From 9fdc4722d19caf9f9e3e41289d4ae1877ba7cc5f Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Tue, 17 Dec 2024 14:39:28 +0530 Subject: [PATCH 01/22] Fixed the test-module command --- Packs/Doppel/Integrations/Doppel/Doppel.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 93eaeeba52ee..ac509e10ed4c 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -160,14 +160,21 @@ def test_module(client: Client) -> str: :rtype: ``str`` """ - message: str = '' try: - # TODO: ADD HERE some code to test connectivity and authentication to your service. - # This should validate all the inputs given in the integration configuration panel, - # either manually or by using an API that uses them. - message = 'ok' + # Using the same dates so that we do not fetch any data for testing, + # but still get the response as 200 + # TODO: convert both the dates to current timestamps + query_params = { + 'created_before': '2024-01-05T13:45:30', + 'created_after': '2024-01-05T13:45:30' + } + + # Call the client's `get_alerts` method to test the connection + results = client.get_alerts(params=query_params) + message: str = 'ok' + except DemistoException as e: - if 'Forbidden' in str(e) or 'Authorization' in str(e): # TODO: make sure you capture authentication errors + if 'Forbidden' in str(e) or 'Authorization' in str(e): message = 'Authorization Error: make sure API Key is correctly set' else: raise e From a72fd74eac6fcc7f902c2cad6cc5633dac7bfe68 Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Tue, 17 Dec 2024 15:47:38 +0530 Subject: [PATCH 02/22] Implement basic fetch-incident command --- Packs/Doppel/Integrations/Doppel/Doppel.py | 78 +++++++++++++++++++--- 1 file changed, 67 insertions(+), 11 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index ac509e10ed4c..854427b6a86e 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -1,6 +1,7 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 import json +import datetime """Doppel for Cortex XSOAR (aka Demisto) This integration contains features to mirror the alerts from Doppel to create incidents in XSOAR @@ -95,7 +96,7 @@ def update_alert( ) return response_content - def get_alerts(self, params: Dict[str, Any]) -> List[Dict[str, Any]]: + def get_alerts(self, params: Dict[str, Any]) -> Dict[str, Any]: """ Fetches multiple alerts based on query parameters. @@ -255,16 +256,6 @@ def get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults: if not results: raise ValueError("No alerts were found with the given parameters.") - # Prepare the readable JSON response - readable_output = json.dumps(results, indent=4) - - return CommandResults( - outputs_prefix="Doppel.GetAlerts", - outputs_key_field="id", - outputs=results, - readable_output=readable_output - ) - def create_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: entity = args.get('entity') if not entity: @@ -293,6 +284,69 @@ def create_abuse_alert_command(client: Client, args: Dict[str, Any]) -> CommandR ) +def fetch_incidents_command(client: Client) -> None: + """ + Fetch incidents from Doppel alerts, map fields to custom XSOAR fields, and create incidents. + This function fetches alerts directly from Doppel using the `get_alerts_command` and creates incidents in XSOAR. + """ + demisto.debug("Fetching alerts from Doppel.") + # Fetch the last run (time of the last fetch) + last_run = demisto.getLastRun() + last_fetch = last_run.get("last_fetch", None) + # If no last run is found, set first_run (default to 24 hours ago) + + last_fetch_str: str = None + if last_fetch: + last_fetch_datetime: datetime.datetime = datetime.datetime.fromtimestamp(int(last_fetch)) + last_fetch_str = last_fetch_datetime.strftime("%Y-%m-%dT%H:%M:%S") + demisto.debug(f"Last run found: {last_fetch_str}") + else: + first_run = datetime.datetime.now() - datetime.timedelta(days=1) + last_fetch_str = first_run.strftime("%Y-%m-%dT%H:%M:%S") + demisto.debug(f"This is the first time we are fetching the incidents. This time fetching it from: {last_fetch}") + + # Set the query parameters + query_params = { + 'created_after': last_fetch_str, # Fetch alerts after the last_fetch + 'page': 0, + } + + #TODO: Implement the pagination for fetching all the alerts within the time range + # Fetch alerts + get_alerts_response = client.get_alerts(params=query_params) + alerts = get_alerts_response.get('alerts', None) + if not alerts: + demisto.info("No new alerts fetched from Doppel. Exiting fetch_incidents.") + return + incidents = [] + new_last_fetch = last_fetch # Initialize with the existing last fetch timestamp + for alert in alerts: + # Building the incident structure + incident = { + "name": "Doppel Incident", + "type": "Doppel_Incident_Test", + "occurred": alert.get("created_at"), + "dbotMirrorId": str(alert.get("id")), + "rawJSON": json.dumps(alert), + } + + # TODO: Save the actual epoch for last fetch + new_last_fetch = None#int(datetime.datetime.strptime(alert.get("created_at"), "%Y-%m-%dT%H:%M:%S").timestamp()) * 1000 + incidents.append(incident) + # Update last run with the new_last_fetch value + demisto.setLastRun({"last_fetch": new_last_fetch}) + demisto.debug(f"Updated last_fetch to: {new_last_fetch}") + # Create incidents in XSOAR + if incidents: + try: + demisto.incidents(incidents) + demisto.info(f"Successfully created {len(incidents)} incidents in XSOAR.") + except Exception as e: + raise ValueError(f"Incident creation failed due to: {str(e)}") + else: + demisto.info("No incidents to create. Exiting fetch_incidents_command.") + + ''' MAIN FUNCTION ''' @@ -328,6 +382,8 @@ def main() -> None: return_results(create_alert_command(client, demisto.args())) elif current_command == 'create-abuse-alert': return_results(create_abuse_alert_command(client, demisto.args())) + elif current_command == 'fetch-incidents': + return_results(fetch_incidents_command(client)) # Log exceptions and return errors except Exception as e: From c25a5387a5662e32ff4809c4950848aad2136b1c Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Tue, 17 Dec 2024 19:19:23 +0530 Subject: [PATCH 03/22] Mirroring implemented --- Packs/Doppel/Integrations/Doppel/Doppel.py | 46 +++++++++++++--------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 854427b6a86e..6d01d318a2be 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -16,6 +16,11 @@ # Disable insecure warnings urllib3.disable_warnings() +''' CONSTANTS ''' +XSOAR_DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' +DOPPEL_API_DATE_FORMAT = '%Y-%m-%dT%H:%M:%S' +DOPPEL_PAYLOAD_DATE_FORMAT = '%Y-%m-%dT%H:%M:%S.%f' + ''' CLIENT CLASS ''' @@ -293,21 +298,22 @@ def fetch_incidents_command(client: Client) -> None: # Fetch the last run (time of the last fetch) last_run = demisto.getLastRun() last_fetch = last_run.get("last_fetch", None) - # If no last run is found, set first_run (default to 24 hours ago) - last_fetch_str: str = None - if last_fetch: - last_fetch_datetime: datetime.datetime = datetime.datetime.fromtimestamp(int(last_fetch)) - last_fetch_str = last_fetch_datetime.strftime("%Y-%m-%dT%H:%M:%S") + if last_fetch and isinstance(last_fetch, float): + last_fetch_str = datetime.datetime.fromtimestamp(last_fetch).strftime(DOPPEL_API_DATE_FORMAT) demisto.debug(f"Last run found: {last_fetch_str}") else: + # If no last run is found, set first_run (default to 24 hours ago) first_run = datetime.datetime.now() - datetime.timedelta(days=1) - last_fetch_str = first_run.strftime("%Y-%m-%dT%H:%M:%S") + last_fetch_str = first_run.strftime(DOPPEL_API_DATE_FORMAT) + last_fetch = first_run.timestamp() demisto.debug(f"This is the first time we are fetching the incidents. This time fetching it from: {last_fetch}") # Set the query parameters query_params = { - 'created_after': last_fetch_str, # Fetch alerts after the last_fetch + 'created_after': last_fetch_str, # Fetch alerts after the last_fetch, + 'sort_type': 'date_sourced', + 'sort_order': 'asc', 'page': 0, } @@ -322,22 +328,23 @@ def fetch_incidents_command(client: Client) -> None: new_last_fetch = last_fetch # Initialize with the existing last fetch timestamp for alert in alerts: # Building the incident structure - incident = { - "name": "Doppel Incident", - "type": "Doppel_Incident_Test", - "occurred": alert.get("created_at"), - "dbotMirrorId": str(alert.get("id")), - "rawJSON": json.dumps(alert), - } - - # TODO: Save the actual epoch for last fetch - new_last_fetch = None#int(datetime.datetime.strptime(alert.get("created_at"), "%Y-%m-%dT%H:%M:%S").timestamp()) * 1000 - incidents.append(incident) + created_at_str = alert.get("created_at") + date_in_xsoar_format = datetime.datetime.strptime(created_at_str, DOPPEL_PAYLOAD_DATE_FORMAT) + new_last_fetch = date_in_xsoar_format.timestamp() + if new_last_fetch > last_fetch: + incident = { + 'name': 'Doppel Incident', + 'type': 'Doppel_Incident_Test', + 'occurred': date_in_xsoar_format.strftime(XSOAR_DATE_FORMAT), + 'dbotMirrorId': str(alert.get("id")), + 'rawJSON': json.dumps(alert), + } + incidents.append(incident) # Update last run with the new_last_fetch value demisto.setLastRun({"last_fetch": new_last_fetch}) demisto.debug(f"Updated last_fetch to: {new_last_fetch}") # Create incidents in XSOAR - if incidents: + if incidents and len(incidents) > 0: try: demisto.incidents(incidents) demisto.info(f"Successfully created {len(incidents)} incidents in XSOAR.") @@ -347,6 +354,7 @@ def fetch_incidents_command(client: Client) -> None: demisto.info("No incidents to create. Exiting fetch_incidents_command.") + ''' MAIN FUNCTION ''' From 851264c0e8075818c79449e7b5dedcdaa55f54ee Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Wed, 18 Dec 2024 23:42:07 +0530 Subject: [PATCH 04/22] Implemented bidirectional mirroring --- Packs/Doppel/Integrations/Doppel/Doppel.py | 199 +++++++++++++++++---- 1 file changed, 167 insertions(+), 32 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 6d01d318a2be..d30be85cbc55 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -1,15 +1,15 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 +from CommonServerUserPython import * # noqa + import json -import datetime +from datetime import datetime, timedelta """Doppel for Cortex XSOAR (aka Demisto) This integration contains features to mirror the alerts from Doppel to create incidents in XSOAR and the commands to perform different updates on the alerts """ -from CommonServerUserPython import * # noqa - import urllib3 from typing import Dict, Any @@ -20,6 +20,12 @@ XSOAR_DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' DOPPEL_API_DATE_FORMAT = '%Y-%m-%dT%H:%M:%S' DOPPEL_PAYLOAD_DATE_FORMAT = '%Y-%m-%dT%H:%M:%S.%f' +MIRROR_DIRECTION = { + "None": None, + "Incoming": "In", + "Outgoing": "Out", + "Incoming And Outgoing": "Both", +} ''' CLIENT CLASS ''' @@ -147,12 +153,44 @@ def create_abuse_alert(self, entity: str) -> Dict[str, Any]: ''' HELPER FUNCTIONS ''' -# TODO: ADD HERE ANY HELPER FUNCTION YOU MIGHT NEED (if any) +def _get_remote_updated_incident_data_with_entry(client: Client, doppel_alert_id: str, last_update_str: str): + # Truncate to microseconds since Python's datetime only supports up to 6 digits + last_update_str = last_update_str[:26] + "Z" + last_update = datetime.strptime(last_update_str, "%Y-%m-%dT%H:%M:%S.%fZ") + demisto.debug(f'Getting Remote Data for {doppel_alert_id} which was last updated on: {last_update}') + updated_doppel_alert = client.get_alert(id=doppel_alert_id, entity=None) + audit_logs = updated_doppel_alert['audit_logs'] + if len(audit_logs) > 0: + audit_log_datetime_str = audit_logs[len(audit_logs)-1]['timestamp'] + audit_log_datetime = datetime.strptime(audit_log_datetime_str, DOPPEL_PAYLOAD_DATE_FORMAT) + if audit_log_datetime > last_update: + updated_doppel_alert['id'] = doppel_alert_id + entries: list = [{ + "Type": EntryType.NOTE, + "Contents": audit_logs[0], + "ContentsFormat": EntryFormat.JSON, + }] + + return updated_doppel_alert, entries + + return None, [] + +def _get_mirroring_fields(params): + """ + Get tickets mirroring. + """ + + return { + "mirror_direction": MIRROR_DIRECTION.get("Incoming"), + "mirror_instance": demisto.integrationInstance(), + "incident_type": "Doppel_Incident_Test", + } + ''' COMMAND FUNCTIONS ''' -def test_module(client: Client) -> str: +def test_module(client: Client, args: Dict[str, Any]) -> str: """Tests API connectivity and authentication' Returning 'ok' indicates that the integration works like it is supposed to. @@ -170,9 +208,10 @@ def test_module(client: Client) -> str: # Using the same dates so that we do not fetch any data for testing, # but still get the response as 200 # TODO: convert both the dates to current timestamps + current_datetime_str = datetime.now().strftime(DOPPEL_API_DATE_FORMAT) query_params = { - 'created_before': '2024-01-05T13:45:30', - 'created_after': '2024-01-05T13:45:30' + 'created_before': current_datetime_str, + 'created_after': current_datetime_str } # Call the client's `get_alerts` method to test the connection @@ -186,7 +225,6 @@ def test_module(client: Client) -> str: raise e return message - def get_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: id: str = args.get('id', None) @@ -288,8 +326,7 @@ def create_abuse_alert_command(client: Client, args: Dict[str, Any]) -> CommandR outputs=result, ) - -def fetch_incidents_command(client: Client) -> None: +def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: """ Fetch incidents from Doppel alerts, map fields to custom XSOAR fields, and create incidents. This function fetches alerts directly from Doppel using the `get_alerts_command` and creates incidents in XSOAR. @@ -300,11 +337,11 @@ def fetch_incidents_command(client: Client) -> None: last_fetch = last_run.get("last_fetch", None) last_fetch_str: str = None if last_fetch and isinstance(last_fetch, float): - last_fetch_str = datetime.datetime.fromtimestamp(last_fetch).strftime(DOPPEL_API_DATE_FORMAT) + last_fetch_str = datetime.fromtimestamp(last_fetch).strftime(DOPPEL_API_DATE_FORMAT) demisto.debug(f"Last run found: {last_fetch_str}") else: # If no last run is found, set first_run (default to 24 hours ago) - first_run = datetime.datetime.now() - datetime.timedelta(days=1) + first_run = datetime.now() - timedelta(days=1) last_fetch_str = first_run.strftime(DOPPEL_API_DATE_FORMAT) last_fetch = first_run.timestamp() demisto.debug(f"This is the first time we are fetching the incidents. This time fetching it from: {last_fetch}") @@ -329,13 +366,14 @@ def fetch_incidents_command(client: Client) -> None: for alert in alerts: # Building the incident structure created_at_str = alert.get("created_at") - date_in_xsoar_format = datetime.datetime.strptime(created_at_str, DOPPEL_PAYLOAD_DATE_FORMAT) - new_last_fetch = date_in_xsoar_format.timestamp() + created_at_datetime = datetime.strptime(created_at_str, DOPPEL_PAYLOAD_DATE_FORMAT) + new_last_fetch = created_at_datetime.timestamp() if new_last_fetch > last_fetch: + alert.update(_get_mirroring_fields(args)) incident = { 'name': 'Doppel Incident', 'type': 'Doppel_Incident_Test', - 'occurred': date_in_xsoar_format.strftime(XSOAR_DATE_FORMAT), + 'occurred': created_at_datetime.strftime(XSOAR_DATE_FORMAT), 'dbotMirrorId': str(alert.get("id")), 'rawJSON': json.dumps(alert), } @@ -351,8 +389,99 @@ def fetch_incidents_command(client: Client) -> None: except Exception as e: raise ValueError(f"Incident creation failed due to: {str(e)}") else: + demisto.incidents([]) demisto.info("No incidents to create. Exiting fetch_incidents_command.") +def get_modified_remote_data_command(client: Client, args: Dict[str, Any]): + demisto.debug('Command get-modified-remote-data is not implemented') + raise NotImplementedError('The command "get-modified-remote-data" is not implemented, \ + as Doppel does provide the API to fetch updated alerts.') + +def get_remote_data_command(client: Client, args: Dict[str, Any]) -> GetRemoteDataResponse: + try: + demisto.debug(f'Calling the "get-remote-data" for {args["id"]}') + parsed_args = GetRemoteDataArgs(args) + remote_updated_incident_data, parsed_entries = _get_remote_updated_incident_data_with_entry(client, parsed_args.remote_incident_id, parsed_args.last_update) + if remote_updated_incident_data: + demisto.debug(f'Found updates in the alert with id: {args["id"]}') + return GetRemoteDataResponse(remote_updated_incident_data, parsed_entries) + else: + demisto.debug(f'Nothing new in the incident {parsed_args.remote_incident_id}') + return GetRemoteDataResponse(mirrored_object={}, entries=[{}]) + + except Exception as e: + demisto.error(f'Error while running get_remote_data_command: {e}') + if "Rate limit exceeded" in str(e): + return_error("API rate limit") + +def update_remote_system_command(client: Client, args: Dict[str, Any]) -> str: + + """update-remote-system command: pushes local changes to the remote system + + :type client: ``Client`` + :param client: XSOAR client to use + + :type args: ``Dict[str, Any]`` + :param args: + all command arguments, usually passed from ``demisto.args()``. + ``args['data']`` the data to send to the remote system + ``args['entries']`` the entries to send to the remote system + ``args['incidentChanged']`` boolean telling us if the local incident indeed changed or not + ``args['remoteId']`` the remote incident id + + :return: + ``str`` containing the remote incident id - really important if the incident is newly created remotely + + :rtype: ``str`` + """ + parsed_args = UpdateRemoteSystemArgs(args) + if parsed_args.delta: + demisto.debug(f'Got the following delta keys {list(parsed_args.delta)}') + + demisto.debug(f'Sending incident with remote ID [{parsed_args.remote_incident_id}] to remote system\n') + new_incident_id: str = parsed_args.remote_incident_id + updated_incident = {} + if not parsed_args.remote_incident_id or parsed_args.incident_changed: + if parsed_args.remote_incident_id: + # First, get the incident as we need the version + old_incident = client.get_alert(id=parsed_args.remote_incident_id, entity=None) + for changed_key in parsed_args.delta.keys(): + old_incident[changed_key] = parsed_args.delta[changed_key] # type: ignore + parsed_args.data = old_incident + else: + parsed_args.data['createInvestigation'] = True + + # TODO: remove hardcoded values + updated_incident = client.update_alert(queue_state='actioned', entity_state='active') + new_incident_id = updated_incident['id'] + demisto.debug(f'Got back ID [{new_incident_id}]') + else: + demisto.debug(f'Skipping updating remote incident fields [{parsed_args.remote_incident_id}] as it is ' + f'not new nor changed.') + + # TODO: Remove the commented code +# if parsed_args.entries: +# for entry in parsed_args.entries: +# demisto.debug(f'Sending entry {entry.get("id")}') +# client.add_incident_entry(incident_id=new_incident_id, entry=entry) +# +# # Close incident if relevant +# if updated_incident and parsed_args.inc_status == IncidentStatus.DONE: +# demisto.debug(f'Closing remote incident {new_incident_id}') +# client.close_incident( +# new_incident_id, +# updated_incident.get('version'), # type: ignore +# parsed_args.data.get('closeReason'), +# parsed_args.data.get('closeNotes') +# ) + + return new_incident_id + + #TODO: Review the changes to make sure this correct fields are used +def get_mapping_fields_command(client: Client, args: Dict[str, Any]): + xdr_incident_type_scheme = SchemeTypeMapping(type_name='Doppel_Incident_Test') + xdr_incident_type_scheme.add_field(name='queue_state', description='Queue State of the Doppel Alert') + return GetMappingFieldsResponse(xdr_incident_type_scheme) ''' MAIN FUNCTION ''' @@ -369,29 +498,35 @@ def main() -> None: # get the service API url base_url = urljoin(demisto.params()['url'], '/v1') - demisto.debug(f'Command being called is {demisto.command()}') + supported_commands = { + 'test-module': test_module, + 'fetch-incidents': fetch_incidents_command, + 'get-modified-remote-data:': get_modified_remote_data_command, + 'get-remote-data': get_remote_data_command, + 'update-remote-system': update_remote_system_command, + 'get-mapping-fields': get_mapping_fields_command, + + # Doppel Specific alerts + 'get-alert': get_alert_command, + 'update-alert': update_alert_command, + 'get-alerts': get_alerts_command, + 'create-alert': create_alert_command, + 'create-abuse-alert': create_abuse_alert_command, + } + + demisto.info(f'Command being called is {demisto.command()}') try: client = Client( base_url=base_url, api_key=api_key) current_command: str = demisto.command() - if current_command == 'test-module': - # This is the call made when pressing the integration Test button. - result = test_module(client) - return_results(result) - elif current_command == 'get-alert': - return_results(get_alert_command(client, demisto.args())) - elif current_command == 'update-alert': - return_results(update_alert_command(client, demisto.args())) - elif current_command == 'get-alerts': - return_results(get_alerts_command(client, demisto.args())) - elif current_command == 'create-alert': - return_results(create_alert_command(client, demisto.args())) - elif current_command == 'create-abuse-alert': - return_results(create_abuse_alert_command(client, demisto.args())) - elif current_command == 'fetch-incidents': - return_results(fetch_incidents_command(client)) + if current_command in supported_commands: + demisto.info(f'Command run successful: {demisto.command()}') + return_results(supported_commands[current_command](client, demisto.args())) + else: + demisto.error(f'Command is not implemented: {demisto.command()}') + raise NotImplementedError(f'The {current_command} command is not supported') # Log exceptions and return errors except Exception as e: From 95b4093612fdd923ffeb29ae3a9835f3786cc974 Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Wed, 18 Dec 2024 23:50:43 +0530 Subject: [PATCH 05/22] Update correct audit log --- Packs/Doppel/Integrations/Doppel/Doppel.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index d30be85cbc55..38a1af222766 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -161,13 +161,14 @@ def _get_remote_updated_incident_data_with_entry(client: Client, doppel_alert_id updated_doppel_alert = client.get_alert(id=doppel_alert_id, entity=None) audit_logs = updated_doppel_alert['audit_logs'] if len(audit_logs) > 0: - audit_log_datetime_str = audit_logs[len(audit_logs)-1]['timestamp'] + audit_log = audit_logs[len(audit_logs)-1] + audit_log_datetime_str = audit_log['timestamp'] audit_log_datetime = datetime.strptime(audit_log_datetime_str, DOPPEL_PAYLOAD_DATE_FORMAT) if audit_log_datetime > last_update: updated_doppel_alert['id'] = doppel_alert_id entries: list = [{ "Type": EntryType.NOTE, - "Contents": audit_logs[0], + "Contents": audit_log, "ContentsFormat": EntryFormat.JSON, }] From d21b8ced8ac2a55c3a476c31055c6762d2a0e825 Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Thu, 19 Dec 2024 13:09:37 +0530 Subject: [PATCH 06/22] Implemented Incoming Mirroring --- Packs/Doppel/Integrations/Doppel/Doppel.py | 32 ++++++++++++---------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 38a1af222766..2e057d11a822 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -159,20 +159,24 @@ def _get_remote_updated_incident_data_with_entry(client: Client, doppel_alert_id last_update = datetime.strptime(last_update_str, "%Y-%m-%dT%H:%M:%S.%fZ") demisto.debug(f'Getting Remote Data for {doppel_alert_id} which was last updated on: {last_update}') updated_doppel_alert = client.get_alert(id=doppel_alert_id, entity=None) + demisto.debug(f'Received alert data for {doppel_alert_id}') audit_logs = updated_doppel_alert['audit_logs'] - if len(audit_logs) > 0: - audit_log = audit_logs[len(audit_logs)-1] - audit_log_datetime_str = audit_log['timestamp'] - audit_log_datetime = datetime.strptime(audit_log_datetime_str, DOPPEL_PAYLOAD_DATE_FORMAT) - if audit_log_datetime > last_update: - updated_doppel_alert['id'] = doppel_alert_id - entries: list = [{ - "Type": EntryType.NOTE, - "Contents": audit_log, - "ContentsFormat": EntryFormat.JSON, - }] - - return updated_doppel_alert, entries + demisto.debug(f'The alert contains {len(audit_logs)} audit logs') + + most_recent_audit_log = max(audit_logs, key=lambda audit_log: audit_log['timestamp']) + demisto.debug(f'Most recent audit log is {most_recent_audit_log}') + recent_audit_log_datetime_str = most_recent_audit_log['timestamp'] + recent_audit_log_datetime = datetime.strptime(recent_audit_log_datetime_str, DOPPEL_PAYLOAD_DATE_FORMAT) + demisto.debug(f'The event was modified recently on {recent_audit_log_datetime}') + if recent_audit_log_datetime > last_update: + updated_doppel_alert['id'] = doppel_alert_id + entries: list = [{ + "Type": EntryType.NOTE, + "Contents": most_recent_audit_log, + "ContentsFormat": EntryFormat.JSON, + }] + demisto.debug(f'Successfully returning the updated alert and entries: {updated_doppel_alert, entries}') + return updated_doppel_alert, entries return None, [] @@ -182,7 +186,7 @@ def _get_mirroring_fields(params): """ return { - "mirror_direction": MIRROR_DIRECTION.get("Incoming"), + "mirror_direction": MIRROR_DIRECTION.get("Incoming And Outgoing"), "mirror_instance": demisto.integrationInstance(), "incident_type": "Doppel_Incident_Test", } From 7447646705243b2f34ac4a3eac7c36d4e64d4b63 Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Thu, 19 Dec 2024 15:49:10 +0530 Subject: [PATCH 07/22] Mirroring it out --- Packs/Doppel/Integrations/Doppel/Doppel.py | 68 +++++++++------------- 1 file changed, 29 insertions(+), 39 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 2e057d11a822..f92216cae2f2 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -439,50 +439,40 @@ def update_remote_system_command(client: Client, args: Dict[str, Any]) -> str: :rtype: ``str`` """ + new_incident_id: str = None + demisto.debug(f'Arguments for the update-remote-system is: {args}') parsed_args = UpdateRemoteSystemArgs(args) - if parsed_args.delta: - demisto.debug(f'Got the following delta keys {list(parsed_args.delta)}') - - demisto.debug(f'Sending incident with remote ID [{parsed_args.remote_incident_id}] to remote system\n') - new_incident_id: str = parsed_args.remote_incident_id - updated_incident = {} - if not parsed_args.remote_incident_id or parsed_args.incident_changed: - if parsed_args.remote_incident_id: - # First, get the incident as we need the version - old_incident = client.get_alert(id=parsed_args.remote_incident_id, entity=None) - for changed_key in parsed_args.delta.keys(): - old_incident[changed_key] = parsed_args.delta[changed_key] # type: ignore - parsed_args.data = old_incident + # We will Update the Doppel Alert only if the XSOAR Incident is closed + if parsed_args.delta and parsed_args.delta.get('closeReason'): + demisto.debug(f'Sending incident with remote ID [{parsed_args.remote_incident_id}] to remote system') + new_incident_id = parsed_args.remote_incident_id + if not parsed_args.remote_incident_id or parsed_args.incident_changed: + if parsed_args.remote_incident_id: + # First, get the incident as we need the version + old_incident = client.get_alert(id=parsed_args.remote_incident_id, entity=None) + for changed_key in parsed_args.delta.keys(): + old_incident[changed_key] = parsed_args.delta[changed_key] # type: ignore + parsed_args.data = old_incident + else: + parsed_args.data['createInvestigation'] = True + + # Update the queue_state value in the Doppel alert, if already not same + current_queue_state = parsed_args.data.get('queue_state') + target_queue_state = 'archived' + if current_queue_state != target_queue_state: + client.update_alert( + queue_state=target_queue_state, + entity_state=old_incident['entity_state'], # Keep the old entity_state + alert_id=new_incident_id + ) else: - parsed_args.data['createInvestigation'] = True - - # TODO: remove hardcoded values - updated_incident = client.update_alert(queue_state='actioned', entity_state='active') - new_incident_id = updated_incident['id'] - demisto.debug(f'Got back ID [{new_incident_id}]') + demisto.debug(f'Skipping updating remote incident fields [{parsed_args.remote_incident_id}] as it is ' + f'not new nor changed.') else: - demisto.debug(f'Skipping updating remote incident fields [{parsed_args.remote_incident_id}] as it is ' - f'not new nor changed.') - - # TODO: Remove the commented code -# if parsed_args.entries: -# for entry in parsed_args.entries: -# demisto.debug(f'Sending entry {entry.get("id")}') -# client.add_incident_entry(incident_id=new_incident_id, entry=entry) -# -# # Close incident if relevant -# if updated_incident and parsed_args.inc_status == IncidentStatus.DONE: -# demisto.debug(f'Closing remote incident {new_incident_id}') -# client.close_incident( -# new_incident_id, -# updated_incident.get('version'), # type: ignore -# parsed_args.data.get('closeReason'), -# parsed_args.data.get('closeNotes') -# ) - + demisto.debug(f'The incident changed, but it is not closed. Hence will not update the Doppel alert at this time') + return new_incident_id - #TODO: Review the changes to make sure this correct fields are used def get_mapping_fields_command(client: Client, args: Dict[str, Any]): xdr_incident_type_scheme = SchemeTypeMapping(type_name='Doppel_Incident_Test') xdr_incident_type_scheme.add_field(name='queue_state', description='Queue State of the Doppel Alert') From 28ea9be13983672a193f0d5f0cdd40c8b0b703bf Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Thu, 19 Dec 2024 16:31:07 +0530 Subject: [PATCH 08/22] Supported Pagination --- Packs/Doppel/Integrations/Doppel/Doppel.py | 94 +++++++++++----------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index f92216cae2f2..b7befd80b7e2 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -180,7 +180,7 @@ def _get_remote_updated_incident_data_with_entry(client: Client, doppel_alert_id return None, [] -def _get_mirroring_fields(params): +def _get_mirroring_fields(): """ Get tickets mirroring. """ @@ -212,7 +212,6 @@ def test_module(client: Client, args: Dict[str, Any]) -> str: try: # Using the same dates so that we do not fetch any data for testing, # but still get the response as 200 - # TODO: convert both the dates to current timestamps current_datetime_str = datetime.now().strftime(DOPPEL_API_DATE_FORMAT) query_params = { 'created_before': current_datetime_str, @@ -350,52 +349,55 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: last_fetch_str = first_run.strftime(DOPPEL_API_DATE_FORMAT) last_fetch = first_run.timestamp() demisto.debug(f"This is the first time we are fetching the incidents. This time fetching it from: {last_fetch}") - - # Set the query parameters - query_params = { - 'created_after': last_fetch_str, # Fetch alerts after the last_fetch, - 'sort_type': 'date_sourced', - 'sort_order': 'asc', - 'page': 0, - } - #TODO: Implement the pagination for fetching all the alerts within the time range # Fetch alerts - get_alerts_response = client.get_alerts(params=query_params) - alerts = get_alerts_response.get('alerts', None) - if not alerts: - demisto.info("No new alerts fetched from Doppel. Exiting fetch_incidents.") - return - incidents = [] - new_last_fetch = last_fetch # Initialize with the existing last fetch timestamp - for alert in alerts: - # Building the incident structure - created_at_str = alert.get("created_at") - created_at_datetime = datetime.strptime(created_at_str, DOPPEL_PAYLOAD_DATE_FORMAT) - new_last_fetch = created_at_datetime.timestamp() - if new_last_fetch > last_fetch: - alert.update(_get_mirroring_fields(args)) - incident = { - 'name': 'Doppel Incident', - 'type': 'Doppel_Incident_Test', - 'occurred': created_at_datetime.strftime(XSOAR_DATE_FORMAT), - 'dbotMirrorId': str(alert.get("id")), - 'rawJSON': json.dumps(alert), - } - incidents.append(incident) - # Update last run with the new_last_fetch value - demisto.setLastRun({"last_fetch": new_last_fetch}) - demisto.debug(f"Updated last_fetch to: {new_last_fetch}") - # Create incidents in XSOAR - if incidents and len(incidents) > 0: - try: - demisto.incidents(incidents) - demisto.info(f"Successfully created {len(incidents)} incidents in XSOAR.") - except Exception as e: - raise ValueError(f"Incident creation failed due to: {str(e)}") - else: - demisto.incidents([]) - demisto.info("No incidents to create. Exiting fetch_incidents_command.") + page: int = 0 + while True: + # Set the query parameters + query_params = { + 'created_after': last_fetch_str, # Fetch alerts after the last_fetch, + 'sort_type': 'date_sourced', + 'sort_order': 'asc', + 'page': page, + } + get_alerts_response = client.get_alerts(params=query_params) + alerts = get_alerts_response.get('alerts', None) + if not alerts: + demisto.info("No new alerts fetched from Doppel. Exiting fetch_incidents.") + return + incidents = [] + new_last_fetch = last_fetch # Initialize with the existing last fetch timestamp + for alert in alerts: + # Building the incident structure + created_at_str = alert.get("created_at") + created_at_datetime = datetime.strptime(created_at_str, DOPPEL_PAYLOAD_DATE_FORMAT) + new_last_fetch = created_at_datetime.timestamp() + if new_last_fetch > last_fetch: + alert.update(_get_mirroring_fields()) + incident = { + 'name': 'Doppel Incident', + 'type': 'Doppel_Incident_Test', + 'occurred': created_at_datetime.strftime(XSOAR_DATE_FORMAT), + 'dbotMirrorId': str(alert.get("id")), + 'rawJSON': json.dumps(alert), + } + incidents.append(incident) + # Update last run with the new_last_fetch value + demisto.setLastRun({"last_fetch": new_last_fetch}) + demisto.debug(f"Updated last_fetch to: {new_last_fetch}") + # Create incidents in XSOAR + if incidents and len(incidents) > 0: + try: + demisto.incidents(incidents) + demisto.info(f"Successfully created {len(incidents)} incidents in XSOAR.") + except Exception as e: + raise ValueError(f"Incident creation failed due to: {str(e)}") + else: + demisto.incidents([]) + demisto.info("No incidents to create. Exiting fetch_incidents_command.") + + demisto.info(f'Fetched Doppel alerts from page {page} Successfully.') + page = page+1 def get_modified_remote_data_command(client: Client, args: Dict[str, Any]): demisto.debug('Command get-modified-remote-data is not implemented') From bf779d47076c748a067d6b60892568a9552b7f3c Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Thu, 19 Dec 2024 16:53:35 +0530 Subject: [PATCH 09/22] Restructured the fetch incidents command --- Packs/Doppel/Integrations/Doppel/Doppel.py | 61 +++++++++++++--------- 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index b7befd80b7e2..65d7d81dd8ad 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -26,7 +26,8 @@ "Outgoing": "Out", "Incoming And Outgoing": "Both", } - +DOPPEL_ALERT = 'Doppel Alert' +DOPPEL_INCIDENT = 'Doppel Incident' ''' CLIENT CLASS ''' @@ -191,6 +192,34 @@ def _get_mirroring_fields(): "incident_type": "Doppel_Incident_Test", } +def _get_last_fetch_datetime(): + # Fetch the last run (time of the last fetch) + last_run = demisto.getLastRun() + last_fetch = last_run.get("last_fetch", None) + last_fetch_datetime: datetime = datetime.now() + if last_fetch and isinstance(last_fetch, float): + last_fetch_datetime = datetime.fromtimestamp(last_fetch) + demisto.debug(f"Alerts were fetch last on: {last_fetch_datetime}") + else: + # If no last run is found, set first_run (default to 24 hours ago) + last_fetch_datetime = datetime.now() - timedelta(days=1) + demisto.debug(f"This is the first time we are fetching the incidents. This time fetching it from: {last_fetch_datetime}") + + return last_fetch_datetime + +def _paginated_call_to_get_alerts(client, page, last_fetch_datetime): + # Set the query parameters + last_fetch_str: str = last_fetch_datetime.strftime(DOPPEL_API_DATE_FORMAT) + query_params = { + 'created_after': last_fetch_str, # Fetch alerts after the last_fetch, + 'sort_type': 'date_sourced', + 'sort_order': 'asc', + 'page': page, + } + get_alerts_response = client.get_alerts(params=query_params) + alerts = get_alerts_response.get('alerts', None) + return alerts + ''' COMMAND FUNCTIONS ''' @@ -337,35 +366,17 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: """ demisto.debug("Fetching alerts from Doppel.") # Fetch the last run (time of the last fetch) - last_run = demisto.getLastRun() - last_fetch = last_run.get("last_fetch", None) - last_fetch_str: str = None - if last_fetch and isinstance(last_fetch, float): - last_fetch_str = datetime.fromtimestamp(last_fetch).strftime(DOPPEL_API_DATE_FORMAT) - demisto.debug(f"Last run found: {last_fetch_str}") - else: - # If no last run is found, set first_run (default to 24 hours ago) - first_run = datetime.now() - timedelta(days=1) - last_fetch_str = first_run.strftime(DOPPEL_API_DATE_FORMAT) - last_fetch = first_run.timestamp() - demisto.debug(f"This is the first time we are fetching the incidents. This time fetching it from: {last_fetch}") + last_fetch_datetime: datetime = _get_last_fetch_datetime() # Fetch alerts page: int = 0 while True: - # Set the query parameters - query_params = { - 'created_after': last_fetch_str, # Fetch alerts after the last_fetch, - 'sort_type': 'date_sourced', - 'sort_order': 'asc', - 'page': page, - } - get_alerts_response = client.get_alerts(params=query_params) - alerts = get_alerts_response.get('alerts', None) + alerts = _paginated_call_to_get_alerts(client, page, last_fetch_datetime) if not alerts: demisto.info("No new alerts fetched from Doppel. Exiting fetch_incidents.") return incidents = [] + last_fetch = last_fetch_datetime.timestamp() new_last_fetch = last_fetch # Initialize with the existing last fetch timestamp for alert in alerts: # Building the incident structure @@ -375,8 +386,8 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: if new_last_fetch > last_fetch: alert.update(_get_mirroring_fields()) incident = { - 'name': 'Doppel Incident', - 'type': 'Doppel_Incident_Test', + 'name': DOPPEL_INCIDENT, + 'type': DOPPEL_ALERT, 'occurred': created_at_datetime.strftime(XSOAR_DATE_FORMAT), 'dbotMirrorId': str(alert.get("id")), 'rawJSON': json.dumps(alert), @@ -476,7 +487,7 @@ def update_remote_system_command(client: Client, args: Dict[str, Any]) -> str: return new_incident_id def get_mapping_fields_command(client: Client, args: Dict[str, Any]): - xdr_incident_type_scheme = SchemeTypeMapping(type_name='Doppel_Incident_Test') + xdr_incident_type_scheme = SchemeTypeMapping(type_name=DOPPEL_ALERT) xdr_incident_type_scheme.add_field(name='queue_state', description='Queue State of the Doppel Alert') return GetMappingFieldsResponse(xdr_incident_type_scheme) From 64dc963a284e4d21a7cfb6150228e6ee07b90cfc Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Thu, 19 Dec 2024 21:48:20 +0530 Subject: [PATCH 10/22] Avoid returning the None incident id --- Packs/Doppel/Integrations/Doppel/Doppel.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 65d7d81dd8ad..396ed47f749a 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -452,13 +452,12 @@ def update_remote_system_command(client: Client, args: Dict[str, Any]) -> str: :rtype: ``str`` """ - new_incident_id: str = None demisto.debug(f'Arguments for the update-remote-system is: {args}') parsed_args = UpdateRemoteSystemArgs(args) + new_incident_id: str = parsed_args.remote_incident_id # We will Update the Doppel Alert only if the XSOAR Incident is closed if parsed_args.delta and parsed_args.delta.get('closeReason'): demisto.debug(f'Sending incident with remote ID [{parsed_args.remote_incident_id}] to remote system') - new_incident_id = parsed_args.remote_incident_id if not parsed_args.remote_incident_id or parsed_args.incident_changed: if parsed_args.remote_incident_id: # First, get the incident as we need the version From 4e1428cfa31e25d46dee5d2feb90e8a16fd87f2a Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Thu, 19 Dec 2024 22:16:10 +0530 Subject: [PATCH 11/22] Updated the instructions readme file. --- Packs/Doppel/Integrations/Doppel/README.md | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/README.md b/Packs/Doppel/Integrations/Doppel/README.md index 5e9c90cb5b74..f56ee847e1f4 100644 --- a/Packs/Doppel/Integrations/Doppel/README.md +++ b/Packs/Doppel/Integrations/Doppel/README.md @@ -1,13 +1,10 @@ -# Doppel XSOAR Pack +### Get Started -## Overview -Doppel is a Modern Digital Risk Protection Solution, that detects the phishing and brand cyber attacks on the emerging channels. Doppel scans millions of channels online which includes, social media, domains, paid ads, dark web, emerging channels, etc. Doppel can identify the malicious content and cyber threats, and enables their customers to take down the digital risks proactively. +To use the app you need the following: -## Features supported by the Doppel XSOAR pack +1. Doppel Tenant URL that you can use for calling the [Doppel APIs](https://doppel.readme.io/reference/create_alert). eg. *https://api.doppel.com/* +2. API Key for calling Doppel -1. Mirror Incidents : Alerts from Doppel are mirrored as per the configured schedule. -2. Command: create-alert : Command to create an alert in Doppel. -3. Command: get-alert : Command to fetch alert details from Doppel. -4. Command: get-alerts : Command to fetch list of alerts from Doppel. -5. Command: update-alert : Command to update alert details from Doppel. -6. Command: create-abuse-alert : Command to create abuse alert details from Doppel. \ No newline at end of file +Please reach out to Doppel to get access to above. + +Once you have the URL and API Key, use the same for configuring the Doppel-XSOAR integration instance. \ No newline at end of file From b31da5a835d0963aa472f371796365f3aff03a4c Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Thu, 19 Dec 2024 22:23:30 +0530 Subject: [PATCH 12/22] Updated all commands with doppel prefix --- Packs/Doppel/Integrations/Doppel/Doppel.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 396ed47f749a..90471bc4bdfe 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -258,7 +258,7 @@ def test_module(client: Client, args: Dict[str, Any]) -> str: raise e return message -def get_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: +def doppel_get_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: id: str = args.get('id', None) entity: str = args.get('entity', None) @@ -275,7 +275,7 @@ def get_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: outputs=result, ) -def update_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: +def doppel_update_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: """ Executes the update alert command. @@ -301,7 +301,7 @@ def update_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults outputs=result, ) -def get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults: +def doppel_get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults: """ Command to fetch multiple alerts based on query parameters. @@ -332,7 +332,7 @@ def get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults: if not results: raise ValueError("No alerts were found with the given parameters.") -def create_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: +def doppel_create_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: entity = args.get('entity') if not entity: raise ValueError("Entity must be specified to create an alert.") @@ -345,7 +345,7 @@ def create_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults outputs=result, ) -def create_abuse_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: +def doppel_create_abuse_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults: entity = args.get('entity') if not entity: @@ -362,7 +362,7 @@ def create_abuse_alert_command(client: Client, args: Dict[str, Any]) -> CommandR def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: """ Fetch incidents from Doppel alerts, map fields to custom XSOAR fields, and create incidents. - This function fetches alerts directly from Doppel using the `get_alerts_command` and creates incidents in XSOAR. + This function fetches alerts directly from Doppel """ demisto.debug("Fetching alerts from Doppel.") # Fetch the last run (time of the last fetch) @@ -514,11 +514,11 @@ def main() -> None: 'get-mapping-fields': get_mapping_fields_command, # Doppel Specific alerts - 'get-alert': get_alert_command, - 'update-alert': update_alert_command, - 'get-alerts': get_alerts_command, - 'create-alert': create_alert_command, - 'create-abuse-alert': create_abuse_alert_command, + 'doppel-get-alert': doppel_get_alert_command, + 'doppel-update-alert': doppel_update_alert_command, + 'doppel-get-alerts': doppel_get_alerts_command, + 'doppel-create-alert': doppel_create_alert_command, + 'doppel-create-abuse-alert': doppel_create_abuse_alert_command, } demisto.info(f'Command being called is {demisto.command()}') From da5f4e2deb74d62e182c7ecffb02e431a4017efc Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 11:48:41 +0530 Subject: [PATCH 13/22] Added Mirror Direction and Historical days to the configuration --- Packs/Doppel/Integrations/Doppel/Doppel.py | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 90471bc4bdfe..51840f61a7ae 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -181,18 +181,18 @@ def _get_remote_updated_incident_data_with_entry(client: Client, doppel_alert_id return None, [] -def _get_mirroring_fields(): +def _get_mirroring_fields(args: Dict[str, Any]): """ Get tickets mirroring. """ return { - "mirror_direction": MIRROR_DIRECTION.get("Incoming And Outgoing"), + "mirror_direction": MIRROR_DIRECTION.get(args.get('mirror_direction', 'None')), "mirror_instance": demisto.integrationInstance(), "incident_type": "Doppel_Incident_Test", } -def _get_last_fetch_datetime(): +def _get_last_fetch_datetime(args: Dict[str, Any]): # Fetch the last run (time of the last fetch) last_run = demisto.getLastRun() last_fetch = last_run.get("last_fetch", None) @@ -201,8 +201,16 @@ def _get_last_fetch_datetime(): last_fetch_datetime = datetime.fromtimestamp(last_fetch) demisto.debug(f"Alerts were fetch last on: {last_fetch_datetime}") else: - # If no last run is found, set first_run (default to 24 hours ago) - last_fetch_datetime = datetime.now() - timedelta(days=1) + # If no last run is found + historical_days: int = 1 + historical_days_str: str = args.get('historical_days', None) + if historical_days_str: + try: + historical_days = int(historical_days_str) + except ValueError: + demisto.error(f'{historical_days} is not an int value. We will use the default historical value as {historical_days} day') + demisto.info(f'Fetching alerts created in last {historical_days} days') + last_fetch_datetime = datetime.now() - timedelta(days=historical_days) demisto.debug(f"This is the first time we are fetching the incidents. This time fetching it from: {last_fetch_datetime}") return last_fetch_datetime @@ -366,7 +374,7 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: """ demisto.debug("Fetching alerts from Doppel.") # Fetch the last run (time of the last fetch) - last_fetch_datetime: datetime = _get_last_fetch_datetime() + last_fetch_datetime: datetime = _get_last_fetch_datetime(args) # Fetch alerts page: int = 0 @@ -384,7 +392,7 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: created_at_datetime = datetime.strptime(created_at_str, DOPPEL_PAYLOAD_DATE_FORMAT) new_last_fetch = created_at_datetime.timestamp() if new_last_fetch > last_fetch: - alert.update(_get_mirroring_fields()) + alert.update(_get_mirroring_fields(args)) incident = { 'name': DOPPEL_INCIDENT, 'type': DOPPEL_ALERT, From ccbb4b68802131aff62f14b402f1ca3f46ae901b Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 13:07:26 +0530 Subject: [PATCH 14/22] Disabled Mirroring --- Packs/Doppel/Integrations/Doppel/Doppel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 51840f61a7ae..75cce9798cc3 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -187,7 +187,7 @@ def _get_mirroring_fields(args: Dict[str, Any]): """ return { - "mirror_direction": MIRROR_DIRECTION.get(args.get('mirror_direction', 'None')), + "mirror_direction": MIRROR_DIRECTION.get("Incoming And Outgoing"), "mirror_instance": demisto.integrationInstance(), "incident_type": "Doppel_Incident_Test", } From a56dab9a5857d8729cada114cfc3cceb676deeed Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 15:33:21 +0530 Subject: [PATCH 15/22] Supported mirroring back --- Packs/Doppel/Integrations/Doppel/Doppel.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 75cce9798cc3..e43a16518250 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -181,18 +181,18 @@ def _get_remote_updated_incident_data_with_entry(client: Client, doppel_alert_id return None, [] -def _get_mirroring_fields(args: Dict[str, Any]): +def _get_mirroring_fields(): """ Get tickets mirroring. """ - + mirror_direction: str = demisto.params().get('mirror_direction', None) return { - "mirror_direction": MIRROR_DIRECTION.get("Incoming And Outgoing"), + "mirror_direction": MIRROR_DIRECTION.get(mirror_direction), "mirror_instance": demisto.integrationInstance(), "incident_type": "Doppel_Incident_Test", } -def _get_last_fetch_datetime(args: Dict[str, Any]): +def _get_last_fetch_datetime(): # Fetch the last run (time of the last fetch) last_run = demisto.getLastRun() last_fetch = last_run.get("last_fetch", None) @@ -203,7 +203,7 @@ def _get_last_fetch_datetime(args: Dict[str, Any]): else: # If no last run is found historical_days: int = 1 - historical_days_str: str = args.get('historical_days', None) + historical_days_str: str = demisto.params().get('historical_days', None) if historical_days_str: try: historical_days = int(historical_days_str) @@ -374,7 +374,7 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: """ demisto.debug("Fetching alerts from Doppel.") # Fetch the last run (time of the last fetch) - last_fetch_datetime: datetime = _get_last_fetch_datetime(args) + last_fetch_datetime: datetime = _get_last_fetch_datetime() # Fetch alerts page: int = 0 @@ -392,7 +392,7 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: created_at_datetime = datetime.strptime(created_at_str, DOPPEL_PAYLOAD_DATE_FORMAT) new_last_fetch = created_at_datetime.timestamp() if new_last_fetch > last_fetch: - alert.update(_get_mirroring_fields(args)) + alert.update(_get_mirroring_fields()) incident = { 'name': DOPPEL_INCIDENT, 'type': DOPPEL_ALERT, From 39ae62fee8ae2f0580de78e64a17614c1ee56bde Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 17:02:51 +0530 Subject: [PATCH 16/22] Creating Incidents for all the pages --- Packs/Doppel/Integrations/Doppel/Doppel.py | 25 +++++++++++----------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index e43a16518250..c9f88a8426f6 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -378,12 +378,12 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: # Fetch alerts page: int = 0 + incidents = [] while True: alerts = _paginated_call_to_get_alerts(client, page, last_fetch_datetime) if not alerts: demisto.info("No new alerts fetched from Doppel. Exiting fetch_incidents.") - return - incidents = [] + break last_fetch = last_fetch_datetime.timestamp() new_last_fetch = last_fetch # Initialize with the existing last fetch timestamp for alert in alerts: @@ -404,19 +404,18 @@ def fetch_incidents_command(client: Client, args: Dict[str, Any]) -> None: # Update last run with the new_last_fetch value demisto.setLastRun({"last_fetch": new_last_fetch}) demisto.debug(f"Updated last_fetch to: {new_last_fetch}") - # Create incidents in XSOAR - if incidents and len(incidents) > 0: - try: - demisto.incidents(incidents) - demisto.info(f"Successfully created {len(incidents)} incidents in XSOAR.") - except Exception as e: - raise ValueError(f"Incident creation failed due to: {str(e)}") - else: - demisto.incidents([]) - demisto.info("No incidents to create. Exiting fetch_incidents_command.") - demisto.info(f'Fetched Doppel alerts from page {page} Successfully.') page = page+1 + # Create incidents in XSOAR + if incidents and len(incidents) > 0: + try: + demisto.incidents(incidents) + demisto.info(f"Successfully created {len(incidents)} incidents in XSOAR.") + except Exception as e: + raise ValueError(f"Incident creation failed due to: {str(e)}") + else: + demisto.incidents([]) + demisto.info("No incidents to create. Exiting fetch_incidents_command.") def get_modified_remote_data_command(client: Client, args: Dict[str, Any]): demisto.debug('Command get-modified-remote-data is not implemented') From f8bc66b4a8b8aa7ff29889fefc9f3d596b2946e6 Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 18:21:59 +0530 Subject: [PATCH 17/22] Doppel logo with Transparent background --- .../Integrations/Doppel/Doppel_image.png | Bin 6954 -> 32919 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel_image.png b/Packs/Doppel/Integrations/Doppel/Doppel_image.png index a18ede6127e9ccc4dff19aa3df9750c59a82ff15..d0bec8a28888ab3a908601c95e412ebe340ea303 100644 GIT binary patch literal 32919 zcmV)&K#aeMP)40000WV@Og>004R> z004l5008;`004mK004C`008P>0026e000+ooVrmw00006VoOIv0RI600RN!9r;`8x zfB;EEK~#9!?EQO?T=$jd2Y$}^-J6+}^+4i55Q0E3NlF??l$s@v`!y{I1*zrk>2?o6 zP1~_!j}6e_osISEn$$Y{$F3s=h1iH4hrMBfyJN3+Hg;LGcVnXMo+jvy@nc#Rih4}< z^k`ZoiF&kKBoZVDfglJZst&%I#HCh#)!B1m$)?i8+83a26YE1TcOC? zYRqfoF%#NFP8+dS9<`-TYy3MccEA6SkHp{NzW77bY9NN` zh^QrnDp3uksP3z%gSZjZ803bb{KNm|AAn_B-rBbH!mU5+4xd7*|NTyVs@3)O9&Shaofcq>c-$Gh&T4g)|mScpR9= zb-|_DJgZx!%}#fEe0$4_FKqkUO7-<(L36oByQ`|ikO78Jl1YzDuA*|2QZ}E52k;y< zBiIlX?#Vs5C->w%%X`{jm9(KNpcv*!^D@uKJl(Qpu+CxLlFzX2kKi&zR9h%~^!P}c zr$*Xp#Vz-Y0;1rO?wxNvLS)MiciQxXd0-wmHShym=JV&Sg#L^D+?K#-luFB9;Xe5a zQ*whc7`T!dC>fz_PM&94fGPLnp4^jr@?PXUYp~nJ1V+rzll_>@P%CrR?E%)ZPqn)8 zz^NkR@u)0B2XV+9a)21q=87fdRSirrQF8j-23I>dy_Lyx(tjKu&UVAfyTeE1e0$U1GV@EO)=&y%#)1>mvj`^m=*$j#cw=oDh7 z2GUx3J03rC!+*9j5M!1L>?yxW%`Y;_AZmI`Bm7y9&po*(_vD{rdCwZ`*k~`QF_I>$ z;eOuMkMOpBl%an3siD>v>qaX`#EO39MhGAv$)PZDHDo@Z!IkBl{uy;$j%p0Uh-tY% z%U))dOSf%9pvS=X5v0FD^1Cioe`*5@1#>3{dSn4ngfg{Sj8dAX)@h$IXKCPe#+d0` zmuuBcuOYg=>65)D_vD`3llLg^(?yWs-ejEzxGX=%4L&+=#Rs3sthP`F&|n1KM#@N5 z&Y)RNip`f4nGs!yo_88_pWLVaczMn{G@^l*40MEQj|N@T%Q1Rj@;^Xbu5ce;VXx2N zxBk5YEUnRAx@w2-PwvS*`Ex3Fzrk*GZu$&x0BF(Wlk{k_W*5oGSe2X?&&~)d0hV_K=z9hSEG)z>^tQI{-6WLuF$d z?84aGLht!!@5w#6C%elXfkDpB8&r@@sod-S_Y`*oR?z0TAqCzuiy(xzNgJ(GhgfB)R? zZ0j-Gy=U(l2fKZw>@KfohwJb5`S-5Bcm2KV|I~1>CWdKDn;x?a{0M9IDA)Z_Htgs^ zsPV#jf7F`YQzOU#-*}b3_!p-6oB!6&vwsh=R^b2DfBhqwp54#QBDFw`=S8zq!4)k^ z@Qfjc7|MRoGHvA5hO!zzkQ%NA(GZP5`d?gGD-I_Ff(*cl^nyM_U8u_jv-&Di2xic? zf~opP`B(m8zVt`mzOcM*Jl)rQPZcx~QzCQiQJi_Mr}|))UpoUc49Td=fLyK;d<`U_ z418;+-;;ZCPwvTWWcLkLAcg{@B$zR@gIxCoy8ajg4m?%Z=dZHE*4Fw2eWCipQgiT|Pg*s=X&QXm`dha7ez)EH?;o3PdTg@j<|? zr`o+u_nzF7ds4|=X|R!5hIWuu`x&}CMvtSXfkn-Y!i+p0qQ#Fpf9=Fa&;0ej(s(Xg zyMfpoZ@v}y%I{yI$d6FOhz_AH91jK(X(7||>!CS6(Bd($1<}}^mKvfF_n5TUqBd~} zAf?B8L!9V%DM;C=#pzDwwlXw-sj1T|gh9u=2Ik;HN?8Z*Bi5%zk8~+rlpZ@yC&iu;HHC~wBC<(Q_tZu*y=WnnY z_fsfj8YqXpDN-~@Fd5f#X5HP?V(ikhK8sMQ;yri9!j%akm) z2Q`*$5nBL%x|9Y(`3ox=%4N;Miy<2=_lB2Izf80XWV%6~&9bq!L6$d|(d+EjA7HxL zeak-c^oAbkjxtUIAQ@ouE~9Vt*?0U6KHnK}gogbi8uBAbA8=dDz<9Hr_)NF`{Epz5 z-Qj1w^*-;Ad$@(4q}=Pxf3f9m#$WI9b8x2()@RtThgtJa(DldY`O(t_EaC|c6=cA{ z#+%Rn+rR$U)4%qZe(OkmqkUujCO&t_FWuzZU;gHs^XvX$VhNO>rJd4fs0Jdq3zC70 zfQyQ&P#UNhVj>ypIY_3#Yq^MuxDZ8M5I4kJ)G|VVEHjXRGxJy>`k1Ia9i-^Y?BBN( zN3+j|p?5|bSJ2oXgq-LFxel214$+l@1E{b#(1R|ukbk6+Wzt?$v`D z?s8Fuu4?RNHKAUE5Gq)e6)lUjMf^eYFkj239?PliRgWkmR1(e>DM7rw-e<9%ePD66 zxo0Vx-Z=Bdl}nv^zRt+rU~Yednw8A?6$oFY&NbflUpm+0NXNB2k626GP-i|^`9kpW zxK|`LTGsGT-g6J!lY4Scc9bkorIU{LiLplJ3e3>sA$lBLFySl?!6BCsK`x(}(QhyQ zTfgyF+O7QZ>9XfUrlnuI&za$Km%7dKh3+GGfs_M02C*1iUC3mko9Ub9^02znL|@GD zj<}F}K)k@sQ4{I{dmByi%Gc>0F)LAl%oHJGDnEp(w}sKXVvh%=7J_H(%uCb*(=&UJ z(ugrX<(8j3{K3bb586F*2nyoCh#-o4?&E^4A{!b;>dSsX&Mscpdi!*X0v*EPuvkAH4su^#`3|KM+Y@j|T}wi`u_4LeA;#+l#zo4?=b^6}@^i#h5c5{Dyvpf|h> zFU{2RXJ`D4m4n&;)Sb>=K?4MYOlp*61Q`)SNuh~CFgGLk_NJ%ri=fn62Pi|1Vi4z` zIK=)+`?A!O$^&2-9K5*zzTS9?b&ovYxS&dqVOw~tAwcO6s^G2t^2D9-xhB9nE z!0W?3TsHVm{%%|tXgEJUSnA$m%CCNDkAC;;eY(t)Tz~+<47 zSRc?ft3aFyCc+e(Lhm>i<7$sg#Q^ ze(`Z2t)WDr8d&3D-jD@WGJRKH~-z^r$QLCi^6=+TgMu7{`3FuaIt5PoG05uEdwouV1qNY{Oz+@Ht5zY zXHG8Al5aCDuYf=xBlt8C!(~JyGOT7=4g|YBCqRyp%YY~WP>>!Pl+K@gZROQ6J~`aj z;E`YdS5LY7Q$sE1O@bqcX-=v6NtLjmWQ)0n=gs@nwT~39u*dJCtUbVg`0s_~|I7bl z^khlxxhOECiTTmfc)6T&WyL6&wzmn^M_dzyqchQHBlbuiGJW_vBAk z{v7uISgA<(`T(w!GQ%p5(Djd=5NPeT97t{jveAdZLtpvaKlsWYwSDdv7dBQQMyS`qax=WOc!=}N z$;ISi@IJNhV@yhr0=F7!P4KKrMm4-T!=vnEVJo#G;3$ipq7kWB-rXS0W`6|unw&QxvuiH!3JsL%~RVJX$0HwcIlK^j^a7J^2?|o?$Eb|7|2Q0W~F94fiG+ zw7AJf=*q|18-8@L={0I)A`{H$9sk8o?CZ{PnJ53vCr(aJUw*Jx3~>#tj#ig``@jER zIy7cal?wH#wCfio&)0Rx9(j#@{&KpJKn#&W41y7)BzgfVsa%UTS?2%+O;qg`({xiE zS91DH#Q`;2Pd-|6&_1E2s5+y;kf7J`P-0P+(eRKfr<`!w&^8FJBTC`qK62%`|NwnrMX}Vh0U}JfB5N~!D94pr}mBgtrZP9mPlpZVLZFO z(@pSaD4ByZ!@4)wK<6dsJa7s#qLk+f2G2*?bFM`nlNq9p$i2_Bb*b3^K_`ddJ-H`; zu0`Uzz9e%kNj}Dmb@uT__&MGRA7f;P&j+iKm&wOC=*yYU{=&Y_5x&EL>_;@}e|ho7 z>QD$7tAifRx%!#w-bEVwA1@3DU?l{6SwzV^5XyjzE;xIomhGKUnk>_lER zPDDS_xhykh-lD%0WyGAn&cnqw$-R@X(0`sb*n63H_XKWZd5)E*cPCk)n;cOaKEtYf zm>wTGRZwdy$waRQI=}j}VQ~*{v6nyQZ~U9bPOYzX+x5mCFJmcrZF*_xx4zuj&`)AE zGw%ka8JVmtPs_DV(>sW*GxS-8vX4P%&<{?biPAa;hMN4W1A&{gS@lQT>$F?q*4nP| zsSAR1EH*mRdYRJeh)RY9L_7ZJh*Xm)RdS%B7&p|@gc4KC=h|z`J%?~QN_pIv>s*(9dQX}OO>s}| z$-f{XP9mMU3&{qVf(IlR{g`3J9AdT8%M$D)8#Z?_>IpddoLnGnunQZqZ}GMK=g+M990{&+yA5{7c=$hC@-Mu``p?NY{c|cA zBrRkhhgp|4Bj!%wv~f~kKCtxZUpUyA>HSlh@kjjC#~+{X_xtk$$-FkDOifKa|6Bjy zA9YrT$50#dDBdqF?g@HDXVYL%AugwQ!;s#LDDiD^2 z-aVDno`{cs2OHjG7#?cjx*(n}NQB@Ku#S^2i}B)r@*KpN4krIQ#s5vU>KEyQ0Au#G$MWZan{u zfBJ{~FE{ovh#y^$yfQTnj1R0_!Mw89th;jX_5FK^F$^e8mA)Yejl(z!^uXDvx%dS6P_k6ijV~Wch^gm$MFY)PL z_(eQZZfLRibD#bkQ=vHBtmhKT5&K(nrxyRy|7+*<3x9m3D0+;V^IXtF%m3Mb$+GlV z7&?raEJQ6Ag0ZaC#_y6av6C6F>n3?;0Ke`qL88DgB;RRB8E4gIX@v15Ufc1>QJ~Zk z#L#G%Dp(CA`Q$MwPKM+v*d`}7oUp;$#FW>DxV9U(;1zf<$p{g$Y_s{+IuJ8X> z{_5kXC$=*&#U-Son3e(xqj2jXay!}S@BsLo-+8h6(D)DAUgC*gMP1QY70%QVQA=V- zXo(POn`60sq{OhSKpkpj!jDH9mF2R&>1Nq!lkpt9MpR>zuY-=58Yy{9ML!+ozdiTj zu3GjNzxa3}WYRR}rbdCxq12cT&|Nk3fOw+bjB1pjz;#fKcLTM&npd|E?ns3XcS+Xn zcpe&11aOq!{rfL&d*|K9a(i^*H-7Us5I6Fu)&3Arhb)d`2ip{|+mFmeZ5X9-0G`c-`XaVfBdA4BDD;QHGFZ0wfmDZ&gIfHJ->T)K7itA0y_DjD?zv!LLq#%w82(tL#M?S*kSHFK|RJ_ep?GR0U{YcDw9kVbpXOQ@QEGCP+y{3beDi=2u!`hoGR74u!$fyXlo&tb{rI}I z3QSJ$j;<56dD5@D-+`(!#+G~7=D~W4cD(z0i0LiwbXSYr162LD9W9LvZPFkj@gc6vhxwR6Lb5%qeVJmyS=tX0^gL%YEFD7p|_X+$Lg z1FaL>$%_Ecv5XgyawQnc4Y}IcEB}OPE~R>2UJ|@yr>Uk<$)d1fZLV;vbv>JzALhLU zg=6_BTgZzHvUEBR@)4$G+r*wLX`PPpi)Y@l$Cf_W_!*k<68FVFWItVg@U?F(e&*8) z2>rhm`vaNUJL5&UzS#cI1DzjrE-sK*ysHKg(&=E>RtBjUX%k<{E zY@Xxnn(cjZi)_FCmdv9~&DFQKLqcp&D@$A~#UW(p{?E&C`y*&XZG>RpR&6ruoR}d6 zV@ly#Sx?kP6hy7!A6rfK9r|xU2YkuC0-&9-mt=UrIu zej>8<{O(8LN_PWdEjw1`BLEMEVD_Sj5X}f#MjSBj zOv2u6CLmlRxRNm-_p4p#KilwpS>2Y+#)RI`l-Fs6mzm-cnJ05Y7$x$S+eq5DbNV)- z&<}L+)#Y5e%Zf40RNHASm>)bj@a95P#mK;+q|siZ^;};#{kz}jo%yxDbY!VkbP2o$ z8*7~Z%0FB@@mGG85yR7?VJXe2DWvE>^RY*cyoCIy^Tx14ZEE98IVcut)QQZnsU-Jh#eJ8HVO$OPJ>V86mWOBTez;LB z(yZEq#qF)lD2G?V4CEw)O4o*6Vh<<;1%9>8HtL$PlF@ zH+yR2mA}itsXecrQHwC8!i^Y-p*&Hth6bc=GdGm5>>kOoj98Q{-vTM}s&j*vC?%zq z%TsdcOiRA8+>}e?nO6S7w7J&HjKF{>R|u5U%8cMCgUq$KZR3?d@IaHR9OP@vdPZTZ zAR}s;b$arlrH%0UrJ;YQU5nYG8Yfc^SK1HW4xT^v<*%$e)IdI?%(|P9$EfB|L6S`Mlz4XAme0T z%Ef}R8z(0Bdl^98_Wf;=6}J3cyo&y#%+Teae2rONtu+5M#5?VDCJK__qC|l{N0z$b z7nce@azfyl3~ig&cGV)QJ0a-ljM2HkprZ_dI(OU{#XwWh%51#BRIZIN|G}L!{M$CI zGAnNhP~G-}hUsYHCKx|2Dil?ch*m!B+h45|AuZG_CSSD)l-0A;lV&M9T<<8QWR-g% zZM0+8OdhE;;axPqJM>@5w7b&*Q7KqtM1evL$WR;4tAEbCK<|rSv`o_s8cJOr-*ZlBj3L`R8A%n zUeamibEn=|onE;5!<%RFxdTgk=bX4eP-n~TKsU!2D`HlGcDc}Ofgq#tYX?E_v`1P z=<-nJ76%-D%64M&s{Evy&=akK=5uR2d^~4BlP($k-5W1y!Hk1y1+%Q_KBCVMyn$La z2{!F|n{5kttlcDE_zck7@%eF_XcHTWKOz_-X6VZYC}`diY~3zVjY6G_0khsEn6go2 zAdWXirQF>_pVW6NtKe;onhluqtK>Vidu#v8=0RFA%Lb|c#2ZNqmvYDU2kBAsYdFxC zgAAASs_4Wy#~uDWR{-pqx2cF>iw+h zw_C5RJ6H7QPeuR0B9TRhlRAc@ zd1w#0|GD4&=A{Q07CwK*Yw%ybaJ~D#`PHc>4$O|el|@=vP-3lk>fw*KUtIYkmS<#U zX+!+9n$Rd%a$)elA5{X(;sxiYwj)XrTM|s;mP2V0I`!3s2IAN;CZr^t6X2y!C zb)uFpnXrs!ojtrxE?+0R(*|pa{VoMMl?^|{Tk*53`y)gem7Ad4gn(_6X?cbF0A{%WoI~ln&xYp0Oek%(;Zw~XBawu|-(lSG8EFKS}yc}CDav#b(4V~Q3d=`&!O2%UBR zz^Q`DWdOK1ktTh6Xz?F@b>l=$vnPJ-FYW96(S<>$@kr~;(HWj8yyrurWLa@~Z^)Pb zgMXLK-~P`B%Y>-~h7fh;WZypgw8{p#cgVQ@QyaLk+{&Jn%vtrS67U!`xQicf%m9`- zC_Nh7NC%cHCKOG(aGO7Y$w?YngUfE;+eIp$fK0{8%8V}RulM8D+{CEzh5L)FJ zM*NQctrRrZ7OwLq%$wMWYAiaqE=O8t;IWP|SGA^}`uR==+txYA?y;7vf@B?YQk}ry zbb{-OP$Nj4>zCigvH@jw;4!jw*Q`M>q#PD27JEocnN=dGQ_}aGZQJu$u z_5_1m`IxhqmP|hdk!h4HWR|rMx(@u6Fa9R3sgz`r9I?cLw$4%Bu+Oq451}bowlMGm z&q?*1N&7r`)W#cyNm}&5V5&%1%u>^rk~C3?EDZhd!Uv!DFHYCJdnPlMX1T!qvdlCc zOpU0K(o%40ff{BRc!qjL)s*?6AAIf#$4CQnOXS}xfKZI1V8SUA%x1D zhgkX3$9=b(|9oVJxoW?GsXaB&#$pt0(*lnk@vY6um+IfhZ91I5 z4lcYQ$4&?N*)xVM&G;*P?ythMzYab{Fr{WAl!B<10(w;F11&0xEGL+f8T2?x$3D$X zc?eZ)M{hni;NXII!fcQGSUoA}!8R>hmqe{8mfSU^ZYpC+)|SYrfgd^b!4rRXDQERe zZq}KWSGZ5V!c_PZT#{?Y%_e^3oy4~&664Kw{C}24To+78X&}P4qfrfd0$Hmm(RJP| zP>iC8gl^5~nnT#Ud1w2BC;ma-+&8y|EpD5obGHuh?L@zmtdp_#)+)m8^f#kKb(N;9 zGGK<_tCZnjTD0OIqZNg=pe;l}r9JZL^DlgbDlzFH`iBX&t65!%YW-H ze&X=bTw`$Vrty?#ur^erc5q>x#!}N~-eZvKJ;)fQbsJLhJIQu^Vk_dn=rijVab~(h z4m?@XJP%tU*JFsxHcH7-8mHFe=vkFja=AjFH_?<66=j2U4$|f0ba{-M9BrdK2P{mU zJzh9fyWDkxGEkBxHFjzFxJ}!9ZxLAIaC?Kp&t-5r`pog5*E)s36j#Zuhg!8MX*%p( z5>=*Gih$V8W0-*UiZRpbG4l+#&L~X2uNt3=*^TQwGCP$wF&TfS~ zj-hipCRw`O+?M3RGD)wUNGrzVd+0UikXn{rh=39*Fzs3jc>wGYNjiz5)Mr_%21TrGG#9t5t#0&x@fs&ZPy0#v_ z!e@AsPcx7fLP5QRMhSIar=ZCd`2{Y^XXtZa9yrgI&2=ov^;12s%JvFwWM(wV6lovi z#(I535fW}yELl<>Am$`q1vScG?QVA9TNm=}nb9aRrizSOnKUu07No=` zGUoK%UE096pxRuw4vj-CrY|aOtIVLx#+zep_xp=sVbC5i_pP`5*on97bFAwD3Qe2J zJ2K4P-F$lxIB$V@4`XO%djB$%^lK%9yn2U1nHtup7d5h&p_Y-A4Ky}(QzA|c{owhx z?0EYv|12Zsh}k+tHms_Zq(p>5(`K$#Ln>(8y0&;Ne3ni)-s;PN^T65LJwSn4Ol*9R ztc5{t4Dymf8WhrCy$0*G5oNZC>`@2H(!8w@MeP{uxn7ui=5;;JCH-Xvez z*LE71avb?y*{apJJ7$7gXyX}alPwq(J)&>0WrOW*yLan-wd|)a$=sEMN{!O-66kLsI1JHZf2giVCU z?vmO*)JALF+b?u^^kmn6h8`bg#NKKQ-t#!0LTFELrju74Yo_D1k$yWS0|FB2!YU}) zE>>D(roHYTI^Xrj+Bf~3g^#tn;mEf}(p=c> zC6d*_gz$cxMHVH)sqMg1Fy8O1awnu1&>%FPUXvrw-SkIUwVz=lewfl{-)sM--c+kC zh}8&|kw>LjWGl@AgmMy*2gPD&ZS*7k^??tE!wW7OAcL)^W|vzx*$3ZO%kCtuyicHT zOC7{=LTnJ?bSE#SnI24cn#0C%rR=B-sk;-)TD#x;EFIn-zKQQgsLhQ(;_ zY|g2M|M;bi-gRcD>y%D=SPYn|=VVpD~au0Xsm(N zC`D7&k!O`p%`h!#l*-g7BQI--%Rmj+S)Z8os9A}X2NvIs$4_47vvl+O z802X)mgHE%B-^&>yvLyvqsT_YFhFEL?j!0E@~GriR!KCw1#y*9GfK@cfsr3P`=+QGVzruinRi;`-p&7!E%s0rbq_Bfr=5t(kkdCNY>$PeDJ8^^Ab+XcI_ zJn~>9;UP2n-D$hlo%0I>UB%o`%`nd}(^grEM;Fl$1sQ?9!$r_#Q*+(>-bemVMcQIe zFH^80M7lMLOxragWoJa=cpFx!TQd zAFO|jt80;vhgN?$XjwMwhVZAT!QNKhA0L8OfwCa0G*uh zYwYLJd0;t}0m?BlhBC(*kFd(aEtAoC6>II1>OKixj7fcR?{#PW`bzG-P7%_ESof@L zHrHO4L+yb!C@NfNZc2!{B^^{NSQ@xDS(Bq@9bR(%aVIijR^CMD16k656wDlX-#!>4 zNN=U-S63Q7AS4t{s|aOlB+Z4PA13aAGj>VYhX#lmLuS^+)jy1^;m4=O&_A6bLUS}9|#U-&F7|qte54WA#{P-ZXUDBytQs8_@qiq~{ z4(E8yF9FcdRRaCWWKZK$NRxGcgmpjqjLT>~Y5KKY-ytgG^t#h__4yk8l|0ruF4`%= zs3lmdZp=rYIo6Xy3j=MmCg_)#tRN$$n!6^8EEr&OPj6W3;yQz~h5W&7-Ya2zC)^#o zNR}I|;3>W}C0AGOm)~bD{E$qpQMiH%9)%(b(RG{x;K-&4wq+5ouxTzm_8w>CpO(yL z4)tP8&Bsbju5zDzjUtq+@~O^H4<9c>c^+!*T2V*s$o&7|KlU=4glW3y-BG`DJ3ccg7i-#Wjj6L4rXpL{gzzp`I=l={(!y2 ztaK=mL2<2!9jAqLgPIWo~tKK)C5LZ`oC6kZrZOrdq{q7xhWk=Yv5IF z)ILXe%YTUtKhj26FyS<4d&i;MlB7{63+o(s`l^5aY~csEPrgc1R*^W3#u|}ynB-;) zb+M-lxdRhfdV_9=d}&I$=MKvGZp%9~yao>Ic~buB&ho(8XRr7d+NHNojo>Mum0Ox0 zW2h%6F6mlxFy(Y~JqPa(B%2wusRCNL4sK5Ct4#AMUS;?cI3tUg3rY<)M4xmb z-C22=+3+2rlwn_xzi|TDSRZ+2xg7mKYaV;M zVmWu5qFrqCJL7UZ|GY}-#W;bjCK!`0hw-S1P4d`H%PNOnNi}}0tz)hNX6Wky*8C`u zW?P)6rP5j^i*O4*be!g@I#`*uYflDxD}|4kl~>s3-)ELrD5{LVT$G>#*8Sj$%j&6y zTRZy9A{;u2B+W2sYFUL_Ozkd3F>fxE{_sN0*O!O-O=@CQAxjqL@6w-VKtc`3|!;lJSzjc={ zr1^BTeJ|GOFGp!qzS1~JPlqv-?p+OcC#U!1v|L}F)9*1S-(iM}m``D(bn2R~5}9LN zx*cF?pfgMBa`5TM%xUr4xq6JS#R*c-IKA!7`#m{2GmDFv_=gW zc$44#{XahS3!nW9d~jNs3E~eOxqp7DHewwT?Ow3eH{E`}ezWfizM*e#kYH-el39_~I7{dYw64W|}`FkJ{;b`_vWvOsA(0pWeDq z^%m{CO2Y7P+Q^n&lJC~5Hj9sglwqfyN+z%-e5fW?txi;qH@Mn4%z5U#!~gukZ-exK zYv6-h(Z$feHc5UbAFNn~ zQbaE6I$294b0HHvLp(!F$+XXuzQU9?mN(=8r8f~E(p*^g_PJboG`UL7M%94v3H@H! zj^3LD2W*A`kFXxv^O0sNP?@*%Uux=)n3f-iVQHinY;;}Q{9F@(e^q&_=*rgdbw{kT&%cL4r{LfdmNdf_7@6H_p(<6jobxzj ziy>xY8bAsPsj(&x(BtUIO%B`io>7yFYAfD8qyOYIuhH@!ro@shZc5*dkM*3~M@)xH zV2as6Rz2(V^wUYu=NQ0rYPX&652W_jL{0=N@TW9Jv@7Kj`e@<9EYl1a! zYLuc z^t`KPzBe&}G88~Ty;P<~HL`Msyl5_DWtzN$3^sCGF0uixqlCw^gn@LcV+HfEz!?=V zgq*-=qrpGsG=K7#Q7@G|a%RS^c0On?afoH|aD^f(cefbCC_+iDmpNizpG3DR4Fywr;s>Bh$%{5WFv}TRp!#}17c#wr?}E>m*;u7SY}UoExosg zP1?tu#IMpWmpNL##B}VgfSz$p!SBqVUe*ZZ3>q6-+cBTV+QRg(#`G{Fi<4)x$Ma(x zICV)JC4;O?6%zn)I}_ZxsqLu`$I!R!U+GR6Vm0!z#$4Iuk|M;+ zr*56I@m*P@I{9ZjXz!Q<5zL7mRuZLI<^|L3q2Es-`zbUdNRO6XU|;Oeh=UjNm{j`c z&4sQ$+`6F;F$j$+@|GCbORb<4KV|bdrPHNBbhO$)c|03C-viwujF#g#8d{amD1$K) zr!;#|qluJ891c;0Mr|K?{UiLp|LY$y5M-bkqX~y+Rf%;s7OQ{0rTy+NnH&g@Z~bk` zWEw~9C%NuRHSc%k{8eUo6}i12GDjeteCGtGxFn zGD)tvySEFBI@4TQYWWY?=ig_}JA}K*0upeE zowFjnjzh9&Owq`e?5pv0iGgn0yDi+li!52<$>q^e*Cq2NeLun~ALTk9=LVm+{g-^4 z>+(@<$j7!x`P|4@VTG zNbqL686L*9NhBk%PQA>TvKn>t+y*=)mJYx{W~cIObhhvjxJ`VqF2jmFi@To4w;7Z> zijlB_{Tv2v6qIeohO2}$eSeSB>40oxW)ijr5k?WFMtR(n=0 zBjzQg3@c>n4s2GyAWxP<^6eW)L4zyomw!ZHm1}%vsh8Nm-qCIavY0W@gYDO{W9?P; zbw21{Nolzi$o@_}9|eM5JJSmPn0@|z8eBs?ZW37SHn$zJ7%C9IGUZ+N>mOj@I+yk5 z&lJoogt&7XMt>Y^07b6u_mSD(F4&a*eX41SHG%+NT4 zMu=Gtlj063w~Bg3)4LpzFH`3duj(&7zwRG8or_MaAe(TLRBpCxu&^QJ+4`7jF!j-~ z?RO6bjUvsDEcIurgbM>d%-jA;boms8W)rvOJ48}Nlt4x(=1_;2_ZVauH^UqwDaot8 zx`QlGF>u|s7j`3iA(?z_W7BVT%Lgjn)Y4dq9!?G|L0z!D?PhJ%u?nX)&ipVbS8%$j zX+n$hIId?mC)GH|yAB$E>QVNT)zM@<>|@mrGxElQZ}Dvf;<@1EB;Pt}$slX6ru*oH z`|-Rs--r&ePSkKA7Q-)vJYN_gttc(N{PoN1Ir1S&n<8Skl^E77O(_0+)`V`~<>xxv zer^FRw$+Imlb^UikX~n6uC7eWD+FET?%W__cfh8fRi#f;E-_+`;QcOXaV*^SaxtPe z8TiBVIqMzsKdeUW?hiGU{&FL{O2dDIN64vU>%qm$ELnez^_Ttp-gwU#tas3<@UACpbow*3`r z9RsH1HKwIT&Zm~ZPM6!BJC4#vg@H65>&j7}#}rq_A8Ff`&3Nl|P~mM|Tk5o&27Nz* z3k<1I?zF!;sFnnj@rGXnDBeAl;(Lai>NcEN`_>K&s7&KlCziF&Fe=07ln4XKkBz*J zS_4Pf$P3mReTw{MH)gBPn>qqajdWppSX;f}`J=4CinFSArZ!BU3MfPHk!PqP+3+p=uWv0ColP@yLIOF?2s!tlj1 zA2HI5_0dE8_V0jX_mKr94@w>c4NWv_{?uI{e+Dvtm!G?Mr|Yz0naV0As42ht?fdnA z;(q;yOxsm5+kKl0D7A`Dpca$HlUVsvXl09L@#5{Sw{h(+HFA@7t<0#GB%f+oC)`yG zR=cKU$HOWyzd@O;5yNN;5%wLV;_OY8Y)4pF!?aIDy}7*Gr6y1a?UDv!jZF(Ij4Bu0 zu224U@*(RaBg>^EW<830l~GnCCa?;6xLX@y#V1^-qLiJ$piAguVMGy9AURar6)vzY zhuT;CS9sHYd26QB{O#^N%F4toQ2CR`tYMQhYHrP>+WO_yTo_e+8DlETU}?SA%It2m zS9l*uQ_2?Ax1iZx=P2vmreGRzB`XCl0!69IqbMozh~s4Qcn!4-@sMCVvdWCS%CvOO zg|Gos6k>7i#IXDjeS3sq$SAW>by5K&K-<5)e=>!!MywOSdgTkPqTK2!b7xf^q#KSb zjI_}n<1A}do@?3b-M#TOYL?0st1IqJhVelPf8c~`1Fc2T8f002c}6cXs~4AY=_Zon zB5>_(uo651r4mbDDPu`l{&Weq-?wZHW^GToodmg*(&t$BhgqXdLGu`lecMb3sl~SV zp3~RLEmV?Xt?iFb_*t7|1F7~pjqoZ{dV#tP332xW&NHJ-L=?ItIgLJMbqsg?av|U3eP|A*0+$L5*-^QpDafmcn z=Wu(S2Z=Pt$po$2J;OvNY-dr&zSzVcGNuXC9lm7DIe<+HNGdz>kMGvYkC`Y&*kY;Q z9sDu_ZjOH#`N7szj#KzS4)YZneu?XseoPSt5A=r~tpIVIDu2!?uwluBubxEwxBmq**t4=s3=yIq7$7*O4+g-w+KWptbj6D1^b zxwRS1H;{y(9fhhykku$$yCsTy1~yw!1!mYzMK3WtdmB)kDa12sWorK@D=-~kZukz! z2XRGBZh>P(8kJiqrOWCa7m?i@r{hL4>e0xe5@|55w7Qcd+QqaHco(e#$Yj@`z1W&A@S%~sFb?R6d^`pg6Zp%wS1diJ6hf)zqp z%DffQQXf;uLBj@2`x{LAWis7(am=V*$W&|H+fVncP3dz<vg96 z5;O8+av!~@RdGEVpUw&~urk&h^iPvb>phB8zUMJ+SF6dJSypiYXNf7Fhgg%N3kBH( zpgxZLZ(^p?J#+eK8=PVk^( z&)YKuwiapJ@5NeO>nEBRubNjEct6*$#Z4z&%xwBOp-Tp;|U=YU7-HHjmvvmRq z2iw{9yMxxM!w*TfX?ar$H8rxmY}7foh2X3*k;yrF-I*R!8z$lU4NOPZsMMhPlB zZ&@#$z*;8LNJ|D8jDmt^j|YNl5NbI-E8+QB&CxPXrLHAkaS22!GLkT$%=!#!<;6js zvT(%e|7@qq8fctD!H%}E=|V#f5a&h%(v zHn(@_f+`Eq808}d^&X>I4+|T2;XgNA%RPcIHOiPCOp%ZFqUByRHj@^*>jqoF2ICZ= z*h6i!hvsmKW|0xhFny<6Wvi45gWNj(+JGY4)CR>h&FgRr+ue3)Wu{DzGNy+$@>se0 z#_%7TMdR%5tli>?`Ja+TkuyDPP#^6f6myl!2twH)j~TfoB`lTyNmfm6n>G1vnHJ+j z9jYuYqw=*U%yYfGl~8=A4Kg`C8Wfr_s0|p@MvU^L>5rcue2Y_S+m~QuZsb;WGe!u* zq;NW8xaS?$cSa(m*edgr=_63$L>Urz6LmdT_|!9Q%@)xR2`Bp8|Ew{fK^LLG-3jz) zh6~*(tv%cK51cj{n9wSG_L+76(35p9Y4|0AtiFFPg0Y|N9YF=Fd_51aCPz*{c`C2q zFf|)>a=o(DlnVsT(w_IIm9PTNYx%QkK%BCx=;+BNWm+jc?{}2RFph$sLoAuF}2@Zh9u@$QU3yT7RGj+~zrg6=jwbC>-&p%>K6x>HgTHL)wL zvzM#<0$u-PyU*dpQmPF#LO!hUiIor9$3Cq{C%4+UhSz9l#vq@B;yaUejZ?(w5(iC+2+qAAMA#fL^td<7)#hJWfUADtYoH4mE%mj zR7QUH^`nSu%gNe1hz$iAB`Xa#a;oy{ zRj?_I=dS6##}Z_!WZK#)SR;33 zBR=$OQL><3ih0d9WZ%<1b#$>Pe~_vlj5S!j$%Zzt?88qMQO?&aCwk7B%spqSpKAKG zZpuS%a<^3+-#I-l(@&?nYz42Q!bIYZ^F$a5lSXHnLzM(CWYjQ=c-ocUv6%_{BU|l{ymydJ9|3Z76Bj?L4IVlQYR^^(Hi|nP1+J$HB_F8k7 zw8^$_Jyg>7nSptuwMKg(NPqbte{{!pa4KJ^Yenmq7S1pj zhq+0c$jpgg6;H?xl6${1?U%cIxJcdm3}t4L*%mCRc)MKQDrhcr_2FfqN7Jtnd{}KZ zUvgpo9U-sk zx}*u0CydeA+`BYcC9^(CM0c$`oug!AakE(Cz?-bgAtKGmINnail$GP;C`AdePDZvX zQTi?YBk3iU*;2w9H~}oB1(!?@Ei=@n@K{^6Si2EjT81->>rc&0=ZkvXt1{+-2gkDl zlgJ?G@(`A%3KnvM7-(g(&P%zMokj_bkTQQ#@FJOl zIh7C6p()*$_J^-Aqc0P^)zi z?Qzf`N|hN@1y;lpBuTsh$r3tOgp&1qL_W^c*?h&9*lGrPV&Mt~S)2qWPG*`dyOzW% zlWVu0OA8mIO|Y53c$Ge^CId;$x) z{q^HMDdgbExA?;1NDh8_s6?idv9OQ~G(6dic#)D4<-?R*FCk?KC z`#yb%{r-KX?HUC$iQx>bfwWC&5A5M7ZLcv^@$0dfgm=iN9xtCKMDowx{oXNS=Rj#g0P@F+@RE?InQxnIoGc+=c_cz ztm5>w$=Gb|-|gCP*5ZeZym@Zj4m>xMW^xNKck-sRmqhwRngj-jrX75^Vch}#e^Zmw zCPrDrR)~=_5yCpxm+VvNJy0iCNp--N>z=K_-0=_Gpy65%g0&u zPqOYuPa9R8ugW!%S5>K%aU|b}UM`y$;+tH$E_%*HpW8Y%R5i)Q{?o+H_wcFU*;0c( z>NTeQ3PNwo{MoYBCYIIYdiu7HRX)M0f0CZ3YPDmG?q-m1OXiugEMm(etwAgjLIuOJ zl0xpHqQQgmTdaG#`&RM!<*qar1_63{WZ}p1`PRS>cK@XFBW8FV3w;LOV@)1FrVgJi zhsEETnQBUi4SMTyPcw7u`PK4=?BNfo`5G2;_S#JzF277KUhDMy3uk(A=$SENxLEc= z=|?|x^zpyjY4JVwWy?&C>$)Y`DYVAx~No_)(l=CZ}3S%;Qfq)C&U4|3?fJq-K^*W)h{>?5actTx(t zI+>)-TTA_$=T>HUm0WKyS}&+Y$Rwb7)+PwUY*_IaG?+GB&K&A7@eurJ$e5EO3b#O4 zs21E`ed5=540^1|LtOIX^!yRBP-%d|LP_&kP$`CP=j&2}mQ}5{gjkAU zM3iw2u&v{IYaeHO{rd>Yb^6bnun-kYm75%SI>_qcNG?}hWdzol(jT+FmUo*okNj5~ z!+26cjWW*7mtH?r(~YI*-=X2@!76?B+Ep@dGLWA=3y0=o;AA=pX_ekM-;=|ia_DAu z4HYBs8i5rkIH0g$Yye%K$hCfQ*+NT{(h(Kw^ef#r{j{f+``?BlY zXD>777fJr5CWRehXb)1xqwVPXPossaMu9+$jWZ3sM1xdEsE|2^a)hpYkb>s1F-jvQ z*vE^Cb%H6GYXwJnznbeV4*aoH8mzif$P8;dT=BG)sF$d)Bc^iAALb^XWQ~XCQ5HyS zR}0&DT_+Q#THq#QxDAw&k+IsH@~g*N{$2Klmznj8DW%bJ#Fbq7%yNN9qf6ZPd?B@` zVz5b|k}X8Z75bw+qJ18CV%o2D+*=44LHacO3OW5r-zbsj)2zxtB28*QL7V8!XEeFG zZWT#*Os^tyCagfYOoi3->YYnX6_t0>Q6@aB34PEir18R<96g?!bsBz&NP|d?zvrp33qiyrSd7*5(WRqlps1QS?$!+46mlW+*e(#B)vQzQB zo!>#*h0mQYm^%)QPD551Ns|I2mmV#yQS(8nZsH9J=7`>)P-Rsf=52kHp0^ipUbr3P zYIFW7x%X+~+IK)l+1YP?iJwMVm=e$B|GaLHWHIj-B^g7dAU7GU?)T}@G z{g}h}ZX{Ey;i~j&<+=6Do{4HL(&9WBy<99pip1ug(X>^X_Dw?ZCRXlU9K=Kaw$w68 zS8)laGi#nRX?9(5G7$tvtLn6#qSH^utUOjq*3L_CpLY ziXo?ll(mTq01DLV2v93G7kW3_$B*UHT$hhAVBcw17NyD>$!b&R=ue)UKm47}bpM|+ zEyKj3Zy9|#$ZGkE^u3K0d!JF~!P-$-1`qarU!x`8XTWnhzpG zPn?~(*}33lx;Lq|yiLrGpPr0C{-(;v51st6f8p3$^l%w%mWRIm{@RYrv^F@{b~f>r zTQ_6ZEhhOGDxl@0(&+g2vv&2#c6q+D&%Y0T9g&o-no?;?axQbkzf3D$=6XDSc8#Ma zO=v}>@)_Q?pXP^l==_`ZD^I*F{gpD5%yNMT<1!68#IQcu{0looxBM(?JVY>UJI&{c zuy3JYL@BAAWTz1XmvdV{T<8)J}9hD1f ze&|c)UpO1QPn3+NUf=^PGb^tF(B}X@mIZqLP!-&pp)UuYa$zxZYbA~Zn^+_<7)73l zuC;6;WsS@@lLLAO7Y4WQ+s*ltO6jy6&aca%GgtgGOBt*515EQe>i>v2xrCwgmfz&~ z@;VPM_yov*+qTaG-&&W0$6u4rce-+r`zs%5vq;&48?|&`=26*@gLJ|I-S8-s2NukE z&V@FT0@UK5r2>r#g#yC>wQ%*!etU`i{xVI!j(A2SC(=mCB(mu`*<3%jHgsagy3hrC z78#wcJe}>*8w(qLWOOgRG%IJHP6~^t6Vl@%?G$7G zjwhc=Hyq?``6$=rWAwd!S}j}5J$)ufA1&TE^Wpt(F1L#B&xMNT*qiopifh-oY^DaJD2!GUt<(& zM5(2;`sOgX|^}K`7LwKjRMb?G?(}IwQea*Mmi#D zdY5&7m{t4KLeJYLfl~>jKCXLTrUUXeRSj}_OAX#yn&nlp36dp!*3^iSs><%B5soVd zNYytc#vnAFDXjez=ow6x3u|?zT1|Bi!`I z*zhCmQaKsn=_uN|i&;vg!Je73OSHH&skV?RSoE0X22pBU_n$w*n0R~l`PnYWE)4YW zVj=c?E>}8Olfp7wjr9scJ>@ml_z+zlUAU=7p31ZGMDRqcpPsSF13jJ}mF2k<=q;s8 z&rY(GG!>sLu)9i=1;|WCRVIegjM>tlW~WOv)S$FOr!V*BmaVxD%f5LhV0?T#Zijd!#psxZ@yM$rw1`o5U?QB!p-CR`6Fii zHLl9_v{{=Hq(&ek^KjC{lN&>wjJM7l@UPPHA7XNi4V*j%)B}OQZkR&9+mX7RNQvtR zbI6MtLROKlqzzXbVom^L-^)KxYFP&}a%aC1X6l;XC ziAdrT4HQ)>YPzODmjm(#h;$d%_2(at+MG|FaJ#2hxjLt0A&)jccV@`fZgSQb$bd|A6UXgLp z!yRN2;KRUb6R2F&l3}LpEY_ZDlo0)J_eyqrMfFo%pljA@$MSGng?7K5+LyVJ#q{1{ ziie7*M5>hKvPmgWO07e7W$}O~^gv!!d=O#+&TmOB8HZPQjj~r($~a*}jRnXS8YRz( zA6mH)ztCM}&>6}I_vXBm2itzF=!`XXX;i`vywnj#UYGQK42(4ia5gJokNOQ3?=G4TJaU4H9FncdVc85lfeL= zS?F!-IkgssOLL)FRSZPbr7iOCF;I5(GXk<20Beo4$<{b z@HUUpw)P`4i^+BDopvGi=BnR_!o4^C%xU^fT>@`U|N# zc}B3lH+A*Q6t8t=>Cog&GU-z=!-gJUl_M0=Yy+pX+8CnH$>}do%d0di0CZ$4oBU5( zi`~pWA5Uf%-Ij;{-Wba&mMKcrN((l`ltvtNXZ*?&bN;>MR`@>CUh#=aZGsyebUj?SCFr~>jMBk3fhW||ILup_sQ+g;9`abA8tN&MI} zbKM*BYtk6gBBBBf-JM|ic2c)NXUeaind9Qbf9_R(kA3=}l`r-cjOOA72OleFoY<8y zvWg3oG}y4C3#BC@eE_#Uh%ulEDCQ8nOir`vz*mP7O+nUB&5ttcT;et~S9 zO?V3$D9t<961#;9<(-lhs^or^`}i_7zf5Vz7xAMfCm6Rfo{l3wm)EjxE{fwQ*O>|b z1TT9?`RQllX!b;i95YjTq1HwZp5E|Bztk*qv{>Z(+cPK%XIy**1!+H5QT+wASi_z zb-D8F-t7G19(kF%W)Mr%G6pioVCFHpz5RUr;h$|=!Fe~@0`7)4Wc9@+|MX15FVct` zWF)eS_0ZzA>|f@(Jc`BE=`kyXrn*JX2eMA4B^jg5j51A8Xj4ajTD4&)rPwb-ws*=qFAsA*@{?3UTLE~ zAs8tqu9`>*S%w-k%JjKXYgJ;x2&aZdWh-ZQ?sRAE#_|1pwbPQ9nc^+v-9)o)BPN!( zYXO%UF+fozM@$awYV#0M#@r~&D$8a}2e|wE6zEJ__xRD`pLF*5_X$}yF`(R{TPsk~ ziQNzdo=74c)-g;Y>ezlw>{q)Fx47>o6kKRi=!7yi)VB1 zkz0ehb;#oy4SNj};cef~0AGoI^mz2f3nH`=YggHJuYGGx4lfp3o zRf@Ef(8;y@QgieM)BKoJW;nye7)gVhdW1DU+OEmesd3;V_hDzouAObk1sc{Tn`Bds zHInx=|0gQh&cmmZ0N}Vp^HvO>DO*URw*;?tXxCQ!p^Hw4lB)&R3DP?=!}X<>e2+Q( z4%6~V3P#!{CRL@VwCK%e#R@`|+&d*fR+*MpD14?<_`&1RXU>~gduuDl*jkrcYn!FC z;W77X+RTD!N}H}szj82spQd&wD^`AY zc~_``E%H1mg}6QD(MbJWF_Ts0om{d>#u}uelDAR>j%lyA0?4#V!s)NnxcbCi|3PP; zf1ep%qhv5C(Vn95n|+@9I#b+4fOR?4jjo^S+kvwMGf$0!Wn+dql@uJcv6ZrABi$+! z((y^`W|KK?JU7zoYbVI)_^e;)?DHSck{>e5g+zQa=F2c8^Nb*k}S8!=i%pu z)0JM>v)t!C@QBK5xH~mg`Jn#+Q*n*!WqqZ`gU2m!9<;4!l`lM6>}%^( z^kc_Y{pUMV)IeaJQETKgr_ByMEu*9%)}|5yz9v8Z(!cR*`Pr5?nJxbkHUAk}`)g3P zVE7S6em`&Y*4x8)^E~zG2O}B70_sgV!x6_X{7I+tLEdJ=uTglQ49YMoh+0xFa~jmo zt0!|K3QTkT%%$J?o83!%i|=p+tq4c9FU^SW0`|Z2O1P6rw)O90#`p2B?tJ@OgIJj- z(|c5pt_T80;)?G9@Kc1lA~ct;&?!;pTvpwqRUfUfASD7b@t24 z1iePolu4!&-dU}p$Rlzy>Tc*AeXw+0`4n27HQ_1K#3SoEs)$NzlSGT#-KiM=(n$xE z)>7apj4hC2xykEK?w4rn*O?K37sH`!ZN94PE7P zA44H^%i%DY&XPW-ZWD6!7;K!O_v|#+7d!vm)7>}tF5lsLB35EMKf~6IdHnk(@ZSTU zr2Y8cd3sIeI-{(73ap(D)1-N)O2mp(dj_J!u=Rf1g3Xo1W(uR6guhLHdA1%|oZ)Ks zuz!vHe1{rW2xipE6hj$hDaaM7wDRC{gxq>Tmc7-~t343Nnu$d(>osas!Q-wFs0^Ik!(5HF4Cbp8x4cr1# z@?%u{%*NMI4Y=6fBn~vEVq1_SzaSZ4fl-F4q$$O$Onit+abjBxzhGf;AG@VcWr~?omc;; zGb3*y6&Z143p^QN|62%yh7l$TRJst*;C%H2lj6LU0Xjl z$$HziyKet^tFLaW10nZ*r(xG$3=GcY)Rqy$7%{^u?Dg+6ONXc%ly^%FzfGHj0g$rY zT6~vWdR@FcRnR;;;LtOX=7P8qTqpgw^-*>k*T$spO_9oy$Qdv#s~wfznJGp~v%Er! z@6(hHg=|dvK&skOIwtOrl9bAM2c(6h4JF7bO)ftTdTyPg&y_UWn`F+w9mX)ZJjP?9 z)V$BMzTFA3`lTR)bF*Avk9>z|yG+=Uz_K;*;Jrvrztf1yEVDto&M-;y*+7fklymN_09zP%h5;7@(TO?WoGG6$_B1grH3s?V=8&IEp)h> z57sJ-T4pfk*O@E7%5}L$CmcUJ)T589>q2r8XRW>*Jb%rPJvrjObA+!kErXPg9>g=t>}GHQN>z1d65=szWjcKhT<~Im<=&;*)>lS7$r->o*CbRYa9h-e=$~ zf_;c+A0TRDp)h_&r)TzxfqOuNZg-XAomc;`vtPbPZP+0XBhV={gHjIhc09_ue`3Mn zp~W1f42G*BCQoEODM|9v6R~Y3;N3mXw=KTOV%(ezU3I#dX&0;$wY=zRD`L7l#kJ1; z@f*zYT4g4d48w?=9?f{2;6@bNJ(1#W4hFfxec3-`zs(RVqepw?bv=H3Kzkur?UXu? zo7_rx;$pjQDwh7<1y-6|Ide$9u{=YEg4F(+UQardT4iqT1|;3RuPaN7rd;Nb|Idik zmf!H-cxc0#r|MQa8N6JuTQZWiy}qXd!373cvK;bKmuLOjnFH}3EjRR4JPgQLrODd_ z1lNQm3}zF}UEX6t%amW^K6?puUAkt+mU_&c8U~)inQs(nzQn*SNk3a9WiZxop<5{D z8eDt+aQw#d46i1ZH0{G?QN#Dp$5%KI{vmt4iCfm``NOBKhGUC;9zNxsoz(bVO32eC zxkt`5<;wC0{2Mg&RYp1>qsNq8ud>yQQjAfcBF;$!FD4~13{nQ+?s+IcrNM$CF(Y_M z?nxW#$^lC3$)O+kR`j`6B2{j*df|gFAS~A8?K2~qDeqc)%w*Te<7=q({~cT&io|&n zCu-J;K6ie|-0{+UMfAsvRG9Xgh$!Yl#1ozn1JkqWdM+yG5!w?|Piaj~C|8PL-N4|? zU;B;b*?Rv$?)R@UTU?@$1{>aDNS~3+F%=Fo^7=CdPsI>%cQREsxR}B5*Z=tIooTs3 zZS*7NYB$lW$)vBeFYJv zZgo`p%<2K4zg&y8<>V|V7gC^uV-Bsv##L3QP12!a>N4RX*f|n$NOxK;vWM?5Egj4a zB%&2bdg42^s|fKCSPO5fVp^?x|NLVkLmkpsqXzHp=?Ld1y8un2T8%a_PE`G zlDn=%v5S2jEF-qukgU7M-{63Mhben41;oS%6&`myw&PMgCU*piU78#EV!+v6quwxv?{+xvS((Qgacio?oK%kC_%FlXOqmRA{uVb#|DyXepD z^P^8gUrFz4bwmcNbD)C{7S(EtKpUCNkH@ymi+0t<@z)CQ?dt#K@$F~)A}#q24SAK3 zlqhL_kHb z*Qw|0NFM3gDr<6(EB=do>(!YS`Tgfhk@hHyiQZ1*Qj^PP@8=ur*B|mSSGg;>+kn?r z=c!-ge!foJPBe4}jm38SS#N2FqU0p@`$5(N8PT+i1_Nqx4P+y+XQ_hc;2ClJY@7ax z1o4Jp9IZA2S2!rk?Dua{Qyu4!FOwF<+0BFE_U}LWZPmt%9wA&IdVzQjmQA<}#HK5^ z!ZCEMFA55x}I%8wKV&cEup|^txJH|B6a1HdU%!NN7$_PX|dDdJ~ z%a%-bt}3Adxu>+Gk%MUJ?|~K!gH8y6-eFST)!axy;!?8;M_Um5GWW-2jBlcXE zdUrS8(thoc%hd^E;O6{Rh>ePnJ5`GCiWx3gVAihF_GJpbSruY@r)y#?S=5MQlYKi1 zsPvifUKQ-vcTSyWk)ux)-b}bYa@IN01}+$~RML39#_P+u3L|MyDjm#@51sP^E82xa zaABbJXOIu>DLkGDc^8$y4f$xRCr9T?%3}dvXh>dR*)}IjimWOsz2zpC&xrJvqbk#O zg+tT#(^&7)?HT0zDB>IsJ@V0(HT0?LH#eTnlvb8inp!Lb)|ZHUDfpglogUM?PF=4f z!5J{en(pP&@F?rEpQN0wpO2%IQs)X8z0Nd0{!)t{u;0JWoV|7zto!dnq|dZ;Zk?R( z!W`WG$?dQ#LCI7>Ml@I>Aqq3{%5CJHf-Rw{8Vg&s;VS*q^j)>-owAu#7QD|a9i-a$ z6^Pu5BH&JW;9C$3iAu4!#Sgm4(YqxxZEK+KT~#Bff*utgZBCzDepKCWkkAzDOqf2l zAxul0HSiLt`adVD7{kWzv&EGmwh6Kw|NI_B+{oxL!zy(dVX^@zL8c*O+|I8#X}v&R z{k6b|7(pU_m-WQ%R>u98`8o|cWInE0b{AY7yNDB$yT~^Q=eKehkNwLo5tFg+JM~wM z9!cFBe|(1xc90t(mcVNA2dPbbveR7S|KHx(#mIGJb^Ld#?!Dd9GxoH{acn19G7iaV z$s#y;sk=+Sd$BAR7$M*Ecy|?P{P<6X|+Vkm;#7X8aji#rk`&QMx^>OOd|NPI+ zI_XrY%h`lL;Sc6Xv_jTs*MgLICiq045)C;A_+j;3)u9PpC!oHkh z=DZQqLPGjfY4<*IDf#6EZ)L6{+viHt$BF|H`bmOOiKpQP#o}S!C{IuNOY^(sKbW8e zF;QEm`w+ElpXbU_Nu#!%FYJ5Zu@atIg4yXtJsjaXL`(A_T6`Dz$x&mMu-XW!UD+be zDyj{x@>87GFSE4mi=2M*%CnwyPNF3x-n1HW>EIrHrM**Mr&+Ygq9ogDJG7hOoi#ev z!8f=q_bd2d!+0EhHwK7C1J#GzPz>oiWeg29mF0IMldA^xt5ANh7|WO! zETmomOukIqcsa3W<$GTFtP^!)QRmM^_fB=p7Jht!YIL26r zu$KHm!?16u2kQHp*-DK^=Z)_lK`*zQe1MTftj)q8$a-{{qVHyD>w~;{cB)xUHBNeJ z2Q*r)sdn0vdj8QFJ>9y)y+PBz6CTNWQgAl~V^}y6kS;H84__if3Di%#8XIS9A%i)Be$JzD!vves2()A1Bfk&u^~70#orQ zMHrxJNZoKC4_F;$tnSf&XB2!Kz$R+sDiZn4W#o$rR+sN&e9Yi*9UJh$HPn=745Ut4_fYvxiJa}&&zF-J zqr1{nONLo@F-!jO`M+cM-D{(Ie(T{w6eJj%wVg2s)woxYa&Y)$qVP%x%`~WYB$Q00 z2}zcrPEa3Mh86i|geCtWUcVv^{F>yXKtkKXBDUfAW{WF}uC)sUsKG-1_S^CpjX zgljt8YSuycb>ifSm9MjEC)#YU8z*WFY2&i&{Z*)Eo9*b!+V45_{EI8p!;Jks611_& z_6=NLD>Yl;8;2fV=f14bluB>4(yG7?#CNI#=2It6FdUwK!{rPd7c$fqV4w{VuVvuj zZyZ8zU^)NiQztOI9?KeS+_eP0m1=3mpVJC$UDK&^&G=aU`oxJB#_rQ-|5#&puttrS z7r*@b%cx{4-H(mPhmIg&+$S{#>kTz}Y&U1gwchT?&VwcOlSchq2v7Bh+7Pm)keHG* z?O|<~yy)V~6cIy4cOZrl2);GIv?gqAzUX&eOQk*ka#>N|h<(kQxkIwMl^G*3N)A}xTza1j6*_jeHwI#b9vGS4F zS~iQ}W?ATC@!gCL&+98;d|DVxthXpyxytxxV$P=ER~VhnM_C(Yg?6oTV7Cg7)(}N} z)LvuNSC;>J?1JiZ%gS1(Uf0%gW9_+d__5bFr<|2;(V$n3(y*$n&L+otvX&XI0=YF< z-e-@zM9MkN`LDH>m_3*{|FWT+gC0gRL{luvcOKiOKHnyIsHID!Sga^Q-p1r_8OoDJ z{SU#+i+aBD<-6$j!22a8Q%^$-wG8gPo7rCe)6Kr?%pvUeWOE@!GEFpiF_OSA!g(;{ z7?DL&){dK!V`uX#NA9oEmh;dg$bR7&tv~_fR zt-nS7*qRZ2>y_yCs1Np5%M5J_pOk)ald*1IlR#MSuuT_(*n_`^2`$=*_g`{kNBefi z7_FLGW4Esg94{gdG6UijxUW4k@%Cj$t-hVhI?JN| zJWJd&XVg7o;XuW6Rq-TTZ8hZ5!5KZ>+U4G4THhUn3|9J);$!IJC)#@bjAIawK7R1` z@lTxB(~K?Len_re=f*o%8BR<61XJ!Z`}E(*c@-t$vVQJ~_xvxmirUU+`WfV<;H1f4 z{opcx|4$wMd5^aT*wb_QSU{&8M)ck%%%CH2v4Y3 zN~@GnnO==MHOae2_UJ3^JKP)0;ufELnoJR#7u5<&q>5!9G=%GIYEoI6_aT$}zKQcW25IvSr~d^Qpje;W^?Eo@;6 z9~;(BeX0p6P}mYjNvb`Jv*0qUyi47`$o;#1wv}G~>b|!wB~MN7u0OeW;X^dtMb|&b z-@f<(&%bo3DZSqDZ~f*2uYKotX?e?B&oI3wq3Ot)hJF)U5X2&-4KP9RR-t99P_rPS zEiq+Vr8gAkw1KZ%*!NNGk@-H9jy|3%W(SMeKDr)S>9;BJsb-JekE`X09GU`5l{qMM zY=*+TcsVj5ms-1dg^K5DfnF8}ij;kLz^6Ks_h!pGDY zUP1yyRYkPK$YmyyF1_v&yL^-8o%cU=zJLC>WE0Q!deaB2&B)DOFwpJ#!_U3o`2LA= zt-5{tSXw`G{M*0%)z;k4?F&>bEwJ8UwT>zjWr3=)d+!7j6G7Lpuv55_fy3MY7d1mD zNVK5aFDUI4SM?75@Vlp*T|YaQP2B$^UJgXPWxRn@LpqR@PTSCZTIn6Nlx)*8?BIWy z(sxK=L{CU+7Y?*+44?D_Njkq#HK{G!o{(Y2ghT@=-VOdWnlfgUK!d2)3Y9AAP_MM& zyk0j)bwh|kK!cssP#}BgU*~bvlRpSA#`t)UfOvlOTfc_-oSEJ~ z;Ak*W%UkW_zJnKJ=iw#2=SgRnE&86c0ZUFuW%q2KZO>5L{mh>|*ISV9pPo1P7YM-w z?bUdhD?t>*2f1t^M=`Trdyf?4hYSzQ)lJs)We@R+lywlHhDX)4ov$66;Ju@*6OXr% zv$4FZoaTL?GYp{|(_l7KlWbK-zm9)qbCd9@pZ=trWUL|&_ffTfQ{RsZsP&LKPpTpG zF-(^^iI!~@dt|M$)oaV(DUIShWFZqHMH-SaBBSBCH;(Z=lV~2on0FiNg9|THeGik1^(I7K(L&Tv z_XT2d`f|^4E0>Q$dDzi-%;}v6oNTAC8HNmTO;nguWlm*~_IH7x*7F)sAu0YQzJ{nq zBtb>Ksj%OupF{FlFim_2-Se??iwn+O6;Gm__N2adEb&*5ib>i*E$V-OGuJj-R^Yu! z^?*i0S2uUVw{Ux65V@qDM6Onv2yLhzUu&2so=I9H+KJa050bdGsEG1j42kway)|hW ztsM`Ptzu9QKSq)div81*Y-3T@?!L9*?)DhE`ge|pE&y=2LkGzDVLF)bSp1be( z`~K^*i?aQxA`NLO8hMz*T$MK`U@rbVvTo7wJC0y)q*3ACnQ*;9I_shaFkcuwR_BBH zyWEf3K`^>RWFvZ&Tlmx>>I#dGieYif-Ovl%A^%2G7BHl&HOZ7Bq;zQLy9hpB$6$RD z+y%FM0j{DWOEUQhd-Y#%@?Ri9v|iK=-48%=bv;{|I8%t4Bn6F}T?0tolJN zG%y%Hl5O@@A|66J14cV+)3X>gls0682ppKzqs4Bi8r&8}LuEG)g9({c0dM-@9kqy0 z2O=KeX~-pZnR&LE|D>P<&E`|tKHri1=*ut6=Ios#h!XE7Sg_3vl|RTm-wO!Cf`pj43$jXkl&0ZB$Wt_g#2E9 z6@eL}Avqu+kKIr^U_}0I*aFwU8AF+bu($rx0&EY=Os1f`9eY$W@yJUu%=)>h%>`4Ash8 zGNLLjYN%LvgDO|QYA~ab+WpJ0bHZ2;{R&q34paH7z3%Yz{D-LhD`)@W>G~K< z{|Z+1$J6xi^Z&!s|7er{DQN#7TK@`H^Dt!pa+BfF-v1C&^&V2!N`3!1XWf;u|HRV& zPJQ-vo&TM(?9|@&3Rv$TQqwqd|5SYF9AEXh$nsfx-%We}OK{vKYx^u}@wCbRW0w3H zPv(G_@Rg(IsJQMeY4X$C?TDuT$I;!TzWRWj=wyiFEL_(*b?{?`=U0gRM{(nasrYt` z|CY4)&@r?(ewY+=I$Ov|MTbe;@{_el=%}o`fiK= z@$Kd9+~ks)=i%?{xW4+8p8wqB)v(I?&)?d&%I8~u+tASG_2uTTz~i2;;%t`PnYHB< zNY$92>zl>@ez^Z`gZyZg?R}L0*w+8u{{Q&ek_!L;8IMUsK~#90?VbC7(?+(yJr9kn zhh_wnKS2{IZ`s2%fxA97u(%xjWLD`-R9y#xpe6>u_pYgw7Mj2hAx$%>MsVlB9LV8%E2LBd z!3_6r8=t$A*H4`HzFD&}t4P zocMP)w}P=1gf^~x(c0N%xlJ(M+6pyI*X_b2Rv~VFBd|1#tNWj}bJti-LqfM6->g(9 zvHg_`mjB!?tY@0m{$dYi5qE`i{nOyjzigS*ynS)wY+bV~ZTE|VaJk&5v05;{QhxI1 zRtM3_WzF4#js+{(_NVCDwUz}~vw}bU<%zLe*|KRN`qo`8u7NBsr^H-t6=4q_ehC;Z zls$&R$F~}PeQMm8r;Hhy(v5{*t6@-IU9I-}yS?7MmHd8j6tA<0Jr8%kki9_i5MhOf zrDfMxzVDmtJl{P#W3YnNR}0lbq1x^CdhO$t^ZN(65hp7Tk*>Y_#qXLbdk6qM$~^q$ zncFzBkazat1%S0}KUgh*^f}mO`}n-_)vwR<poxDzfo*}l=n{u=O50`e|^>Zj~SgTwlI?_OO)m8NsA? zV_N3b{eJNGzyED}d%LL6mMKBu(x>X|b&>~^l4Icd1Axt}P{i^V+sudG1J~`P9kpid z6GHsu3l3;x(`2)J(J|LgHr0)(FHUW&^+7>@0I(U?^v-&hp2J-_Jzd(_QA)dLYOH_3 zVB}FOGF>iHyJj%IK3My&S@;U-9;45$#XJJa=K$E3nOu#K?1jfmSYL3S9Og{pV)Z? zRc-JHu;4lKL=L6a?#}PKrK=%hV6zl?b@=H#d-@dguVtEJzLVQ13z@)OdIMy?mpGRK zldMd=TA~cf{}OglJRJx6{B1v~67G6l9Cgq&e-95m=5=@Qgm1n%JfYY@+G9c6{Ae zu~D#9jB0!u{`Bn59k{dSKoNd8ryHG4pi_-XtrCi6`aUHX!-`Xhb@S<)H+Sy{B2CYu z(^NLE7Ash;blaAii;3m?AtAOMk?vh{vIV6+{6iK%N`(cm@S}%uEmLk28v2%{nfmJe zgQeUWsAVy?^yu&wkfnBLnk3$pc?w_!*&={lpK{3rtgh>!P9mFNS^yU8432tq&C_Hf zV7s12xP^7zzJ2?Qf5y1bq%cEG%Ib^z<4a1Zd~$4Ks{5VJy=d>ief###({JII6-NCj zDx0TLOlz^6NOrGRqs(K8X}Dz5;)+W_*g6SznR=esDtLDH?pv-eV%Ag2$o!*e^V;2M zYkm;;R$pqZ`}U5@!4_>w7Sj)rU}2Rs$G0DMdLB|>5v2?Ni5vV}G7NT(Fz*Kc^3Lnm zcj1R4z}jJR>H;sssKD`*B3WDD-nsMaC-`}fpnCdbmZpFcoOD<>t2S0(&DwR|oE!$* zLQL+#+J(}xl)pA4y+x{o4_ z)ii9UT-;eZIBd;xX{{gRF4t*yNj5)PpPQj|ar=HNI``Vet&4EpqxqXRZywz`TuKQu zhrs5+OBF2u>>IJP1K3$I1wuTJA>F?R3tZ`&pT31owW;?wwPger{I>Mn@Y!f+wp52sn}l~7k6P(spHt%o9d4e7DjN9J8>442w8)geGQ8G@n>OLzG1f!M zLq_{(v~^a*I}+^as%0Y2!+PLr8hGi5hON{d@`?+LxVPl7FywT3Z1a5dW~(ar$z*`; zvH0$81lIj`z{36BTh%pRkbU~{Wu^!#f9laOSTaQ;$_$wtnQ7wFp|6dmh=gI)Bj5v5 zI9}teFsl#WlA+v+N~t0MbKT}(BYzo>v`)YpT~JlZ10d>K9IPg~IiZP}%tBPciX>RV z`#~|o^^vTq2OHq+EC zo|DjZI+OxxNS7PFMHq-eKw;@b+KkT7i45hgHC0f_Z3hg5G7?Zj6W%1p+Tuy)mcMI*!2zHrRFf7I{ z%qHlH^TQ8MGA*BVF9bWq6u^}4SePNoJDhB$)gn%|%`GOwIs}7+Xu76_mL8{y60l0( zhE2^fNd%U{prFP}JbTeOzebWh&l1z>i_86l=W;Quso+tF(*rm*VZ#3NHfBaMCcE{y%Q;_*b2RIT~o~_7A?*#!>U@JF3U9j*om^nV_=(cJ;_>ACVP02B2=1{fQA0(*0FM&jch@2g+t;cv}ng*YuQ+7 z-2AHO2Zpxs04HGU9yyfX{k**-!7jqmH)D=zg?U8&)~I=2xcS6bUiv3B)541xz%B>A zNvIzLmYgwe82ChZTBtkhjJqFgaYOw6Biyl9z?YLkdHAfG1z5i|0alOxAO?8sVXCRxSahv?V3 z2M*w?C(GF_s;8lw0j$e&31GP_T`J;jP7bE0W>v-pdYeSn5JwYMfhCsC>SOshqvv-5 z4Tgb6j%6mRxB}VnJf+bG-$TCQ;?xZv#=s73j3V!*$>TRoV{EdmQB!&3Xb?ugMrFfG@83ta+#-0k zLaYU>ZY;C>;*8O)o7pG7JT_@6SP_w42sSec7W4|EFa)rZHrol*DkD`Owy`8F9508V zTo$n`*4fw1$aa&I4a@}{;wp~^uj1ZZZeED*W0rE}Jq0%MgoeN}wQ-os=c5{-1DJj@ zJ=X~#ymGD9UYvQ<_K%+YGH<4a05gCc)7WDU7M3WM=KP&TT(y??n1Jo4ow==cEaYU~ z*ObPlrqwq>ZaZO&1dp5m8~CW6(zF!$*@VhPU<7Pr3f2aLXw@vjc%7!4B@Kjf%mx7V z7<*eEe|bzvnuVTa@frnN!?Lu4HB#C-(IUe_q0TW_np&Pvv?8z_@iD7RBTB7<_=_%A zdnA^mIk6zx;M*0dN3BG5cU!HEzOTSarL3Z87dlgq!4?6m)KjO%*eteS2Q*u42dtc( z`G(KzqyOC^sTtWBz^=t$xgt4ChD|6{2Qy9OZ*KBW3E1?s-)aO_&crP9B-nJf(zWE1 z!$i!6b)pHdgqLFyB$I6L9ry!07FJ*-#SySS%F`_m28$7q0r=xHWMun@)gqJOY3?^c*sZk%86_tz;+P{w@jhzw*t%6U$ z(^nS%aKynP-#2;choCqDi?v>Yl@3<|w$0?Y@P`Qoi{Hy%i?Cu`?iZA`#Qg1t#LGgo zuknBnr+L9MfL#&kK0-v84EoE#!Xb}R8)qZ1ROB@bb(78XQ!hq211$7=A0=tSG`Z)8 zJS9jdU)pX)V0Fr(lre~D>3Endp^{<(w!%mh(q`s99;)Qa3S+^gF~V)1c*^`O`Z`~` zkGOw{Sz7DM!MZTjOrB_=CO>VC2LKR>o9X7hET<%560EwzDLR;sz{-_z^>R3 zYw-j^3>Nxi`MRkpd9W7v+*(j21dW4TU_^^tj-A8%Uqv*R0MBI^F4wn|dk)@@?{lj> zCr0r%X15?7GA*8(r@QO^{tAloY+&XtoqY9MH@`MUQTN-i{hq(b*Xqo ziszB&iAaY~P3#;5sqLF$3IbShwb&F)akpv;thhgjyvPMU1o+b=2p}qWz(3s*V1eu` z^$v9wgRM}FMl_dK+HK{R7U5)t3yi^O7zA-d^i`oQ6K6#oJnK&C0WsM0tr@o}Tr2Fc zxE7{rYdpgrp&M@>**0d2P9|x?R3Bn3n!#B5#M!v;CRKMHAx1ks#WL@AKqXi*%d;y( zV6$*sbgRyJyB$|cw84p+Qpl)T2h6yS>?x~RFk|5Hio-XGMdT>uvE8F3rUJf z2x;=5I#c^~EH7%WTK2!%*1N^Q$)Ctyj+9p)+D2cs~|vfhH4 z-~!r~<)^&!Vu5eVga3e<@^b;jU^5RqtTykQjowDAZ>JD0*QQjjAJZ_52fMt{?M9H7 zG(SY?wkUqMV-jp}CFFN1cA<$DN3c$y^UOD&z!Ns<1CP=8mT3fCfd$R1PsIO5Uu3KJ z;u)n4v2yK6f8q|yQE3RV?#VBjFl~@+nZ%!H%hQH@do#{__2WG+9`Pfp{JHlV-HlCk z)Hz(ekecPn!-eiCex>tnw;MIPulecDR-&`fgJ=o<*%da zjt$m(=LSX>OT?idZD zE-HL2EzV~QgLUebzY%@!?smIPr5>d|_#|nCz$d(>JD#3Ts$6KqiY)GV2_)BQ?q0E?Dvvp0XPk&@kOH{ihOXW|3AW)bV zy4^zjz6_W`SQ{TDXb*GNju+qWd%dPwUCQ7o@1}E&O@T0P7>Q&HA*vpW@X9Hw>7zdI z`_PWSV%An~rz=(6|;`I|= zft|qr@S)jM>?^Q#PK&D~Sg^q`Tanta8qQ+y$O^fvQgtTbtC$}NRUTjuBBf; zd}u3{F3{;ubEAjAnlxIK6R;4mK`1a$X7Bc+g@ms@nA=HTN1}9t@m+m8HW0}!Ergi@ zELSo>!8d0`tq~cr-r2Y?12ln(@ZaM;^f1_wBBNsxfh8g)VPOadXq|v}qth8$0Q=@J zSl6Z`4hB9@M3ekWqs9$flEQbI+@p!3_tNvPK75EN--eS;edseEDJHMj_a+C$s4B7mm70D43k9)s3W0=W;bgbKQ1u7AfI{c~0^%=N;++LkARZm5C1yGS ztHJUJ4f({dWf&02Xo->2)s@D=IPd`wxh*~v$Qr@}i_9=sUYkl3EH?lzA+dCg0x#52 zxQgJX;l#cI*RRfhRffROVGO1QYpN0ki&8+7BqHn_WBt@uqZy)vf|v4eu)L^;7o>5p z=IW4s$6$}UrX^|sCTSem~fufkrEej4k+9YjqPCR{qtYH+KU&rJ|*cp zP7*AO1P@tO!IaNm+Fh8keOaoAjS=-UBfmQ;9JA&~8K*j5C9~+8X8gF5Oc22NM_#)Y zgUuVqym}MHK$azfK?2{(CX17uS?Ftw*&z&om~Ai)u&{!=Fxs@PR6hEA3KlC+L;5%D zoegc^Ifo&&H9cRtQRP{lZmcJz_k+Rn=ka;BxxYD;YXVl$l~z`iy6qlZl>IZr*I& zIy@*&8uBVn#Jlru$>rV^T>Ds!_ zi@zyPH}l7W`13zC2-(c==5|8SxUmUfvqLYIciPZ!^|QW?=qiKFIQ@V>=L8;g7+M5V zT{i{U>S8kIOGf#|tIf?JR}Z@=bhyDPEHn1bHyR6={P0h z;X?rXuX3?5yh<&FOfzer)edAh*hppsi$5(`@C~-Wx~`u5_5c1a`R?nlzb=(r*NDK5 ztWk|70snO(vi{_9<-tOfWs+KF<4HvJYr*wv2NYJ2bw?s&XAwb6rjI`%@EPRlgUz_R zCb5H?9|5hC5g5M)x-XqlsWir~v|KTorrPMQA^3b>EXRZ!Q=zwO60|$ixfc2TdDF_dXQ0(4`NfodSCun+HaTQVAmey$_phJ?yN6;q53<;-CS(e whS63lU;b+1e@se^vUvG)xp5_YtLq^D53 Date: Fri, 20 Dec 2024 18:22:51 +0530 Subject: [PATCH 18/22] Artefacts related to the Doppel pack --- .../classifier-Doppel_Incoming.json | 298 +++++++++ .../classifier-Doppel_Outgoing.json | 49 ++ .../incidentfield-Doppel_Alert_ID.json | 63 ++ .../incidentfield-Doppel_Audit_Logs.json | 63 ++ .../incidentfield-Doppel_Brand.json | 63 ++ .../incidentfield-Doppel_Created_At.json | 63 ++ .../incidentfield-Doppel_Entity.json | 63 ++ .../incidentfield-Doppel_Entity_Content.json | 63 ++ .../incidentfield-Doppel_Entity_State.json | 68 ++ .../incidentfield-Doppel_Link.json | 63 ++ .../incidentfield-Doppel_Notes.json | 63 ++ .../incidentfield-Doppel_Platform.json | 63 ++ .../incidentfield-Doppel_Product.json | 72 ++ .../incidentfield-Doppel_Queue_State.json | 71 ++ .../incidentfield-Doppel_Severity.json | 63 ++ .../incidentfield-Doppel_Source.json | 63 ++ .../incidentfield-Doppel_Tags.json | 63 ++ .../incidentfield-Doppel_Uploaded_By.json | 63 ++ .../incidenttype-Doppel_Alert.json | 38 ++ .../layoutscontainer-Doppel_Alert_Layout.json | 624 ++++++++++++++++++ 20 files changed, 2039 insertions(+) create mode 100644 Packs/Doppel/Classifiers/classifier-Doppel_Incoming.json create mode 100644 Packs/Doppel/Classifiers/classifier-Doppel_Outgoing.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Alert_ID.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Audit_Logs.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Brand.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Created_At.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_Content.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_State.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Link.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Notes.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Platform.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Product.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Queue_State.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Severity.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Source.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Tags.json create mode 100644 Packs/Doppel/IncidentFields/incidentfield-Doppel_Uploaded_By.json create mode 100644 Packs/Doppel/IncidentTypes/incidenttype-Doppel_Alert.json create mode 100644 Packs/Doppel/Layouts/layoutscontainer-Doppel_Alert_Layout.json diff --git a/Packs/Doppel/Classifiers/classifier-Doppel_Incoming.json b/Packs/Doppel/Classifiers/classifier-Doppel_Incoming.json new file mode 100644 index 000000000000..eacb08169580 --- /dev/null +++ b/Packs/Doppel/Classifiers/classifier-Doppel_Incoming.json @@ -0,0 +1,298 @@ +{ + "brands": null, + "cacheVersn": 0, + "defaultIncidentType": "", + "definitionId": "", + "description": "", + "feed": false, + "fromServerVersion": "", + "id": "d1d1bfa4-c898-4eae-8a72-1e36d11ebbf2", + "incidentSamples": null, + "indicatorSamples": null, + "instanceIds": null, + "itemVersion": "", + "keyTypeMap": {}, + "locked": false, + "logicalVersion": 13, + "mapping": { + "Doppel Alert": { + "dontMapEventToLabels": false, + "internalMapping": { + "Additional Indicators": { + "simple": "entity" + }, + "Alert ID": { + "simple": "id" + }, + "Alert Source": { + "simple": "source" + }, + "Alert tags": { + "simple": "tags" + }, + "Audit Log History": { + "simple": "audit_logs" + }, + "Block Indicators Status": { + "simple": "entity_state" + }, + "External Link": { + "simple": "doppel_link" + }, + "External Severity": { + "simple": "severity" + }, + "Selected Indicators": { + "simple": "entity" + }, + "Source Created By": { + "simple": "uploaded_by" + }, + "State": { + "simple": "queue_state" + }, + "Vulnerable Product": { + "simple": "brand" + }, + "created_at": { + "simple": "created_at" + }, + "entity": { + "simple": "entity" + }, + "entity_content.root_domain.contact_email": { + "simple": "entity_content.root_domain.contact_email" + }, + "entity_content.root_domain.country_code": { + "simple": "entity_content.root_domain.country_code" + }, + "entity_content.root_domain.domain": { + "simple": "entity_content.root_domain.domain" + }, + "entity_content.root_domain.hosting_provider": { + "simple": "entity_content.root_domain.hosting_provider" + }, + "entity_content.root_domain.ip_address": { + "simple": "entity_content.root_domain.ip_address" + }, + "entity_content.root_domain.mx_records": { + "simple": "mx_records" + }, + "entity_content.root_domain.nameservers\t": { + "simple": "nameservers" + }, + "entity_content.root_domain.registrar\t": { + "simple": "entity_content.root_domain.registrar" + }, + "entity_state": { + "simple": "entity_state" + }, + "notes": { + "simple": "notes" + }, + "platform": { + "simple": "platform" + }, + "product": { + "simple": "product" + }, + "queue_state": { + "simple": "queue_state" + }, + "severity": { + "simple": "severity" + }, + "source": { + "simple": "source" + }, + "sourceBrand": { + "simple": "brand" + }, + "uploaded_by": { + "simple": "uploaded_by" + } + } + }, + "dbot_classification_incident_type_all": { + "dontMapEventToLabels": true, + "internalMapping": { + "Additional Indicators": { + "simple": "entity" + }, + "Audit Logs": { + "simple": "audit_logs.[]." + }, + "Audit_logs_History": { + "simple": "audit_logs.[]" + }, + "Audit_logs_info": { + "simple": "audit_logs.[]" + }, + "Block Indicators Status": { + "simple": "entity_state" + }, + "Created At": { + "simple": "created_at" + }, + "Doppel Alert Brand": { + "simple": "brand" + }, + "Doppel Alert ID": { + "simple": "id" + }, + "Doppel Audit Logs": { + "simple": "audit_logs.[]." + }, + "Doppel Brand": { + "simple": "brand" + }, + "Doppel Created At": { + "simple": "created_at" + }, + "Doppel Entity": { + "simple": "entity" + }, + "Doppel Entity Content": { + "simple": "entity_content" + }, + "Doppel Entity State": { + "simple": "entity_state" + }, + "Doppel Link": { + "simple": "doppel_link" + }, + "Doppel Notes": { + "simple": "notes" + }, + "Doppel Platform": { + "simple": "platform" + }, + "Doppel Product": { + "simple": "product" + }, + "Doppel Queue State": { + "simple": "queue_state" + }, + "Doppel Severity": { + "simple": "severity" + }, + "Doppel Source": { + "simple": "source" + }, + "Doppel Tags": { + "simple": "tags" + }, + "Doppel Uploaded By": { + "simple": "uploaded_by" + }, + "Entity": { + "simple": "entity" + }, + "Entity Content": { + "simple": "entity_content" + }, + "Entity State": { + "simple": "entity_state" + }, + "External Link": { + "simple": "doppel_link" + }, + "External Severity": { + "simple": "severity" + }, + "Notes": { + "simple": "notes" + }, + "Platform": { + "simple": "platform" + }, + "Product": { + "simple": "product" + }, + "Queue State": { + "simple": "queue_state" + }, + "Selected Indicators": { + "simple": "entity" + }, + "Source Created By": { + "simple": "uploaded_by" + }, + "State": { + "simple": "queue_state" + }, + "Tags": { + "simple": "tags" + }, + "Uploaded By": { + "simple": "uploaded_by" + }, + "Vulnerable Product": { + "simple": "brand" + }, + "created_at": { + "simple": "created_at" + }, + "dbotMirrorDirection": { + "simple": "mirror_direction" + }, + "dbotMirrorId": { + "simple": "id" + }, + "dbotMirrorInstance": { + "simple": "mirror_instance" + }, + "entity": { + "simple": "entity" + }, + "entity_content.root_domain.registrar\t": { + "simple": "entity_content.root_domain.registrar" + }, + "entity_state": { + "simple": "entity_state" + }, + "notes": { + "simple": "notes" + }, + "occurred": { + "simple": "created_at" + }, + "platform": { + "simple": "platform" + }, + "product": { + "simple": "product" + }, + "queue_state": { + "simple": "queue_state" + }, + "severity": { + "simple": "severity" + }, + "source": { + "simple": "source" + }, + "sourceBrand": { + "simple": "brand" + }, + "uploaded_by": { + "simple": "uploaded_by" + } + } + } + }, + "name": "Doppel Incoming", + "nameRaw": "Doppel Incoming", + "packID": "c3beb3d4-5d11-46e9-85ec-87a0586dd624", + "packName": "Fields", + "propagationLabels": [ + "all" + ], + "sourceClassifierId": "", + "system": false, + "toServerVersion": "", + "transformer": {}, + "type": "mapping-incoming", + "unclassifiedCases": null, + "version": -1 +} \ No newline at end of file diff --git a/Packs/Doppel/Classifiers/classifier-Doppel_Outgoing.json b/Packs/Doppel/Classifiers/classifier-Doppel_Outgoing.json new file mode 100644 index 000000000000..33f35ea9daf4 --- /dev/null +++ b/Packs/Doppel/Classifiers/classifier-Doppel_Outgoing.json @@ -0,0 +1,49 @@ +{ + "brands": null, + "cacheVersn": 0, + "defaultIncidentType": "", + "definitionId": "", + "description": "", + "feed": false, + "fromServerVersion": "", + "id": "602a520c-d5d3-45c8-8cd8-5fbbaa6e93ed", + "incidentSamples": null, + "indicatorSamples": null, + "instanceIds": null, + "itemVersion": "", + "keyTypeMap": {}, + "locked": false, + "logicalVersion": 2, + "mapping": { + "Doppel Alert": { + "dontMapEventToLabels": false, + "internalMapping": { + "queue_state": { + "simple": "queuestate" + } + } + }, + "dbot_classification_incident_type_all": { + "dontMapEventToLabels": false, + "internalMapping": { + "Queue State": { + "simple": "labels.queue_state" + } + } + } + }, + "name": "Doppel Outgoing", + "nameRaw": "Doppel Outgoing", + "packID": "c3beb3d4-5d11-46e9-85ec-87a0586dd624", + "packName": "Fields", + "propagationLabels": [ + "all" + ], + "sourceClassifierId": "", + "system": false, + "toServerVersion": "", + "transformer": {}, + "type": "mapping-outgoing", + "unclassifiedCases": null, + "version": -1 +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Alert_ID.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Alert_ID.json new file mode 100644 index 000000000000..279899577437 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Alert_ID.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelalertid", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelalertid", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Alert ID", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Audit_Logs.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Audit_Logs.json new file mode 100644 index 000000000000..890055660a28 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Audit_Logs.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelauditlogs", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelauditlogs", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Audit Logs", + "neverSetAsRequired": false, + "openEnded": true, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": [], + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "multiSelect", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Brand.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Brand.json new file mode 100644 index 000000000000..8baaa1a4d0fc --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Brand.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": [], + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelbrand", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelbrand", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Brand", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "shortText", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "Doppel Brand", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Created_At.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Created_At.json new file mode 100644 index 000000000000..285a9ac7bec8 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Created_At.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelcreatedat", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelcreatedat", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Created At", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity.json new file mode 100644 index 000000000000..24ab6f94e169 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelentity", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelentity", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Entity", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "url", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_Content.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_Content.json new file mode 100644 index 000000000000..488c5c7f9304 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_Content.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelentitycontent", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelentitycontent", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Entity Content", + "neverSetAsRequired": false, + "openEnded": true, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": [], + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "multiSelect", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_State.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_State.json new file mode 100644 index 000000000000..a502d8b81194 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Entity_State.json @@ -0,0 +1,68 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": [], + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelentitystate", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelentitystate", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Entity State", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "singleSelect", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "Doppel Entity State", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": [ + "", + "active", + "parked", + "down" + ], + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "singleSelect", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Link.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Link.json new file mode 100644 index 000000000000..611996069f0f --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Link.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppellink", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppellink", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Link", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "url", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Notes.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Notes.json new file mode 100644 index 000000000000..02b43d03d0ce --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Notes.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelnotes", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelnotes", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Notes", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Platform.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Platform.json new file mode 100644 index 000000000000..88534a30af60 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Platform.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelplatform", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelplatform", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Platform", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Product.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Product.json new file mode 100644 index 000000000000..3e13068fb11f --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Product.json @@ -0,0 +1,72 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": [], + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelproduct", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelproduct", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Product", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "singleSelect", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "Doppel Product", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": [ + "", + "domains", + "social_media", + "mobile_apps", + "ecommerce", + "crypto", + "email", + "paid_ads" + ], + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "singleSelect", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Queue_State.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Queue_State.json new file mode 100644 index 000000000000..20bb352696ef --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Queue_State.json @@ -0,0 +1,71 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelqueuestate", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelqueuestate", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Queue State", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": [ + "", + "doppel_review", + "needs_confirmation", + "actioned", + "archived", + "monitoring", + "taken_down" + ], + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "singleSelect", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Severity.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Severity.json new file mode 100644 index 000000000000..f87389ffdef4 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Severity.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelseverity", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelseverity", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Severity", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Source.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Source.json new file mode 100644 index 000000000000..665df198126f --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Source.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppelsource", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppelsource", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Source", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Tags.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Tags.json new file mode 100644 index 000000000000..24846e11fda8 --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Tags.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppeltags", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppeltags", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Tags", + "neverSetAsRequired": false, + "openEnded": true, + "orgType": "", + "ownerOnly": false, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": [], + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "multiSelect", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentFields/incidentfield-Doppel_Uploaded_By.json b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Uploaded_By.json new file mode 100644 index 000000000000..f3ea72f821ac --- /dev/null +++ b/Packs/Doppel/IncidentFields/incidentfield-Doppel_Uploaded_By.json @@ -0,0 +1,63 @@ +{ + "XDRBuiltInField": false, + "XsiamIncidentFieldExtraData": { + "incidentsFilter": null, + "slaGoals": null, + "slaTimer": null, + "timerConditions": null + }, + "aliasTo": "", + "aliases": null, + "associatedToAll": true, + "associatedTypes": null, + "autoCompleteTags": null, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": true, + "cliName": "doppeluploadedby", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "definitionId": "", + "description": "", + "editForm": true, + "fieldCalcScript": "", + "fromServerVersion": "", + "group": 0, + "hidden": false, + "id": "incident_doppeluploadedby", + "ipVersion": "", + "isReadOnly": false, + "itemVersion": "", + "locked": false, + "mergeStrategy": "", + "name": "Doppel Uploaded By", + "neverSetAsRequired": false, + "openEnded": false, + "orgType": "", + "ownerOnly": true, + "packID": "aba8d875-96b4-472e-8608-84cba2ece652", + "packName": "Incident Fields", + "placeholder": "", + "pretty_name": "", + "required": false, + "runScriptAfterUpdate": false, + "script": "", + "selectValues": null, + "selectValuesMap": null, + "sla": 0, + "system": false, + "systemAssociatedTypes": null, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1, + "x2_fields": "" +} \ No newline at end of file diff --git a/Packs/Doppel/IncidentTypes/incidenttype-Doppel_Alert.json b/Packs/Doppel/IncidentTypes/incidenttype-Doppel_Alert.json new file mode 100644 index 000000000000..8fe0cd56c9e0 --- /dev/null +++ b/Packs/Doppel/IncidentTypes/incidenttype-Doppel_Alert.json @@ -0,0 +1,38 @@ +{ + "autorun": false, + "cacheVersn": 0, + "closureScript": "", + "color": "#C9C598", + "days": 0, + "daysR": 0, + "default": false, + "definitionId": "", + "detached": false, + "disabled": false, + "extractSettings": { + "fieldCliNameToExtractSettings": {}, + "mode": "Specific" + }, + "fromServerVersion": "", + "hours": 0, + "hoursR": 0, + "id": "Doppel Alert", + "itemVersion": "", + "layout": "acdb3cde-b78d-4fa0-86e3-ef0a01606a26", + "locked": false, + "name": "Doppel Alert", + "onChangeRepAlg": 0, + "packID": "c3beb3d4-5d11-46e9-85ec-87a0586dd624", + "packName": "Fields", + "preProcessingScript": "", + "propagationLabels": [ + "all" + ], + "readonly": false, + "reputationCalc": 0, + "system": false, + "toServerVersion": "", + "version": -1, + "weeks": 0, + "weeksR": 0 +} \ No newline at end of file diff --git a/Packs/Doppel/Layouts/layoutscontainer-Doppel_Alert_Layout.json b/Packs/Doppel/Layouts/layoutscontainer-Doppel_Alert_Layout.json new file mode 100644 index 000000000000..712177a6f0dd --- /dev/null +++ b/Packs/Doppel/Layouts/layoutscontainer-Doppel_Alert_Layout.json @@ -0,0 +1,624 @@ +{ + "cacheVersn": 0, + "close": null, + "definitionId": "", + "description": "", + "detached": false, + "details": null, + "detailsV2": { + "TypeName": "", + "tabs": [ + { + "id": "summary", + "name": "Legacy Summary", + "type": "summary" + }, + { + "id": "caseinfoid", + "name": "Incident Info", + "sections": [ + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "type", + "height": 26, + "id": "incident-type-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "severity", + "height": 26, + "id": "incident-severity-field", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "owner", + "height": 26, + "id": "incident-owner-field", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourcebrand", + "height": 26, + "id": "incident-sourceBrand-field", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourceinstance", + "height": 26, + "id": "incident-sourceInstance-field", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "playbookid", + "height": 26, + "id": "incident-playbookId-field", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Case Details", + "static": false, + "w": 1, + "x": 0, + "y": 0 + }, + { + "h": 2, + "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Notes", + "static": false, + "type": "notes", + "w": 1, + "x": 2, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Work Plan", + "static": false, + "type": "workplan", + "w": 1, + "x": 1, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Linked Incidents", + "static": false, + "type": "linkedIncidents", + "w": 1, + "x": 1, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8", + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Child Incidents", + "static": false, + "type": "childInv", + "w": 1, + "x": 2, + "y": 4 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-4a31afa0-98ba-11e9-a519-93a53c759fe0", + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Evidence", + "static": false, + "type": "evidence", + "w": 1, + "x": 2, + "y": 2 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260", + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Team Members", + "static": false, + "type": "team", + "w": 1, + "x": 2, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-7ce69dd0-a07f-11e9-936c-5395a1acf11e", + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Indicators", + "query": "", + "queryType": "input", + "static": false, + "type": "indicators", + "w": 2, + "x": 0, + "y": 4 + }, + { + "displayType": "CARD", + "h": 2, + "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289", + "items": [ + { + "endCol": 1, + "fieldId": "occurred", + "height": 26, + "id": "incident-occurred-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 1, + "fieldId": "dbotmodified", + "height": 26, + "id": "incident-modified-field", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotduedate", + "height": 26, + "id": "incident-dueDate-field", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotcreated", + "height": 26, + "id": "incident-created-field", + "index": 0, + "sectionItemType": "field", + "startCol": 1 + }, + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 26, + "id": "incident-closed-field", + "index": 1, + "sectionItemType": "field", + "startCol": 1 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Timeline Information", + "static": false, + "w": 1, + "x": 0, + "y": 2 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 26, + "id": "incident-dbotClosed-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closereason", + "height": 26, + "id": "incident-closeReason-field", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closenotes", + "height": 26, + "id": "incident-closeNotes-field", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Closing Information", + "static": false, + "w": 1, + "x": 0, + "y": 6 + }, + { + "displayType": "CARD", + "h": 2, + "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "details", + "height": 26, + "id": "incident-details-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Investigation Data", + "static": false, + "w": 1, + "x": 1, + "y": 2 + } + ], + "type": "custom" + }, + { + "id": "warRoom", + "name": "War Room", + "type": "warRoom" + }, + { + "id": "workPlan", + "name": "Work Plan", + "type": "workPlan" + }, + { + "id": "evidenceBoard", + "name": "Evidence Board", + "type": "evidenceBoard" + }, + { + "id": "canvas", + "name": "Canvas", + "type": "canvas" + }, + { + "hidden": false, + "id": "chtyrfjhpp", + "name": "Doppel Alert Data", + "sections": [ + { + "description": "Details about the alert fetched from the Doppel platform", + "displayType": "ROW", + "h": 5, + "hideName": false, + "i": "chtyrfjhpp-6cccc2bd-1312-44b7-8ab4-2e23aae407a7", + "items": [ + { + "endCol": 2, + "fieldId": "doppelalertid", + "height": 26, + "id": "a6ce5d89-5115-4f48-b430-d33799081c52", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelseverity", + "height": 26, + "id": "2feff9ff-9c80-4aed-8866-abf3892a2fa6", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelbrand", + "height": 26, + "id": "31921aa2-3b76-4b3a-a6d3-5f1e43968dcb", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "brand", + "height": 26, + "id": "5f7dc687-7405-4465-a603-fbab6c1e4686", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "entitystate", + "height": 26, + "id": "dbd066f4-285b-4a9a-9467-50671f5a2915", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "queuestate", + "height": 26, + "id": "27e8a019-7828-4406-93b9-dbf951f71a7a", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "product", + "height": 26, + "id": "079c3ec9-f0a9-4673-8aa5-4e4c9e9e79cf", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "platform", + "height": 26, + "id": "d2ad1638-1c98-4e96-a52e-561c72297fa6", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppellink", + "height": 26, + "id": "128d659a-5c63-458c-a96b-0240bbeae842", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelnotes", + "height": 26, + "id": "a144e1c1-b303-4dcb-b56d-d89508e3ccd1", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelplatform", + "height": 26, + "id": "30e0153f-6343-44eb-b9ca-c4dea0e82161", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelproduct", + "height": 26, + "id": "edcef656-d794-4f5c-9fed-5b583384d3ea", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelqueuestate", + "height": 26, + "id": "820d34e6-33ef-4990-9345-865772efc7a1", + "index": 7, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelcreatedat", + "height": 26, + "id": "270e7ec6-6db4-43ce-9f88-6d16e08649f9", + "index": 8, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelsource", + "height": 26, + "id": "bd17abba-3f1f-4159-ab0e-9645d32c3c66", + "index": 9, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppeltags", + "height": 26, + "id": "98baebf3-14e6-445c-ae21-91664a795ade", + "index": 10, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppeluploadedby", + "height": 26, + "id": "baaf1629-2c6e-4f54-9970-16aac380b407", + "index": 11, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxH": null, + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Alert Details", + "static": false, + "w": 1, + "x": 0, + "y": 0 + }, + { + "description": "Details about the entity received from Doppel", + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "chtyrfjhpp-db82b87b-a67c-4e81-8e33-29dae245ea1b", + "items": [ + { + "endCol": 2, + "fieldId": "entitycontentrootdomainregistrar", + "height": 26, + "id": "f9107076-5e95-4c45-83ef-9c014570de24", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelentity", + "height": 26, + "id": "1bfc1bbf-f0cd-4b97-af72-0c2dc7db87e6", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 3, + "fieldId": "doppelentitycontent", + "height": 26, + "id": "4c377f5a-6dcf-4122-8112-4fb557f4642b", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "doppelentitystate", + "height": 26, + "id": "f36bf862-77df-4d6d-be09-9079492ef44c", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxH": null, + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Entity Content", + "static": false, + "w": 2, + "x": 1, + "y": 0 + }, + { + "description": "Shows the Audit log history for the particular Alert", + "displayType": "ROW", + "h": 3, + "hideName": false, + "i": "chtyrfjhpp-07b54ffa-28e8-4216-b4d2-1d0590a0affe", + "items": [ + { + "endCol": 4, + "fieldId": "doppelauditlogs", + "height": 26, + "id": "e211b223-1b57-4d29-b3cb-1bd7b7fd6475", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxH": null, + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Audit Log History", + "static": false, + "w": 2, + "x": 1, + "y": 2 + } + ], + "type": "custom" + } + ] + }, + "edit": null, + "fromServerVersion": "", + "group": "incident", + "id": "acdb3cde-b78d-4fa0-86e3-ef0a01606a26", + "indicatorsDetails": null, + "indicatorsQuickView": null, + "itemVersion": "", + "locked": false, + "mobile": null, + "name": "Doppel Alert Layout", + "packID": "c3beb3d4-5d11-46e9-85ec-87a0586dd624", + "packName": "Fields", + "propagationLabels": [ + "all" + ], + "quickView": null, + "quickViewV2": null, + "system": false, + "toServerVersion": "", + "version": -1 +} \ No newline at end of file From 2c264632830bfeb2751f5c76b43a08e37bacdd5a Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 18:32:23 +0530 Subject: [PATCH 19/22] Updated the command name in the unit test --- Packs/Doppel/Integrations/Doppel/Doppel_test.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel_test.py b/Packs/Doppel/Integrations/Doppel/Doppel_test.py index d8c9166b2c4c..96bf465a6a28 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel_test.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel_test.py @@ -19,7 +19,7 @@ def util_load_json(path): @pytest.mark.parametrize("command, args, api_path, api_response", [ - ("get-alert", + ("doppel-get-alert", {"id": "TST-31222"}, "https://api.doppel.com/v1/alert?id=TST-31222", util_load_json('test_data/get-alert-success-200.json')) @@ -46,12 +46,12 @@ def test_command_success(mocker, requests_mock, command, args, api_path, api_res @pytest.mark.parametrize("command, args, api_path, status_code, api_response", [ - ("get-alert", + ("doppel-get-alert", {"entity": "123"}, "https://api.doppel.com/v1/alert?entity=123", 400, util_load_json('test_data/get-alert-failure-400-invalid-entity.json')), - ("get-alert", + ("doppel-get-alert", {"id": "1234"}, "https://api.doppel.com/v1/alert?id=1234", 400, @@ -81,12 +81,12 @@ def test_command_failure(mocker, requests_mock, command, args, api_path, status_ @pytest.mark.parametrize("command, args, api_path, status_code, exception_message", [ - ("get-alert", + ("doppel-get-alert", {"id": "TST-31", "entity": "http://dummyrul.com"}, "https://api.doppel.com/v1/alert?id=TST-31&entity=http://dummyrul.com", 400, - "Failed to execute get-alert command.\nError:\nBoth id and entity is specified. We need exactly single input for this command") + "Failed to execute doppel-get-alert command.\nError:\nBoth id and entity is specified. We need exactly single input for this command") ] ) def test_command_exception(mocker, requests_mock, command, args, api_path, status_code, exception_message): From ea35774ff0c4256da35fb1c6d24a9835ff0dab6f Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 18:47:05 +0530 Subject: [PATCH 20/22] Updated the app with latest command arguments --- Packs/Doppel/Integrations/Doppel/Doppel.yml | 278 ++++++++++++-------- 1 file changed, 165 insertions(+), 113 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.yml b/Packs/Doppel/Integrations/Doppel/Doppel.yml index dc7345c4fa10..1f57a1bfed16 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.yml +++ b/Packs/Doppel/Integrations/Doppel/Doppel.yml @@ -3,45 +3,157 @@ commonfields: id: Doppel version: -1 configuration: -- defaultvalue: https://.com/ - display: Doppel tenant URL +- additionalinfo: The Doppel server URL that will be used for calling the APIs + defaultvalue: https://.com/ + display: Doppel Tenant URL name: url required: true type: 0 -- displaypassword: API Key - additionalinfo: The API Key to use for connection with Doppel +- additionalinfo: The API Key to use for connection with Doppel + display: "" + displaypassword: API Key + hiddenusername: true name: credentials required: true - hiddenusername: true type: 9 -description: 'Doppel is a Modern Digital Risk Protection Solution, that detects the phishing and brand cyber attacks on the emerging channels. Doppel scans millions of channels online which includes, social media, domains, paid ads, dark web, emerging channels, etc. Doppel can identify the malicious content and cyber threats, and enables their customers to take down the digital risks proactively. The XSOAR pack for Doppel provides mirrors the alerts created by Doppel as XSOAR incidents. The pack also contains the commands to perform different operations on Doppel alerts.' +- display: Fetch incidents + name: isFetch + required: false + type: 8 +- additionalinfo: The interval specifies the cadence with which the Doppel alerts + be fetched + defaultvalue: "1" + display: Incidents Fetch Interval + name: incidentFetchInterval + required: true + type: 19 +- display: Incident type + name: incidentType + required: false + type: 13 +- additionalinfo: 'Choose the direction to mirror the incident: None (No mirroring), + Incoming (from Doppel to XSOAR), Outgoing (from XSOAR to Doppel), Incoming and + Outgoing (from/to Cortex and Doppel)' + defaultvalue: Incoming And Outgoing + display: Mirror Direction + name: mirror_direction + options: + - Incoming + - Outgoing + - Incoming And Outgoing + required: false + type: 15 +- additionalinfo: For the first time fetch (or on reset of "Last Run" timestamp), + fetch alerts created in the mentioned historical days + defaultvalue: "1" + display: Historical Days + name: historical_days + required: false + type: 0 +contentitemexportablefields: + contentitemfields: + definitionid: "" + fromServerVersion: "" + itemVersion: "" + packID: 82a5f67a-7fbd-4e4b-8c20-1677bbb400ac + packName: Doppel + prevname: "" + propagationLabels: + - all + toServerVersion: "" +description: |- + Doppel is a Modern Digital Risk Protection Solution, that detects the phishing and brand cyber attacks on the emerging channels. Doppel scans millions of channels online which includes, social media, domains, paid ads, dark web, emerging channels, etc. Doppel can identify the malicious content and cyber threats, and enables their customers to take down the digital risks proactively. + The XSOAR pack for Doppel mirrors the alerts created by Doppel as XSOAR incidents. The pack also contains the commands to perform different operations on Doppel alerts. +detaileddescription: |- + ### Get Started + + To use the app you need the following: + + 1. Doppel Tenant URL that you can use for calling the [Doppel APIs](https://doppel.readme.io/reference/create_alert). eg. *https://api.doppel.com/* + 2. API Key for calling Doppel + + Please reach out to Doppel to get access to above. + + Once you have the URL and API Key, use the same for configuring the Doppel-XSOAR integration instance. display: Doppel name: Doppel script: commands: - - name: get-alert - description: 'Retrieves the alert details by ID or entity. Must include exactly one of either id or entity' - arguments: - - name: id - description: 'The ID of the alert to retrieve details for' - required: false - - name: entity - description: 'The alerted entity to retrieve details for' - required: false + - arguments: + - description: The ID of the alert to retrieve details for + name: id + - description: The alerted entity to retrieve details for + name: entity + description: Retrieves the alert details by ID or entity. Must include exactly + one of either id or entity. + name: doppel-get-alert outputs: - contextPath: Doppel.doppel_link - description: 'Link to the alert in the Doppel portal' + description: Link to the alert in the Doppel portal type: String - - - name: get-alerts - description: Retrieves multiple alerts based on the query parameters provided. - It includes metadata and details about each alert. - arguments: - - name: search_key - description: Currently only supports search by url + - arguments: + - description: The entity for which the alert should be created. + name: entity + required: true + description: Creates an alert for a specified entity. This command requires the + entity to be provided in the arguments. + name: doppel-create-alert + outputs: + - contextPath: Doppel.CreatedAlert + description: The details of the created alert, including its unique ID and other + relevant metadata. + type: string + - arguments: + - description: The id of the alert to update + name: alert_id + - description: The entity of the alert to update + name: entity + type: unknown + - auto: PREDEFINED + description: Status of which queue the alert is in. + name: queue_state + predefined: + - doppel_review + - actioned + - needs_confirmation + - monitoring + - taken_down + - archived + type: textArea + - auto: PREDEFINED + description: State of the alert. + name: entity_state + predefined: + - active + - down + - parked type: textArea - - name: queue_state - auto: PREDEFINED + description: Updates an alert in the Doppel platform. + name: doppel-update-alert + outputs: + - contextPath: Doppel.UpdatedAlert + description: Provides details of the updated alert after modifying its queue_state + and entity_state. The result confirms the success and updates made. + type: unknown + - arguments: + - description: The entity for which the abuse alert should be created. + name: entity + required: true + description: Create an alert for the provided value to abuse box. Will fail if + the alert value is invalid or is protected. + name: doppel-create-abuse-alert + outputs: + - contextPath: Doppel.AbuseAlert + description: The details of the created abuse alert, including its unique ID + and other relevant metadata. + type: string + - arguments: + - description: Currently only supports search by url + name: search_key + type: textArea + - auto: PREDEFINED + description: New queue status to update alert with (id required) + name: queue_state predefined: - actioned - needs_confirmation @@ -49,9 +161,9 @@ script: - monitoring - taken_down - archived - description: New queue status to update alert with (id required) - - name: product - auto: PREDEFINED + - auto: PREDEFINED + description: Product category the report belongs to. + name: product predefined: - domains - social_media @@ -60,106 +172,46 @@ script: - crypto - emails - paid_adds - description: Product category the report belongs to. - - name: created_before - description: Filter alerts created before this date. '2024-01-05T13:45:30' -- + - description: Filter alerts created before this date. '2024-01-05T13:45:30' -- Represents the 5th of January 2024, at 1:45:30 PM + name: created_before type: textArea - - name: created_after - description: Filter alerts created after this date. '2024-01-05T13:45:30' -- + - description: Filter alerts created after this date. '2024-01-05T13:45:30' -- Represents the 5th of January 2024, at 1:45:30 PM + name: created_after type: textArea - - name: sort_type - auto: PREDEFINED + - auto: PREDEFINED + description: The field to sort the reports by. Defaults to date_sourced. + name: sort_type predefined: - date_sourced - date_last_actioned - description: The field to sort the reports by. Defaults to date_sourced. type: textArea - - name: sort_order - auto: PREDEFINED + - auto: PREDEFINED + description: The order to sort the reports by. Defaults to desc. + name: sort_order predefined: - asc - desc - description: The order to sort the reports by. Defaults to desc. type: textArea - - name: page - description: Page number for pagination; defaults to 0 + - description: Page number for pagination; defaults to 0 + name: page type: textArea - - name: tags - description: List of tags to filter alerts + - description: List of tags to filter alerts isArray: true + name: tags type: textArea + description: Retrieves a list of alerts. The result can be filtered by provided + parameters. + name: doppel-get-alerts outputs: - contextPath: Doppel.GetAlerts - - - - name: create-alert - description: Creates an alert for a specified entity. This command requires the - entity to be provided in the arguments. - arguments: - - name: entity - required: true - description: The entity for which the alert should be created. - outputs: - - contextPath: Doppel.CreatedAlert - description: The details of the created alert, including its unique ID and other - relevant metadata. - type: string - - - name: create-abuse-alert - description: Create an alert for the provided value to abuse box. Will fail if - the alert value is invalid or is protected - arguments: - - name: entity - required: true - description: The entity for which the abuse alert should be created. - outputs: - - contextPath: Doppel.AbuseAlert - description: The details of the created abuse alert, including its unique ID - and other relevant metadata. - type: string - - - - - name: update-alert - description: Updates a alert in the system with certain parameters. - arguments: - - name: alert_id - description: The id of the alert to update - - name: entity - description: The entity of the alert to update - type: unknown - - name: queue_state - auto: PREDEFINED - predefined: - - doppel_review - - actioned - - needs_confirmation - - monitoring - - taken_down - - archived - description: Status of which queue the alert is in. - type: textArea - - name: entity_state - auto: PREDEFINED - predefined: - - active - - down - - parked - description: State of the alert. - type: textArea - outputs: - - contextPath: Doppel.UpdatedAlert - description: Provides details of the updated alert after modifying its queue_state - and entity_state. The result confirms the success and updates made. + description: Retrieves multiple alerts based on the query parameters provided. + It includes metadata and details about each alert. type: unknown - - runonce: false - script: '-' - type: python - subtype: python3 - dockerimage: demisto/python3:3.12.7.117934 -fromversion: 5.5.0 -tests: -- No tests (auto formatted) + dockerimage: demisto/python3:3.10.14.100715 + isFetchSamples: true + isfetch: true + isremotesyncin: true + isremotesyncout: true + runonce: false \ No newline at end of file From 20c31523936b9ce9e05f76022f20e91933ee7c1c Mon Sep 17 00:00:00 2001 From: Kapil Bisen Date: Fri, 20 Dec 2024 18:55:25 +0530 Subject: [PATCH 21/22] Updated Author image --- Packs/Doppel/Author_image.png | Bin 0 -> 32919 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/Packs/Doppel/Author_image.png b/Packs/Doppel/Author_image.png index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..d0bec8a28888ab3a908601c95e412ebe340ea303 100644 GIT binary patch literal 32919 zcmV)&K#aeMP)40000WV@Og>004R> z004l5008;`004mK004C`008P>0026e000+ooVrmw00006VoOIv0RI600RN!9r;`8x zfB;EEK~#9!?EQO?T=$jd2Y$}^-J6+}^+4i55Q0E3NlF??l$s@v`!y{I1*zrk>2?o6 zP1~_!j}6e_osISEn$$Y{$F3s=h1iH4hrMBfyJN3+Hg;LGcVnXMo+jvy@nc#Rih4}< z^k`ZoiF&kKBoZVDfglJZst&%I#HCh#)!B1m$)?i8+83a26YE1TcOC? zYRqfoF%#NFP8+dS9<`-TYy3MccEA6SkHp{NzW77bY9NN` zh^QrnDp3uksP3z%gSZjZ803bb{KNm|AAn_B-rBbH!mU5+4xd7*|NTyVs@3)O9&Shaofcq>c-$Gh&T4g)|mScpR9= zb-|_DJgZx!%}#fEe0$4_FKqkUO7-<(L36oByQ`|ikO78Jl1YzDuA*|2QZ}E52k;y< zBiIlX?#Vs5C->w%%X`{jm9(KNpcv*!^D@uKJl(Qpu+CxLlFzX2kKi&zR9h%~^!P}c zr$*Xp#Vz-Y0;1rO?wxNvLS)MiciQxXd0-wmHShym=JV&Sg#L^D+?K#-luFB9;Xe5a zQ*whc7`T!dC>fz_PM&94fGPLnp4^jr@?PXUYp~nJ1V+rzll_>@P%CrR?E%)ZPqn)8 zz^NkR@u)0B2XV+9a)21q=87fdRSirrQF8j-23I>dy_Lyx(tjKu&UVAfyTeE1e0$U1GV@EO)=&y%#)1>mvj`^m=*$j#cw=oDh7 z2GUx3J03rC!+*9j5M!1L>?yxW%`Y;_AZmI`Bm7y9&po*(_vD{rdCwZ`*k~`QF_I>$ z;eOuMkMOpBl%an3siD>v>qaX`#EO39MhGAv$)PZDHDo@Z!IkBl{uy;$j%p0Uh-tY% z%U))dOSf%9pvS=X5v0FD^1Cioe`*5@1#>3{dSn4ngfg{Sj8dAX)@h$IXKCPe#+d0` zmuuBcuOYg=>65)D_vD`3llLg^(?yWs-ejEzxGX=%4L&+=#Rs3sthP`F&|n1KM#@N5 z&Y)RNip`f4nGs!yo_88_pWLVaczMn{G@^l*40MEQj|N@T%Q1Rj@;^Xbu5ce;VXx2N zxBk5YEUnRAx@w2-PwvS*`Ex3Fzrk*GZu$&x0BF(Wlk{k_W*5oGSe2X?&&~)d0hV_K=z9hSEG)z>^tQI{-6WLuF$d z?84aGLht!!@5w#6C%elXfkDpB8&r@@sod-S_Y`*oR?z0TAqCzuiy(xzNgJ(GhgfB)R? zZ0j-Gy=U(l2fKZw>@KfohwJb5`S-5Bcm2KV|I~1>CWdKDn;x?a{0M9IDA)Z_Htgs^ zsPV#jf7F`YQzOU#-*}b3_!p-6oB!6&vwsh=R^b2DfBhqwp54#QBDFw`=S8zq!4)k^ z@Qfjc7|MRoGHvA5hO!zzkQ%NA(GZP5`d?gGD-I_Ff(*cl^nyM_U8u_jv-&Di2xic? zf~opP`B(m8zVt`mzOcM*Jl)rQPZcx~QzCQiQJi_Mr}|))UpoUc49Td=fLyK;d<`U_ z418;+-;;ZCPwvTWWcLkLAcg{@B$zR@gIxCoy8ajg4m?%Z=dZHE*4Fw2eWCipQgiT|Pg*s=X&QXm`dha7ez)EH?;o3PdTg@j<|? zr`o+u_nzF7ds4|=X|R!5hIWuu`x&}CMvtSXfkn-Y!i+p0qQ#Fpf9=Fa&;0ej(s(Xg zyMfpoZ@v}y%I{yI$d6FOhz_AH91jK(X(7||>!CS6(Bd($1<}}^mKvfF_n5TUqBd~} zAf?B8L!9V%DM;C=#pzDwwlXw-sj1T|gh9u=2Ik;HN?8Z*Bi5%zk8~+rlpZ@yC&iu;HHC~wBC<(Q_tZu*y=WnnY z_fsfj8YqXpDN-~@Fd5f#X5HP?V(ikhK8sMQ;yri9!j%akm) z2Q`*$5nBL%x|9Y(`3ox=%4N;Miy<2=_lB2Izf80XWV%6~&9bq!L6$d|(d+EjA7HxL zeak-c^oAbkjxtUIAQ@ouE~9Vt*?0U6KHnK}gogbi8uBAbA8=dDz<9Hr_)NF`{Epz5 z-Qj1w^*-;Ad$@(4q}=Pxf3f9m#$WI9b8x2()@RtThgtJa(DldY`O(t_EaC|c6=cA{ z#+%Rn+rR$U)4%qZe(OkmqkUujCO&t_FWuzZU;gHs^XvX$VhNO>rJd4fs0Jdq3zC70 zfQyQ&P#UNhVj>ypIY_3#Yq^MuxDZ8M5I4kJ)G|VVEHjXRGxJy>`k1Ia9i-^Y?BBN( zN3+j|p?5|bSJ2oXgq-LFxel214$+l@1E{b#(1R|ukbk6+Wzt?$v`D z?s8Fuu4?RNHKAUE5Gq)e6)lUjMf^eYFkj239?PliRgWkmR1(e>DM7rw-e<9%ePD66 zxo0Vx-Z=Bdl}nv^zRt+rU~Yednw8A?6$oFY&NbflUpm+0NXNB2k626GP-i|^`9kpW zxK|`LTGsGT-g6J!lY4Scc9bkorIU{LiLplJ3e3>sA$lBLFySl?!6BCsK`x(}(QhyQ zTfgyF+O7QZ>9XfUrlnuI&za$Km%7dKh3+GGfs_M02C*1iUC3mko9Ub9^02znL|@GD zj<}F}K)k@sQ4{I{dmByi%Gc>0F)LAl%oHJGDnEp(w}sKXVvh%=7J_H(%uCb*(=&UJ z(ugrX<(8j3{K3bb586F*2nyoCh#-o4?&E^4A{!b;>dSsX&Mscpdi!*X0v*EPuvkAH4su^#`3|KM+Y@j|T}wi`u_4LeA;#+l#zo4?=b^6}@^i#h5c5{Dyvpf|h> zFU{2RXJ`D4m4n&;)Sb>=K?4MYOlp*61Q`)SNuh~CFgGLk_NJ%ri=fn62Pi|1Vi4z` zIK=)+`?A!O$^&2-9K5*zzTS9?b&ovYxS&dqVOw~tAwcO6s^G2t^2D9-xhB9nE z!0W?3TsHVm{%%|tXgEJUSnA$m%CCNDkAC;;eY(t)Tz~+<47 zSRc?ft3aFyCc+e(Lhm>i<7$sg#Q^ ze(`Z2t)WDr8d&3D-jD@WGJRKH~-z^r$QLCi^6=+TgMu7{`3FuaIt5PoG05uEdwouV1qNY{Oz+@Ht5zY zXHG8Al5aCDuYf=xBlt8C!(~JyGOT7=4g|YBCqRyp%YY~WP>>!Pl+K@gZROQ6J~`aj z;E`YdS5LY7Q$sE1O@bqcX-=v6NtLjmWQ)0n=gs@nwT~39u*dJCtUbVg`0s_~|I7bl z^khlxxhOECiTTmfc)6T&WyL6&wzmn^M_dzyqchQHBlbuiGJW_vBAk z{v7uISgA<(`T(w!GQ%p5(Djd=5NPeT97t{jveAdZLtpvaKlsWYwSDdv7dBQQMyS`qax=WOc!=}N z$;ISi@IJNhV@yhr0=F7!P4KKrMm4-T!=vnEVJo#G;3$ipq7kWB-rXS0W`6|unw&QxvuiH!3JsL%~RVJX$0HwcIlK^j^a7J^2?|o?$Eb|7|2Q0W~F94fiG+ zw7AJf=*q|18-8@L={0I)A`{H$9sk8o?CZ{PnJ53vCr(aJUw*Jx3~>#tj#ig``@jER zIy7cal?wH#wCfio&)0Rx9(j#@{&KpJKn#&W41y7)BzgfVsa%UTS?2%+O;qg`({xiE zS91DH#Q`;2Pd-|6&_1E2s5+y;kf7J`P-0P+(eRKfr<`!w&^8FJBTC`qK62%`|NwnrMX}Vh0U}JfB5N~!D94pr}mBgtrZP9mPlpZVLZFO z(@pSaD4ByZ!@4)wK<6dsJa7s#qLk+f2G2*?bFM`nlNq9p$i2_Bb*b3^K_`ddJ-H`; zu0`Uzz9e%kNj}Dmb@uT__&MGRA7f;P&j+iKm&wOC=*yYU{=&Y_5x&EL>_;@}e|ho7 z>QD$7tAifRx%!#w-bEVwA1@3DU?l{6SwzV^5XyjzE;xIomhGKUnk>_lER zPDDS_xhykh-lD%0WyGAn&cnqw$-R@X(0`sb*n63H_XKWZd5)E*cPCk)n;cOaKEtYf zm>wTGRZwdy$waRQI=}j}VQ~*{v6nyQZ~U9bPOYzX+x5mCFJmcrZF*_xx4zuj&`)AE zGw%ka8JVmtPs_DV(>sW*GxS-8vX4P%&<{?biPAa;hMN4W1A&{gS@lQT>$F?q*4nP| zsSAR1EH*mRdYRJeh)RY9L_7ZJh*Xm)RdS%B7&p|@gc4KC=h|z`J%?~QN_pIv>s*(9dQX}OO>s}| z$-f{XP9mMU3&{qVf(IlR{g`3J9AdT8%M$D)8#Z?_>IpddoLnGnunQZqZ}GMK=g+M990{&+yA5{7c=$hC@-Mu``p?NY{c|cA zBrRkhhgp|4Bj!%wv~f~kKCtxZUpUyA>HSlh@kjjC#~+{X_xtk$$-FkDOifKa|6Bjy zA9YrT$50#dDBdqF?g@HDXVYL%AugwQ!;s#LDDiD^2 z-aVDno`{cs2OHjG7#?cjx*(n}NQB@Ku#S^2i}B)r@*KpN4krIQ#s5vU>KEyQ0Au#G$MWZan{u zfBJ{~FE{ovh#y^$yfQTnj1R0_!Mw89th;jX_5FK^F$^e8mA)Yejl(z!^uXDvx%dS6P_k6ijV~Wch^gm$MFY)PL z_(eQZZfLRibD#bkQ=vHBtmhKT5&K(nrxyRy|7+*<3x9m3D0+;V^IXtF%m3Mb$+GlV z7&?raEJQ6Ag0ZaC#_y6av6C6F>n3?;0Ke`qL88DgB;RRB8E4gIX@v15Ufc1>QJ~Zk z#L#G%Dp(CA`Q$MwPKM+v*d`}7oUp;$#FW>DxV9U(;1zf<$p{g$Y_s{+IuJ8X> z{_5kXC$=*&#U-Son3e(xqj2jXay!}S@BsLo-+8h6(D)DAUgC*gMP1QY70%QVQA=V- zXo(POn`60sq{OhSKpkpj!jDH9mF2R&>1Nq!lkpt9MpR>zuY-=58Yy{9ML!+ozdiTj zu3GjNzxa3}WYRR}rbdCxq12cT&|Nk3fOw+bjB1pjz;#fKcLTM&npd|E?ns3XcS+Xn zcpe&11aOq!{rfL&d*|K9a(i^*H-7Us5I6Fu)&3Arhb)d`2ip{|+mFmeZ5X9-0G`c-`XaVfBdA4BDD;QHGFZ0wfmDZ&gIfHJ->T)K7itA0y_DjD?zv!LLq#%w82(tL#M?S*kSHFK|RJ_ep?GR0U{YcDw9kVbpXOQ@QEGCP+y{3beDi=2u!`hoGR74u!$fyXlo&tb{rI}I z3QSJ$j;<56dD5@D-+`(!#+G~7=D~W4cD(z0i0LiwbXSYr162LD9W9LvZPFkj@gc6vhxwR6Lb5%qeVJmyS=tX0^gL%YEFD7p|_X+$Lg z1FaL>$%_Ecv5XgyawQnc4Y}IcEB}OPE~R>2UJ|@yr>Uk<$)d1fZLV;vbv>JzALhLU zg=6_BTgZzHvUEBR@)4$G+r*wLX`PPpi)Y@l$Cf_W_!*k<68FVFWItVg@U?F(e&*8) z2>rhm`vaNUJL5&UzS#cI1DzjrE-sK*ysHKg(&=E>RtBjUX%k<{E zY@Xxnn(cjZi)_FCmdv9~&DFQKLqcp&D@$A~#UW(p{?E&C`y*&XZG>RpR&6ruoR}d6 zV@ly#Sx?kP6hy7!A6rfK9r|xU2YkuC0-&9-mt=UrIu zej>8<{O(8LN_PWdEjw1`BLEMEVD_Sj5X}f#MjSBj zOv2u6CLmlRxRNm-_p4p#KilwpS>2Y+#)RI`l-Fs6mzm-cnJ05Y7$x$S+eq5DbNV)- z&<}L+)#Y5e%Zf40RNHASm>)bj@a95P#mK;+q|siZ^;};#{kz}jo%yxDbY!VkbP2o$ z8*7~Z%0FB@@mGG85yR7?VJXe2DWvE>^RY*cyoCIy^Tx14ZEE98IVcut)QQZnsU-Jh#eJ8HVO$OPJ>V86mWOBTez;LB z(yZEq#qF)lD2G?V4CEw)O4o*6Vh<<;1%9>8HtL$PlF@ zH+yR2mA}itsXecrQHwC8!i^Y-p*&Hth6bc=GdGm5>>kOoj98Q{-vTM}s&j*vC?%zq z%TsdcOiRA8+>}e?nO6S7w7J&HjKF{>R|u5U%8cMCgUq$KZR3?d@IaHR9OP@vdPZTZ zAR}s;b$arlrH%0UrJ;YQU5nYG8Yfc^SK1HW4xT^v<*%$e)IdI?%(|P9$EfB|L6S`Mlz4XAme0T z%Ef}R8z(0Bdl^98_Wf;=6}J3cyo&y#%+Teae2rONtu+5M#5?VDCJK__qC|l{N0z$b z7nce@azfyl3~ig&cGV)QJ0a-ljM2HkprZ_dI(OU{#XwWh%51#BRIZIN|G}L!{M$CI zGAnNhP~G-}hUsYHCKx|2Dil?ch*m!B+h45|AuZG_CSSD)l-0A;lV&M9T<<8QWR-g% zZM0+8OdhE;;axPqJM>@5w7b&*Q7KqtM1evL$WR;4tAEbCK<|rSv`o_s8cJOr-*ZlBj3L`R8A%n zUeamibEn=|onE;5!<%RFxdTgk=bX4eP-n~TKsU!2D`HlGcDc}Ofgq#tYX?E_v`1P z=<-nJ76%-D%64M&s{Evy&=akK=5uR2d^~4BlP($k-5W1y!Hk1y1+%Q_KBCVMyn$La z2{!F|n{5kttlcDE_zck7@%eF_XcHTWKOz_-X6VZYC}`diY~3zVjY6G_0khsEn6go2 zAdWXirQF>_pVW6NtKe;onhluqtK>Vidu#v8=0RFA%Lb|c#2ZNqmvYDU2kBAsYdFxC zgAAASs_4Wy#~uDWR{-pqx2cF>iw+h zw_C5RJ6H7QPeuR0B9TRhlRAc@ zd1w#0|GD4&=A{Q07CwK*Yw%ybaJ~D#`PHc>4$O|el|@=vP-3lk>fw*KUtIYkmS<#U zX+!+9n$Rd%a$)elA5{X(;sxiYwj)XrTM|s;mP2V0I`!3s2IAN;CZr^t6X2y!C zb)uFpnXrs!ojtrxE?+0R(*|pa{VoMMl?^|{Tk*53`y)gem7Ad4gn(_6X?cbF0A{%WoI~ln&xYp0Oek%(;Zw~XBawu|-(lSG8EFKS}yc}CDav#b(4V~Q3d=`&!O2%UBR zz^Q`DWdOK1ktTh6Xz?F@b>l=$vnPJ-FYW96(S<>$@kr~;(HWj8yyrurWLa@~Z^)Pb zgMXLK-~P`B%Y>-~h7fh;WZypgw8{p#cgVQ@QyaLk+{&Jn%vtrS67U!`xQicf%m9`- zC_Nh7NC%cHCKOG(aGO7Y$w?YngUfE;+eIp$fK0{8%8V}RulM8D+{CEzh5L)FJ zM*NQctrRrZ7OwLq%$wMWYAiaqE=O8t;IWP|SGA^}`uR==+txYA?y;7vf@B?YQk}ry zbb{-OP$Nj4>zCigvH@jw;4!jw*Q`M>q#PD27JEocnN=dGQ_}aGZQJu$u z_5_1m`IxhqmP|hdk!h4HWR|rMx(@u6Fa9R3sgz`r9I?cLw$4%Bu+Oq451}bowlMGm z&q?*1N&7r`)W#cyNm}&5V5&%1%u>^rk~C3?EDZhd!Uv!DFHYCJdnPlMX1T!qvdlCc zOpU0K(o%40ff{BRc!qjL)s*?6AAIf#$4CQnOXS}xfKZI1V8SUA%x1D zhgkX3$9=b(|9oVJxoW?GsXaB&#$pt0(*lnk@vY6um+IfhZ91I5 z4lcYQ$4&?N*)xVM&G;*P?ythMzYab{Fr{WAl!B<10(w;F11&0xEGL+f8T2?x$3D$X zc?eZ)M{hni;NXII!fcQGSUoA}!8R>hmqe{8mfSU^ZYpC+)|SYrfgd^b!4rRXDQERe zZq}KWSGZ5V!c_PZT#{?Y%_e^3oy4~&664Kw{C}24To+78X&}P4qfrfd0$Hmm(RJP| zP>iC8gl^5~nnT#Ud1w2BC;ma-+&8y|EpD5obGHuh?L@zmtdp_#)+)m8^f#kKb(N;9 zGGK<_tCZnjTD0OIqZNg=pe;l}r9JZL^DlgbDlzFH`iBX&t65!%YW-H ze&X=bTw`$Vrty?#ur^erc5q>x#!}N~-eZvKJ;)fQbsJLhJIQu^Vk_dn=rijVab~(h z4m?@XJP%tU*JFsxHcH7-8mHFe=vkFja=AjFH_?<66=j2U4$|f0ba{-M9BrdK2P{mU zJzh9fyWDkxGEkBxHFjzFxJ}!9ZxLAIaC?Kp&t-5r`pog5*E)s36j#Zuhg!8MX*%p( z5>=*Gih$V8W0-*UiZRpbG4l+#&L~X2uNt3=*^TQwGCP$wF&TfS~ zj-hipCRw`O+?M3RGD)wUNGrzVd+0UikXn{rh=39*Fzs3jc>wGYNjiz5)Mr_%21TrGG#9t5t#0&x@fs&ZPy0#v_ z!e@AsPcx7fLP5QRMhSIar=ZCd`2{Y^XXtZa9yrgI&2=ov^;12s%JvFwWM(wV6lovi z#(I535fW}yELl<>Am$`q1vScG?QVA9TNm=}nb9aRrizSOnKUu07No=` zGUoK%UE096pxRuw4vj-CrY|aOtIVLx#+zep_xp=sVbC5i_pP`5*on97bFAwD3Qe2J zJ2K4P-F$lxIB$V@4`XO%djB$%^lK%9yn2U1nHtup7d5h&p_Y-A4Ky}(QzA|c{owhx z?0EYv|12Zsh}k+tHms_Zq(p>5(`K$#Ln>(8y0&;Ne3ni)-s;PN^T65LJwSn4Ol*9R ztc5{t4Dymf8WhrCy$0*G5oNZC>`@2H(!8w@MeP{uxn7ui=5;;JCH-Xvez z*LE71avb?y*{apJJ7$7gXyX}alPwq(J)&>0WrOW*yLan-wd|)a$=sEMN{!O-66kLsI1JHZf2giVCU z?vmO*)JALF+b?u^^kmn6h8`bg#NKKQ-t#!0LTFELrju74Yo_D1k$yWS0|FB2!YU}) zE>>D(roHYTI^Xrj+Bf~3g^#tn;mEf}(p=c> zC6d*_gz$cxMHVH)sqMg1Fy8O1awnu1&>%FPUXvrw-SkIUwVz=lewfl{-)sM--c+kC zh}8&|kw>LjWGl@AgmMy*2gPD&ZS*7k^??tE!wW7OAcL)^W|vzx*$3ZO%kCtuyicHT zOC7{=LTnJ?bSE#SnI24cn#0C%rR=B-sk;-)TD#x;EFIn-zKQQgsLhQ(;_ zY|g2M|M;bi-gRcD>y%D=SPYn|=VVpD~au0Xsm(N zC`D7&k!O`p%`h!#l*-g7BQI--%Rmj+S)Z8os9A}X2NvIs$4_47vvl+O z802X)mgHE%B-^&>yvLyvqsT_YFhFEL?j!0E@~GriR!KCw1#y*9GfK@cfsr3P`=+QGVzruinRi;`-p&7!E%s0rbq_Bfr=5t(kkdCNY>$PeDJ8^^Ab+XcI_ zJn~>9;UP2n-D$hlo%0I>UB%o`%`nd}(^grEM;Fl$1sQ?9!$r_#Q*+(>-bemVMcQIe zFH^80M7lMLOxragWoJa=cpFx!TQd zAFO|jt80;vhgN?$XjwMwhVZAT!QNKhA0L8OfwCa0G*uh zYwYLJd0;t}0m?BlhBC(*kFd(aEtAoC6>II1>OKixj7fcR?{#PW`bzG-P7%_ESof@L zHrHO4L+yb!C@NfNZc2!{B^^{NSQ@xDS(Bq@9bR(%aVIijR^CMD16k656wDlX-#!>4 zNN=U-S63Q7AS4t{s|aOlB+Z4PA13aAGj>VYhX#lmLuS^+)jy1^;m4=O&_A6bLUS}9|#U-&F7|qte54WA#{P-ZXUDBytQs8_@qiq~{ z4(E8yF9FcdRRaCWWKZK$NRxGcgmpjqjLT>~Y5KKY-ytgG^t#h__4yk8l|0ruF4`%= zs3lmdZp=rYIo6Xy3j=MmCg_)#tRN$$n!6^8EEr&OPj6W3;yQz~h5W&7-Ya2zC)^#o zNR}I|;3>W}C0AGOm)~bD{E$qpQMiH%9)%(b(RG{x;K-&4wq+5ouxTzm_8w>CpO(yL z4)tP8&Bsbju5zDzjUtq+@~O^H4<9c>c^+!*T2V*s$o&7|KlU=4glW3y-BG`DJ3ccg7i-#Wjj6L4rXpL{gzzp`I=l={(!y2 ztaK=mL2<2!9jAqLgPIWo~tKK)C5LZ`oC6kZrZOrdq{q7xhWk=Yv5IF z)ILXe%YTUtKhj26FyS<4d&i;MlB7{63+o(s`l^5aY~csEPrgc1R*^W3#u|}ynB-;) zb+M-lxdRhfdV_9=d}&I$=MKvGZp%9~yao>Ic~buB&ho(8XRr7d+NHNojo>Mum0Ox0 zW2h%6F6mlxFy(Y~JqPa(B%2wusRCNL4sK5Ct4#AMUS;?cI3tUg3rY<)M4xmb z-C22=+3+2rlwn_xzi|TDSRZ+2xg7mKYaV;M zVmWu5qFrqCJL7UZ|GY}-#W;bjCK!`0hw-S1P4d`H%PNOnNi}}0tz)hNX6Wky*8C`u zW?P)6rP5j^i*O4*be!g@I#`*uYflDxD}|4kl~>s3-)ELrD5{LVT$G>#*8Sj$%j&6y zTRZy9A{;u2B+W2sYFUL_Ozkd3F>fxE{_sN0*O!O-O=@CQAxjqL@6w-VKtc`3|!;lJSzjc={ zr1^BTeJ|GOFGp!qzS1~JPlqv-?p+OcC#U!1v|L}F)9*1S-(iM}m``D(bn2R~5}9LN zx*cF?pfgMBa`5TM%xUr4xq6JS#R*c-IKA!7`#m{2GmDFv_=gW zc$44#{XahS3!nW9d~jNs3E~eOxqp7DHewwT?Ow3eH{E`}ezWfizM*e#kYH-el39_~I7{dYw64W|}`FkJ{;b`_vWvOsA(0pWeDq z^%m{CO2Y7P+Q^n&lJC~5Hj9sglwqfyN+z%-e5fW?txi;qH@Mn4%z5U#!~gukZ-exK zYv6-h(Z$feHc5UbAFNn~ zQbaE6I$294b0HHvLp(!F$+XXuzQU9?mN(=8r8f~E(p*^g_PJboG`UL7M%94v3H@H! zj^3LD2W*A`kFXxv^O0sNP?@*%Uux=)n3f-iVQHinY;;}Q{9F@(e^q&_=*rgdbw{kT&%cL4r{LfdmNdf_7@6H_p(<6jobxzj ziy>xY8bAsPsj(&x(BtUIO%B`io>7yFYAfD8qyOYIuhH@!ro@shZc5*dkM*3~M@)xH zV2as6Rz2(V^wUYu=NQ0rYPX&652W_jL{0=N@TW9Jv@7Kj`e@<9EYl1a! zYLuc z^t`KPzBe&}G88~Ty;P<~HL`Msyl5_DWtzN$3^sCGF0uixqlCw^gn@LcV+HfEz!?=V zgq*-=qrpGsG=K7#Q7@G|a%RS^c0On?afoH|aD^f(cefbCC_+iDmpNizpG3DR4Fywr;s>Bh$%{5WFv}TRp!#}17c#wr?}E>m*;u7SY}UoExosg zP1?tu#IMpWmpNL##B}VgfSz$p!SBqVUe*ZZ3>q6-+cBTV+QRg(#`G{Fi<4)x$Ma(x zICV)JC4;O?6%zn)I}_ZxsqLu`$I!R!U+GR6Vm0!z#$4Iuk|M;+ zr*56I@m*P@I{9ZjXz!Q<5zL7mRuZLI<^|L3q2Es-`zbUdNRO6XU|;Oeh=UjNm{j`c z&4sQ$+`6F;F$j$+@|GCbORb<4KV|bdrPHNBbhO$)c|03C-viwujF#g#8d{amD1$K) zr!;#|qluJ891c;0Mr|K?{UiLp|LY$y5M-bkqX~y+Rf%;s7OQ{0rTy+NnH&g@Z~bk` zWEw~9C%NuRHSc%k{8eUo6}i12GDjeteCGtGxFn zGD)tvySEFBI@4TQYWWY?=ig_}JA}K*0upeE zowFjnjzh9&Owq`e?5pv0iGgn0yDi+li!52<$>q^e*Cq2NeLun~ALTk9=LVm+{g-^4 z>+(@<$j7!x`P|4@VTG zNbqL686L*9NhBk%PQA>TvKn>t+y*=)mJYx{W~cIObhhvjxJ`VqF2jmFi@To4w;7Z> zijlB_{Tv2v6qIeohO2}$eSeSB>40oxW)ijr5k?WFMtR(n=0 zBjzQg3@c>n4s2GyAWxP<^6eW)L4zyomw!ZHm1}%vsh8Nm-qCIavY0W@gYDO{W9?P; zbw21{Nolzi$o@_}9|eM5JJSmPn0@|z8eBs?ZW37SHn$zJ7%C9IGUZ+N>mOj@I+yk5 z&lJoogt&7XMt>Y^07b6u_mSD(F4&a*eX41SHG%+NT4 zMu=Gtlj063w~Bg3)4LpzFH`3duj(&7zwRG8or_MaAe(TLRBpCxu&^QJ+4`7jF!j-~ z?RO6bjUvsDEcIurgbM>d%-jA;boms8W)rvOJ48}Nlt4x(=1_;2_ZVauH^UqwDaot8 zx`QlGF>u|s7j`3iA(?z_W7BVT%Lgjn)Y4dq9!?G|L0z!D?PhJ%u?nX)&ipVbS8%$j zX+n$hIId?mC)GH|yAB$E>QVNT)zM@<>|@mrGxElQZ}Dvf;<@1EB;Pt}$slX6ru*oH z`|-Rs--r&ePSkKA7Q-)vJYN_gttc(N{PoN1Ir1S&n<8Skl^E77O(_0+)`V`~<>xxv zer^FRw$+Imlb^UikX~n6uC7eWD+FET?%W__cfh8fRi#f;E-_+`;QcOXaV*^SaxtPe z8TiBVIqMzsKdeUW?hiGU{&FL{O2dDIN64vU>%qm$ELnez^_Ttp-gwU#tas3<@UACpbow*3`r z9RsH1HKwIT&Zm~ZPM6!BJC4#vg@H65>&j7}#}rq_A8Ff`&3Nl|P~mM|Tk5o&27Nz* z3k<1I?zF!;sFnnj@rGXnDBeAl;(Lai>NcEN`_>K&s7&KlCziF&Fe=07ln4XKkBz*J zS_4Pf$P3mReTw{MH)gBPn>qqajdWppSX;f}`J=4CinFSArZ!BU3MfPHk!PqP+3+p=uWv0ColP@yLIOF?2s!tlj1 zA2HI5_0dE8_V0jX_mKr94@w>c4NWv_{?uI{e+Dvtm!G?Mr|Yz0naV0As42ht?fdnA z;(q;yOxsm5+kKl0D7A`Dpca$HlUVsvXl09L@#5{Sw{h(+HFA@7t<0#GB%f+oC)`yG zR=cKU$HOWyzd@O;5yNN;5%wLV;_OY8Y)4pF!?aIDy}7*Gr6y1a?UDv!jZF(Ij4Bu0 zu224U@*(RaBg>^EW<830l~GnCCa?;6xLX@y#V1^-qLiJ$piAguVMGy9AURar6)vzY zhuT;CS9sHYd26QB{O#^N%F4toQ2CR`tYMQhYHrP>+WO_yTo_e+8DlETU}?SA%It2m zS9l*uQ_2?Ax1iZx=P2vmreGRzB`XCl0!69IqbMozh~s4Qcn!4-@sMCVvdWCS%CvOO zg|Gos6k>7i#IXDjeS3sq$SAW>by5K&K-<5)e=>!!MywOSdgTkPqTK2!b7xf^q#KSb zjI_}n<1A}do@?3b-M#TOYL?0st1IqJhVelPf8c~`1Fc2T8f002c}6cXs~4AY=_Zon zB5>_(uo651r4mbDDPu`l{&Weq-?wZHW^GToodmg*(&t$BhgqXdLGu`lecMb3sl~SV zp3~RLEmV?Xt?iFb_*t7|1F7~pjqoZ{dV#tP332xW&NHJ-L=?ItIgLJMbqsg?av|U3eP|A*0+$L5*-^QpDafmcn z=Wu(S2Z=Pt$po$2J;OvNY-dr&zSzVcGNuXC9lm7DIe<+HNGdz>kMGvYkC`Y&*kY;Q z9sDu_ZjOH#`N7szj#KzS4)YZneu?XseoPSt5A=r~tpIVIDu2!?uwluBubxEwxBmq**t4=s3=yIq7$7*O4+g-w+KWptbj6D1^b zxwRS1H;{y(9fhhykku$$yCsTy1~yw!1!mYzMK3WtdmB)kDa12sWorK@D=-~kZukz! z2XRGBZh>P(8kJiqrOWCa7m?i@r{hL4>e0xe5@|55w7Qcd+QqaHco(e#$Yj@`z1W&A@S%~sFb?R6d^`pg6Zp%wS1diJ6hf)zqp z%DffQQXf;uLBj@2`x{LAWis7(am=V*$W&|H+fVncP3dz<vg96 z5;O8+av!~@RdGEVpUw&~urk&h^iPvb>phB8zUMJ+SF6dJSypiYXNf7Fhgg%N3kBH( zpgxZLZ(^p?J#+eK8=PVk^( z&)YKuwiapJ@5NeO>nEBRubNjEct6*$#Z4z&%xwBOp-Tp;|U=YU7-HHjmvvmRq z2iw{9yMxxM!w*TfX?ar$H8rxmY}7foh2X3*k;yrF-I*R!8z$lU4NOPZsMMhPlB zZ&@#$z*;8LNJ|D8jDmt^j|YNl5NbI-E8+QB&CxPXrLHAkaS22!GLkT$%=!#!<;6js zvT(%e|7@qq8fctD!H%}E=|V#f5a&h%(v zHn(@_f+`Eq808}d^&X>I4+|T2;XgNA%RPcIHOiPCOp%ZFqUByRHj@^*>jqoF2ICZ= z*h6i!hvsmKW|0xhFny<6Wvi45gWNj(+JGY4)CR>h&FgRr+ue3)Wu{DzGNy+$@>se0 z#_%7TMdR%5tli>?`Ja+TkuyDPP#^6f6myl!2twH)j~TfoB`lTyNmfm6n>G1vnHJ+j z9jYuYqw=*U%yYfGl~8=A4Kg`C8Wfr_s0|p@MvU^L>5rcue2Y_S+m~QuZsb;WGe!u* zq;NW8xaS?$cSa(m*edgr=_63$L>Urz6LmdT_|!9Q%@)xR2`Bp8|Ew{fK^LLG-3jz) zh6~*(tv%cK51cj{n9wSG_L+76(35p9Y4|0AtiFFPg0Y|N9YF=Fd_51aCPz*{c`C2q zFf|)>a=o(DlnVsT(w_IIm9PTNYx%QkK%BCx=;+BNWm+jc?{}2RFph$sLoAuF}2@Zh9u@$QU3yT7RGj+~zrg6=jwbC>-&p%>K6x>HgTHL)wL zvzM#<0$u-PyU*dpQmPF#LO!hUiIor9$3Cq{C%4+UhSz9l#vq@B;yaUejZ?(w5(iC+2+qAAMA#fL^td<7)#hJWfUADtYoH4mE%mj zR7QUH^`nSu%gNe1hz$iAB`Xa#a;oy{ zRj?_I=dS6##}Z_!WZK#)SR;33 zBR=$OQL><3ih0d9WZ%<1b#$>Pe~_vlj5S!j$%Zzt?88qMQO?&aCwk7B%spqSpKAKG zZpuS%a<^3+-#I-l(@&?nYz42Q!bIYZ^F$a5lSXHnLzM(CWYjQ=c-ocUv6%_{BU|l{ymydJ9|3Z76Bj?L4IVlQYR^^(Hi|nP1+J$HB_F8k7 zw8^$_Jyg>7nSptuwMKg(NPqbte{{!pa4KJ^Yenmq7S1pj zhq+0c$jpgg6;H?xl6${1?U%cIxJcdm3}t4L*%mCRc)MKQDrhcr_2FfqN7Jtnd{}KZ zUvgpo9U-sk zx}*u0CydeA+`BYcC9^(CM0c$`oug!AakE(Cz?-bgAtKGmINnail$GP;C`AdePDZvX zQTi?YBk3iU*;2w9H~}oB1(!?@Ei=@n@K{^6Si2EjT81->>rc&0=ZkvXt1{+-2gkDl zlgJ?G@(`A%3KnvM7-(g(&P%zMokj_bkTQQ#@FJOl zIh7C6p()*$_J^-Aqc0P^)zi z?Qzf`N|hN@1y;lpBuTsh$r3tOgp&1qL_W^c*?h&9*lGrPV&Mt~S)2qWPG*`dyOzW% zlWVu0OA8mIO|Y53c$Ge^CId;$x) z{q^HMDdgbExA?;1NDh8_s6?idv9OQ~G(6dic#)D4<-?R*FCk?KC z`#yb%{r-KX?HUC$iQx>bfwWC&5A5M7ZLcv^@$0dfgm=iN9xtCKMDowx{oXNS=Rj#g0P@F+@RE?InQxnIoGc+=c_cz ztm5>w$=Gb|-|gCP*5ZeZym@Zj4m>xMW^xNKck-sRmqhwRngj-jrX75^Vch}#e^Zmw zCPrDrR)~=_5yCpxm+VvNJy0iCNp--N>z=K_-0=_Gpy65%g0&u zPqOYuPa9R8ugW!%S5>K%aU|b}UM`y$;+tH$E_%*HpW8Y%R5i)Q{?o+H_wcFU*;0c( z>NTeQ3PNwo{MoYBCYIIYdiu7HRX)M0f0CZ3YPDmG?q-m1OXiugEMm(etwAgjLIuOJ zl0xpHqQQgmTdaG#`&RM!<*qar1_63{WZ}p1`PRS>cK@XFBW8FV3w;LOV@)1FrVgJi zhsEETnQBUi4SMTyPcw7u`PK4=?BNfo`5G2;_S#JzF277KUhDMy3uk(A=$SENxLEc= z=|?|x^zpyjY4JVwWy?&C>$)Y`DYVAx~No_)(l=CZ}3S%;Qfq)C&U4|3?fJq-K^*W)h{>?5actTx(t zI+>)-TTA_$=T>HUm0WKyS}&+Y$Rwb7)+PwUY*_IaG?+GB&K&A7@eurJ$e5EO3b#O4 zs21E`ed5=540^1|LtOIX^!yRBP-%d|LP_&kP$`CP=j&2}mQ}5{gjkAU zM3iw2u&v{IYaeHO{rd>Yb^6bnun-kYm75%SI>_qcNG?}hWdzol(jT+FmUo*okNj5~ z!+26cjWW*7mtH?r(~YI*-=X2@!76?B+Ep@dGLWA=3y0=o;AA=pX_ekM-;=|ia_DAu z4HYBs8i5rkIH0g$Yye%K$hCfQ*+NT{(h(Kw^ef#r{j{f+``?BlY zXD>777fJr5CWRehXb)1xqwVPXPossaMu9+$jWZ3sM1xdEsE|2^a)hpYkb>s1F-jvQ z*vE^Cb%H6GYXwJnznbeV4*aoH8mzif$P8;dT=BG)sF$d)Bc^iAALb^XWQ~XCQ5HyS zR}0&DT_+Q#THq#QxDAw&k+IsH@~g*N{$2Klmznj8DW%bJ#Fbq7%yNN9qf6ZPd?B@` zVz5b|k}X8Z75bw+qJ18CV%o2D+*=44LHacO3OW5r-zbsj)2zxtB28*QL7V8!XEeFG zZWT#*Os^tyCagfYOoi3->YYnX6_t0>Q6@aB34PEir18R<96g?!bsBz&NP|d?zvrp33qiyrSd7*5(WRqlps1QS?$!+46mlW+*e(#B)vQzQB zo!>#*h0mQYm^%)QPD551Ns|I2mmV#yQS(8nZsH9J=7`>)P-Rsf=52kHp0^ipUbr3P zYIFW7x%X+~+IK)l+1YP?iJwMVm=e$B|GaLHWHIj-B^g7dAU7GU?)T}@G z{g}h}ZX{Ey;i~j&<+=6Do{4HL(&9WBy<99pip1ug(X>^X_Dw?ZCRXlU9K=Kaw$w68 zS8)laGi#nRX?9(5G7$tvtLn6#qSH^utUOjq*3L_CpLY ziXo?ll(mTq01DLV2v93G7kW3_$B*UHT$hhAVBcw17NyD>$!b&R=ue)UKm47}bpM|+ zEyKj3Zy9|#$ZGkE^u3K0d!JF~!P-$-1`qarU!x`8XTWnhzpG zPn?~(*}33lx;Lq|yiLrGpPr0C{-(;v51st6f8p3$^l%w%mWRIm{@RYrv^F@{b~f>r zTQ_6ZEhhOGDxl@0(&+g2vv&2#c6q+D&%Y0T9g&o-no?;?axQbkzf3D$=6XDSc8#Ma zO=v}>@)_Q?pXP^l==_`ZD^I*F{gpD5%yNMT<1!68#IQcu{0looxBM(?JVY>UJI&{c zuy3JYL@BAAWTz1XmvdV{T<8)J}9hD1f ze&|c)UpO1QPn3+NUf=^PGb^tF(B}X@mIZqLP!-&pp)UuYa$zxZYbA~Zn^+_<7)73l zuC;6;WsS@@lLLAO7Y4WQ+s*ltO6jy6&aca%GgtgGOBt*515EQe>i>v2xrCwgmfz&~ z@;VPM_yov*+qTaG-&&W0$6u4rce-+r`zs%5vq;&48?|&`=26*@gLJ|I-S8-s2NukE z&V@FT0@UK5r2>r#g#yC>wQ%*!etU`i{xVI!j(A2SC(=mCB(mu`*<3%jHgsagy3hrC z78#wcJe}>*8w(qLWOOgRG%IJHP6~^t6Vl@%?G$7G zjwhc=Hyq?``6$=rWAwd!S}j}5J$)ufA1&TE^Wpt(F1L#B&xMNT*qiopifh-oY^DaJD2!GUt<(& zM5(2;`sOgX|^}K`7LwKjRMb?G?(}IwQea*Mmi#D zdY5&7m{t4KLeJYLfl~>jKCXLTrUUXeRSj}_OAX#yn&nlp36dp!*3^iSs><%B5soVd zNYytc#vnAFDXjez=ow6x3u|?zT1|Bi!`I z*zhCmQaKsn=_uN|i&;vg!Je73OSHH&skV?RSoE0X22pBU_n$w*n0R~l`PnYWE)4YW zVj=c?E>}8Olfp7wjr9scJ>@ml_z+zlUAU=7p31ZGMDRqcpPsSF13jJ}mF2k<=q;s8 z&rY(GG!>sLu)9i=1;|WCRVIegjM>tlW~WOv)S$FOr!V*BmaVxD%f5LhV0?T#Zijd!#psxZ@yM$rw1`o5U?QB!p-CR`6Fii zHLl9_v{{=Hq(&ek^KjC{lN&>wjJM7l@UPPHA7XNi4V*j%)B}OQZkR&9+mX7RNQvtR zbI6MtLROKlqzzXbVom^L-^)KxYFP&}a%aC1X6l;XC ziAdrT4HQ)>YPzODmjm(#h;$d%_2(at+MG|FaJ#2hxjLt0A&)jccV@`fZgSQb$bd|A6UXgLp z!yRN2;KRUb6R2F&l3}LpEY_ZDlo0)J_eyqrMfFo%pljA@$MSGng?7K5+LyVJ#q{1{ ziie7*M5>hKvPmgWO07e7W$}O~^gv!!d=O#+&TmOB8HZPQjj~r($~a*}jRnXS8YRz( zA6mH)ztCM}&>6}I_vXBm2itzF=!`XXX;i`vywnj#UYGQK42(4ia5gJokNOQ3?=G4TJaU4H9FncdVc85lfeL= zS?F!-IkgssOLL)FRSZPbr7iOCF;I5(GXk<20Beo4$<{b z@HUUpw)P`4i^+BDopvGi=BnR_!o4^C%xU^fT>@`U|N# zc}B3lH+A*Q6t8t=>Cog&GU-z=!-gJUl_M0=Yy+pX+8CnH$>}do%d0di0CZ$4oBU5( zi`~pWA5Uf%-Ij;{-Wba&mMKcrN((l`ltvtNXZ*?&bN;>MR`@>CUh#=aZGsyebUj?SCFr~>jMBk3fhW||ILup_sQ+g;9`abA8tN&MI} zbKM*BYtk6gBBBBf-JM|ic2c)NXUeaind9Qbf9_R(kA3=}l`r-cjOOA72OleFoY<8y zvWg3oG}y4C3#BC@eE_#Uh%ulEDCQ8nOir`vz*mP7O+nUB&5ttcT;et~S9 zO?V3$D9t<961#;9<(-lhs^or^`}i_7zf5Vz7xAMfCm6Rfo{l3wm)EjxE{fwQ*O>|b z1TT9?`RQllX!b;i95YjTq1HwZp5E|Bztk*qv{>Z(+cPK%XIy**1!+H5QT+wASi_z zb-D8F-t7G19(kF%W)Mr%G6pioVCFHpz5RUr;h$|=!Fe~@0`7)4Wc9@+|MX15FVct` zWF)eS_0ZzA>|f@(Jc`BE=`kyXrn*JX2eMA4B^jg5j51A8Xj4ajTD4&)rPwb-ws*=qFAsA*@{?3UTLE~ zAs8tqu9`>*S%w-k%JjKXYgJ;x2&aZdWh-ZQ?sRAE#_|1pwbPQ9nc^+v-9)o)BPN!( zYXO%UF+fozM@$awYV#0M#@r~&D$8a}2e|wE6zEJ__xRD`pLF*5_X$}yF`(R{TPsk~ ziQNzdo=74c)-g;Y>ezlw>{q)Fx47>o6kKRi=!7yi)VB1 zkz0ehb;#oy4SNj};cef~0AGoI^mz2f3nH`=YggHJuYGGx4lfp3o zRf@Ef(8;y@QgieM)BKoJW;nye7)gVhdW1DU+OEmesd3;V_hDzouAObk1sc{Tn`Bds zHInx=|0gQh&cmmZ0N}Vp^HvO>DO*URw*;?tXxCQ!p^Hw4lB)&R3DP?=!}X<>e2+Q( z4%6~V3P#!{CRL@VwCK%e#R@`|+&d*fR+*MpD14?<_`&1RXU>~gduuDl*jkrcYn!FC z;W77X+RTD!N}H}szj82spQd&wD^`AY zc~_``E%H1mg}6QD(MbJWF_Ts0om{d>#u}uelDAR>j%lyA0?4#V!s)NnxcbCi|3PP; zf1ep%qhv5C(Vn95n|+@9I#b+4fOR?4jjo^S+kvwMGf$0!Wn+dql@uJcv6ZrABi$+! z((y^`W|KK?JU7zoYbVI)_^e;)?DHSck{>e5g+zQa=F2c8^Nb*k}S8!=i%pu z)0JM>v)t!C@QBK5xH~mg`Jn#+Q*n*!WqqZ`gU2m!9<;4!l`lM6>}%^( z^kc_Y{pUMV)IeaJQETKgr_ByMEu*9%)}|5yz9v8Z(!cR*`Pr5?nJxbkHUAk}`)g3P zVE7S6em`&Y*4x8)^E~zG2O}B70_sgV!x6_X{7I+tLEdJ=uTglQ49YMoh+0xFa~jmo zt0!|K3QTkT%%$J?o83!%i|=p+tq4c9FU^SW0`|Z2O1P6rw)O90#`p2B?tJ@OgIJj- z(|c5pt_T80;)?G9@Kc1lA~ct;&?!;pTvpwqRUfUfASD7b@t24 z1iePolu4!&-dU}p$Rlzy>Tc*AeXw+0`4n27HQ_1K#3SoEs)$NzlSGT#-KiM=(n$xE z)>7apj4hC2xykEK?w4rn*O?K37sH`!ZN94PE7P zA44H^%i%DY&XPW-ZWD6!7;K!O_v|#+7d!vm)7>}tF5lsLB35EMKf~6IdHnk(@ZSTU zr2Y8cd3sIeI-{(73ap(D)1-N)O2mp(dj_J!u=Rf1g3Xo1W(uR6guhLHdA1%|oZ)Ks zuz!vHe1{rW2xipE6hj$hDaaM7wDRC{gxq>Tmc7-~t343Nnu$d(>osas!Q-wFs0^Ik!(5HF4Cbp8x4cr1# z@?%u{%*NMI4Y=6fBn~vEVq1_SzaSZ4fl-F4q$$O$Onit+abjBxzhGf;AG@VcWr~?omc;; zGb3*y6&Z143p^QN|62%yh7l$TRJst*;C%H2lj6LU0Xjl z$$HziyKet^tFLaW10nZ*r(xG$3=GcY)Rqy$7%{^u?Dg+6ONXc%ly^%FzfGHj0g$rY zT6~vWdR@FcRnR;;;LtOX=7P8qTqpgw^-*>k*T$spO_9oy$Qdv#s~wfznJGp~v%Er! z@6(hHg=|dvK&skOIwtOrl9bAM2c(6h4JF7bO)ftTdTyPg&y_UWn`F+w9mX)ZJjP?9 z)V$BMzTFA3`lTR)bF*Avk9>z|yG+=Uz_K;*;Jrvrztf1yEVDto&M-;y*+7fklymN_09zP%h5;7@(TO?WoGG6$_B1grH3s?V=8&IEp)h> z57sJ-T4pfk*O@E7%5}L$CmcUJ)T589>q2r8XRW>*Jb%rPJvrjObA+!kErXPg9>g=t>}GHQN>z1d65=szWjcKhT<~Im<=&;*)>lS7$r->o*CbRYa9h-e=$~ zf_;c+A0TRDp)h_&r)TzxfqOuNZg-XAomc;`vtPbPZP+0XBhV={gHjIhc09_ue`3Mn zp~W1f42G*BCQoEODM|9v6R~Y3;N3mXw=KTOV%(ezU3I#dX&0;$wY=zRD`L7l#kJ1; z@f*zYT4g4d48w?=9?f{2;6@bNJ(1#W4hFfxec3-`zs(RVqepw?bv=H3Kzkur?UXu? zo7_rx;$pjQDwh7<1y-6|Ide$9u{=YEg4F(+UQardT4iqT1|;3RuPaN7rd;Nb|Idik zmf!H-cxc0#r|MQa8N6JuTQZWiy}qXd!373cvK;bKmuLOjnFH}3EjRR4JPgQLrODd_ z1lNQm3}zF}UEX6t%amW^K6?puUAkt+mU_&c8U~)inQs(nzQn*SNk3a9WiZxop<5{D z8eDt+aQw#d46i1ZH0{G?QN#Dp$5%KI{vmt4iCfm``NOBKhGUC;9zNxsoz(bVO32eC zxkt`5<;wC0{2Mg&RYp1>qsNq8ud>yQQjAfcBF;$!FD4~13{nQ+?s+IcrNM$CF(Y_M z?nxW#$^lC3$)O+kR`j`6B2{j*df|gFAS~A8?K2~qDeqc)%w*Te<7=q({~cT&io|&n zCu-J;K6ie|-0{+UMfAsvRG9Xgh$!Yl#1ozn1JkqWdM+yG5!w?|Piaj~C|8PL-N4|? zU;B;b*?Rv$?)R@UTU?@$1{>aDNS~3+F%=Fo^7=CdPsI>%cQREsxR}B5*Z=tIooTs3 zZS*7NYB$lW$)vBeFYJv zZgo`p%<2K4zg&y8<>V|V7gC^uV-Bsv##L3QP12!a>N4RX*f|n$NOxK;vWM?5Egj4a zB%&2bdg42^s|fKCSPO5fVp^?x|NLVkLmkpsqXzHp=?Ld1y8un2T8%a_PE`G zlDn=%v5S2jEF-qukgU7M-{63Mhben41;oS%6&`myw&PMgCU*piU78#EV!+v6quwxv?{+xvS((Qgacio?oK%kC_%FlXOqmRA{uVb#|DyXepD z^P^8gUrFz4bwmcNbD)C{7S(EtKpUCNkH@ymi+0t<@z)CQ?dt#K@$F~)A}#q24SAK3 zlqhL_kHb z*Qw|0NFM3gDr<6(EB=do>(!YS`Tgfhk@hHyiQZ1*Qj^PP@8=ur*B|mSSGg;>+kn?r z=c!-ge!foJPBe4}jm38SS#N2FqU0p@`$5(N8PT+i1_Nqx4P+y+XQ_hc;2ClJY@7ax z1o4Jp9IZA2S2!rk?Dua{Qyu4!FOwF<+0BFE_U}LWZPmt%9wA&IdVzQjmQA<}#HK5^ z!ZCEMFA55x}I%8wKV&cEup|^txJH|B6a1HdU%!NN7$_PX|dDdJ~ z%a%-bt}3Adxu>+Gk%MUJ?|~K!gH8y6-eFST)!axy;!?8;M_Um5GWW-2jBlcXE zdUrS8(thoc%hd^E;O6{Rh>ePnJ5`GCiWx3gVAihF_GJpbSruY@r)y#?S=5MQlYKi1 zsPvifUKQ-vcTSyWk)ux)-b}bYa@IN01}+$~RML39#_P+u3L|MyDjm#@51sP^E82xa zaABbJXOIu>DLkGDc^8$y4f$xRCr9T?%3}dvXh>dR*)}IjimWOsz2zpC&xrJvqbk#O zg+tT#(^&7)?HT0zDB>IsJ@V0(HT0?LH#eTnlvb8inp!Lb)|ZHUDfpglogUM?PF=4f z!5J{en(pP&@F?rEpQN0wpO2%IQs)X8z0Nd0{!)t{u;0JWoV|7zto!dnq|dZ;Zk?R( z!W`WG$?dQ#LCI7>Ml@I>Aqq3{%5CJHf-Rw{8Vg&s;VS*q^j)>-owAu#7QD|a9i-a$ z6^Pu5BH&JW;9C$3iAu4!#Sgm4(YqxxZEK+KT~#Bff*utgZBCzDepKCWkkAzDOqf2l zAxul0HSiLt`adVD7{kWzv&EGmwh6Kw|NI_B+{oxL!zy(dVX^@zL8c*O+|I8#X}v&R z{k6b|7(pU_m-WQ%R>u98`8o|cWInE0b{AY7yNDB$yT~^Q=eKehkNwLo5tFg+JM~wM z9!cFBe|(1xc90t(mcVNA2dPbbveR7S|KHx(#mIGJb^Ld#?!Dd9GxoH{acn19G7iaV z$s#y;sk=+Sd$BAR7$M*Ecy|?P{P<6X|+Vkm;#7X8aji#rk`&QMx^>OOd|NPI+ zI_XrY%h`lL;Sc6Xv_jTs*MgLICiq045)C;A_+j;3)u9PpC!oHkh z=DZQqLPGjfY4<*IDf#6EZ)L6{+viHt$BF|H`bmOOiKpQP#o}S!C{IuNOY^(sKbW8e zF;QEm`w+ElpXbU_Nu#!%FYJ5Zu@atIg4yXtJsjaXL`(A_T6`Dz$x&mMu-XW!UD+be zDyj{x@>87GFSE4mi=2M*%CnwyPNF3x-n1HW>EIrHrM**Mr&+Ygq9ogDJG7hOoi#ev z!8f=q_bd2d!+0EhHwK7C1J#GzPz>oiWeg29mF0IMldA^xt5ANh7|WO! zETmomOukIqcsa3W<$GTFtP^!)QRmM^_fB=p7Jht!YIL26r zu$KHm!?16u2kQHp*-DK^=Z)_lK`*zQe1MTftj)q8$a-{{qVHyD>w~;{cB)xUHBNeJ z2Q*r)sdn0vdj8QFJ>9y)y+PBz6CTNWQgAl~V^}y6kS;H84__if3Di%#8XIS9A%i)Be$JzD!vves2()A1Bfk&u^~70#orQ zMHrxJNZoKC4_F;$tnSf&XB2!Kz$R+sDiZn4W#o$rR+sN&e9Yi*9UJh$HPn=745Ut4_fYvxiJa}&&zF-J zqr1{nONLo@F-!jO`M+cM-D{(Ie(T{w6eJj%wVg2s)woxYa&Y)$qVP%x%`~WYB$Q00 z2}zcrPEa3Mh86i|geCtWUcVv^{F>yXKtkKXBDUfAW{WF}uC)sUsKG-1_S^CpjX zgljt8YSuycb>ifSm9MjEC)#YU8z*WFY2&i&{Z*)Eo9*b!+V45_{EI8p!;Jks611_& z_6=NLD>Yl;8;2fV=f14bluB>4(yG7?#CNI#=2It6FdUwK!{rPd7c$fqV4w{VuVvuj zZyZ8zU^)NiQztOI9?KeS+_eP0m1=3mpVJC$UDK&^&G=aU`oxJB#_rQ-|5#&puttrS z7r*@b%cx{4-H(mPhmIg&+$S{#>kTz}Y&U1gwchT?&VwcOlSchq2v7Bh+7Pm)keHG* z?O|<~yy)V~6cIy4cOZrl2);GIv?gqAzUX&eOQk*ka#>N|h<(kQxkIwMl^G*3N)A}xTza1j6*_jeHwI#b9vGS4F zS~iQ}W?ATC@!gCL&+98;d|DVxthXpyxytxxV$P=ER~VhnM_C(Yg?6oTV7Cg7)(}N} z)LvuNSC;>J?1JiZ%gS1(Uf0%gW9_+d__5bFr<|2;(V$n3(y*$n&L+otvX&XI0=YF< z-e-@zM9MkN`LDH>m_3*{|FWT+gC0gRL{luvcOKiOKHnyIsHID!Sga^Q-p1r_8OoDJ z{SU#+i+aBD<-6$j!22a8Q%^$-wG8gPo7rCe)6Kr?%pvUeWOE@!GEFpiF_OSA!g(;{ z7?DL&){dK!V`uX#NA9oEmh;dg$bR7&tv~_fR zt-nS7*qRZ2>y_yCs1Np5%M5J_pOk)ald*1IlR#MSuuT_(*n_`^2`$=*_g`{kNBefi z7_FLGW4Esg94{gdG6UijxUW4k@%Cj$t-hVhI?JN| zJWJd&XVg7o;XuW6Rq-TTZ8hZ5!5KZ>+U4G4THhUn3|9J);$!IJC)#@bjAIawK7R1` z@lTxB(~K?Len_re=f*o%8BR<61XJ!Z`}E(*c@-t$vVQJ~_xvxmirUU+`WfV<;H1f4 z{opcx|4$wMd5^aT*wb_QSU{&8M)ck%%%CH2v4Y3 zN~@GnnO==MHOae2_UJ3^JKP)0;ufELnoJR#7u5<&q>5!9G=%GIYEoI6_aT$}zKQcW25IvSr~d^Qpje;W^?Eo@;6 z9~;(BeX0p6P}mYjNvb`Jv*0qUyi47`$o;#1wv}G~>b|!wB~MN7u0OeW;X^dtMb|&b z-@f<(&%bo3DZSqDZ~f*2uYKotX?e?B&oI3wq3Ot)hJF)U5X2&-4KP9RR-t99P_rPS zEiq+Vr8gAkw1KZ%*!NNGk@-H9jy|3%W(SMeKDr)S>9;BJsb-JekE`X09GU`5l{qMM zY=*+TcsVj5ms-1dg^K5DfnF8}ij;kLz^6Ks_h!pGDY zUP1yyRYkPK$YmyyF1_v&yL^-8o%cU=zJLC>WE0Q!deaB2&B)DOFwpJ#!_U3o`2LA= zt-5{tSXw`G{M*0%)z;k4?F&>bEwJ8UwT>zjWr3=)d+!7j6G7Lpuv55_fy3MY7d1mD zNVK5aFDUI4SM?75@Vlp*T|YaQP2B$^UJgXPWxRn@LpqR@PTSCZTIn6Nlx)*8?BIWy z(sxK=L{CU+7Y?*+44?D_Njkq#HK{G!o{(Y2ghT@=-VOdWnlfgUK!d2)3Y9AAP_MM& zyk0j)bwh|kK!cssP#}BgU*~bvlRpSA#`t)UfOvlOTfc_-oSEJ~ z;Ak*W%UkW_zJnKJ=iw#2=SgRnE&86c0ZUFuW%q2KZO>5L{mh>|*ISV9pPo1P7YM-w z?bUdhD?t>*2f1t^M=`Trdyf?4hYSzQ)lJs)We@R+lywlHhDX)4ov$66;Ju@*6OXr% zv$4FZoaTL?GYp{|(_l7KlWbK-zm9)qbCd9@pZ=trWUL|&_ffTfQ{RsZsP&LKPpTpG zF-(^^iI!~@dt|M$)oaV(DUIShWFZqHMH-SaBBSBCH;(Z=lV~2on0FiNg9|THeGik1^(I7K(L&Tv z_XT2d`f|^4E0>Q$dDzi-%;}v6oNTAC8HNmTO;nguWlm*~_IH7x*7F)sAu0YQzJ{nq zBtb>Ksj%OupF{FlFim_2-Se??iwn+O6;Gm__N2adEb&*5ib>i*E$V-OGuJj-R^Yu! z^?*i0S2uUVw{Ux65V@qDM6Onv2yLhzUu&2so=I9H+KJa050bdGsEG1j42kway)|hW ztsM`Ptzu9QKSq)div81*Y-3T@?!L9*?)DhE`ge|pE&y=2LkGzDVLF)bSp1be( z`~K^*i?aQxA`NLO8hMz*T$MK`U@rbVvTo7wJC0y)q*3ACnQ*;9I_shaFkcuwR_BBH zyWEf3K`^>RWFvZ&Tlmx>>I#dGieYif-Ovl%A^%2G7BHl&HOZ7Bq;zQLy9hpB$6$RD z+y%FM0j{DWOEUQhd-Y#%@?Ri9v|iK=-48%=bv;{|I8%t4Bn6F}T?0tolJN zG%y%Hl5O@@A|66J14cV+)3X>gls0682ppKzqs4Bi8r&8}LuEG)g9({c0dM-@9kqy0 z2O=KeX~-pZnR&LE|D>P<&E`|tKHri1=*ut6=Ios#h!XE7Sg_3vl|RTm-wO!Cf`pj43$jXkl&0ZB$Wt_g#2E9 z6@eL}Avqu+kKIr^U_}0I*aFwU8AF+bu($rx0&EY=Os1f`9eY$W@yJUu%=)>h%>`4Ash8 zGNLLjYN%LvgDO|QYA~ab+WpJ0b Date: Fri, 20 Dec 2024 19:14:52 +0530 Subject: [PATCH 22/22] Updated the command examples --- Packs/Doppel/Integrations/Doppel/command_examples | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/command_examples b/Packs/Doppel/Integrations/Doppel/command_examples index 87806dfb8688..5a4fc8ab41bf 100644 --- a/Packs/Doppel/Integrations/Doppel/command_examples +++ b/Packs/Doppel/Integrations/Doppel/command_examples @@ -1,7 +1,5 @@ -create-alert entity="http://example-entity-url.com" -get-alert id="entity-id" entity="http://example-entity-url.com" - -TODO -update-alert -create-abuse-alert -get-alerts \ No newline at end of file +doppel-create-alert entity="http://example-entity-url.com" +doppel-get-alert id="entity-id" entity="http://example-entity-url.com" +doppel-update-alert id="entity-id" +doppel-get-alerts +doppel-create-abuse-alert entity="http://example-entity-url.com" \ No newline at end of file