859b64949270 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:33:58 -0500 Subject: [PATCH 2/8] [8.x] [8.17] Document impact of using logsDB for security users (backport #6272) (#6304) * [8.17] Document impact of using logsDB for security users (#6272) * First draft * Removes serverless content * Minor change * Removes unnecessary words * Fixes casing for all mentions of logsdb ESS and Serverless * Update docs/detections/detections-logsdb-impact.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/detections/detections-logsdb-impact.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/serverless/rules/detections-logsdb-impact.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/serverless/rules/detections-logsdb-impact.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Adds licensing info --------- Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> (cherry picked from commit 61b1f1b142c5369c708ec796ce77e22d59f62888) # Conflicts: # docs/serverless/rules/detection-engine-overview.asciidoc # docs/serverless/rules/detections-logsdb-impact.asciidoc * Delete docs/serverless directory and its contents --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: github-actions[bot] --- .../detection-engine-intro.asciidoc | 6 ++ docs/detections/detections-index.asciidoc | 2 + .../detections-logsdb-impact.asciidoc | 65 +++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 docs/detections/detections-logsdb-impact.asciidoc diff --git a/docs/detections/detection-engine-intro.asciidoc b/docs/detections/detection-engine-intro.asciidoc index b522d3f4bd..105e2ade3e 100644 --- a/docs/detections/detection-engine-intro.asciidoc +++ b/docs/detections/detection-engine-intro.asciidoc @@ -167,3 +167,9 @@ and you should contact your {kib} administrator. NOTE: For *self-managed* {stack} deployments only, this message may be displayed when the <> setting is not enabled in the `elasticsearch.yml` file. For more information, refer to <>. + +[discrete] +[[detections-logsdb-index-mode]] +== Using logsdb index mode + +To learn how your rules and alerts are affected by using the {ref}/logs-data-stream.html[logsdb index mode], refer to <>. \ No newline at end of file diff --git a/docs/detections/detections-index.asciidoc b/docs/detections/detections-index.asciidoc index 2d1cab74d6..ff45aa827b 100644 --- a/docs/detections/detections-index.asciidoc +++ b/docs/detections/detections-index.asciidoc @@ -2,6 +2,8 @@ include::detection-engine-intro.asciidoc[] include::detections-req.asciidoc[leveloffset=+1] +include::detections-logsdb-impact.asciidoc[leveloffset=+1] + include::about-rules.asciidoc[] diff --git a/docs/detections/detections-logsdb-impact.asciidoc b/docs/detections/detections-logsdb-impact.asciidoc new file mode 100644 index 0000000000..1b304c7f1e --- /dev/null +++ b/docs/detections/detections-logsdb-impact.asciidoc @@ -0,0 +1,65 @@ +[[detections-logsdb-index-mode-impact]] += Using logsdb index mode with {elastic-sec} + +NOTE: To use the {ref}/mapping-source-field.html#synthetic-source[synthetic `_source`] feature, you must have the appropriate subscription. Refer to the subscription page for https://www.elastic.co/subscriptions/cloud[Elastic Cloud] and {subscriptions}[Elastic Stack/self-managed] for the breakdown of available features and their associated subscription tiers. + +This topic explains the impact of using logsdb index mode with {elastic-sec}. + +With logsdb index mode, the original `_source` field is not stored in the index but can be reconstructed using {ref}/mapping-source-field.html#synthetic-source[synthetic `_source`]. + +When the `_source` is reconstructed, {ref}/mapping-source-field.html#synthetic-source-modifications[modifications] are possible. Therefore, there could be a mismatch between users' expectations and how fields are formatted. + +Continue reading to find out how this affects specific {elastic-sec} components. + +[discrete] +[[logsdb-alerts]] +== Alerts + +When alerts are generated, the `_source` event is copied into the alert to retain the original data. When the logsdb index mode is applied, the `_source` event stored in the alert is reconstructed using synthetic `_source`. + +If you're switching to use logsdb index mode, the `_source` field stored in the alert might look different in certain situations: + +* {ref}/mapping-source-field.html#synthetic-source-modifications-leaf-arrays[Arrays can be reconstructed differently or deduplicated] +* {ref}/mapping-source-field.html#synthetic-source-modifications-field-names[Field names] +* `geo_point` data fields (refer to {ref}/mapping-source-field.html#synthetic-source-modifications-ranges[Representation of ranges] and {ref}/mapping-source-field.html#synthetic-source-precision-loss-for-point-types[Reduced precision of `geo_point` values] for more information) + +Alerts generated by the following rule types could be affected: + +* Custom query +* Event correlation (non-sequence only) +* Non-aggregate rule types (for example, {esql} rules that use non-aggregating queries) + +Alerts that are generated by threshold, {ml}, and event correlation sequence rules are not affected since they do not contain copies of the original source. + +[discrete] +[[logsdb-rule-actions]] +== Rule actions + +While we do not recommend using `_source` for actions, in cases where the action relies on the `_source`, the same limitations and changes apply. + +If you send alert notifications by enabling {kibana-ref}/alerting-getting-started.html#alerting-concepts-actions[actions] to the external systems that have workflows or automations based on fields formatted from the original source, they may be affected. In particular, this can happen when the fields used are arrays of objects. + +We recommend checking and adjusting the rule actions using `_source` before switching to logsdb index mode. + +[discrete] +[[logsdb-runtime-fields]] +== Runtime fields + +Runtime fields that reference `_source` may be affected. Some runtime fields might not work and need to be adjusted. For example, if an event was indexed with the value of `agent.name` in the dot-notation form, it will be returned in the nested form and might not work. + +The following is an example of accessing `_source` that works with the logsdb index mode enabled: + +[source,console] +---- +"source": """ emit(params._source.agent.name + "_____" + doc['agent.name'].value ); """ +"source": """ emit(params._source['agent']['name'] + "_____" + doc['agent.name'].value ); """ +"source": """ emit(field('agent.name').get(null) + "_____" + doc['agent.name'].value ); """ +"source": """ emit($('agent.name', null) + "_____" + doc['agent.name'].value ); """ +---- + +The following will not work with synthetic source (logsdb index mode enabled): + +[source,console] +---- +"source": """ emit(params._source['agent.name'] + "_____" + doc['agent.name'].value ); """ +---- \ No newline at end of file From fdc818bb570f4b58b2dd635646737a04eb211315 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Thu, 12 Dec 2024 19:33:16 +0000 Subject: [PATCH 3/8] What's new in 8.17 (#6286) * Whats new in 8.17 * Add missing refs and lowercase logsdb * Removes unavailable link * Update docs/whats-new.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/whats-new.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> * Add logsdb updates --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/whats-new.asciidoc | 156 +++------------------------------------- 1 file changed, 10 insertions(+), 146 deletions(-) diff --git a/docs/whats-new.asciidoc b/docs/whats-new.asciidoc index 0b6a37ccb4..13bde6a9ab 100644 --- a/docs/whats-new.asciidoc +++ b/docs/whats-new.asciidoc @@ -4,172 +4,36 @@ Here are the highlights of what’s new and improved in {elastic-sec}. For detailed information about this release, check out our <>. -Other versions: {security-guide-all}/8.15/whats-new.html[8.15] | {security-guide-all}/8.14/whats-new.html[8.14] | {security-guide-all}/8.13/whats-new.html[8.13] | {security-guide-all}/8.12/whats-new.html[8.12] | {security-guide-all}/8.11/whats-new.html[8.11] | {security-guide-all}/8.10/whats-new.html[8.10] | {security-guide-all}/8.9/whats-new.html[8.9] | {security-guide-all}/8.8/whats-new.html[8.8] | {security-guide-all}/8.7/whats-new.html[8.7] | {security-guide-all}/8.6/whats-new.html[8.6] | {security-guide-all}/8.5/whats-new.html[8.5] | {security-guide-all}/8.4/whats-new.html[8.4] | {security-guide-all}/8.3/whats-new.html[8.3] | {security-guide-all}/8.2/whats-new.html[8.2] | {security-guide-all}/8.1/whats-new.html[8.1] | {security-guide-all}/8.0/whats-new.html[8.0] | {security-guide-all}/7.17/whats-new.html[7.17] | {security-guide-all}/7.16/whats-new.html[7.16] | {security-guide-all}/7.15/whats-new.html[7.15] | {security-guide-all}/7.14/whats-new.html[7.14] | {security-guide-all}/7.13/whats-new.html[7.13] | {security-guide-all}/7.12/whats-new.html[7.12] | {security-guide-all}/7.11/whats-new.html[7.11] | {security-guide-all}/7.10/whats-new.html[7.10] | +Other versions: {security-guide-all}/8.16/whats-new.html[8.16] | {security-guide-all}/8.15/whats-new.html[8.15] | {security-guide-all}/8.14/whats-new.html[8.14] | {security-guide-all}/8.13/whats-new.html[8.13] | {security-guide-all}/8.12/whats-new.html[8.12] | {security-guide-all}/8.11/whats-new.html[8.11] | {security-guide-all}/8.10/whats-new.html[8.10] | {security-guide-all}/8.9/whats-new.html[8.9] | {security-guide-all}/8.8/whats-new.html[8.8] | {security-guide-all}/8.7/whats-new.html[8.7] | {security-guide-all}/8.6/whats-new.html[8.6] | {security-guide-all}/8.5/whats-new.html[8.5] | {security-guide-all}/8.4/whats-new.html[8.4] | {security-guide-all}/8.3/whats-new.html[8.3] | {security-guide-all}/8.2/whats-new.html[8.2] | {security-guide-all}/8.1/whats-new.html[8.1] | {security-guide-all}/8.0/whats-new.html[8.0] | {security-guide-all}/7.17/whats-new.html[7.17] | {security-guide-all}/7.16/whats-new.html[7.16] | {security-guide-all}/7.15/whats-new.html[7.15] | {security-guide-all}/7.14/whats-new.html[7.14] | {security-guide-all}/7.13/whats-new.html[7.13] | {security-guide-all}/7.12/whats-new.html[7.12] | {security-guide-all}/7.11/whats-new.html[7.11] | {security-guide-all}/7.10/whats-new.html[7.10] | {security-guide-all}/7.9/whats-new.html[7.9] // NOTE: The notable-highlights tagged regions are re-used in the Installation and Upgrade Guide. Full URL links are required in tagged regions. // tag::notable-highlights[] -[float] -== Generative AI enhancements - -[float] -=== Improved Automatic Import capabilities - -{security-guide}/automatic-import.html[Automatic Import] can now use a larger variety of large language models and accept larger log samples in a wider range of common formats. - -[float] -=== Analyze more alerts with Attack Discovery - -{security-guide}/attack-discovery.html[Attack Discovery] can now analyze up to 500 alerts at once, and provides higher-quality responses. - -[role="screenshot"] -image::whats-new/images/8.16/attck-disc-alerts-number-menu.png[Attack Discovery alert settings,60%] - -[float] -=== Customize Elastic AI Assistant using Knowledge Base - -Elastic AI Assistant's new {security-guide}/ai-assistant-knowledge-base.html[Knowledge Base] feature allows you to specify individual documents or entire indices that AI Assistant will remember and use as context. This improves the relevance, quality, and customization of its responses. - -[role="screenshot"] -image::whats-new/images/8.16/knowledge-base-add-index-config.png[Knowledge Base's Edit index entry menu,80%] - -[float] -== Entity Analytics enhancements - -[float] -=== Manage persisted entity metadata with entity store - -preview:[] The {security-guide}/entity-store.html[entity store] feature allows you to query, reconcile, and maintain entity metadata from various sources, such as ingested logs, integrated identity providers, external asset repositories, and more. By extracting and storing entities from all indices in the {elastic-sec} default data view, the entity store lets you query entity metadata without real-time data searches. - -After you enable the entity store, the Entity Analytics dashboard displays the {security-guide}/detection-entity-dashboard.html#entity-entities[**Entities** section], which offers a comprehensive view of all hosts and users in your environment. You can filter them by their source, entity risk level, and asset criticality level. - -[role="screenshot"] -image::whats-new/images/8.16/entities-section.png[Entities section of the Entity Analytics dashboard] - -[float] -=== Asset criticality is available by default - -The advanced setting for enabling {security-guide}/asset-criticality.html[asset criticality] has been removed, and this feature is now available by default. - -[float] -=== Run entity risk scoring in multiple spaces - -You can now enable and run {security-guide}/entity-risk-scoring.html[entity risk scoring] in multiple {kib} spaces. This allows you to analyze and monitor entity risk in different contexts simultaneously. - -[float] -=== Recalculate entity risk scores after file upload - -When you {security-guide}/asset-criticality.html#bulk-assign-asset-criticality[bulk assign asset criticality] using the file upload feature, the newly assigned criticality levels are automatically factored in during the next hourly risk scoring calculation. You can now manually trigger an immediate recalculation of entity risk scores by clicking **Recalculate entity risk scores now** during the file upload process. - -[role="screenshot"] -image::whats-new/images/8.16/recalc-ers.png[Recalculate entity risk scores] - [float] == Detection rules and alerts enhancements [float] -=== Enable prebuilt detection rules on installation - -Previously, {security-guide}/prebuilt-rules-management.html#load-prebuilt-rules[installing and enabling prebuilt rules] took two steps. You can now do both in one step with the **Install and enable** option. This works for both single and multiple rules. - -[role="screenshot"] -image::whats-new/images/8.16/install-enable-rules.png[Install and enable rules, 80%] - -[float] -=== Run rules manually - -{security-guide}/rules-ui-management.html#manually-run-rules[Manually run rules] for testing purposes or additional rule coverage. Details about manual runs (such as the status of each run, the total number of runs that will occur, and more) are shown on the **Execution results** tab of the rule details page. - -[role="screenshot"] -image::whats-new/images/8.16/manual-rule-run-table.png[Manual rule run table] - -[float] -=== Exclude cold and frozen data from rules - -Rules that query cold and frozen data tiers might perform more slowly or fail. To ensure that the rules in your {kib} space exclude query results from cold and frozen tiers when executing, configure the `excludedDataTiersForRuleExecution` <>. - -[float] -=== View {es} queries that run during rule execution - -When previewing a rule, you can also {security-guide}/rules-ui-create.html#view-rule-es-queries[learn about its {es} queries], which are submitted when the rule runs. This information can help you identify and troubleshoot potential rule issues. You can also use it to confirm that your rule is retrieving the expected data. This option is provided for {esql} and EQL rules only. - -[float] -=== Alert suppression is generally available for more rule types - -{security-guide}/alert-suppression.html[Alert suppression] is generally available for the indicator match, threshold, {ml}, {esql}, and new terms rule types. It is still in technical preview for event correlation rules. - -[float] -== Investigations enhancements - -[float] -=== Add notes to alerts, events, and Timelines - -You can now attach {security-guide}/add-manage-notes.html[notes] to alerts, events, and Timelines, and manage them from the **Notes** page. This provides an easy way to incorporate notes into your investigative workflows to coordinate responses, conduct threat hunting, and share investigative findings. - -[role="screenshot"] -image::whats-new/images/8.16/new-note-alert-event.png[New note added to an alert] - -[float] -=== View analyzed events from the alert details flyout - -preview:[] By enabling the new `securitySolution:enableVisualizationsInFlyout` advanced setting, you can {security-guide}/view-alert-details.html#expanded-visualizations-view[view analyzed alerts and events] in the **Visualize** tab of the alert details flyout. This allows you to maintain the context of the Alerts table during your investigation and provides an easy way to preview related alerts and events. - -[role="screenshot"] -image::whats-new/images/8.16/visualize-tab-lp-alert-details.gif[Examine alert details from event analyzer, 80%] - -[float] -=== Resize alert and event details flyouts - -You can now resize the alert and event details flyouts and choose how they're displayed—over the Alerts table or next to it. - -[role="screenshot"] -image::whats-new/images/8.16/flyout-settings.gif[Change alert details flyout settings] - -[float] -== {elastic-defend} and response actions enhancements - -[float] -=== More SentinelOne third-party response actions +=== Logsdb index mode with detection rules and alerts -Additional third-party response actions are available using Elastic's {security-guide}/third-party-actions.html#sentinelone-response-actions[SentinelOne] integration and connector: +The {ref}/logs-data-stream.html[logsdb index mode] allows you to store log data more efficiently. If you're considering using it, refer to {security-guide}/detections-logsdb-index-mode-impact.html[Using logsdb index mode with {elastic-sec}] to learn how it can impact your rules and alerts. -* Get processes -* Terminate a process +NOTE: To use the {ref}/mapping-source-field.html#synthetic-source[synthetic `_source`] feature, you must have the appropriate subscription. Refer to the subscription page for https://www.elastic.co/subscriptions/cloud[{ecloud}] and {subscriptions}[{stack}/self-managed] for the breakdown of available features and their associated subscription tiers. [float] -=== {elastic-defend}'s automated response actions support all rule types +=== Suppress alerts for EQL sequence rules -You can now configure any detection rule type to perform {elastic-defend}'s {security-guide}/automated-response-actions.html[automated response actions]. - -//// -Commenting out until docs are ready +{security-guide}/alert-suppression.html[Alert suppression] now supports the EQL sequence rule type. You can use it to reduce the number of repeated or duplicate detection alerts generated from EQL sequence rules. [float] -=== New rules for {elastic-defend}'s endpoint protection features - -New prebuilt rules tailored for each of {elastic-defend}'s endpoint protection features—malware, ransomware, memory threats, and malicious behavior—allow you to configure actions tailored for detection or prevention of each type. +== Signature option available for macOS trusted applications conditions -[role="screenshot"] -image::whats-new/images/8.16/endpoint-protection-rules.png[Endpoint protection rules] -//// +When adding a {security-guide}/trusted-apps-ov.html[trusted application] for macOS, you can now specify conditions based on the application's digital signer—previously only available on Windows. [float] -== Cloud Security enhancements - -[float] -=== Ingest third-party cloud security data - -You can now {security-guide}/ingest-third-party-cloud-security-data.html[ingest cloud security data] from several third-party sources—Falco, AWS Security Hub, and Wiz—into {elastic-sec}. The data appears on the **Alerts** and **Findings** pages, and in the user and host details flyouts. - -[role="screenshot"] -image::whats-new/images/8.16/wiz-findings.png[Wiz data on the Findings page] - -[float] -=== Simplify posture data collection with agentless Cloud Security Posture Management deployment - -Elastic's native {security-guide}/cspm.html[Cloud Security Posture Management (CSPM)] integration now supports agentless deployment, giving you an easier and more streamlined way to collect posture data from your cloud service providers. +== Cases action is generally available +The {kibana-ref}/cases-action-type.html[Cases action] feature, first introduced in 8.14, is moving from technical preview to general availability. Use this action to automatically create cases from rules. // end::notable-highlights[] From f0d60d6ae690102a283a7c90335dae642b24b504 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 12 Dec 2024 17:21:04 -0500 Subject: [PATCH 4/8] [Known issue][Detection Engine][8.16.0 & 8.16.1] Exception item comment validation on newline chars (#6280) * First draft * Minor tweaks * missing word * Grammar * More small tweaks * Ryland's input * Small fixes * Cleanup * Update docs/release-notes/8.16.asciidoc Co-authored-by: Ryland Herrick * Update docs/release-notes/8.16.asciidoc Co-authored-by: Ryland Herrick * Update docs/release-notes/8.16.asciidoc Co-authored-by: Ryland Herrick * Update docs/release-notes/8.16.asciidoc * Formatting fixes * fixes sample commands * Update docs/release-notes/8.16.asciidoc * Update docs/release-notes/8.16.asciidoc * Update docs/release-notes/8.16.asciidoc * Updates last step * Adds fix info * Removes fix details --------- Co-authored-by: Ryland Herrick --- docs/release-notes/8.16.asciidoc | 114 +++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc index c95df615a3..36b3746536 100644 --- a/docs/release-notes/8.16.asciidoc +++ b/docs/release-notes/8.16.asciidoc @@ -9,6 +9,63 @@ [[known-issue-8.16.1]] ==== Known issues +// tag::known-issue[201820] +[discrete] +.The **Exceptions** tab won't properly load if exceptions contain comments with newline characters (`\n`) +[%collapsible] +==== +*Details* + +On December 5, 2024, it was discovered that the **Exceptions** tab won't load properly if any exceptions contain comments with newline characters (`\n`). This issue occurs when you upgrade to 8.16.0 or later ({kibana-issue}201820[#201820]). + +*Workaround* + + +For custom rules: + +. From the **Rules** page, <> the rule or rules with the affected exception lists. +. Modify the `.ndjson` file so `comments` no longer contain newline characters. +. Return to the **Rules** page and <> the rules. Make sure to select the **Overwrite existing exception lists with conflicting "list_id"** option. + +For prebuilt rules: + +NOTE: If you only need to fix exceptions for the Elastic Endpoint rule, you can export and re-import its exception list from the <> page. + +. Follow these steps to fetch the affected exception list ID or IDs that are associated with the rule: +.. Find the affected rule's ID (`id`). From the **Rules** page, open the details of a rule, go to the page URL, and copy the string at the end. For example, in the URL http://host.name/app/security/rules/id/167a5f6f-2148-4792-8226-b5e7a58ef46e, the string at the end (`167a5f6f-2148-4792-8226-b5e7a58ef46e`) is the `id`. +.. Specify the `id` when fetching the rule's details using the {api-kibana}/operation/operation-readrule[Retrieve a detection rule API]. Here is an example request that includes the `id`: ++ +[source,console] +---- +curl -H 'Authorization: ApiKey API_KEY_HERE' -H 'kbn-xsrf: true' -H 'elastic-api-version: 2023-10-31' KIBANA_URL/api/detection_engine/rules?id=167a5f6f-2148-4792-8226-b5e7a58ef46e +---- ++ +.. The JSON response contains the `id`, `list_id`, and `namespace_type` values within the `exceptions_list` key (as shown below). You need these values when using the Exception list API to retrieve the affected exception list. ++ +[source,console] +---- +{ + "id": "167a5f6f-2148-4792-8226-b5e7a58ef46e", + "exceptions_list": [ + { + "id": "490525a2-eb66-4320-95b5-88bdd1302dc4", + "list_id": "f75aae6f-0229-413f-881d-81cb3abfbe2d", + "namespace_type": "single" + } + ] +} +---- ++ +. Use the export exceptions API to retrieve the affected exception list. Insert the values for the `id`, `list_id`, and `namespace_type` parameters into the following API call: ++ +[source,console] +---- +curl -XPOST -H 'Authorization: ApiKey API_KEY_HERE' -H 'kbn-xsrf: true' -H 'elastic-api-version: 2023-10-31' 'KIBANA_URL/api/exception_lists/_export?list_id=f75aae6f-0229-413f-881d-81cb3abfbe2d&id=490525a2-eb66-4320-95b5-88bdd1302dc4&namespace_type=single' -o list.ndjson +---- ++ +. Modify the exception list's `.ndjson` file to ensure `comments[].comment` values don't contain newline characters (`\n`). +. Re-import the modified exception list using **Import exception lists** option on the <> page. The import will initially fail because the exception list already exists, and an option to overwrite the existing list will appear. Select the option, then resubmit the request to import the corrected exception list. +==== +// end::known-issue[201820] + // tag::known-issue[] [discrete] .Duplicate alerts can be produced from manually running threshold rules @@ -50,6 +107,63 @@ On November 12, 2024, it was discovered that manually running a custom query rul [[known-issue-8.16.0]] ==== Known issues +// tag::known-issue[201820] +[discrete] +.The **Exceptions** tab won't properly load if exceptions contain comments with newline characters (`\n`) +[%collapsible] +==== +*Details* + +On December 5, 2024, it was discovered that the **Exceptions** tab won't load properly if any exceptions contain comments with newline characters (`\n`). This issue occurs when you upgrade to 8.16.0 or later ({kibana-issue}201820[#201820]). + +*Workaround* + + +For custom rules: + +. From the **Rules** page, <> the rule or rules with the affected exception lists. +. Modify the `.ndjson` file so `comments` no longer contain newline characters. +. Return to the **Rules** page and <> the rules. Make sure to select the **Overwrite existing exception lists with conflicting "list_id"** option. + +For prebuilt rules: + +NOTE: If you only need to fix exceptions for the Elastic Endpoint rule, you can export and re-import its exception list from the <> page. + +. Follow these steps to fetch the affected exception list ID or IDs that are associated with the rule: +.. Find the affected rule's ID (`id`). From the **Rules** page, open the details of a rule, go to the page URL, and copy the string at the end. For example, in the URL http://host.name/app/security/rules/id/167a5f6f-2148-4792-8226-b5e7a58ef46e, the string at the end (`167a5f6f-2148-4792-8226-b5e7a58ef46e`) is the `id`. +.. Specify the `id` when fetching the rule's details using the {api-kibana}/operation/operation-readrule[Retrieve a detection rule API]. Here is an example request that includes the `id`: ++ +[source,console] +---- +curl -H 'Authorization: ApiKey API_KEY_HERE' -H 'kbn-xsrf: true' -H 'elastic-api-version: 2023-10-31' KIBANA_URL/api/detection_engine/rules?id=167a5f6f-2148-4792-8226-b5e7a58ef46e +---- ++ +.. The JSON response contains the `id`, `list_id`, and `namespace_type` values within the `exceptions_list` key (as shown below). You need these values when using the Exception list API to retrieve the affected exception list. ++ +[source,console] +---- +{ + "id": "167a5f6f-2148-4792-8226-b5e7a58ef46e", + "exceptions_list": [ + { + "id": "490525a2-eb66-4320-95b5-88bdd1302dc4", + "list_id": "f75aae6f-0229-413f-881d-81cb3abfbe2d", + "namespace_type": "single" + } + ] +} +---- ++ +. Use the export exceptions API to retrieve the affected exception list. Insert the values for the `id`, `list_id`, and `namespace_type` parameters into the following API call: ++ +[source,console] +---- +curl -XPOST -H 'Authorization: ApiKey API_KEY_HERE' -H 'kbn-xsrf: true' -H 'elastic-api-version: 2023-10-31' 'KIBANA_URL/api/exception_lists/_export?list_id=f75aae6f-0229-413f-881d-81cb3abfbe2d&id=490525a2-eb66-4320-95b5-88bdd1302dc4&namespace_type=single' -o list.ndjson +---- ++ +. Modify the exception list's `.ndjson` file to ensure `comments[].comment` values don't contain newline characters (`\n`). +. Re-import the modified exception list using **Import exception lists** option on the <> page. The import will initially fail because the exception list already exists, and an option to overwrite the existing list will appear. Select the option, then resubmit the request to import the corrected exception list. +==== +// end::known-issue[201820] + // tag::known-issue[] [discrete] .Attempting to edit an Elastic AI Assistant Knowledge Base index results in an error From f6411d5ae3bac574a333a10526b35ad4a259d694 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Fri, 13 Dec 2024 14:51:56 +0000 Subject: [PATCH 5/8] Removes alert suppression line from RN and highlights (#6313) --- docs/release-notes/8.17.asciidoc | 1 - docs/whats-new.asciidoc | 10 +--------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/docs/release-notes/8.17.asciidoc b/docs/release-notes/8.17.asciidoc index ed03b7b20d..0dc2ba58fc 100644 --- a/docs/release-notes/8.17.asciidoc +++ b/docs/release-notes/8.17.asciidoc @@ -92,7 +92,6 @@ On November 12, 2024, it was discovered that manually running a custom query rul [[features-8.17.0]] ==== New features * Adds a signature option for trusted applications on macOS ({kibana-pull}197821[#197821]). -* Allows you to use alert suppression on EQL sequence alerts ({kibana-pull}189725[#189725]). * Adds GA support for the case action feature, which lets rules automatically create cases ({kibana-pull}196973[#196973]). [discrete] diff --git a/docs/whats-new.asciidoc b/docs/whats-new.asciidoc index 13bde6a9ab..ed1bc53f7f 100644 --- a/docs/whats-new.asciidoc +++ b/docs/whats-new.asciidoc @@ -11,20 +11,12 @@ Other versions: {security-guide-all}/8.16/whats-new.html[8.16] | {security-guide // tag::notable-highlights[] [float] -== Detection rules and alerts enhancements - -[float] -=== Logsdb index mode with detection rules and alerts +== Logsdb index mode with detection rules and alerts The {ref}/logs-data-stream.html[logsdb index mode] allows you to store log data more efficiently. If you're considering using it, refer to {security-guide}/detections-logsdb-index-mode-impact.html[Using logsdb index mode with {elastic-sec}] to learn how it can impact your rules and alerts. NOTE: To use the {ref}/mapping-source-field.html#synthetic-source[synthetic `_source`] feature, you must have the appropriate subscription. Refer to the subscription page for https://www.elastic.co/subscriptions/cloud[{ecloud}] and {subscriptions}[{stack}/self-managed] for the breakdown of available features and their associated subscription tiers. -[float] -=== Suppress alerts for EQL sequence rules - -{security-guide}/alert-suppression.html[Alert suppression] now supports the EQL sequence rule type. You can use it to reduce the number of repeated or duplicate detection alerts generated from EQL sequence rules. - [float] == Signature option available for macOS trusted applications conditions From ae70bef0a4cce276457834d396ec9fc6ae59654e Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 13:04:34 -0800 Subject: [PATCH 6/8] [8.x] Adds legend to LLM perf matrix (backport #6297) (#6321) * adds note to LLM perf matrix (#6297) (cherry picked from commit a74bc3140815445a2e58b09f13e3e548efd492b0) # Conflicts: # docs/serverless/AI-for-security/llm-performance-matrix.asciidoc * Delete docs/serverless directory and its contents --------- Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Co-authored-by: github-actions[bot] --- docs/AI-for-security/llm-performance-matrix.asciidoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/AI-for-security/llm-performance-matrix.asciidoc b/docs/AI-for-security/llm-performance-matrix.asciidoc index c8f9e845c3..abed9dfdb2 100644 --- a/docs/AI-for-security/llm-performance-matrix.asciidoc +++ b/docs/AI-for-security/llm-performance-matrix.asciidoc @@ -13,4 +13,5 @@ This table describes the performance of various large language models (LLMs) for | *Assistant - Knowledge retrieval* | Good | Excellent | Excellent | Excellent | Excellent | Excellent | Great | Excellent | Excellent | *Attack Discovery* | Great | Great | Excellent | Poor | Poor | Great | Poor | Excellent | Poor |=== - \ No newline at end of file + +NOTE: `Excellent` is the best rating, followed by `Great`, then by `Good`, and finally by `Poor`. \ No newline at end of file From 911da2d58064ea224bb37d917b5d3628055d227a Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 13:32:05 -0800 Subject: [PATCH 7/8] [8.x] Creates CSPM privileges standalone page (backport #6269) (#6318) * Creates CSPM privileges standalone page (#6269) * Creates CSPM privileges standalone page * ports updates to serverless * Apply suggestions from code review Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --------- Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 51b58c2f0c21d07773148202be04847f1d12e52f) # Conflicts: # docs/serverless/cloud-native-security/cspm-get-started-azure.asciidoc # docs/serverless/cloud-native-security/cspm-get-started-gcp.asciidoc # docs/serverless/cloud-native-security/cspm-get-started.asciidoc # docs/serverless/index.asciidoc * Delete docs/serverless directory and its contents --------- Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Co-authored-by: github-actions[bot] --- .../cloud-native-security-index.asciidoc | 1 + .../cspm-get-started-aws.asciidoc | 9 +-- .../cspm-get-started-azure.asciidoc | 9 +-- .../cspm-get-started-gcp.asciidoc | 9 +-- .../cspm-permissions.asciidoc | 61 +++++++++++++++++++ 5 files changed, 65 insertions(+), 24 deletions(-) create mode 100644 docs/cloud-native-security/cspm-permissions.asciidoc diff --git a/docs/cloud-native-security/cloud-native-security-index.asciidoc b/docs/cloud-native-security/cloud-native-security-index.asciidoc index 742149aa26..935c121a8b 100644 --- a/docs/cloud-native-security/cloud-native-security-index.asciidoc +++ b/docs/cloud-native-security/cloud-native-security-index.asciidoc @@ -41,6 +41,7 @@ include::cspm.asciidoc[leveloffset=+1] include::cspm-get-started-aws.asciidoc[leveloffset=+2] include::cspm-get-started-gcp.asciidoc[leveloffset=+2] include::cspm-get-started-azure.asciidoc[leveloffset=+2] +include::cspm-permissions.asciidoc[leveloffset=+2] include::cspm-findings.asciidoc[leveloffset=+2] include::cspm-benchmark-rules.asciidoc[leveloffset=+2] include::cspm-cloud-posture-dashboard.asciidoc[leveloffset=+2] diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 9ac8268747..4bc8f107a7 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl .Requirements [sidebar] -- +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription]. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support]. -* `Read` privileges for the following {es} indices: -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -* The following {kib} privileges: -** Security: `Read` -** Integrations: `Read` -** Saved Objects Management: `Read` -** Fleet: `All` * The user who gives the CSPM integration AWS permissions must be an AWS account `admin`. -- diff --git a/docs/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/cloud-native-security/cspm-get-started-azure.asciidoc index 865ebf02b0..4e78781323 100644 --- a/docs/cloud-native-security/cspm-get-started-azure.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-azure.asciidoc @@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl .Requirements [sidebar] -- +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription]. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support]. -* `Read` privileges for the following {es} indices: -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -* The following {kib} privileges: -** Security: `Read` -** Integrations: `Read` -** Saved Objects Management: `Read` -** Fleet: `All` * The user who gives the CSPM integration permissions in Azure must be an Azure subscription `admin`. -- diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc index 30d34c74c0..dc5bfca23b 100644 --- a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc @@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your GC .Requirements [sidebar] -- +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription]. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support]. -* `Read` privileges for the following {es} indices: -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -* The following {kib} privileges: -** Security: `Read` -** Integrations: `Read` -** Saved Objects Management: `Read` -** Fleet: `All` * The user who gives the CSPM integration GCP permissions must be a GCP project `admin`. -- diff --git a/docs/cloud-native-security/cspm-permissions.asciidoc b/docs/cloud-native-security/cspm-permissions.asciidoc new file mode 100644 index 0000000000..c79a6fd36c --- /dev/null +++ b/docs/cloud-native-security/cspm-permissions.asciidoc @@ -0,0 +1,61 @@ +[[cspm-required-permissions]] += CSPM privilege requirements + +This page lists required privileges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below. + +[discrete] +== Read + +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: Read` + + +[discrete] +== Write + +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: All` + + +[discrete] +== Manage + +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: All` +* `Spaces: All` +* `Fleet: All` +* `Integrations: All` + From a40c36cdf7d53e024479d72aead5186053e8955c Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:55:31 +0000 Subject: [PATCH 8/8] [8.x] [serverless][ESS][bugfix] Fixes outdated image on env var capture page (backport #6298) (#6315) * removes outdated pic (#6298) (cherry picked from commit b5e6d2ec5caf5a0a220afe7a40b67b9a8f1f4d2c) # Conflicts: # docs/serverless/cloud-native-security/environment-variable-capture.asciidoc * Delete docs/serverless directory and its contents --------- Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Co-authored-by: github-actions[bot] --- .../environment-variable-capture.asciidoc | 3 --- .../images/env-var-capture.png | Bin 33750 -> 0 bytes 2 files changed, 3 deletions(-) delete mode 100644 docs/cloud-native-security/images/env-var-capture.png diff --git a/docs/cloud-native-security/environment-variable-capture.asciidoc b/docs/cloud-native-security/environment-variable-capture.asciidoc index ec05a561b8..36ecbd0f89 100644 --- a/docs/cloud-native-security/environment-variable-capture.asciidoc +++ b/docs/cloud-native-security/environment-variable-capture.asciidoc @@ -28,9 +28,6 @@ To set up environment variable capture for an {agent} policy: . Enter the names of env vars you want to capture, separated by commas. For example: `PATH,USER` . Click *Save*. -[role="screenshot"] -image::images/env-var-capture.png[The "linux.advanced.capture_env_vars" advanced agent policy setting] - [[find-cap-env-vars]] [discrete] == Find captured environment variables diff --git a/docs/cloud-native-security/images/env-var-capture.png b/docs/cloud-native-security/images/env-var-capture.png deleted file mode 100644 index d62ca4149ce7ab22968030f9ee7f3e4e244acfcb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33750 zcmdqI1y?3J*Cq@!H0}*F?%qJ-?(XjH?(S}l-?+QG%Z)?hu8q69I}FdfGwVC&JZJvE zw^piFDoIr;yRvuozOG8RoQxFLs2nf8mn2-Vp2sq#~KLqvl^IYFNnh62|Q*16M zC?_r`NFe86YhrF?3<4q+o|ptF7r%t=ck%IYMAE=_h~$9^UH~48;z2P}9u*4?MLO^e z>2zcprh!77KE2&M`Gi8D`4?HjCtcC0X;ItDDuj|<3<8ldgE=gq{}@SDTCqin0= z#Tckx-VizrqnTFG@v=U865HbJ&TT zDyX&ZZ!f-Rq_nbQpdc`U?BUe=MtNRf^T^S1B%mNm5zFxPq`lBKg6hIS=wS|%;Kfo` zL*V4n3}2<5g@oPmE5Jbf$4nv=KnP~#Ik_X^0|p2^^Q?$BuOTR4Xs-OvW|@vpm@A$e+FjW_~H$IB#prxIU%4b4VUKmg@tEL zGoFa+qL3K!&$LgO?>myek+UmfA#so6)VlUEIWF<=*L7gt1QfHUUJL?$$JOK&rIO!A zWtdC@pwz33;#eKimhw{DXKu|>xf4GdOiD-n%H03qGuCd7UM%``{LyXnl*l}&!Y8YH z!;-8zyW&CWO80rM-pG@*R35Z$eTnhz27D|vWt&aiS}QB&B2u6v{C}Iak`hJ8Xp*pSuhqK#&0?E6dS1#5nxsgxvPknIAES z$Lzbu7w-_{6u9zkjv8n#Y?E#&HmK+Tj9$u11vZR{K-L~(J7%x%HbHc~tec*8bgw9Q zf*?epQ%K(ZF!}`RViW*B5@I4FGzGr|qIogynScgj*H|4R@TZ_2{gUq-128+kpu2?( z*-{Eqlv9YLAodB0kY__$1CRP54LbEH)vPN>7a&G^2lN$dmi~BIQQm{xliV}h0+ZC~qYk|<>C5LE6Q}>?rGH=puw%NV4&~xEc`#1Lkw*;@O+QGA9=mzlzvIjQ? z5I1>IcA-4LIRo$s{Rs#vh!ao{kSCCBP`^U&2npxWPX~XO*hO&+``!Q6kG?Iv4Pu{B zAjCl08kZ+#UeH*;pul~^a72GpnURsJF+d zu`X0as7t_0&{Zf$LH12n0!&z7NvO0?E03$tE1`HqbF_Z9^}2kIdJlWgcC<@@fa*K- zPc(GOU8)2s9MzW6pLt?RO!BuXM$}ab6-r!%Zo2kT;blhU-^vn7l?t51j?!jg8FZF} zmQ+*AGm6_~p8yWLXt`Jl9i=$O9>+e%#>ajzGQX9A3jsw6B@RM`ipEOH>hn6xBF?E6 zg~y*cECI&cS~JWBgJpUR*0cJwXe`C3;wJe@owKH8NM{;nS?4Sde~-Xt?z>4WCwSc` zrzjdMX)IYL`ZV;kt+b^yATyn1v{|WHtA%|7OhdFe_gqLLO#^X5vgO6>`4ryl^!(K# z@^Qk6)(qx!;gQF2(UHw8cQI#$=)B|N&WZIbXZ1rsm4xXGaLiV{8yx|?6g?50l}2AuRI+oA zcCJB?ksmK4+m~UHw1?9RP(XEF;yKF9ir-Z9sG9f zc2y7EOMb6cZx}BQ??mr>Z)&gXXUxaK$N8tIXU<2uhb|;Pcqo`ZD0bO}ecLq_>iPaM z{?uPq0*3hG_|f<$184$-duRyl#Po(1Vh3*`51{v%g9GGL4i~1#^^5c+`(#3Qdi#2* z`?5v^~_P;X#rV-_Ja;g_-=3suYh1NgJvvSd%aW7BUr zaI=$+dI?Pr4T&Gks!-S3}D@;04nk(Tk z7j29PO4)zW}7E&WO5F=7_Z*! zl7SUliN7c0X6hh&^AxcX5hNpIq`yhvQ;(%J)64@JEdgkA3xDeV0nQm8-52KP5ln;9 zlju;`B$ea@%7@NLJqI?>jdGVWoEW-D-Cr3?jDnAHIQ(#6*@xSI-g|Gysn4iycMg94 z)kyuU!l0^B8K6R1X`yZ1!eM*YjrG9{xd>P&s(y3M9B%_SUn~q(*$&SRYsN2r1b!eo zKV3iNy}n>;v7SC5-w=NcPDDAfB-y^Ibknrxm?^4hJQjv2I=zvvWRLhfcT&15n${X# zosYMS2aK<2ay8-nkf$1^IoiOgYqZDq*6e9=UBR&JQnAo&Glet{brQ8zw^Mg)m4Dj5 zrb8=5d!Xu|!gjH^SZ%rKqdl)$0dl)8UQ913wjA8(ysu|beUuGY#2?Riw|J|+WL?B8 zZM-w?94voHgM>l!szjc<#fxP7qjI98=_&RiXOF8zUWv`qzIjHi;OZH5fZQdkAnS)&5SAmBXu3kWNBT}WPzEB)!rI=N-F^Al zX&m#7G0{|c5+llggX07S6X=0Q=xmxE6=un!u zl+As7aNG5&{rZyZ-+qvAP#EYD*eK{CXd3bsV%w4OVX#?vx%VjcjxXVR z>ScU?+@GE0>k>H-h0u=P@%~cv#cx(hx_em zR?$blBI82=8<^YbC(EK477RDPdJ&Le9SWCM=(QN(2ZUzrwkBS+86zH_e zeR9avW;O$J-$&uOZ`Gl#yF2FN!809AA%eJrv`*Nk=gMZRCT=1v4MO#qhXMf&H3tFz z%z=I$Sf2+72v`o-|1ALrH2I!?eN#W8t997c$Mk?{R{Qb%S(06l8aP(f3Z`S%u|ccLI65%}-^ zKc4Ve--(nHy9-OYKnRLL@NX$c6s7v#%Kvxc4X7#NVOE(6;eYS`fD05x{NR<859Hs6 zu!;Ry-)V0^^Y2}=9YD*8aU9Trg8l285rA$$$%$P@p<2d)K*#=f>SmWEc(fwAd~1Sd zFyBB>$H$-^9-MV>HX{V}S0HYSb)r?~x8bSws9Jtjcv5pn>&KN&3^Fu-mPl;a>1^P5 zIaZ=VBa_$XKmW4Qa8QDy%+e4EPL&LkJXC|qaj`$HxqCQmh)JCpsOj(TkAjR$7#D|( zf{RP4udjbV0D;Hw&sWOe00ZT?wQp2p{lXjB&P~ssrQOJ<@_XPhmo=^}_}5TQ+jyaY zP=W5Vq?APbnQY-|)OI4htF< zh!x0w{|QCJIMp^fpckhH*NLYtTSGu{V1 zBm4d#d|~3htHcnlf17vcURh6>t?iJqw+fFZ^sa`O#Zudj_;d=Z>4{!I~S!8(5l zwxVTbc*T$v4)Kn;Yc5z;tp%PBC6Y> zDYQ^U7>van3s7|e_-&rrhO9-wxIqw2JjAn()Jcbua50HtsZf)#x>S@22=ruB<%^d( zJiIvWEk{s~Hl9(z?mM#ah?gZr-E%?*wJ6g#ZgUazThHov|4Jv$pa$~$X16Mv{8%A= zaIU6loTSdkJr4499eMP172BAYFEk(D#=Oro$A+?ZYyByPM!>zCM)e_EOQ|PI+yNx;$h^eOI!hV!1x! z?|QR&O8C?H3c=m!@P{Mc&c-R3@~CmU?G4vVCL~J1M=a*`Sd?_(g|Rc2Yq~X*BApkr ztdH-WLn(gZm5%Mkme7;ozKG(aD&f(rJT-~5t-u90d{EjjY;*Z#lVnzBZul{1&;GjG zpWViNxAU{s16uplzhLi|(xJwPyx6FjY*$8JtacbgXVzE3Op2xEjC`RY2zI#!u8}Z3HUK(Y}l>lpe zNJLzf$p!*wM8x<|{5IJ#B_6t!=gx)ECe(A1zv~YL64)h6fT@Ctj%cR`jWP3*d_7C6 zYgBr(@_84PZ->R^ZzfYSI!c_>X~kh~XgX?Nnm=TvrRK%Ku?5Rzp~-Wn9v@(b{aa*mQ)3*cF1cZ28j#dkTdo z0&Zfc=RzXvNiu_Dxe|v$l5I3{m=qM#N@?%#?Z^F4^c%E7xq<%COkO}6beq7`Y3JF? zcA-YAz)YpGF#mh*v}3bmj*hdorpiz639Tm8Ci6^e+ES{BMf?QP6GU;EyTjDnxBC+f z#r^7aI>H|RI(OOjF^yVP1RQoU{MTBI=Z5MZh6iV{BZc{M(lr@JmTwbkn8n7du4QDu zVV>UgnWOH;8T%{21y)fMl|in#<)3&*A4X_0%f+Y779S;9aTtgIxL-zv##Nc^w`A0t ziB&p)0lRhkdxakE$>qC)`3qv@ZG}d6P2ZPXA4}@!XvQs*f40|Ky8gURk0(+KVNuBy zmP+ZhdyM8dp9e0I2n;$#0hHdp_f%%pBsyKv>FGEJ{+l9&Vwp;*H(IS0H37i@2t&@5 z&oyL77^BIl`AWrhsSXVV4UN>A)`E1tT$R~-upcMx3YBd1oZEAZ>t~n2?_VZZ$q@hW z9G(QbVT4_dCgllRN{@X5r;0j7GZnqGXjRr1EH_?T9g@Xx-u0?od{c- z1n;C2)!J>kUYU$5*MaBB3wI+DiFNCO>r+3s%zmwYyu%&2=%cmf8cJib7-zng8Z68% zvL@0ER3&sA*E%VumpM46TcBX#{dj19X|7oHnu=UHNDLP_v{rkgkhy;*VSrVn(VDr)dG-)eo z4EL=TUS5STbMcf8A5N~yjn_xGJwC!bC+n{HCPO^va6f0rdp2Bp`^4DZ0&DRx_ldiM zYs~ZYG9ql$;M|F8Bf|^V!NUEk!_33=@<1RoTGop}7JJjP@~=_bS=N-pB1_sT+GHKO zUP_R?oqg-L4vy*wtc3W_QZi=hXBRpbkJg>moqbnPn8PKlv@D~|5WM45F!Y>~KaoMm! z^BGAFOMu2&xLd!V9`9sci5^-$6J14JYGc(wui(~eBGe)TKZS%Zrmi+5rkmN2d`N-q zDA^aMs={yz@}N|v#;~T9;$l8Ey#v%uo6a_#msQd$Fd-5FGUfJ*TY`-r9cu5|X$Zff zO}h(d)qm}Q>WyM*Q2pLAR#TR<8X~<$(nW#M5Xhh7x%cuh<`D#=DkxIHkfm5e5M!GqYfr7) zS>fQ|9k*9B+U+FU-oTXHyl}bko-o<myBZm{?swbvgqpE(=||Uc^W{Qg<0E@{Wq-2< zq2C0SSEBKI=RLmVdi5g5DzrrpIndYLv8gW2>Qx)a#EXa-6pH9)Q}{2ECl0{&yPIt| z=M3!OWAz5JHJ&J~aMs@|_XEQUxHl8c#h3@b`s@dda`xrwwrr!yl9f#T?8Y~+i7Jm1 z;~0Juk%|lFLGq?h;zvKqS}0NE@fJaj0J~`84mvXq@GQC)Z=xcck{S=#$#T zUf5~f@f|0l)w9h*=~PzT8jIA%T%jZ1U@_cK_?f+*+rElimR914Bk^r3zouMm=NkBDZp!E-5nC9xVQaFO^o+J!BLM%~SPg*+V0W7-`cQLK<1<|fhFAgCJ zjRNv{>IwEC;+|a9GI5&lP_}ZqNDXZACKD<=wzcJbAGHan?N{-)(gG`ov11pwz3uU zjS_wD`H-l;QY?A&pV=1lah2rCYqU_XSXS0#Y|cdn-d)5; zi_WXO+AnVf`Z_fi*=H1YbA4ZjTdF;L+O5_zf#fZ`zK)DLm=LmgDi3e8h6gtEhD3BT zB;%4nQ%#~(=0*bnYRszKAv|t5l`9bkQTh?P>ColU=S7Ccm!R}t@pwwU1TMy-1xfKg zYc?+^?`C?^F=?i}I494=dd`hPWr@|i(T5LM!rmM&x7CRZ<1nmiUanqCkwic1g|u>e z8Zx%-)h$z?knDsULV%uuq2*M((O){m*Wlo(azjeRQo=TibEBPZEakFvu+r(o!RLzR5-zA%o}cm|v><$i zm!NS#(w^Jw|DC1`JRRv%-fAR5IVLT{N&b!|<;5HXfLFab>xv4!4Rq}vL(I}z*sTA; z1J$G1yc1-abQ7phA27;|f~Sr&6st=KbOAEMA*%>?A?ZVvf5EUsD!UXoOrQN(1TXBA z^iqeHXOkeTtXKavmyC>Tz{Ug^R6ISH?L`SCSguf5$922Otx&E4ztm<8G*>M*adv&- zNK5dUJA^*Bo=nsRKBVNe9c|en9ao)B|E^E_wdG4p80o zBwzH#JxlU_p6i`JxdU_Lq`D9D_W+Zx6S;=aTCEq={BX$lyjIS{k-SoYANu7**Spix z*M<7Bm!AzAMdxA$e7VJxt=g#}GNUvgA|$nku-jwkPb{_DP!3OTRmEHLmLIfnU>LX{ z*fD}Mm4%zyJ`~K#z)D?Ih;L79?`J4Pf~H(ox0kM!YZKo%0SDh2sJ;cW&SS^p=WMC` z`^VKnu06y?82$3a(R59Z2#<16PF(WLDpE?c<>0?hA@E-0jMeKJ z#bb{ES8+DqE(%2h6u1%Rwo|sQzxZ7G8iC_8>Ko@nRodd*7(aLOIb<=Dpu<~T;ZwCQxY42L!*GJ)O*5an{68SOlWzoi7xlw-)gU!$pWI#Gy>Bn@le z{7~q>D+pfmyq7pzu9`#^%D=p{qfE+*fb(ARXuj)^Ph&DS1F9kqle)N=ZK!CJ70-yk zhhu*%8pVUW#^+vG&=!ihYFGUO`}hV23Wc+@q_lQX9vjrZ{PXr`>Ed(`SkM7O$C5zx zqu<%r?>Vg7UZZ0Fo5T5F=V4gnL(IgpdZl20EqVp=&m~L;q#gnvh!e!kpFu5KXqe~* z4%oSH+cC@qua_oBRTXE8O3bP}tTK*B_-Ig?cjf4;6PWeM7fs3zS_9;5=O>v`6^zhK zAeM1hWv1{CZBT3VAvkhw+qe#V{1h+Bj;j1_Sogh!WQ|dk$@AC!$i~V$KPY3A5exnk z!9URXrUD;%P8Gf9=kZC8Zl?b zNV1}nyUxrag&>|UZ9|IN<-Nnu>9W^|2e1@1MST4~ZImwtzjA%WsJo0w!H zKXF&8RVsjf3EbR`FkY-G`XzL^`>eNX5&vR#X{X9VwPHKUL2CS7_9pU2pw}kMf8({W z$Bli7qg5R}0%3u!5*1&47yFud+Qnt(8?Dw5NgLk#i`Y_yEVIz#O2P1Kfw^L`W^r?q zFboEZ^+0rb33Qw42$*#5+uST&nzO05rtNd2dY$cuPdxEaq3U|9`wd2l(AFEimq3wB zCM_D3O02|zGLv*%fBHXwTDhO#6@$o0<+FW%Hp6#sl^m*zFDA`R9^>)C8{<3=N69%` zbSHlPy!HP{{in$TSUksU)Slm5xN{!>#_N zymddMU3B4Hdq-n%)r)@DUSj%v<8V=;sKYhUT>yux%4^R<0B~d6z*sBOmOdN;YMZho z%34BQ=y@0Gzk=8)~QyA>T zTU5qPX0K>NgsQGbv;5v&IPx+?Xz3?ZpBNEB?$J%{$yj+*vK*IZyNi_Fa1}1sfKFRs z+-p_)U}?@*8KlUHJ9AxO#%uCX&Lc2IYj3Lc%4C&hpkt$um}V*wd6jBV!`X@}k+}9m zCWM$?8{oY1To7@M8s9SS1e6Y*0Z4Z=CDZ20iTrWeE|N3SXO-T({?u*N2ZVZxu3$fT zyYST==~mrf0cvPXNi8>a$O)bb?4{|bjtub*j#T%FV%Zk0*aF3~u`rB*n}ENgOa$4` zEy6@-F;xp(Vo327EkWKcxU(hkv^l#>q$G2ncqM1s9J4IAD6)N?X|V|jE3OY zCS_o|7?iJI$s%I>0!R7i9u1XwRbiCFCoc5~1;O9hESorh8kaZ$uoIbf5yI=bW{L;( z+dtz#W}-jk8+22}nS)2(CPCsAxaAM7`CpymuAhxqf_9`|UDKW1Eh5*kF~(VxCSPF*&I39GJJ7sgNt3O)AI^QfC;e3x6YVnv{;CAh zfsI-Rg-p5|{>A=U<4Fxwf|vx(J*jG{xZ9h> zBUt?1x+Bf%gFbDbaId3FyzBffs(3t|mxkpj0o})?lC%9JF85<7vJePvT!WSt`RwCu zf!R-&{)jCb5!f9JzVH)DFXrBcMB1{=p=}%bL^o2qG;c}<)x-5<&v{pvyDDT}a)>-e z>&GnmMXcvWI&C)ZI{z|@)1GOs;`~>5O$y$k2;)zrmWr7gJ(1p#Wi&vxnwiiu)F5W~ z%X5DV#Bt$#>yrERmY}sXn^sB4hd=q4qYVwy;Iw5L8@81mRQBgISFiW!8|PZT*bs@P z$Uo>zIY93s*ynclMm@^MQ)S0IU!ow{<2zD<5oeb=OE}Xh+cMNGF+~+vSqC<^60p1J zz!6%@*cQBD%{0-G*{+MZV}2N|5CkFU2iu2Jg4vcRYZ~s_SpneM^2M`K-O^D7mPgRJ zx1yXjyL+@eh}}=_PAT(ao$fOv@u2_WG4k~w+j(F;F;KO~y$|gvu6P|SF8F``r$Qy= zJLe+I_s0P!)IZEG-KwB)v$LPfuNSTm3diL)jCIY{^Dw~ZI$QPSDlM5!nb=25hfDJ= zd^4GcM3%)Q%>#QGeesrA9Wz5P7IHY%aJb$kfFqeek3=9FDGMX8CRl5% zRX>fKkdiKbbdm*Q;`=A7)iH>Wb=vaDYcT+|7vqmj#-qWbQn^ZLWq<>20;?umgjEvq zs65HZ&_o557OAMZAW-IktTU-0Fgp5fb?Zso_WON{4JKDyj8_B5gx2$;y^4d47&_eP zEY?@-Jx$F#lTCGbX{$i1rAYSLi6+C{tG~HEeEcYWrYI;z#AEPaC|L#jmVmQ>jDu1v z*rx~&i|+)zSLYpdoyZO%@Abo6%<$`CZeYtx7N)_mPNR94byN#?P@KNmCI6woT%}hs zm6})X@#9J7bYs;Z>&oZ|wr5R&YTe;hGwPqiuqd!YiR9)_{9 z>Vyd?iG?SN8_pJYmqq7^!;|9t4iuM>W<-!FiHWTU%~_-VZm0dgVE`ZigDxLcYSjA> zd+TrF{1aPBQG47GH>GLPcmo|z?Z;q~gud9%LL20k(_8!j7~{g-D~ihmB-0EimtGRs z0?YRoys@SXu17h*0B4hUHdAj2j~NnvgK1IwR<6S^t}o z5$S)}pwCNQWImXU9Sfi1^EsEB|Boq6KLKAAtI+;rNeME>@w3FTNEF71H)A9nEYdm? z9+v!9Z+_OVMMJ^Q4bqt0PArSs7D$Z=1b!(HGa4vS^dN5iNr=ZvLZYTi_za_rOu2KH z08Iw_PcG6A{8ePLLagbG73(zYp920rjR_>dkN^|ErkZ}l#B%=k1OBJvRm4vKupw7R z{NKa-PYE0FKQuCMk}f9t-+TH0|NY=Qm*}6kz6(C-|4Rm9n+4F{2`QN=b)qd*K|zTI zorN)0Cx~OFVq;Ose+M*>uDWQexo;w4B3o!?&X4XqgZ7(FVKvRp%#4|6Xq2hTN{c5Z z%zYD=kxBB~v@4Y>Dycl5Me*)EMLBVaoSVC)cS;3pW92KADwGKPgFOAuCmMx5U1^pT zP+EjSKuF5TA%KR1W0J&SS&ZNhe$oNxZF3O=;|gVi z4w3AE#xK^(yv>jtySwZX&Q)pu@!6$rR=uX zPkc`AjK${gqlDf+a#!9bCV#M9MDFxwLjxQmK)&6*=_jI+KG!- z1qPT8Zb@+bZ3&ef@ybAa&K6A4(OuDu#A9o2Zf7|=S=tE+SuCz6S0n$+krAJoV2N}& z&-ObwiI@1FNtS^S6zPAF!V5Itk6!MaJF(u5T(sEJnN`BC5Ivki5G0O)#~MYrvW~VZ zdaMUNZZdz)9L;^r)N1ftMc#&VB(nBgUZmFWp>rcua=;1B*&y&LG~*yq{nx)_LhqH9 z9-EZlJG|)MJLfg|0&lHMgQ5>+-m=%B)U*TtzEFuO2HzmyHVTGRT zG4O?CF0*fNpkfJj>vknNkIhJS0<$Z~ZReXC*W&CZbc%}>1SwivBuB+IfY#BlNfs!i z2|U*lQ0k>_emgLs{qLSg?4FVA)*;)@*|l}VQ*t|4nFIigDv}q5QRD#eUI3oRm&pQ0 zV@|m6dfY+k<5K0R75TVZEDmoTkzyaRM}odn$Ym?RUHingj_@%Pyp8s#IQ@36`%#mB z5hDWVfp?B0uBhGx_AEC5EJ`QO23mxvhvwMcGvC4~q23ca*K%QUsH5RIE;}hMZj9Aw z-^+<&rRoPcCvVd~NQFNuO^EdGz*P5i)Ra6jcx8OjUGCyjEif?G2kg*F|zUf;kP^1n#kUr|7B?$Dm$w0L9pa_f8RVXw;dA@PHx zl9EwTYlUu?{JOVoNrgs-3KpvcK@9i3pHhV!k7CCwg_tWQ6q7-m_(sHK)olvxj~Gov zQtf5y$-+CM>mSW4@2fGzrAuK#|-J9iV*|NX7*wRo3^$IK&7pJk;u zXhl&JNYB;MzC|I#4OUnEaHbY&n?F8XM!)S`3yr@EcYPi&sGePl#*t>0LIupg7*&O$ zD(tSyE=nvGk?!tcmt{?uO&qoUCMz1*(XD2MJMXLr;NuJ6mwP^~&J@w|IB3FBpdcDb zxcRGBvpGgoV>HZwdHW2!-any}Jen!o&Cksqei7tJI>`1U>htd(7?9}l#7hFctd)T& z_&z-)BVSMT$qw6g`BclQaN1Yb8;`O;LqjKB?~NLpWv_)CbQGx(vp}*lb}u~ zorfo!`v(Q_V{#>Mjl4B(cpw-ngxS4TiE$1p93<%2BsXc3+@Kq~a@*lU?{fMp-C3p9 zzSfZ7NhW?x%-{8&To4C-72cE6s{5gaPmPO>9$&7J1Q@E}bAO4cbofattkcz+mbw_j zct2E;NYC(ik9B?Zh+Ahao7X3a5$-L*9tM>eBH(*X^8L3~fHWYygG5Dw{^%d~}TfCUv#455pYvdiSr z^i*78RaWXVx8~%*S4BU#OLX{i6{_6s1>BMh4;n6pn?mmw7L)5Wpf2r(&x2yo7ffFLUvm}m(p4w3qopdM6b-v z(0?SGQi7I0Ymoj~xi&)NE~c+L*_dD0+lwzcKKDY46bSgTS9D)>7fdxFR00y0;GmUc z6P=ttJh&GvvuAX^thQ7L=8x<7djWiwMg63)L|x4m@NgV;McY~x;%H3FT)c%b@fc1$M-e?1 z;C_2DokYwRf)8qq9Mxrn46RZJSeuq)n{*X{Am)7bWk*I){!6bKIhto@R^2ERi5Uj2 z{a6@x)y3A>y5dsQ)%2gU>$QfpnH+@#_VWi(Th_tVVrfi9+l+KMZr0o$&^j;8fQkjf z*WGgs6f7`%TE2h)r|c@u$$V~JMpgVcJ8Nt^X+Mu{lC~FWMG_^28KD?k$)v#pufp;b*Ge!WQ;qrCJkNDZtWur;xUzj~x!sA>toEvNRec(uVv?FM z$+(C4pPJ59mlJ7BA(FYijluh1Yu&Mh2dzAs5xpbcv+_TNT7XS|@GbHi7d5l6pkRm- zx*2x5%(E!bxO`q;Yftjc$%6-tHF*3u-H*PkjmyOt=;eVRLwqf#wg0ca!JHE7hJQAe1O?#&Mrw~k=XF?>c z>4ui8u;r30Sy&}4zvgM>WBo6(N$=WJL& zM=jt^FLLlyY&SHtJAG=ZxLmD`XN{^HYC?9ht|bgp%Wlf^T4Og!L+ncVkAopB^Ltb8 z)@!ZnGy`T^K;a8>J+h5mz1E+<7agFF`Fd1jv9msu@zoh`$P+6pJtJLDeLxOe}PW6*QN;5-=vsFoAp*N1Nj+Se-1|?B`-~xo;QG>#iKH4cLs|ZurGYz3^kW6`6 z%8ODlI6CCG$8-+0g*)XtFZZd$uqy+;bH!DxX~GfP@p3;JhMdprs*rHovF8y_e)P#`Ixn6qc3U_AhtbZpZ>ZMgIO$2<>v`#O4w1LPW33(6W=;Cl4V_q=j%Z=QzO;5K`~!v zxFe$~m30g(*^c0zuLs=vcm^YTX0@~dkmI>ldg@JzLVk5rtn*Byn}>-*#RTvt1Tas_ z(H8SFJu3<}5D1;BPLio1qWJ_UX9N_FT&llBl1Ewx@>IHW7VXaM1Rzx`r{TloTK=RS z8PncDaWt_wR4XUPShg{mzjq@p(tE|)BPy^fpk96?f}hn$2G4BXsD@Fbq28 z{~5I9wb?H4qYw7RvqjTHe^zOtm{lvDg&ZZs&oAi4`+?jt(liMd-B~XAuSAU9KJw%J zihiB(jmnebuB<|Znf%k%pziLLXjWVtu}{LL-eLz>G}VtEQnY7Y;j5mLxcday=5=S$ znbir}Ko`kY2jjhyYM!LI1f{3b8`}b*aD$ohgT!SXL#M&vDSAeGcf!&zqi;mXDM2!_ zp=TvwHSz2`O`nJq+i&p8#_e$dCGY??MZ72ME0%|J6xUdUbuLc9CUr&&NdzmBQ)|rs_ zo6b2y3=D^kcE{_mzvN2ASXL2-Sq3t1IaFRF&%8AnW40|7vHMo|!&XR5k7Z?IZJEFc zz{BPGLZQLYCCFFEe`2v4b@wh_MFGjpbsV&6zHfZE#5p~j&|iBXw}O7AQ%uD_%u|8o zO?)~9ET2rY^2iVFjczda*3Awkg9)DcmzjazUL1oHo!z)PVkfSoP!6Po4QEFetZ64B zzkDa2AsVAI#H5u8ykE<1U@XL<1^*Hy#>Rl}PwG;9uJ`)A%Rk{92>9WaJH11dO1FQp z@wt=UY1QeQ{6Ro;-3yC~aed2CD=Qd{=(5`~qtq&iO`y@lntwH^0)q9orgqKECYxYG zOjt)Atxj~kee%33?G!{$XF~PFC~Rv`4YNP#)IKH`N2t53Tp}PT0*l8GXCG27S%L_9 zPQcd%Yv{-?09DoRrd;U?N|FA`Q(i(tt&A4$p!HF#ZVBBXW?4D1WT&z3*_F&I6Rbg5 zgc&gFQY>&Ilx8GmGj@>&PqU44Ezmgh2k|I(~Gap zqPuObDnp@Zvru1iVe_z#ySN?7r55CVSc-{7@4Trv;`h{HeKA1%p@AybM+{?-QcO6_ z(qF{NH2ruwPmfZ07duKR(eazWY+N0cSTVU(;P+++_&FQv+uX@-hpSW66?WY0W)?AU z1VKDXD2Zx>4TJXhd;DPv3J=SbQh9qtxFn>D*zcUw^#^ERNbNP7n5Hohd5Lrf-`z_! zcpK$J%5tD53k*DH^)IccDEeC1@MTV_*z;`6lCNUG=J>U-{(_Ttr;6tIym2si+`26_ zm`C8Sqfqm{y`~F^h)4v(pcy?~Cte?v)b8hSxE>P_f8db2jbNi#`QAS*DpaV+m#S1s zgaq0wo)eiDxhKC`AMw(iz=yR$+SAH!t`1C1Sbto&?s4Zq0=i@wUWokz2sYabo3cp0 zFSg<(WM#nbT@nQ>B4#BtnHgGzkf*?ZZ-Q2q;z>(iNoFRrw|(uLU%lNCw}K)RoWQ>I z*Wz{SU4&i!s>8OhsejuLGT76Z(jX~eCYAtyQs+!Sq7KX}m24c8b~_mOZJY)}h3M5e z(IA*v5k2WHMR#9n(GSCgd)hI*5~(`J*}O2N3oF#=SyGiS8(Z=qV$CR<+gG~-ZC0bo z^u#Ct*z5_4<=9oIODe(4w{O=}z6>yC{wfp&2~>{trXO~Qf#DT1La?Wp>cNppviZd< z>k?RVH_Y8Qwz`Sz0wm*$5f@85@Ug4)&9M~bC$ffeo8Ia%S(_N9MXrMyJ%8MsZnXZW zg`?wwhd;d%Y9USE-Yvag`Oc3>7g{IGF{MmdJokd<7YOLlRfXckU4Ul6r6bn z*f3b$b3GXy0zEDg=>u}i<3$vzb*#GryEirlAMhRCM$B0nx*g3$?>=K^@_JqXbUh6Z zt#~&HusOG=+yAbifk}{znOS*JkyO}FTTwxQgpyJmOpvHR!9CeEr25h7!zJA1aD|p0 zuPHu0e*C-fXcF_w^$C0y+xqp25i4GAFOrQBd=^VEQ&%h+ixqp4-JH16BvE?vP%9nK z*$tgAlC9ZMF#9qgU@CZU)-$bKH>f@{rK|GG#rGf}`)}6MKGX}Y6I138Xu;W54425L z`^yr4Q3QZ!AVv_0>=#uo=1Izyz57=;ybWVII_HC&x*h(_v=0|XVCtUNDw=~DzraoO zmn5UI;GnZ5ZgraGgYSzd15{PA51eQrl5dmeDYC!Y z+5fsbhVL9|)93V0t>FOn@Dj>{g-k8f3Y00e(omvApE_&x3DET-X=+LityxaJDwsAwwTPV{}>AQc1IDef)Ty`>)X8tGlU_=IDKS+70_hy9wU{KTx?}B!N5r04D z1-{4L;^d{xZgM+!@*IuphR8L3u$+7t;;BeM;Ja01(uC|TL!}389a*tFvGgugG^1P_ zx}*M_ME}Z#@Ym?=m2@*AHsQU#j7k_OLJ#!l7a+Ttm{>sT?F4uuvZQ@jyDf#YR~wQ3 zKhAb5fgfbrnyWAbznLb#ChmA+!p2v`VzT+y2WlywN!IE&L4tth=|kTK?5!c5O!!<6 zDAW2Zard+Av%lfG-56j4ixj-v0HQudUgV+VaP|{9C5M^K=OrmWJaN;TrM=pJ(k|Uc z(%q&pBwW2uZf%MH-lVuK^7fdFFs~~i0dLu@p{AQ3uJ`}4spx+=DF0VdJ%N=9xi84W zZ+a{h`v%zVF;=`2l$@ghOmrf#Cdh-RKCuKNJW^t_-6>o@)r!)Dx}d5ZQx&=DyxB*s zxM}|zLHnQaTqpZcivr}GtZWKy3vn0srRtVi)>eq*qsgn(;|5vkSCG78)tE_0Ze}B_ zwBhi-?RrRM^0*FvBPTzJFTI5pnDDXkPLP+XV`}-w){FnMwa!0)FgD9d^EYumzB{cm ziq1$r5#v60ok2_{L(^4&+qbkRKcf>*&Adt;YZ-u&TtEr9<1f)~@$K@4n13<(fBAiL z7vCRF)|xTS>UqDl|1xVEd4vmsBwRuDFDZg&{|x^!%1?p<1qtueUbh|CTP(W~K@T0O&T|Qw9%Cn4^)HM~^l7|)m1o|5nXjrR# zt+>csR2Wp8Kycs9o@dTxOeFDV-QQT!&*hNMcAA9rE%ZGfloCaof=RF~C!U>1)x=Ud zD5!sFVs~lD`S>Ub92wde%9PO^Sa0ct@-oFb(5!0Rbto zMYM$inB4gClWDblD{EZ$lgTIvs}TId1$q6=sv_rqwfCM; zQ7ugys3It!2!doK2g#B}vY_OsfMk@M5hM;lvgDkz;Aug_L`YByLWe2chytXPu2Eco$lz+7EgiHWP$CB@0?>k5eE3tPImPd zHu{{})zUAbsOWnm9}4T@$MibiB#?MQDF%w!;*tAx=AN`*FB#yWY>p+(n1!1UN9w`O zDFw-5RX%;9YZ+R3MY6NdEaRc?RG!lL;X0S>qOP4#!uay^#^dX& z($Ahy{@pSAGxof6$nXIqFy9<_U&#Fy5c3jPygR}1z|y&F1*?(3fTp3z(H1`;DJj>%IwUSfDp(#V*0R>_dqc=sZRtGhJ_~EY zP^n2zxn5(n_E0LnZV9x=(xAqCm}OV!UAt4wu@5kEL^-1 zyDg`U!}qaSifPwRAUve1MO)M9NR!mmfAQfq?C8Wes$YiMlSb6zy`U*UVoxOH1`MgU zcc+II~3g z&)xW+&1oV@qw*}arZW5eyQ%}LyiKak zxc8+QJ=&cco0@2~Zhq@)^5@w)Yw{{9)XoBr-Gy62G~Yp%&pbl6&dxUN9iS6_m))&R zxXV%tA#uW0be_iNf; z9AYjG2ZwpQ=iP`dk7mpblOH!QDkLQ{Ve^7^8aFZ^kh9du(tNkQ?>qZJ8-njEU3cbZ zS~8&tPo1qciY*a3b$MnH6s#Z1lYWew<4QAG>sM~R)oT1dV1NzIs+?>!U97&Du;0c| z8CBi7_HeJQa4_X=rMmPUq_rJ0Im;wOng>+AMy*Hty#N9wYE z_FGJZ#LIR15>@Ji?@)t;MT6;gjL+#vOra_nP0p*KoD~nA5q#VkTbCNyuOAIQP+Y^xw<%gzX&Vx{hgmp-o+%nzs)xBOSUS}HRoXVjjgLRVp zipCyBSgo~dRk44=8`dXBJL59IKQ}lB2jzj(oq5R3mdl{`$kDEri0;J*=T>EStoQs7 z&%bkb{=z;InwZM+vd;=xScOY@Nig&IoanFIU09$)$DQg0)|j5x{&KT1t3-G^v&12!3-hkiZ5o z3ZMO6(+b`D(BvetXE9~)TsexmIWsYl>6na%i4Uu-RJ)1hCzivQj-!#P~B5M zEd%y-*>n#EEHZ9vzi2!}HQk-F_Z8d^5AMd{Y0ZaJx(A1Gz-Zq<>o*RR>JZM%ON)?PUfc zLP9!83jLcISPEo`Zfh(v0^Q_nBMi*u9M6Q_y=T=`!wn7?SejHYm3a$x(#nK#yEr&} zObN?S$rM(w$Cm6RRbzhg3&t>EROwY@{nnbRFk?QP|@K z15uENbq~+)U4_2bcDca%M$CMPkSLXJj@LFKNf_k^QRQ4QX{8g6Bpa3wjc;ONHer>E zI6Fr2r5>Xe?e5{wzDKqQPP?&X&<789{Z=*Z68Va_Gt5-cGIZpwZ&opc4A8mPms=<0 z_)0puMtC@yer4T1uaBsI0#yhnFY-DaBw~RQJ@KcQe>Z3AC>MNJz1l=hGL!l50kZ#K z5MZmU21-OeBMhKOQ}{a9RI0ctYXiQ|8PBcl>_Ws!NyUPK+C=Lou%q6vD?MBxiAjH} zt_jz6ak;xK;ijMaB4WswevS6u{>C4zuQL0J1lCKIy=z@ch);HS6P-o_6lCK< zw+cVRFFF}r{ac`afmTk!zPRXB99%kORfo?@ELO$E70in6Q+vGvXFX(OVVyDJAFJ_y zFM{2Sb~zlmU0lc3=!>)Vj;>QWCQ0dMi)39wOjDM>f1CuysY*LDanBF5F%&`gvim7! z20#O|>2F2f;=hjKZi7&H<)|D+a6eAmI3fF{o3hB%5%~{K|G&(Wr3cJQanbP)>DjiX z^A$F6#(E*tiOI>++o@-@_+HsuA~|?ox}yV}URwbPzi$Cxt)xmss@NU~U`Rg@>4!8* zi++@w!ocWckc@lF%s`b;RD|vINw;=kZG2zWCcV3tIdpS;=9yHN;^O8at|l4fdgEcS zlP29i{MY}@R3HEKEP!7|;ZE7XvJODNiQ71Mlb&+Lgw#ooWccJUAN62^)IzYmoan1HY_388Wy+U-fpR4bO|mlL_ZLc{NI%P6@<8s#B}6fkZiBYl-?Y(6Hd~+Q%xo3 zl0}>bR{5$C+B8HeZ|n0Y*qu`;CwJcNr!)NDKK%W|k~l^qN$g|3fb{fkhV2H7Xdn^Q zHXUBC0(!0as2Y)Rjt~P_aK;V)2L!qfL=1dIaO7YGMqe3Ke0y0QY42ex40~*jC(f8E zo5I#R{tv}N<9k6HZBC2xHi|fCdm`P`Wg+yL@?Kx!j0-Gr=&5%3oXZfpKK%bJzyV0f z^7VD#i9&)5^NKY;2F&9gJ! zXE8G}%#70RKl#cKue;ovIA=T816+pD?i>w>p8=ppWEeR)9kH?Lth70jSiAt@_+_p3 z5nrFLS%yKV3tBNRtF{AZ?9Wx#J>7>ocMjNl>l-e?lRqOr5|>0DKi-My?q0p1{z(6i zc*mdmC*<1Bj018V{~+o?f*29oEsqw^%6+(EFib{WWi?=R7AAIn4 zk=HLpqZfVfH?R16`SZ%{@*lY$9P6mdiaTF^_PiIn-JOo1YWJMcTz8K8rwJ@%_6=q1 zTI*$|>~DDK(%&6;Zi0@)l$+vW|5d{SN4XzRY7w|Gj+Qm*V-3baZOSx;feagpEO&$~ z9WpS7lrc{H_EAX_GjgFazm(E4XS&|TI48!7pH;*3i~J{~b#G z)4;V0DSvo2Cggp6clXz*#7_;}u7zby}e*Uui z{}2B!>3>kc6tJ0oBop~yub7i9g9;PKGN74jKt2&=a=JN8$HAebS)s?s!op&{tLCuv zkLivU1%y0vuxtRZO&(ygYoBG+wtUG|JhA?CFM75P$)F;J*1KD-4B5$SIqRd35_7k@ zIsCO~rRT~t`Le;ry+D(jo4eX#^sSKR$!E~w)}-}MCd>|EzT&Xu=MLX$Ln3oUuHP7^X()3)OtGJsk=@L?BEgii!aNFZY z&#jQ4;K#z}pzd>VmUBS+J#ocmU}EU&iAZDM6i~(`iX659ZdaR^cpDEx9^K3*%HveP-#3=~7@-!n`kdipKcVqjBdfhcqmglD% znTcdabhojwcZ)9@HTx-@?CUmf{P|A!J$XT^Lo#i!N%5)uUE2YyqJh z8|JE=OTp;l=CM}vS4XAFQl(Sqq9^lhQcj*{*KmWb1fBsQCoVO$7)Sjq>wIUpCPj68 zDuO#_;af_L$wffhYI}#jV@`eJj~+Oq?AKDj%Q;1$#J_RBAZ2CHazR?1NmG&?E2WA& zmrr6%SR+NxI>T4vuDr~)d@lM6{i17uJ`4=$3oB_~-TH&$YI)+kIbz^(1RjVNj`~?0 zqu|@=O|=^v-}eXgF#4K~;A>IhFZyTe;CXU!FUAT{bpXJ}F(;~tbV^Qkdqt7C*q-k1 zakQ1XCw_jRpj}L*u3zy*(c?YR43pJu$;~*lD(KFs>{HjBM_R|5b|R%g-WTFO#@2Ah z#m2LLU@eK*U0{ZU2z}b9DnD#Jrs)3x?p)a_%<`E$0KW!eBCLXXi@kbmGZ|3Zxd!vM zkuETs-l2?YqmF0vc_dt#B7@e9rDDsb>$cw3ha#RQ%c@S^KoJCe3Vy3c1msCvhB;Xw zP#_2+?}CJJRJI-m)ml2mG#YGtOJVa-O0}s#GeuDLXSl*R13%@qC<(tLe-d%BqLNaP zW%@A;FugEH*MSepsbUC{L_!X;W8BK<;GoM#l5Z2+%H>8XB1ThYFZ72KI zy!&;~!`r)>%in#JtWWoMQXAPoC6%*G|E3U7JM8%8i>^oiwsQ5 zI69-P)69M0Y&myKR}%tv4uQqL2BP$)dLGOU7jCH++>Y@jupGw)=N8D*?ij+a3bLNh zz>RMLc1KW&Y2P4^L~fTw2c*5NeRw#_b{06T2vg6wm9?Q+t~1b##N!sU%%md>h|h$6 zvD*@M21^s@V5nIxw>cfX5H{FwsJTZ<0gpgE+$B>j)vhUc^~g}t?2=bOa}#wlfZ?Nv zJ@~Xf-4*8U@sf(80p^mVm~q^&^upm1>=V()>pWnnUT&3O6NMw#?+SCSY^!51~!)-iSpz!mSATsnW8agKVmAyPU~Y@w8mL?;B4AHPIJo-ASKh3kXFXRCamNGA z;q;AO=8oWjl$W)Ip#5dr3zN{$aGniRFtv|*$EWBABJWju!pWI|SZl%=>*FJzrF)f% z){|wl*fk#e#pV&4Cj;%0)fRhi-B0tcyCf?r1Y9mmA`R$oCa`Hu1+dvIH0e`$Z~C$i zTU%HZ9k%W;5s|okT}$e3SoGp*yLhVC6ZJ6viaO!jKDgd`j)~|%kw~8FNfAu!OAu}5 zcX8)3Q1fNW5su{QdaJ8jMizn;Ey*6(j)4@naYc9pF1ax&rM|7F?co?jJ`T{xsKhYD zL*HrPJ@N8gIvWi}n)4ssStE#{^4wJG5K)MKWH+_!?l!I@Smd^mfnJFcwZWVytMK{w z9KF-3Vl`Q2S)rDW{2G=-w(JJ%DLYO65-rkz!S6NTw==Oe;=Rd-w{I8-e5dS&0m0sZ z4MR^;k%Kbqgyr`AH#ZIffCEW=C&bZM;J*_S0N~Bp{mk~CwY7L+1a^{BP7PU|k$VKiuP2&tjci$p1 zWDCky1a+Z+yXxisV@+}lo=SP>-104%8*Z|mnS)3&^r9y^!v9fbbGomwKkvk4R@W>s zC}=Zp;`W%<+V}17W3mdFLOc(&Eoxl~Uv$TyH`K{6=;8cs2tZ@?F;h+uswqf2%hk~9 z>t8A#(HC`rd0KxKIht_7s9J)7&P=Ut3PSLMz-%i$7nYbTZp#vSv(=_yfK6-vDEp=3 zp|DwAI5~gk0u{y`u+7qPjr#$~3WNYSxAQt=Qpw=X^SJ_&WV_tarl9Fue62}_d zULQ{UG0r3hoP>U>-_V^b(O9iGJUwiNyEwfJ;t z%`j?2DxKDccUf;D_*{{&A?wMKl$2)5lh5C+vs%C5(~Xw-6aWf+ zzTkVzAjsysH1rBYbeU=r&>F^NR|?gXBRYHH*j>r9n?MSwyZLTZOR9)>Il5zf#N)3uH_h$S7bWg#jH%~lh*)UAZ;rt8u+2U#`_3B%f78(! zIO82TiVf4*?Zb%6^1e{^raJbjheld6T(w-C!I40`t>rBhLBg)k*9{oOz&{9^Gxv(z z46quvt0PND?@WxGURK+oUo>9qN2a7=-n=Q>P?1zx=;76fn4&ytHS@nbLFMJ;|A2(+ zG*EfvJug)-nO14*50(<=g}WYs9={ZK=XgXA#h_RLn4*D)uJa|jF`F9VZS z7hD(l+U8RqdeZv>UdEhl!xx$Jvoz!a{B^&bVNmFNUyMXpA}O{AlHk)#F5ep-2RmV+ zN8QE%q3t#O@zOdqMqptFeg(Q7(!ELCbRQLPE8%gZ)L%zr~rIBHM052nC1S zw57=Icb3qcwV&rk2Z1|gt=z`qS(q{J>Mla_Me8lc3kEYqK}t0{9yYDhz@ej{;5zn8 z|2ms@zSi=tWu7EkH^qy47CIu*C#4lrcc zW0o#pc)bd+-^qK@6oTGh5!Ciero8)^-n(FV;Y=nVA{ldw%Cj4rXOncJN2{yxgZZKt zs%vnamdNGg`|aVB!qH`lVE5|9CTHD5Xq%|{iRUut+RZAm4HJkJbmP7$Bvqi}8O21U zeImgdK^un<9RN8{tB#WP&iokTTqgq^fpsXXpO{I`I70kQoao+sYvv0e5Q@ec#-8v_6QL-3kXnb*aWlxx5QGXz*K@m`R!FfZvv#kO`bwVxm6kIkK47|uVg|hF zpkD>3W$V1H*3g|hN9mag*vpOUshQ-*#>VluN`1tKBmQV5GSX*`FzWrBVl7R5$v0_} z!o}_f1=YjLryurj;%%jk6uqNxtO22@oQ%V`OaiXae%r2A5FXUEzZ>fXLiGa(#h1zM zz(w)ot<1Sbsa7)_a^>o4xwzyBjo5<-E*52KxTc_4&Khssz}6x#)~s;E!I^Hf95;K( zTxowieW}hxyqe@It5I*Goz>)j4YM+P`pc8Jm*&F;Nd$q$gQaWT_Zxk8C&bArZg{G! zq`UJv+~iuNIa^N~RwDi^?ViGuk98n(Nk4pGwSiw*K2@&UG$+)B24`s5JM}50RC<{S zwmEMJ-MW3JZ&TV6I1Ng5sD>^AZ_{bpDxoqHdM!1xn{w*5NkEVJj6kPq%=KQb)g&v= zyG}A9KT+#rn{sD_`7LRS`AQ!tq!w<^B=?fM^Od$T8b`5k5-AIKAo~~Gfdl+(>8Lo9d@#iXZion?QO)2mS_gKqUTu9 z2J1~?E#YJVo>c<)?2&eht!RKuqYN?MI;#?)6Pdp-BBiFbzuOvr*>ZDx5TEjI_c?u zvL%wxtPULxJXaS^;X|NWrjQoBt;y0{!RO72)F9OMsNu|cpQMt-Ibcna&yEqikhJ{+ zt~P7OnZf**8w%gfKEDy4ThLo4y8bcpn3yazsnLU(5NqXoa-}HCX^!) z;ChSE`Rx~CtQX?ko+sE&cWL5RO<>6z6HJ9@;0)E&JL&zG={pApTwQpAAjrzqOR{}i zC5=ixy_LqQBm;L1tBDe>W*1~^5Z_+@P z+0zy(XM7JHeYCgZ-ogcx!BQFU$uw~90!p4mK3F%4csfk&7z&r;Tdii(!}qJZyaDUN z7yWLYkm`UyqFoptPu9+=3>g}&^y(v;DjS?6v&CO04Hcdu^q*dJCN|z~a6uGKeQ`4F zR-wd2wsv`0>k3Us)sXVrUD&$}atNNnZh4)h+pqK}eI~X?oEo*wdbMwl=9Xp=%k;8w zJM8A@53_`jK4J$OR|d>>@IzC++bVb}+|8mO{(u+iIEl#!E;FFtdRzQSI~(TMc1yl* zzIeRYyMSeZpcJzs49=vt0vdZ1JQ4u6`#io7QG@ZKiB=T$3@@E#JIPChh(=4XjdsC`#VK z0&8@lOWw9H;c<_#zmoKOX&-tN8^G@cYrPVl<{hBn<4U8$F3YnM73*%mwMU$n_6N!`J!u0QP@o=Qx z$jj$Gy!_TWYNMJyt-IoqQBgFO4VODgO>aK6jcPflT>tFuWUf1y*n2JzH22BFZ>9DD z=MJNcyvR68{A6TZ$UFteZI88KV>!sRt8Z~~xhju(wMxR*y%z*$p4LR!h7nemZlZbJ z$BtrlT1P8N{oI>wdQh|MHF@w`1_?u0Nii9W^`Rx}ZPdCg4GM0Xre%wPyXS3I8BLK@ zvkjd`ni@FJ(v7F)y9R26=6JLk10+mCKn z9y^DhE#4EmR(y5!ito@Nbg(Xua9C{W+^`pG&X3B!$;<m`&5*jnl)O2kK8ZUf#}p$Ge?j3yBgH7{feL zA8Wl2ysGcob>Kpi*}j&9_daVGS!;-*Ty?cxZhhQZ=#YB;En}HE%)@Bv0n{?T@S&@o zQ_>6L@Mim_N!M?q4)wQo+QzH(wxS%=zU6X;iUIEsm@zm-nChoXI2&x4efqInfKSC^ zk`1aav?y8iM&Fz^KA>_T=$$!6oi!k^2 zz5a~P<-toY=$;=vt5aw=IWNqMZLt$F%S-3zm(%s)|w? z8q9*FuWF23so*gm2&cA~AL&#S7451VAwYp}j@tVg$HI(GOy?rh;x zIjfF@kLqd(*IGGu_4ON4r+50Wt3-Pyr^au{lYjM<#F?XlnYTmd# znC@YnbKg0V;^R-!=4b1boVO@g1XXLnd?i}8Q6wMKkcwC_U4qaO73im}%MzKI6-$fs z(27Dow$$(X(7lyO>oTZ2>4`+L8GLMFmzR3_prN07^-{ZO)zlguG_T1~Qdv~gH++`_ zMpDkPjMz)GHZEz`I**)e6ICNT1|$p3dND*np*?3^3e86;JTbagxzHg{XSjHIakx4F zQ|j;#4Voi1XscW+fvTM&?axax6@r#?KpG9Df>9pkfnl&3Yv`-v!%1WThSDgkcW-;8 z<*LrMH*!q2B5${Gg#!sky_Vu8eqDYBBCH&ewjB?*$ygv&)Vfj@%Gbm1a`HGgnd`V? zi%ZvXx{eF-=!gq>%6RmLS)lpQ{)RJq_yAy-ttQUL2C;ZZLKxn7JjmLhiSZ5*qe zJYm^O_o0S9<%1y;UAL?Y7Kfm~lKuxHeW?K3u3Bcvz;A1rv+D4{O`n7tnHbIfkiq=xLdMIc!|= zv|cL^nW`P27}I?HqzeUBAHF8PfX%LZ92B*Avo32hNZtiL^;LY5pjU%aMnSc6&d*td zN!iE;gMXPOR_9akh%qsGxzsjW(m4>6++89(<$>k;X~7d&3M;u%!#t8{7OI#P!+L&S zT0LdcZ+%NCpT};V?5c=L9M|O)2Zw%Cl*RL-=S~q*i59&wx>|LR(PNw`ew$>ZSp$gE zjl%toiY4ntcsRJPK9v(w4r1Np^Eqp_a%rJ;mU!DRuGfO;e6F=*BaBpftQ7@$ba;Ju z_gzZPwQ_GkW3+cqO%&=f%2n^nLyaWV5$FLJRZ5iP< z_CCm`nU(iLnw$g)8+HVd;;n%SoM%<{NT=3m(zPQB|HTfVuS|dt=7@Ebo$H3;JbG?UG@DK0iw;|Iw1e z*v^GW@x=NoTj(WOo#ld+&)t<|Rt(%PB@Ho-@hqe6kA>45>5iPcX8bbcH14jj{Dq5X z9Qtq>IHL2&bq<&1TYUJ!VuQkqliCBUS^asGQu&TQ`smirE4#jYP^n!rw9%&uqbGhS z?l7WC$>a9n$k7-B+PwO5(Yu*87BY`~E65-YA-9nwp0|4nZF_?HN?!}CGR?Upl z`dKx>*9~*2d zAG-TV;Nor~?_yoYjAhIIa8ELKHPuPrFZ1-|35MKlhL&oJ5CuP7a)}?Sge3+`L9Z{y zAQg$of=@5iA{mYdQn-x^uGFsmD61LTt)a98)tD)HandoiXNYd7mG6hV=6XL)4Xs^W zU!M`Ob75ed*0fyMl5So()}`+<;Hw!WNqXek<5hF9Ese{=((m$E1Rk9DqzuPdW2R0-Z3La`#EUyQO@Vs9s|dI2}2FQxv@Fi zjM*zOrTmY)euCLQRaf+T-#mu73P`E?vtmfv)fx!bvQM{mzYAad%lt!`COzVF(p%#~ z@z{czmmfnz_3QID4W~By24JchbGt3VJ}#Or<%BvcIEe*AVq=pjtst}1k|R539HVjL z@W8Sru3>z|Y*17UilX&+!q41xS;1#7p=Zv;$b11c>XEex*ebF4INMv52{QjN{eSL1 zUw<~$IFmURQrV|pOwwCgvAY$D9@^{bpA*QISijkl`Ohx>6EA#Zl%QcryaT@{t9Bhj zj>Y4R1<8NL_s2+8@iDCkWkbbW%BYrh3GYc{?_hRz9c=BePlW$>BL4Uzfl@Xnvj3Q? zU$s`V`tEhit-AK1eOxw}fthf9l5UEwW(7CyKU)4Ev5ys>Cd5m>Q0>UW&c!@V@nub# z7(*^3HjfH(t4hMsveA}jpdo! zZrvW{>Z{-0?hg1s_)=j^?g=dhc3$WQ4?5d99jla`D0Kq^vl6~Amwz^Lq$y#zZEnWD zEB^JX>18HIuB68^4<^P6`(B47v1t%eUlHO1%mB=gSDVoQ_s|62hcB&={xK>V)5 z>&OMd5oruL9Em(!%&nRaj&y75V?@PbZMWPIf3223?uwqpXfhvf(WS%n&69qlehcI1 zb@uySWhZ`u{$_=n09jp$uW$nQFo9Fs`<;p#8NZ!x>O1 ztg=3n_}3?0!ziW&Zi&TsPE?s@gSrpXLQJx?zj9MKI+}Eu?+q2dTB|(XDy>8sa|!%? zA^c}OPH55;`{n_!AJMV1%PjXi*PpAkdT0C*EIVXUKQ~-GSptRi{9H+;`N=K$m^&4lp9v-RATklJ3=XW#m^Yfoa z8eji)c}o~A0^6LycK%C0%*!<)!cj5{k5W)aQnD3)huz@J3RrGBq!++ciHja7t`ggv z?FhGB0I}C;9Ol}?!HlP9_G;0oXV8ia#63ajimQD8G5}9#7iMKxA%ttg>V)C{Py&BF z|1CCysl{BWg5g1-R@A3fFCS|!pM^yMd)T%UIhK1=Ct|M2w$x`fTk^(j?^G(M@FO@B zTJ2O#-#nG4qE@QOJnL6T)d1xFrJ4m%dar2+*v=lxK4kyje*WL52}K$f(O3gF%bcT~ zg~6aZH4u;7w}N9Ad0GOcG~PV#S^@l)Tt#hq}E%2Syt ztNDov0kX#re+gX7ABFnO0#mJC!XWq2?^Y4#QE@7cl9@d&a|qWNVI}lT zUM8|0F{e<9pf<>99|tlFl={CYC@3J7XPgivYQ{DTvnmK6->M#^<+bT5{{16;XK>ZO z4A>v4<}<$UQ+x&v_apu+{Nmg+_j0Qr&UPvwbX}Xan%bIby%DJ69+nF8>Kn7X7{3j1d=vqDpgslaA_Xh za)fHIJ$v|4zjH@aYPGYs=6C%d(3h|ba!Ih^ifZM@nzDM5MmcEa?(SY^1)2IpXPuly zosyx{5+|>x59Gd;XozlyOYmU1G@_ck{XVUQhT>kmx;_>fno*FGwzjrb4{SDt;cs;$ z5byij2D!c2mrH85ig%XOHpUOCt9g7PjrF{%-PY#p8(zox3`aHGp8J=4?pC)KMCg`l z*PP_m0E{>zZEfwul$0M%nuUdh=Q8}FeQz@2AIRN$n~;>&Y#6*jdVkwF-GgTIwj~!~ z=Kq$~e?Qd`79Hf+)>+{R|4xJEmHo6WEqr`;e%*Ys96xP~v#15$uc|A$`loF<9vgZ5 z8{1O%)3!_^1;AICBhD4Ql%1!>yoczjvGH;CajZzbbS2RkLSpGLHekFL@P6`pPuQ^zgNxgb6nW69 z|C*b-3clTk)=$|j-PC?(UEcr#e1n(xTP24}AR8*zb@Lx$`O_Hqeg@XW=bMASYmplZ zo8fETn;XBbhz}C40SNQj-}HAaCIhSG?bzqvX?Pm;==IE3U#LaZ|24KhzkX!=48OWg YExNB*F^*06^UcL_&y}Sso*DW5Ka9y<{Qv*}