From 3a6beef19e639456e62b78bc7d9ed1bfa71e4426 Mon Sep 17 00:00:00 2001 From: v-shukore Date: Mon, 3 Jun 2024 16:31:03 +0530 Subject: [PATCH 1/3] LegacyIOC packaged --- ...on_Legacy IOC based Threat Protection.json | 2 +- .../ForestBlizzard_IOC_RetroHunt.yaml | 5 +- .../Package/3.0.5.zip | Bin 0 -> 13104 bytes .../Package/createUiDefinition.json | 2 +- .../Package/mainTemplate.json | 131 +++--------------- .../ReleaseNotes.md | 1 + 6 files changed, 25 insertions(+), 116 deletions(-) create mode 100644 Solutions/Legacy IOC based Threat Protection/Package/3.0.5.zip diff --git a/Solutions/Legacy IOC based Threat Protection/Data/Solution_Legacy IOC based Threat Protection.json b/Solutions/Legacy IOC based Threat Protection/Data/Solution_Legacy IOC based Threat Protection.json index c95acc4346a..0daffc182ec 100644 --- a/Solutions/Legacy IOC based Threat Protection/Data/Solution_Legacy IOC based Threat Protection.json +++ b/Solutions/Legacy IOC based Threat Protection/Data/Solution_Legacy IOC based Threat Protection.json @@ -17,7 +17,7 @@ "Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml" ], "BasePath": "C:\\One\\Azure\\Azure-Sentinel", - "Version": "3.0.2", + "Version": "3.0.5", "TemplateSpec": true, "Is1PConnector": true, "Metadata": "SolutionMetadata.json" diff --git a/Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml b/Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml index bc83aaac7c7..8f18c851471 100644 --- a/Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml +++ b/Solutions/Legacy IOC based Threat Protection/Hunting Queries/ForestBlizzard_IOC_RetroHunt.yaml @@ -12,6 +12,9 @@ requiredDataConnectors: - connectorId: CiscoASA dataTypes: - CommonSecurityLog + - connectorId: CiscoAsaAma + dataTypes: + - CommonSecurityLog - connectorId: PaloAltoNetworks dataTypes: - CommonSecurityLog @@ -40,4 +43,4 @@ query: | ) ) | extend timestamp = TimeGenerated -version: 1.0.2 \ No newline at end of file +version: 1.0.3 \ No newline at end of file diff --git a/Solutions/Legacy IOC based Threat Protection/Package/3.0.5.zip b/Solutions/Legacy IOC based Threat Protection/Package/3.0.5.zip new file mode 100644 index 0000000000000000000000000000000000000000..34fc40553202dc76d872f9fdfe1ea0c2ad7fa732 GIT binary patch literal 13104 zcmZ|0V{j%+6fPJ}Y&&mkO)#--JDJ#gW81cE+nCt4C${Z7-|p7#-h1nI|LE$jr@O1G z`_ws4pK}zX!6DE=KtP~DhTR7=mYK-Or2Ihq(anW$Qbn3!7FS~ywQ z*)muH?QAc#KW*{aQNDWxcKm0XlU!aC@edqgvMtt^htYo4j z9~<>%n%(MiUyKOv2i?9(WgHme9JWh6z3ry7uS+8Iq4_Q^sjl$82DTZ9!bPwFXxGG% zQEo(@-?J>QHFNb=vL9qoZ3WGUB6&qAr27bTm$1QJH<0SMLFV>0^okj+x&i<~yloZPRikH=So}>Hl!^b?b`QSv<(m(~8;>`$Z9_Tq)PXzDinQCh z0S0S7e9YI|HzkWamascHgx~Waj6iI2C5xJGF9K(5GN>^=ii8tmEDhmRf@WHzAeu;Y zQRq`k3}@^v3Z?q{<9z30l%{@pOfI&qP*(ahwpvJq@@T06XUHA!*FjF^`RR2P$<$Zx z`nr3gk8*KR_=7in7IS|hzn=y)`ttC6-K6`MHCkd+8&A4DG}`;m(IL4RG)~#HS*}XQ zYSjAzD=B78B*#fQ~zfB4`+#Y5h`zuTqwcbgjs34{n@ck>nxkQlV8}Hg@+>()b~Q zrwoW9Mul({L-;SQsLVfsU-@P8d|@V3ijC-%eUw4P$jatm`e7XOM$;sn&oNe%dA@!5 zN_vM{WXm5)*ob(h!?um=BoXF~7&3ePPz71HME%?7-{fdo0`7jGY}!{hGiIgvQGJ?Y zXPaDg%`~@r^HXss+8k=QGOxwj8FCyq^{0*>*`(ap=GqvcsPCx~3B+LyafJ@ULNWkv zvO0@$*3+2OxB3D#)$&HxWY{AC+_V`(luIvYNRVm54d5_Tb3ZzI*_ zt{QO*K_wu>Ks~&Nk09m)*u&~Bv~5e2vaQZmZ&vY1Z}vby%0AjWMY1yq8*2i)Q6uC5 zIBd4=7p40k6#2xAIuiW|co3i~DckH824tb}UB-6L+nT019v96?`(cgQ5~jcT?-2gr zVolaO@;*I@x2-oARR8`Cb%UOW@Y;a2aLt79FJQ~+z zs4K~$NaZc3Vy)_~AoazXaSf}~^*@Ow=&nCaRR|H<*{%*(SL6WsmGYZ)v+r4$$IU!D zTaGRA`#}A?{ViNph_5RV*r7qwKy{6kr8G1en)#fwuh1^C`rd?L?9~ZM12+<&TI=Zk zteSosPpFKaIDQ_WV&ucGGboPkcT9&Y{n3MYJ%IpCFZUzjT3k)qYvKw}MN4rFqwdi? z%$tn!I2>P6t<5+Q2l<7Qd!_mDr`mCAg1M3yjmaRUAxvMqTFj8@@YOlc9|mPLp7a;? zRvF^QukTxJRTF#aFDYlh<=xmhy^BH!r4Yo=@vQBzIJzR@c?0F?;W}}HRf)0HR~BLn znkZBBN{#XeTvyc;Dq0a@Y_YDx7c4 zR}ULRR%BGafHrD4V^LpRPPmW4M zj?X_IeOi0BE^FEPZYs7eby_1A@NDz$v$kszP8pOM*H1>pSxa{-s{zroEb%DDMS>$P zzH#$9^$!6UK^iDAoPD>T?qKAQ5|{-Mk}7mU-?0?=D6Yr^50-y#Zg`8a7dL)Ie>NS$ zHyr+*vs?z9wf1BuJ+1T7$>ja+k)hHSy9z8Af3Lf@88_3}kb1W=5`ZiJZGHL|xy+rm zwcx1MOzzk$+RQB46sjg<#6>NXZ3Z{HG33zL`Pxo4u13?vb|cJlw;{I7()uc)BG6Iz zUBeB@*yhwMdt`8ENnb}p*G3kuzLnh^`xU^CGVBPvl(6O6GNPS)=#*f^^m6*rnIW&uL;rAIa%dY+F$MT9?DWe> zm6ng00O6c_BATtLPRg{_c)+#EY(@aU>TPVm z*8ECtvm-OsLvvpJPUWAq^(ocRhm9XSLomfZTwX<6cXn2r)|j)u;?`#t?6L|N-FSk+ z0rPZ>o)}$f(2mVaw2Du`KW;e-HN?0@^Hf+~0m;>UU*VC;`S9fC1 z^r&h%*Lc^MyLZIRQe$)r@gF}X9KMAFnLys?6z)`;14&6p3~D?fkGAuWD7iL?8e#67 zE|O8-vUVwcXc8=-rHeYPL7I`+-f?ynQbNbqAEKNXh!sz12d%~|z?_cq75uw$0bA2PGW;WiHJ1zd>V$>b!$PQn0KJa)= z@?R~+%~Jhk z%v^rZ6z5^l1xV3U8J;(pV?)aw)t7e(1qD;~{AhhsPNzXfoPQdEGdkB+>el(jpTuP7zJ5vA+;Zt; zt!2tmZQXy%*Nx@x7Ddmu98@RE6${57qg=X>`+fJY{rfIpMj@l$lnSJdxUO8&fmvZ{ z^Z_2}oVkKH{!x*IJRWEeYEe>6TWl$-9cZb4s>=W!Fdt80@4qb}6$p+v3XoE5%IqcN zj!gmwAf=aW1Scz505GJL2+XG?i!YjmsC`-Ay%sz8f9c*YKm46-TJ9D7Mc}Zgqi7mP zH-lOY2rmHfvnu3(f zD9)emG*cSIRI&h&%WiDf-01ZmZq0gnIJGiJCg_zBl2bPU7CQ>hyyw$3oCYJ3m zSQaf?E0Qat7xu&}*^Tu~#EsOd)X)*MviHEhzu*-9CyJBx*_0DR4g%7|1`2}mkK))E zSlFtV*w|bDBRc;#x$!=C*^qE~{H{uNEt``OvJ_Gx8?q`rWNSExRMT!Stmyn{#EBmV zK^-OFhv1iRI%a&R*(3g*L-wwM;RgooH#<~du6&sy@pn-$Te;NMQ$7FdYvy}!b(&~% zH<@qA#pgG-dJYHBcXb0zokn?Tp5jfVwJYMuGDo>m<&@vux59H>;+_i1w-m0eXsVlb z12Cs-bh28*`=pWHe!n*9(#0?PX_W-X58^kK(zK^monb#FBpl{R2e7vgJjvyn4?uFe z`wsrdsEl15N-ne_V;=L})H z{V9@yv&_Af;ilfE4aXS!P|wcMtdt#X-Wfxt<;q?FHJiMro*}&-6NoZ?EYRp=7%KuD=n?y|J%Phc-QWLpex|o)`}k z$Sw%z55Kto897lBmMcUZm0{S|tG~MS*|h!?HinZ@EUwLv==+#ELT9Y92@3A6W%tE(SwCC(>$EVFATF%OmVPp=jtbPuk0XJ~KIbGHJDR59B#)#J_n z3VVBR&@p-}`S=P$s!}Pn)`u2L3OMm%Qxhp6PItfr>P%l|{Vm~Y=bh|%{<<|GsvTHg zvxK|v*sWHZidWs|)Bf`ce*Aq)OuIG)s#>u%XQBI%t(_wlhI6a4cf9-kzbPBp^=h@T z%zN0&3J=+0ojlkl)sE6uR$4Z*<{WsJSyx;7iJtdqaSPqis#i7#u8dfhi0h9om6fDF z1GU=cw(XKT3DCWpmj&}dGBz_ug0ik`svYenT=4P)F)22mpgDn@hJ|R>^ze_H~u>YRN!X?J2w1;uFWP5N7JWE z`-aHleCHz#SIC=B>%!FO_S65f&1IFN9c8a)`$^k+bqx1@h#H|2_o$Ay3L}!+QN^V# zaJA<8{LxhI+hzG+M~D5u$=)?Nu=AB*QuO>%u2Gwab)s6!+b>3aAk3j|N07d9d3Zmj zW~I67>#}C7*Ij1xbX&{$aI)Zx+s*fJF<=6bE6}AeI^M|Um(c08I`^SmcTIA$V6(1W zi{;XCTcWG2qOLkx{6L5Z7E~hdDf%S0_&va@5O>dF#X~Xu2hC3r<1)=+84M}N6}lTF znS*M|I|}C_iepLdQE95tBoj$jlikGdc`?pnBoO4)d&Si*_^F_wTb~kefIr0)ycC&z zPbUZP0uP)jzLRq65X!F-B8>fK5{?JKWupM@#82^F<_B%jB!Q?Gd~U!ATxarRnQ}Zk zWZ?R18n!T~O!4F{=RC_ob^QA_EbmaQ?;`(z63cPm!{J!jNhbyooO^d@fpqxk7Amc= z3JgDM^DY~*?tCI9F|5)fbrXDXNR)d>#5tM2^vIiRyOvE$jNg#u@(F=og0KJ+$LK`5 zccDB~N8o(b<4%YPXts=xNtg9%^{#I4pUY@y2+TfwA#z%-Umzz8jr+3@@ z6OIlkVwhC%zsJ5Jc4EIBuE&n)qb{zeYmf}TdqFY+=XjcnHLKCTm zwp@X-Tsbb&)z5SJL~gzhESlL`lvi@u$-w2}B(DJn{S?ZKd*WxHEIHxOff()=C;2=v zWBI@t;=iW_xwir-q=_p-(p;i!X(TqW%+C8DA1jPR?iYQ)DkBZy&hdS1_;r)j?qh)w zPh?a!Pze3wc?lt&G)hD#?YT|bfi zbF1>B;yb^M`xgsB8JhYx6V*~iF+V&_z&X`QMk;qF{At9Pygqhm_LB_H>@0sIlIWL(YbxF&$41?1vq3bXjQ7PFPy~$jjea*j+%P6>+7m#- z>2kxb;Oyb$=HSyVOw!f-WMB*cH578X z&M=F`4D&Y9@CtT3>>qCwk<5;o&pDth&jS0K`#Rs5FBoE#zb#|7T~M~UwP8fLjLZq< zx{rOu1`K5n8UaErMh!$UFN`uWNFZ)62YjVj9##Lqxe+bn41wa&Z5jbnSqaIxq{2D& z`2<!G%Pygz>LOKxTXx-NDJeR2e6%?9mXwkMZ zXRlzS=i;;>h|la|AoIx4A!w!ow zA-G^%30o&`fxf(bT>S>7`0O~O8ak5cp`f*pebn&_!=}vpyoSc~YMrFl3x4^w{yipa z@1Y@@*VjZozoo-chYGAvbkj3(>SV3N`j;!P?E?$!U#!Ux4 z<1dr5-So)B2z&IsyQQQ2us5vis{AJim!n1u{B8TQ<8+F%GU}UPgVSrSF0=8f?5#-? zxcptwMN{w0aPYS@{^+oIa@ za>QmZr9b^p3g6^06Wx zneh-Bg=XOSjVp46Di9xPXV%@tyL{KUiE@efi+C~64w zRuZ#xD-fe_h0H=LKjnkjNIh{sz1t|M2OOB?TFd99S}DqW4+MIUkwxF}Fm8PcNK(C$ z-+bi7Pm05XMNU7-x5lwm7e?22_U+xQlZzTw56_#Jd!}>MSeavkJFj@aj9ec#x^cLd zy2zKW?C)$o zB|Jf2#YE=U-pyCnvtxYkz3pG`&Mn6!rGAfcm5QLGVv;0li1!FUPW0>&h(yAxm2o7ors`c3fy;=zN!7@5LrEDVIs+2&o0PB6Ff zKMOSU6H_OpN~?J_)XbC;_}*c9@D-3zP$_^yv#xH#6R``nJgai>)JkEt?jVvov-T^@aXAij;_LGOD_ zI4;V9kiU|l$=}frJUfyhFeux0oNyRHo5xCTcm5VW;dY{qk#Foq1fhuVuMrc#Qp;ap zmBs*kaOBS%{zA;-mINHufLjRvqgb&%J3;hE@ofAUhf&XSGtpAwq4=H{T$mE zPi&lmKWpur;zWVrylmPSE_=HU!cl2V9!(#m9flw<9B8g;a!1o{>HmCKonUl+XE-ec zZV)>xGe5X!>J17x1ZTLl;C5Z)4x{4X#ZZe~&G+!9c#8YDJO<~1B>P;&ky_o$Lv~=h zErXlGC_vU%`L*vZJ;RzFc0+~Bl<>1u;IabQT1Bsw>K#w~4c40tp)A1btNROC`8z9m1&AD5W+Ql!6y zaW^HK@jAIarA%+kyK8gFe^@`SdGm6`f&?Z#U)H2fZ|LJ?ryeFiEx6;1=SECVgri6{ zYjfF29}fu`N+0vuaWUHA-J?5gAKkg)=xv&RU2VH~H-6|ELHe$&-nqt(@1U5vM6qtj zy0}71eT#(BC#Fsvu(5}Y?ZZ8kQ&f3|63n?UXmK0Cr~Ho6X}1otp7K&+lskbz37+iS zPmS~ z;_}!}Uac2K1=GL}_vRL&(KwQ~Gdns5VQ_U?a0qrGQI*)!DQw>6s~e|}zRUpFm2YJA zPsy&wDG1YmNsX{BG{35qF3L)bQ?wUV+b+Tx5(MBmW*PV_@iK%9lnWRazWZ9zv}6XQ z4)5qwyQBxvgxxX;A01vH_z!kyq@Qz)PAEG_--#cAf_qs=yvJ9 zS=sG{yC@ZM%BJ?TNAt|s?@zl-Odr{-<(G?$=i8kRz2I35yfo_E{f^=nepNR3;53U> zy2RYyG5n~HTQ&Tc!P}qN80Nv=_XQEF*L3p@5$C|Y?rqiGq1)ck@qgxMb^A`-{oJ`X z&340oD}}WKd|8L_D?Q;M-r6yL{zj7ZJMVN2xUfMZ7)=a#3fJ~wVZW*pyG>nDHv@fD zdYjhhX_(gpeE|O^uk}z%kutlqf01+eu65Dd;E4Kyio8gK_RFK-!CKWTXVrf2iQKlE z^K?Et{@#TH!N$2vltHJ8Ft3l|VaU2Vrdxt-i58gh`!j@|OztAH>hLPL+b`O02 zp4igd`&97xPo1_o`_KO*X!mUywymc*_?!r`hJS&V#)^)uVbE=+aVIw?YXbzQ$1I7D z(1#@-*SP_BD`?h0&n3JLlM`n@LqtYNx7&H$MZ=OY?OI@74NGL2MMhHsBs=H)S~ zA3Wch!!Jb?!i8s~OClbI{}P{_g_ad^f;7vfhd_u`RT}(I#NH9pvv$eqUwey0|CO(1 zr~bO<>SBR0_f6dT|56FgJo+kKh2wpQc z7H<4#e8}jBU?h#?+Z7c^p$k{15_U%+Ug_eJnhJgw-iAGytOroKRtbHKYJ9*qv5K(l zZnJ4x*>G?ac%3^cCn9w@tW*^xMN-fW0gFn>*5~cF#{*fuTq0{;#lEJ61m)T019gAI4XG=FL0No!$CvFA=KZwo`p* z2YPI1M zFGo}J*TXbI&G^7WlwTU0RrkUDkmQ+jEYZU|v6lLI!bzLL_<@ z(#3R$<}>OIIA#rI=$&+1!e=ZdAA|)q+OsSNUvr&ZHiPavTP9mObwcY|kEUQx~98$fz|GL%N`25o`0s8rS)U2^ZJ8Ni)Uj3iSu6ytNH{zfM0<Bu2>KBY_M_pbK_XV6GdSgb-yp;`lZ z@4He1w|s^BnYwC4%!=W|!sNJcmv`O7UZl{sqqluXXv*M(ckKN0<4u%&m+)4mKr_?M zH!XHouh}uRDSKUyP(w-NGYU6RV{aQz?u;$d(*m_~wM1Z@mm((^x1#9;BJb9Aj2ey3 zq820fq81)^(my58DEyxiAQ*>{kZ9I+F`q#Erv&~1?Odqr@PPU*CxE&Y(|8e_9F@_e z_2GDt=N4Kq)TJJrgtG1cGD|zjf)PMCW{C~xOv_6tgSn*9p3Q^o)OV8Y_>Fvg_+}B~T&RRY8$w)<+AoZQ17AZ7yigZHq$+u}bkhu|*{^YcY~N36bS z1mMDN;w!ZN1i_z0a*W3F1$red4sCo<=zbCo%DjZc%a%77;3XoeG(#Uxr+7oiQh!WB z*JWr}CI+T0;!+dmGrEy@LK6+C*^$Y!k&kvHNkbP`HXD2-<0KDwF9QF7O@1(JPc)L_ zXV=P>+qLpACD(N?*%31z2ga0$GDxnJHK1n)K&m@BUMJiD6BXfEpvEAPn*}|-)#tja z9Qj5bB0pHV4VZ?`4;~=Wqcl{cB`hw$$T36($c1~g4#T*pIpq~`*dCQM$Y?cCBb$l~ z(Bl&TfLsVhtCOi$zvtBwf36k3Lz+E>GF0i*Qm*mhMA;bIQfU?q+x&OFbGUD;j!Pjo zedlyyeAJvDI)1QFF9OcbMvrJ*eQr(%5?cF`$#ijZV;*}~ehCqGH%1e(qdc)KJx9OR z!BipsGaaw!rO6SXrK)7`3{SO%@SiKa(}y(7sy2~$Pkp0sU;smE-}?=5mg+Z})wu;c zfO0V}p665j|u#eX52&3XF7ls6FNwvz-X9^uQ9GzeIC zAL=YNR)pxo4A(C&*IFcN$-9<^&?8C(fPNSIfG+A1_cY`{q4gZP6<&x^9k7f34iIA4 zE3MW2!atjAJy3Ou<%ZcODb(9-tspJR%==Fs>3dJ>X?t|3JZaR^3STNR4sv8l6XBJ0r)0XW`r_lH~RlEf9_4(ao zEhBO-yLM+Y5qkeqV@?gRYYhW5+?(!S7dP@L-d3Up@F9OVKrHB27YQA1gy?{|V;MIu zA9aQDZ?iraq`Es_4`(xDTz+5+0S94U_N;fh*-mOB%Lqp$s`cD;b zhn$>nKc&*W?q#g{`AheVKpggUHbEyMJO(y_51uA?9{{`tDFut-gt&#z}|O*y66!KC+M@J@q8Z4sXS=kCX|#@(^^J5AEt z$Acwpgw2ZNvCdFBS1!gybGD6Lgt>k($^AUOiwIc-odYbPrj*0cdVC(2W9(Bdd+gz^ zGCwGMQieNOIzT5f$n&mIs{bKt9e*HoT-IuFa{>nGdAllLE7{U53Pqbm(^T8RfCL6@ zTVD>tgN@XJxal2Z{Bmrp@)(7x9vWq1!VpeioF!wtJDB@%#Y2QN!ewgd?61<3s#%CX zkhlfniC=zdma!A#%{$;$i~IqD|C|1fa0+yt;!Ol$7qrw_Xz0TLf@Q%CDd4kR^r!V9 zj+9HC=`k@?c5E>J?JH-!Bo8|xAEwW>V8ab{fs^Uxsve4@G<1n*d?bnFUW`Ed4nAC< z3XP)9f}NA{C*3cR(_Ykjqd<1(c`ZC|Cw#5B)1FC?*CJA6+*wD|y=i}y}gQafl2 zI82d)qU9K;{7yEDd{F;L)g>5bI?Rmx03HV`na^EC^IBiX;AG1h#(|03tEanE&>%R` zB+8=(`64O3qJ~2=j?~;O^kEg-!s75o1ONNMvZ>@`vx;<9iXrEWM8{1?9qN)YBO{?E z@*O7bJOkVtE_FmfPH9WO3$hX?Vlx`AL)I$W4{v76D(PX@*`t}z)EPi_X)8G|4v_S0Dd&WkYNy2PllU{$ zYv#gA=<-i^Y#Kb*8VYH+*S)_k%&|}DpdUwy`O(73JS=D;6(!G}rVeGrc6n!hJmhl^ zt*YVOVhTHPWeC3;>c)#0%9P@!Bxv&?6kL48;i9%UmHj3+yMs;**<7rPKncTrS);W& z*jeIZ+)73|4x?la0(($tfWRSIjT#@V%t!Ryze4wRCQ?vrNC^w74fF$8Tq?=yj9QVE_B@tJtrv9b^iO2|4s5)>Qrg`8=R5T`Ge?4t zv_1O#F+o)sCz9PuE1SM4wz#;*nQl0m&?3!yK+Vt2r&^~La39!oLrg6su@G3vw^ESO zu20{a2v&+E-Doyl+O>$qE(P?*KCp)I{l<7KSaAzr~$;!^NHK!{q-Mv#HL1 zjCnr+7{Rz?i<3&fj|vw~zkk<-liFo7>5Y@BDll)VNQ1MzZZ38BAEiu^s_qC-E>~?W z8ZV5askMok>PjuSJ&ZhxdPz4Sa+;~94*GZBCe&ai;}Um8=s(I;M z7+#9X7HM+WLZl+*`b(vwSKDuCo#)xwVOvk~8)u|(gw#e6e;2X)u9E7^jNlRInyO0k z$3-k0HQTW{T#p{nssFmEk7SSZ%jMVOOFkJ6#;FXaOVJdvHlemU+hsxt{jE&yvWtjvpEICLHaR< z!wfzK?-EY{)v5$t>~ZZz(J;v`B#<`Ku76>zd?|m~bPJ$#EA02Gez9@A;&nkYxzMIA zLt`Al&-<9Vhmd+txsyK%fNEG9d5ArkhJnX|ZFL^5!5(FX*74Oj_b_@yr6YL?uTn@yH z-t2ZpRF7|*9aDp%^cib5{wvPfd>$p=;CA)?_?)a)`gp+fHY$TZ7>cm|x#@s)(lVn&Kck`~QIoKrU zVjHpe4bQB#6S2%j`;hpr#_TRO7vlwGwuUtX0>ZVOIIac6mGj?e6+X6ld<2B2E{2LB z55K>CzllscRT5A@pGcRDg&zA%{2b(%?lX~o6^+d#WA;w;czfm)o_m6DDIR(Hq_=tY z=YA{I_7}cPc}Mj2SH2*>IbR1()06z%8h3JPzZcRo_?VCNT#uA!VXi!|a>rz12lTG9 zfoQ_ZntXXpY+9|)8MQH#=($0B4-cw)fE7v%9;A6jWkujr+R27brFiq{x;T@Mmf-#{ z)Dtq3zISkx9LDmB-fMcjXL|Z^E()}8ziXHX`S^qQfdNXd4rTDDV86*?e3)adI%MiqQ`oiB9_ueAB8$f#s{$a>H z4Dm|KyoEOoDJKZ6n6fLmjy;r_toVD7p2r_4iDPB>V+WolyW_(`fJ!aR3I=-;*}$6V z*{u&;^QSD04+wS~_!VK>b}id+m?GCS{zU8Fk-9I40G@@HQu0CM?x)cTnZO^(0lB2_ zf*O!S5p~Jd zFRXlW_fceAa249ZO#irc+sxZ7xPk6G{dN6ve4l}HcSYg|*l=W~q6rnQ{2MdlA*m$Z zBo#yOgqUcXGq7+mDX(&7^*u#EiHqT>AgpWq zwZkp>Fo?SWzVJ0UEw@dX@ig2*sbTGAybf%G!N%80u*e{q{z{B%k)izLA;_ah(<*?7 zSTAB0C|Fazgfl!*_x=M14wtu81vY?;4o6K5J7{@9rdi*g8mqB`v-|;cX}@UASVJMn zoOw77?f}{6!sX_aW7Pk?Y>`B*&D_P&>Lu)vLl@)~&VC+6%DMf4@Vj8(^wRPIU)Hl= z0y2ySoiXMu8Vk)pRwT^vtqo4OM8&0HpPHq#1DLtwx) zrg&#{SpFjZ#Bg!JgJLqiLjKW4P20-zwd!W3Bo;OsicKQHQbj0$tIq-ViC57eum;(A~RhYS$X|kB|t`Y|+ z@$>$yv{)8tky6^kHv(SPus=;hgZ(dL1+vlT{{{E*0rZw0`CRcITCGb`Jgg?PKW-(RU2n&&-5L2X1CsB zhn`gJ9CdaJoHK7nH2Y*;w*((DKNbHsrnDS8AUtxR*6SmM^B8>^y?+dL&xdJc6pmJw zYW0G(rreAc2X||b!$OF_7+UE!U=kroD(#<3UX`*AgB;-4Uj&$H@l%%6xS)T{^JL&s zOcfBJAnk+j=hs>74s2(9!T|yuaK68g6r@4H&_Vvsc`5(mw*G(R|B$8fzb^8>Mt=Q& eEA0PEdHLVsz!an*fBXjl`&WbhwJ9wB_5KI8BdYBH literal 0 HcmV?d00001 diff --git a/Solutions/Legacy IOC based Threat Protection/Package/createUiDefinition.json b/Solutions/Legacy IOC based Threat Protection/Package/createUiDefinition.json index 37d28945464..5712470ed85 100644 --- a/Solutions/Legacy IOC based Threat Protection/Package/createUiDefinition.json +++ b/Solutions/Legacy IOC based Threat Protection/Package/createUiDefinition.json @@ -208,7 +208,7 @@ "name": "huntingquery10-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "Matches domain name IOCs related to Forest Blizzard group activity with CommonSecurityLog and SecurityAlert dataTypes.\nThe query is scoped in the time window that these IOCs were active. This hunting query depends on CiscoASA PaloAltoNetworks AzureSecurityCenter data connector (CommonSecurityLog CommonSecurityLog SecurityAlert Parser or Table)" + "text": "Matches domain name IOCs related to Forest Blizzard group activity with CommonSecurityLog and SecurityAlert dataTypes.\nThe query is scoped in the time window that these IOCs were active. This hunting query depends on CiscoASA CiscoAsaAma PaloAltoNetworks AzureSecurityCenter data connector (CommonSecurityLog CommonSecurityLog CommonSecurityLog SecurityAlert Parser or Table)" } } ] diff --git a/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json b/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json index a43d7227e51..b27f5899e0a 100644 --- a/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json +++ b/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json @@ -33,7 +33,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Legacy IOC based Threat Protection", - "_solutionVersion": "3.0.4", + "_solutionVersion": "3.0.5", "solutionId": "azuresentinel.azure-sentinel-solution-ioclegacy", "_solutionId": "[variables('solutionId')]", "huntingQueryObject1": { @@ -82,7 +82,7 @@ "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('278592b5-612b-48a4-bb38-4c01ff8ee2a5')))]" }, "huntingQueryObject10": { - "huntingQueryVersion10": "1.0.2", + "huntingQueryVersion10": "1.0.3", "_huntingQuerycontentId10": "b8b7574f-1cd6-4308-822a-ab07256106f8", "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b8b7574f-1cd6-4308-822a-ab07256106f8')))]" }, @@ -98,7 +98,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Dev-0056CommandLineActivityNovember2021_HuntingQueries Hunting Query with template version 3.0.4", + "description": "Dev-0056CommandLineActivityNovember2021_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", @@ -183,7 +183,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Dev-0322CommandLineActivityNovember2021(ASIMVersion)_HuntingQueries Hunting Query with template version 3.0.4", + "description": "Dev-0322CommandLineActivityNovember2021(ASIMVersion)_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]", @@ -268,7 +268,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Dev-0322CommandLineActivityNovember2021_HuntingQueries Hunting Query with template version 3.0.4", + "description": "Dev-0322CommandLineActivityNovember2021_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]", @@ -353,7 +353,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Dev-0322FileDropActivityNovember2021(ASIMVersion)_HuntingQueries Hunting Query with template version 3.0.4", + "description": "Dev-0322FileDropActivityNovember2021(ASIMVersion)_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]", @@ -438,7 +438,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Dev-0322FileDropActivityNovember2021_HuntingQueries Hunting Query with template version 3.0.4", + "description": "Dev-0322FileDropActivityNovember2021_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]", @@ -523,7 +523,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "NetworkConnectiontoOMIPorts_HuntingQueries Hunting Query with template version 3.0.4", + "description": "NetworkConnectiontoOMIPorts_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]", @@ -608,7 +608,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "NylonTyphoonCommandLineActivity-Nov2021_HuntingQueries Hunting Query with template version 3.0.4", + "description": "NylonTyphoonCommandLineActivity-Nov2021_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]", @@ -693,7 +693,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "NylonTyphoonRegIOCPatterns_HuntingQueries Hunting Query with template version 3.0.4", + "description": "NylonTyphoonRegIOCPatterns_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]", @@ -778,7 +778,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SolarWindsInventory_HuntingQueries Hunting Query with template version 3.0.4", + "description": "SolarWindsInventory_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]", @@ -863,7 +863,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ForestBlizzard_IOC_RetroHunt_HuntingQueries Hunting Query with template version 3.0.4", + "description": "ForestBlizzard_IOC_RetroHunt_HuntingQueries Hunting Query with template version 3.0.5", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]", @@ -934,9 +934,9 @@ "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]", "contentKind": "HuntingQuery", "displayName": "Retrospective hunt for Forest Blizzard IP IOCs", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.2')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.2')))]", - "version": "1.0.2" + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.3')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.3')))]", + "version": "1.0.3" } }, { @@ -944,12 +944,12 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.4", + "version": "3.0.5", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Legacy IOC based Threat Protection", "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation", - "descriptionHtml": "

Note:

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Microsoft Security Research, based on ongoing trends and exploits creates content that help identify existence of known IOCs based on known prevalent attacks and threat actor tactics/techniques, such as Nobelium, Gallium, Solorigate, etc. This solution contains packaged content written on some legacy IOCs that have been prevalent in the past but may still be relevant.

\n

Pre-requisites:

\n

This is a domain solution and does not include any data connectors. The content in this solution supports the connectors listed below. Install one or more of the listed solutions, to unlock the value provided by this solution.

\n
    \n

  1. Squid Proxy

    \n
    2. \n

  2. Windows Server DNS

    \n
    3. \n

  3. Cisco ASA

    \n
    4. \n

  4. Palo Alto Networks

    \n
    5. \n

  5. Microsoft Defender XDR

    \n
    6. \n

  6. Azure Firewall

    \n
    7. \n

  7. ZScaler Internet Access

    \n
    8. \n

  8. Infoblox NIOS

    \n
    9. \n

  9. Google Cloud Platform DNS

    \n
    10. \n

  10. NXLog DNS

    \n
    11. \n

  11. Cisco Umbrella

    \n
    12. \n

  12. Corelight

    \n
    13. \n

  13. Amazon Web Services

    \n
    14. \n

  14. Windows Forwarded Events

    \n
    15. \n

  15. Sysmon for Linux

    \n
    16. \n

  16. Microsoft 365

    \n
    17. \n

  17. Windows Security Events

    \n
    18. \n

  18. Microsoft Entra ID

    \n
    19. \n

  19. Azure Activity

    \n
    20. \n

  20. F5 Advanced WAF

    \n
    21. \n

  21. Fortinet FortiGate

    \n
    22. \n

  22. Check Point

    \n
    23. \n

  23. Common Event Format

    \n
    24. \n

  24. Windows Firewall

    \n
    25. \n
\n

Hunting Queries: 10

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Microsoft Security Research, based on ongoing trends and exploits creates content that help identify existence of known IOCs based on known prevalent attacks and threat actor tactics/techniques, such as Nobelium, Gallium, Solorigate, etc. This solution contains packaged content written on some legacy IOCs that have been prevalent in the past but may still be relevant.

\n

Pre-requisites:

\n

This is a domain solution and does not include any data connectors. The content in this solution supports the connectors listed below. Install one or more of the listed solutions, to unlock the value provided by this solution.

\n
    \n

  1. Squid Proxy

    \n
    2. \n

  2. Windows Server DNS

    \n
    3. \n

  3. Cisco ASA

    \n
    4. \n

  4. Palo Alto Networks

    \n
    5. \n

  5. Microsoft Defender XDR

    \n
    6. \n

  6. Azure Firewall

    \n
    7. \n

  7. ZScaler Internet Access

    \n
    8. \n

  8. Infoblox NIOS

    \n
    9. \n

  9. Google Cloud Platform DNS

    \n
    10. \n

  10. NXLog DNS

    \n
    11. \n

  11. Cisco Umbrella

    \n
    12. \n

  12. Corelight

    \n
    13. \n

  13. Amazon Web Services

    \n
    14. \n

  14. Windows Forwarded Events

    \n
    15. \n

  15. Sysmon for Linux

    \n
    16. \n

  16. Microsoft 365

    \n
    17. \n

  17. Windows Security Events

    \n
    18. \n

  18. Microsoft Entra ID

    \n
    19. \n

  19. Azure Activity

    \n
    20. \n

  20. F5 Advanced WAF

    \n
    21. \n

  21. Fortinet FortiGate

    \n
    22. \n

  22. Check Point

    \n
    23. \n

  23. Common Event Format

    \n
    24. \n

  24. Windows Firewall

    \n
    25. \n
\n

Hunting Queries: 10

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", @@ -972,6 +972,7 @@ "link": "https://support.microsoft.com" }, "dependencies": { + "operator": "AND", "criteria": [ { "kind": "HuntingQuery", @@ -1022,102 +1023,6 @@ "kind": "HuntingQuery", "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]", "version": "[variables('huntingQueryObject10').huntingQueryVersion10]" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-squidproxy" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-dns" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-ciscoasa" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-paloaltopanos" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-microsoft365defender" - }, - { - "kind": "Solution", - "contentId": "sentinel4azurefirewall.sentinel4azurefirewall" - }, - { - "kind": "Solution", - "contentId": "zscaler1579058425289.zscaler_internet_access_mss" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-infobloxnios" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-gcpdns" - }, - { - "kind": "Solution", - "contentId": "nxlogltd1589381969261.nxlog_dns_logs" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" - }, - { - "kind": "Solution", - "contentId": "corelightinc1584998267292.corelight-for-azure-sentinel" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-amazonwebservices" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-windowsforwardedevents" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-sysmonforlinux" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-office365" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-securityevents" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-azureactivedirectory" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-azureactivity" - }, - { - "kind": "Solution", - "contentId": "f5-networks.f5_bigip_mss" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-fortinetfortigate" - }, - { - "kind": "Solution", - "contentId": "checkpoint.checkpoint-sentinel-solutions" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-commoneventformat" - }, - { - "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-windowsfirewall" } ] }, diff --git a/Solutions/Legacy IOC based Threat Protection/ReleaseNotes.md b/Solutions/Legacy IOC based Threat Protection/ReleaseNotes.md index 9a362e137f2..5709a7bf3fc 100644 --- a/Solutions/Legacy IOC based Threat Protection/ReleaseNotes.md +++ b/Solutions/Legacy IOC based Threat Protection/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------------------| +| 3.0.5 | 03-06-2024 | Added missing AMA **Data Connector** reference in **Hunting Query** | | 3.0.4 | 22-02-2024 | Tagged for dependent solutions for deployment | | 3.0.3 | 19-12-2023 | Corrected typo mistake *Microsoft Windows DNS* to *Windows Server DNS* | | 3.0.2 | 12-12-2023 | Removed deprecated **Analytical Rules** | From ebdf1103420846d4cd997b71efde32fde2895c3f Mon Sep 17 00:00:00 2001 From: v-shukore Date: Wed, 5 Jun 2024 09:35:32 +0530 Subject: [PATCH 2/3] Update MainTemplate --- .../Package/3.0.5.zip | Bin 13104 -> 13509 bytes .../Package/mainTemplate.json | 65 +++++++++++++++++- 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/Solutions/Legacy IOC based Threat Protection/Package/3.0.5.zip b/Solutions/Legacy IOC based Threat Protection/Package/3.0.5.zip index 34fc40553202dc76d872f9fdfe1ea0c2ad7fa732..6b126f9a83747cac055ca25e839bdb4653f3f0dd 100644 GIT binary patch literal 13509 zcmZ|0bBw1?@Gd&GZQHhO+qUi5@yw2m9ox3CWAih%ZR70scTR3@a_{N)k50eodQz$G zr@AX$r6daqh6V%#1O;>_JFK`B!|!%;6pR9l3B**viasc}{y8r?wp)T{*VQzK;bLF?U+3 z{VxGo!WzYen*`P(Y*~+PecWddT&&i=7u!sSVYGu5@=7Xu?QrNbR)i_7}-?dUrz;Ou=Y$y><)4oYL(T3$v zVFfahE_{qaiEKAVmbIj4ab9*}b(PpIq@t>hF@sVWN|RF ziAPa&{XU-A_~i-teTu5Ro==f^e}i)dTQj3%X%AnD)hGToWlufJfFG8!9x$_^i#Mey z@G08QcJm&ws{Z-@5WHLsS}ivtj0+?DQ_4cfTT*E-UFF`S6R9#F%$%Xkk7P{8-pl`(-gYo(UJj>$0buv4>cn@8W$7F44uu#{BTOEw4Nwt_SWYK zfWT$1DorR|8fjnYbxt=I(M9+}#s|e>twn7eZyp^<5iJBkrfyzmM>MD>%L|$$;e@Z? zGgUDLR4g+(AzvbngAL(oxlaGk6Ekg`+sYxWKoRlPDgv3U5WxDlIUw`P;qF zKQ}e{VlDD4#Y2gL@6|HN`XijgG+a>^p{1^=MtS- ziV!Gj!3FNkM{bn~=o_fA5fKHO2q(>$;}TlAcL#he zog4`1mgxlKF8gYhjPoHGa~@ja(ZZ@b&VW^Kaey!$b+uuoR0z`yY0w~c^jz4j6gaUX z6tD8$fm)5I^*x>HI!;7?H)gc;5h)N552W1=E}>BvwN+Yz@E}>a;(UElwPg68vIdx0 zJ$|N{pc;)6CR#WyTbNxVeZ*Cu1PM5`?hNH|iT>?LHWk%5Q7gM1yPN4>Gz5@#npsK> z-}#C=d0>}NPz?bw);mzV>hDuZ!xsI=cmoUwAVw*K&v6wlv_=jWMvNsGs#X$V8^9mV zNP}c-kHZ*AFq7}bR57@Y5lUDU#?=g~f4^L>J|HgNKYbUF$KDGSn zc>~t9SFbnt{o~IPYCgP~Dzc$3gtKUH!7<`qzNYwUNjK-q?1m%-wO^S#Rp4Fmh*k?$ z-^(?6{_aC1kdX&eG(RTieZ+qP>Y{NY}+P|1%MWJUlddX(y`9*Jf5oJIi z(m&3@VLAV1Qhp^~C<95Q=cdnXcn+s9$zJzo4?W|`M(QEzR|TGNUSn;fh88(lA8IHM z*{0^QdL8{{kz}2#$xOx_W1k7QrV|K0sEN^>}x%3Fb2c|Aw z$vp$WvsMeaqJHCi`LlC8!hO`h^{xCb5DlP!>%Q8VcsRlbRs&IMd$7!jbJ7@{xJH8& zVA)ei8ZYd`BG7dH8e*@Wv0R<)pUPz%|DdJEsbd;hpkfJNhoCe&)rqSg$k6E78+}V> zbRVlPxh-)bzT9uV(67yhQj~DAK;!O7L)Mn!mWr1L#~mUlF(<7-=}Ql)_{Ef)SZ9Kc z27lJemSU4LgbZh@Ea9pdX~1wwTXSzG9H79w2z%d>fYhRK@)R@?KOEt*>)oxDDZ%d~ zha8)3VQC zvoefW;>*v#WP|`_v8yTS6*sc#B$P;Jx`k+pS#XMw{kW>Y1CPYJ^^5KDd8Lz3SH7IO zvwkwhtdQ#5p~uI0p;_+lwa322-%qA^g`DgRDTyABSa?qIxgBo`&EKj+53wz=EvYRz zsVz?&UJ=)DDIDKm#IrtWjCw8HUy<5CM?e19a6Dq;Zkk%8|yKAQXHTULluWK5pys zAkAGt(NaFuRsi$az8a8;ICV%YWlVRiH-=%>Ub~7f_xbz~B_`*CT_h{9viibj#xjD3 z#g(Q-jjqx1%!_5yt3{2Q<|8s~gO8Hf0zrdDRZK4%Wcq7l_rJ%wDm}`^R)mvVpvt<> z%hRU&U+0uJ8tJ-=9VaR!(sYPoSF*Y1N2uTR$V4-+ z_@?)pHRq$h>4*F)SY)-2vwnO+oVIG2VFc}RoZStkkSdA$-Lij~ma^hJJ0Z%-)!(9E zWLI+KC=L`>%E80uP;VJGi?QF99ljxr^K-y25I(@Yk#nPDD zc`xsigxWmsGZa@TH(G3N1}PUA%sdBJm1JyMj>>443qG*FY9AU<6kBzJ1Q^ zH#wdN9PKtkeX17;F9{nx1+Fi)p;0-n)1%V48?wEdt9(0`d-JF4qTgGn`3s2}r$yXqm z=b}%OCvABih^t*gS>7EQzDe<_cF2zcoknck>+2?* z{OS~3=`(ttDKnB3QtZLX%D?Gc3~=GMtZ75$vG}CNn&BNUc8}rW47YOi(Msm508!XM z@Z?jcU~Roz4ECX4$sLZBwMfQ$)NPN4KkS2>;kfSyCW^Bj4vB6*PH(pI=lIbLY#6rb z?djBq8iRHjs8S>U4_hCmcgHnSAXJHhZoyD%A>?HQ!MT)u4Cy8g!U9w$+TohVsz zO-h*&;6&$clSD(%9A`bU+6j_>rQ~iw%ja(6%J-tOf}b#{c6g9E6=-{(R!EvzSRj34 z`^=QZD2b_DGw1qrcB@RRxN(H6}zi{qIDS?0%1%QE&{{=So#?}sM=Jrl@ z|H7O93283%?OivxlD-4fUkI5xE0UWjCs3YpYwU6k%qVIbP#q8DZ8)E;iBOWbN~OYz zFR5HRb^^A5q=M1N7jB$MZZsrFaAPGr53an0&SwLEI7MUxKSpAvtUD*akRYU;>5K7q4#lmL$K8KO=6%8a2j)-F!?^9%Dtnu@|vb`Mo;Zhh2 zYU>88!JnuyAT(&h*J_19=V82|86c{_hjhOBo3gE~kXol);xbs_Eu7l04LR0A8LoEu zThhBXCF9?&7g$&8a=Y}@Dxd1pT-5BS5?x7A_I6^|qEV<=e~qzC3gcq4LF7Q0E{ zPyQl39T;GkyJ&($eT3sO&3jY&>!lFlEtqn?^8AZV1*VB^{;ST!d%s-|0-u9mU zp_`#Fv`3zH6N|&-B$-i!7D`ySc~%KQa7`eK&>NUIu<7=Rf=4>p?5QqZeR?&yCvE)m zhxGIt+4f;spTyPiTt?-mnAa(nyh{e)X?vn{nWIvhH{o*?bP;P<26^Cr&)8TDbboZaTYln5I^q-4WHJruG-pj4m{=V9{Zbg_ssIx-rpmAqg$iWIFnC#B z@$o*rc70f&Ew@z|zirZNS2x3-d_r+r`0wyrl$*$Da=!h?yO%fa2#q{g6A{k+t$kT> zq*BqaDuP`$`Pn+C7Q5b!<_N5OinbQk?RzSoaJO1HILfzK-miog+0f-H3!T&m88U(l z94qxD4xVKgG*9OW&8`ZQ~gQdcbUnqBPAwDQvA%y`t(9z9bZyz6if?Ur{~vUZf9UXA8&mH86ms`H_%5~` zw97|qZe^Zh=P{O-zqy!pn8nMu0;WIRz9#KxlR|~*Y)e1cHgJA%nZIja&Oc}dn!zVeaITHE9& zC~_-&n7zvA$bPpKls7cEuDSGzKDM7-pQ3m)%$@`jpA;vkDoA^e$WXHFrxkQ-XBU*jLfIviJy2r+<$c z9OTwR$~M{OC%ZQ*a8t>(`6J-=X7&&;_ys6SpTc7~4@&sL5KYxyznVY28u5;dt7A!C^e zAX&^a`cAF~O{j-Nx&+C5?^ok+??IdP%@y8*nZlftqzi2Pyf=U1yG^^C zs`$m9Hqc*`0QX%bJEoGCzfJV3ycHh9I<5-|UFWjtRcSA;QhmEzP;ZhLGtE?>ZH>$+JpsBHB`)-XBb0mIO#s&T zaO~j+RDG23MNx4^hH6mq0!ab`h0N)Q2e@&{k`xb$rmh{2Rk4t)a^*loU5&kOY4rr0 zgWhQx{jk?u%|KYMqh2LFa;c!BqO@M>YqfZQB&Bu)zR_=Vn3z>dJ*CUn_i&E6pCk`? z_MS1)v7Lxd+Xpy>WF=JTFgL>2yxKfqWiGSGX8sM4l zGsZ61RxK^=oIOPevgZrz8h_Tg-E^?GH^1#PVy8={>~9F>8r`p0Y7bkWI{OvEBXYQ! zrHje-suI}nvv_v~D;0_pq;4DAF9ysF{6*|Gj1dB@WA`@bKK@62X^E&s4g1<1i_3`# zz<2DEAQ_siU1ggEWZ>ZP%f^q#Bz_Df*TI2k1vkS3aWGh>DCJbt6FIu6jDOi z?wX5Di=?u&G-f+iu;jm-KNeR!Rsbq3;XIf464+ozaap-y#0C9`6(~&nI9>Wk8k!l-HDHFQ54XF={r(<&n-<1@AV!$8dFr@i&M~;oAjuwr~UBa zD4n79!Q0wxHti!LYc3!g(ugD?EkxMwrpIBe(}6BHP|2?8Q_!!$tlZ(&+y!LzzBs!% zaB3jzN6?kn7yF9fv3dhI$KulBui;1~{!d|Sc&F&}+_X94kSRtP>m;R%r^M@d)@rTq z-h(L$>^zpq*m6%SetdY9Z$s#QgngmyH5Lj){7{T0*(P2;N+P-1Ykh05j<~&6TRA+Y zu~!nLhDrMwVkGY#q|H*87Pf=%CQ*02dJBj%7I}4#!Gz5fK#uT`n^~wt;+P_IQXC=0 zyX__evYzo-?}H)MXhcrPcn;f<7+!z!?vW8bU3YvoXywcd`pVu#Rz_Du;MKXx2X>>Dh!c{N{y4VM*{kT2p6Ak zxzvD?I6{00T4YHZ$2{6(bldu;R$?7~j-HMa?)c3fW=IfXmyE7jI zUF|hO0)j~>%|NqrmYnoG;yMx6-mh1x7=l}}&^`S#Ut0a=U~7@_DD#r&Rvj|76|9tkFSbwhK%HO5Imdl_8F zOVc3we#2$X-K(Jmu0D{&BfagLOE!K8)Oe?zaV7Zko^BvZ>HB?*GUrpbQTwMgRvg7* z)I-#j8?8qgnvBUa!lJ}nB#M}jD&E-GjI}!E)4r(Ds23@gDo^vr=UB@%>fQO98KyM; zHYI2;@$T=~1Q0SnxE?kc%&%WyRH^H?^QfH(nkfQw6^kp5ktC)~Kl19=_{C0KocEt^ zZa#l^Ie~9P?w?7k_WJ_hCqTpvv6*g*og6{!=^ZO%&k^H*&+L2f9En>S%v61!RxTkN zwrlPzeOb~k-@R*Obk2hGsk4(M`#4Pl94N}6Kol#NSRyC_;a`Zy>ct zstDk*<3*q!6Vv#?chj8ZA9M}>Dbblgi6#Vy&tn5E0RjXl@fGbrJ0{1Qpi@ORp0M1Q zynT<8O#d%ZU~Fl;!0$S>s3}%3<@nexOZpY!kHX7zTYVK~U~k`Y{oUrqqC(PPD%G!Y z_F2vZkwkEs9(Nim7Iw@q8v&FQW$TWW@&LQ+5Z{FyQ~kzq@>G}vp9zK$T)o;MG0e)q zvsdgDr(8!d{`gv&&z(d^(fEI_D`FMMHQMMquSnDgT(@Z(QQ1gKE9J~dFW_OR?t&hQ zuguFFNGe%a0eYA!8yNlyVeA}K0@;Znz319(glWnjDf_LB*leM9U_ltQ5|i0>AptBA z*OAHNecQbOvT<(=r>U$*vPSlOFftn<(r+EuO{8PMKfUjt?QZZs@t# znm9z?N01!D?DMN!#bsTs+u*)fXye{t`V+Twqc`WAQP>*fhZ{o72_nf_sw71`c98Y+) z-!nilRybX)#ksH3irybzYSuP7=75o|{%)aMg=u%T&D8aJ?0pn?liEVn$L2Sy5IAeU zuKo*}&J3!wfm0XLr3*trv+Cw)6;v?<`0y#~I#9Za75y?Gs0yH?c*@PqW00HPrp)w- zP_&|T-+Df~#LsCfdhl?|eeF6MagjVZa@DMfwKBMHKI@Lb=k~_par`6eAb(=7{H^3> zARHrAxi#<2%fm?iPpH?Pr|uN%0m;ok!(TC^Z)1O$a(ZX0U4Mr@5HPcMv(EcH(<%Fn zz}%FsWbu-)#h#>sVVC#M02$q6$$*)E1`xpgXMn5CnDGP1#|BEhA3C|>4+Sm$;wwL_ ztLiB81Zb@zRMaV*&|-tEIaCsuOivA--AKVubC~PlHvK&SmHzEyP@4`ILx2zG=ID=J zJ$e$b*smm9YS5wG%Pnnb0gZ5jNgrzb-aDE6X)5Ah;;Ke7A~Zb5@dr$V{4+9B&wd5? z(&#B%1yBfK{WOl&Fc;#E6-fSYQ>viKqHw@zq)X5G2#bzjbEy%BjRfvP!k`k2g2!B@ zzRQ++EI}$kV-$Hm)|IOc7zSAZfhArOWER{ah$Xpv%1o=%bRlGzWK;yl`cis)*1>xO z1PeYnBb0Ad{d2aAYhds%Nsk~AT7B9C!s9JW6)J8*8a#%7%*Tkauft8pguWkk3PG1tCUMh76-f2iyE~#(xmEDO`zS!(CVJCn|JZwq<$81KuVJnTTD!A9 zNC^+v`EMWU?Mw$=Vbht&n70Mylj|`3WV7J<F;<~_bE|Lh}rJE7anoWRr^dVy25QyKcQ`}w{K-)yG>oCK0v{~yHlBtG><24 zT5f4$_6tst)o|(LF~-9&Nq_;FrDTJ&H0?du-F$q~z{v$=9QcyqZj~!UzT1SOUqaAT zN8_~vfeKqLBXeA=LCuac^x6+AOE3rR+)ZSYMEQPFc%BZ-2<&O-tjWys$2;MdJdptg z{5EFtHPxl<42fE{)M%8_G~^4$hS80$LC+?MTlar1bq5)Wy5dz!r*{0YHZ-8j;t=9s zhLL$z$H(fDF1f-C6JAD1qdvdGQeGx* zbL^t*ZM=XMSs)-^dp#uM{x;A@0SnoS#dc$VzdKm7e!hOcrX`Ajb2A?j`&rLdfDRM; zG@KwDZj!!JrGJ2{y#HQrh2viL*4QujjR9jEA(NgDEJN6#iY&1A-6077Mfg?(XZ>r{ zm8f*u)fNL zU;h2I7mseRMyR3O5%y-WAVx0yf-i6G7iyZoh-4$XUx`~sbHlLdgJwpdOZ?pKDXoDy?Fm#2-D8kihLCR(v{(I|M zL80lC{93_Azky;j+4{b8n4Gl$chc#|l}w`8^i4R~`B8#c55Bb77PNG8qyC9oOGZa+ zQ8p^Vn)y|%?^}`JN}__ecD?66Dw4(|g(@@tM@5@|RLpawAB?mVOgszR0uV~bI1Xd^ zb8HUVptWN%ZIfk^21w#fZ{IErFK?o}yoCGyZ1N^38s=-jb-RzVJRMV4`7R~r`50D* z6}nr=&%09l&v)D*rY$bK#9kX$fUHNu>i0Tyb!^V1T^kZO4xN3j{N=^lQM5&svt8}LNE6{ zUPQK>IX)qEQpW)8zRM-`u`}A~7Q3Z3z3@1RSFYwiNa*a_dkdA1rwlzydG!yb_i@?5 zNcjT2j(${xvh$8RZtcTLP|5iS6~1PLNyL{{XmS zTu60XRSz!Z+q2TyPjZW;iC&}DavDy;l_Y7lki{wnUjvqE754cF$uPLjo@M@m>5EY$ zb-3l>;TN@#WvE0}f#{Nw)<;$vpX*WtwpLn@UgP)*^ab?&X^#v0F|^(pIA5-;0i#y3 zGG?!7ZM&LMb1hR%&Ft~KaSH_j!(snRgFZP_8N2q#l1yjmJis6>v|}+wW#~{Jr(w_XgVjW@>89Q=~mZP zcPp`o5`^K5h~X?EMqK3*K*;dVxlqRba)PQ&2(%-WMc~U2hOQpomfh zK(aw5eAVK8?{dkJfd;)O|21x(B!^4WUnCrO^(DW&^De)Z74WC1ZFkdSmnpeY5X2or zBP=r+8Lcw^&EAfvji8!so)nh354SgI^4papQROm?dYff9%1yV_t0!~6+kUEB?oPz( z#X@-)yL8j4(#xSIK&!G{AdIHgvBKn|q+(yU3XwkuH=FmeL(rYec;VwP_Q?^tL)U|A z1_8i6cwCcR@TcSJAFbx z9+Cb|VEd=$#pmSJ)zQ<*O8W5;eWABJO`7H4!5rvqL}Vk7bvoC;P7_})h%()w@|GDw za3JG7RyHYOYCw0WPcAMqpw(MUOXS84X(+Wm5x9ft>QDKdrkZ?(ixyxE;NM) z<0gb%A;n>llOIb*xQin48upLzL;nkDAASc2c5~lkmD6$ZMgvkNMB-iYjr>YCBqs*t z>`l##=mi{SRa@A}?*~iLya|^iXnZUDfF~hGrE`8SzV;i+m;1HnBloxJ+E;J)x9!Ky zv_Iorl60OtjB5Oq_>!1nu#5n?+1EwR+SE_XRdnW6la< zQbrfvyJ8+|oVOn^@3sNkP*f2tcT?LqMhMp2Mx-ob4m?OI(zuPnE=g; zAsvqvK}}aIgp?1=+TIYQA^s{{@un&Qk**_H zh8s;EQo8rQ);K&C>EfBzz>nxEu2^SMT92f{AkR$B3Ec7CL;Jdos6Y$f>hTvwAbHQ< zhiHwZQjatZ@9$WZi(AeUm1#6v(aw&Qi=Wi0n|pPBtAPe294QrRQ)p+9Oe6Ku{br-Y zqa1diUZ5Axl4>iF0{kJF-WZvZO=N(2cfgR&GMVs z*my+BGSy@llv=|5nYy%ExH^oD{U2tr&BSrA{bN?@KV}VOWv?})7YM_oIj?VklXqXmUaFL3dMiAW z=GFdcdEOelVB&O_dDi-)NRDEFE7Rof(E9+J==KpzCnG(IM!HN`FU6tVgXq6-SYnbbw^VOZc zKL+VTr)_CB%5HmknfjTxLf)2BckPGteJCfI6XdbY-nLd$M(0!(6v1I#TntGE8}S&1 znh~>?XsJP9Ex?#>5Iu%m_j0u_Z*R|wPbXE3gu0rX@+i?tm6|aw9S&-hw=eB}ZK6zY z<$i8(mQ@lR9#%^>_hv;lY6$W0uWIKcI;Zt^YBb~rP~S^~y0q>^n^uuOPo`XdkflR| zF4&5HIfWEi`Sie4CAJ<3YNyFQW0|-%1K3A>nRMEm#_RZ%1)Y_8`xN0qgh;F8l^N4) zK0ZFA^HDG3fH9bH@0RzLt|Hv5)rwioDGUDmr3sHR7dF(C&g5(uz`pLFR8r~!ELJ1a zL}hF3W0fWL44wj_be#*|w`SPgYr61z!c4Nic34bY4t|tqOG$a^hGTcGrlslQ!aV_({!5Bbcu^!BP`8k3oZ(tka zQ#tga)F04+axjkzGr*;UcS1X=tx#DK}_qGbSgbe^L}_(%R>VE``V^v=vwbm)xW z{svtP+hP(-mRGwo)fq?@xzoas`ED_=3#PdlMuwX~HyQqmZ;a+LmqhxLLUzFj<@u&v z-AvA2`PC}i$RA8+=6T&>Yva9xP7u`{I-9cV9>HD5G|r(#PA0cfho46rm)jRk$a~BV zXSy*WxGkTw2+%e!Hph)~WdiCc%luWAbxtQMBv!s2SK-&6?*~JyD--Dvlmt!+;9*}% z&%KW_MAAOxKcZQFhSqobaF4vV{F6LbLV4@=2*E7Ikb}8_RVn?2x6}48fnn-QPrA5O;uVRSL~vbP%a7B(L>r)l+%TQzc#$wd(*}q% z2W1ByF@lppANBME@UIi0hb~EMAnT;8nh0Or<0O&Z7Ebr4`n4cH7F8kp@ITP(Ho&?b zhOhEQ@6Untpcp5|^Od;yvcWx_x0XtHMzviItG!FRyg<_^ED;XX98hQ6DhhqDu9F`} zhie$f9hb&*H=1($}X7fA*k{Oca4tR21Y#p+l1CH|u%CkXgK znRts4X=Vu)5f_3;){|@t>B6`+!KOB69a(iXh^nCY}Z;=kP zmRM^>+3i+vdK@;*KI0Ec9Ox$bg87_Fz%9k)&e_dQ##p`m*+QIx->PGz!Lv4KMRl#A z-)YgsG9@a7Wb89Yn}?X^LoEL(>aqLSxPuYKtRIV*rp;eEMHrbI^>GCBCBKQkEgDYK zM)6>$l#RJP=v~M|F#Sq#H5Lu5j>Ep3wwjSs+H!@Osk-TK{qf`Gwfw zGbRwFh6&O@gr-6Grop)6L9;9%GECMZwW;PVmV}mgnIeJ9TAY9XU6KZQs|RHM%6w#Q zL$H~RKPwgLl!kKQ8M?pc(NuA-r7Lz7uX8oWcN36XesdzuL44vNtPPo2R?De^J=0sh z(9?&^v8~_%U@UZ$0y_W@=pD zJ2k5S+&5q@)ZA?|XNi>m27=mT<|ivW(bl<|j{b}}lu>7RxEoQ_b;Hnn)mAQcd*k~X zm&A>?=Wj6gN=Mq~X^RN;|ISo3>k#|C|W@7Kyh zh|}xK^V!X6LzM2a4&$9eFC+N%7U2}crg(CtVC zqAW(>0u2cdIZoHZ3LvDayPcOr2Ihq(anW$Qbn3!7FS~ywQ z*)muH?QAc#KW*{aQNDWxcKm0XlU!aC@edqgvMtt^htYo4j z9~<>%n%(MiUyKOv2i?9(WgHme9JWh6z3ry7uS+8Iq4_Q^sjl$82DTZ9!bPwFXxGG% zQEo(@-?J>QHFNb=vL9qoZ3WGUB6&qAr27bTm$1QJH<0SMLFV>0^okj+x&i<~yloZPRikH=So}>Hl!^b?b`QSv<(m(~8;>`$Z9_Tq)PXzDinQCh z0S0S7e9YI|HzkWamascHgx~Waj6iI2C5xJGF9K(5GN>^=ii8tmEDhmRf@WHzAeu;Y zQRq`k3}@^v3Z?q{<9z30l%{@pOfI&qP*(ahwpvJq@@T06XUHA!*FjF^`RR2P$<$Zx z`nr3gk8*KR_=7in7IS|hzn=y)`ttC6-K6`MHCkd+8&A4DG}`;m(IL4RG)~#HS*}XQ zYSjAzD=B78B*#fQ~zfB4`+#Y5h`zuTqwcbgjs34{n@ck>nxkQlV8}Hg@+>()b~Q zrwoW9Mul({L-;SQsLVfsU-@P8d|@V3ijC-%eUw4P$jatm`e7XOM$;sn&oNe%dA@!5 zN_vM{WXm5)*ob(h!?um=BoXF~7&3ePPz71HME%?7-{fdo0`7jGY}!{hGiIgvQGJ?Y zXPaDg%`~@r^HXss+8k=QGOxwj8FCyq^{0*>*`(ap=GqvcsPCx~3B+LyafJ@ULNWkv zvO0@$*3+2OxB3D#)$&HxWY{AC+_V`(luIvYNRVm54d5_Tb3ZzI*_ zt{QO*K_wu>Ks~&Nk09m)*u&~Bv~5e2vaQZmZ&vY1Z}vby%0AjWMY1yq8*2i)Q6uC5 zIBd4=7p40k6#2xAIuiW|co3i~DckH824tb}UB-6L+nT019v96?`(cgQ5~jcT?-2gr zVolaO@;*I@x2-oARR8`Cb%UOW@Y;a2aLt79FJQ~+z zs4K~$NaZc3Vy)_~AoazXaSf}~^*@Ow=&nCaRR|H<*{%*(SL6WsmGYZ)v+r4$$IU!D zTaGRA`#}A?{ViNph_5RV*r7qwKy{6kr8G1en)#fwuh1^C`rd?L?9~ZM12+<&TI=Zk zteSosPpFKaIDQ_WV&ucGGboPkcT9&Y{n3MYJ%IpCFZUzjT3k)qYvKw}MN4rFqwdi? z%$tn!I2>P6t<5+Q2l<7Qd!_mDr`mCAg1M3yjmaRUAxvMqTFj8@@YOlc9|mPLp7a;? zRvF^QukTxJRTF#aFDYlh<=xmhy^BH!r4Yo=@vQBzIJzR@c?0F?;W}}HRf)0HR~BLn znkZBBN{#XeTvyc;Dq0a@Y_YDx7c4 zR}ULRR%BGafHrD4V^LpRPPmW4M zj?X_IeOi0BE^FEPZYs7eby_1A@NDz$v$kszP8pOM*H1>pSxa{-s{zroEb%DDMS>$P zzH#$9^$!6UK^iDAoPD>T?qKAQ5|{-Mk}7mU-?0?=D6Yr^50-y#Zg`8a7dL)Ie>NS$ zHyr+*vs?z9wf1BuJ+1T7$>ja+k)hHSy9z8Af3Lf@88_3}kb1W=5`ZiJZGHL|xy+rm zwcx1MOzzk$+RQB46sjg<#6>NXZ3Z{HG33zL`Pxo4u13?vb|cJlw;{I7()uc)BG6Iz zUBeB@*yhwMdt`8ENnb}p*G3kuzLnh^`xU^CGVBPvl(6O6GNPS)=#*f^^m6*rnIW&uL;rAIa%dY+F$MT9?DWe> zm6ng00O6c_BATtLPRg{_c)+#EY(@aU>TPVm z*8ECtvm-OsLvvpJPUWAq^(ocRhm9XSLomfZTwX<6cXn2r)|j)u;?`#t?6L|N-FSk+ z0rPZ>o)}$f(2mVaw2Du`KW;e-HN?0@^Hf+~0m;>UU*VC;`S9fC1 z^r&h%*Lc^MyLZIRQe$)r@gF}X9KMAFnLys?6z)`;14&6p3~D?fkGAuWD7iL?8e#67 zE|O8-vUVwcXc8=-rHeYPL7I`+-f?ynQbNbqAEKNXh!sz12d%~|z?_cq75uw$0bA2PGW;WiHJ1zd>V$>b!$PQn0KJa)= z@?R~+%~Jhk z%v^rZ6z5^l1xV3U8J;(pV?)aw)t7e(1qD;~{AhhsPNzXfoPQdEGdkB+>el(jpTuP7zJ5vA+;Zt; zt!2tmZQXy%*Nx@x7Ddmu98@RE6${57qg=X>`+fJY{rfIpMj@l$lnSJdxUO8&fmvZ{ z^Z_2}oVkKH{!x*IJRWEeYEe>6TWl$-9cZb4s>=W!Fdt80@4qb}6$p+v3XoE5%IqcN zj!gmwAf=aW1Scz505GJL2+XG?i!YjmsC`-Ay%sz8f9c*YKm46-TJ9D7Mc}Zgqi7mP zH-lOY2rmHfvnu3(f zD9)emG*cSIRI&h&%WiDf-01ZmZq0gnIJGiJCg_zBl2bPU7CQ>hyyw$3oCYJ3m zSQaf?E0Qat7xu&}*^Tu~#EsOd)X)*MviHEhzu*-9CyJBx*_0DR4g%7|1`2}mkK))E zSlFtV*w|bDBRc;#x$!=C*^qE~{H{uNEt``OvJ_Gx8?q`rWNSExRMT!Stmyn{#EBmV zK^-OFhv1iRI%a&R*(3g*L-wwM;RgooH#<~du6&sy@pn-$Te;NMQ$7FdYvy}!b(&~% zH<@qA#pgG-dJYHBcXb0zokn?Tp5jfVwJYMuGDo>m<&@vux59H>;+_i1w-m0eXsVlb z12Cs-bh28*`=pWHe!n*9(#0?PX_W-X58^kK(zK^monb#FBpl{R2e7vgJjvyn4?uFe z`wsrdsEl15N-ne_V;=L})H z{V9@yv&_Af;ilfE4aXS!P|wcMtdt#X-Wfxt<;q?FHJiMro*}&-6NoZ?EYRp=7%KuD=n?y|J%Phc-QWLpex|o)`}k z$Sw%z55Kto897lBmMcUZm0{S|tG~MS*|h!?HinZ@EUwLv==+#ELT9Y92@3A6W%tE(SwCC(>$EVFATF%OmVPp=jtbPuk0XJ~KIbGHJDR59B#)#J_n z3VVBR&@p-}`S=P$s!}Pn)`u2L3OMm%Qxhp6PItfr>P%l|{Vm~Y=bh|%{<<|GsvTHg zvxK|v*sWHZidWs|)Bf`ce*Aq)OuIG)s#>u%XQBI%t(_wlhI6a4cf9-kzbPBp^=h@T z%zN0&3J=+0ojlkl)sE6uR$4Z*<{WsJSyx;7iJtdqaSPqis#i7#u8dfhi0h9om6fDF z1GU=cw(XKT3DCWpmj&}dGBz_ug0ik`svYenT=4P)F)22mpgDn@hJ|R>^ze_H~u>YRN!X?J2w1;uFWP5N7JWE z`-aHleCHz#SIC=B>%!FO_S65f&1IFN9c8a)`$^k+bqx1@h#H|2_o$Ay3L}!+QN^V# zaJA<8{LxhI+hzG+M~D5u$=)?Nu=AB*QuO>%u2Gwab)s6!+b>3aAk3j|N07d9d3Zmj zW~I67>#}C7*Ij1xbX&{$aI)Zx+s*fJF<=6bE6}AeI^M|Um(c08I`^SmcTIA$V6(1W zi{;XCTcWG2qOLkx{6L5Z7E~hdDf%S0_&va@5O>dF#X~Xu2hC3r<1)=+84M}N6}lTF znS*M|I|}C_iepLdQE95tBoj$jlikGdc`?pnBoO4)d&Si*_^F_wTb~kefIr0)ycC&z zPbUZP0uP)jzLRq65X!F-B8>fK5{?JKWupM@#82^F<_B%jB!Q?Gd~U!ATxarRnQ}Zk zWZ?R18n!T~O!4F{=RC_ob^QA_EbmaQ?;`(z63cPm!{J!jNhbyooO^d@fpqxk7Amc= z3JgDM^DY~*?tCI9F|5)fbrXDXNR)d>#5tM2^vIiRyOvE$jNg#u@(F=og0KJ+$LK`5 zccDB~N8o(b<4%YPXts=xNtg9%^{#I4pUY@y2+TfwA#z%-Umzz8jr+3@@ z6OIlkVwhC%zsJ5Jc4EIBuE&n)qb{zeYmf}TdqFY+=XjcnHLKCTm zwp@X-Tsbb&)z5SJL~gzhESlL`lvi@u$-w2}B(DJn{S?ZKd*WxHEIHxOff()=C;2=v zWBI@t;=iW_xwir-q=_p-(p;i!X(TqW%+C8DA1jPR?iYQ)DkBZy&hdS1_;r)j?qh)w zPh?a!Pze3wc?lt&G)hD#?YT|bfi zbF1>B;yb^M`xgsB8JhYx6V*~iF+V&_z&X`QMk;qF{At9Pygqhm_LB_H>@0sIlIWL(YbxF&$41?1vq3bXjQ7PFPy~$jjea*j+%P6>+7m#- z>2kxb;Oyb$=HSyVOw!f-WMB*cH578X z&M=F`4D&Y9@CtT3>>qCwk<5;o&pDth&jS0K`#Rs5FBoE#zb#|7T~M~UwP8fLjLZq< zx{rOu1`K5n8UaErMh!$UFN`uWNFZ)62YjVj9##Lqxe+bn41wa&Z5jbnSqaIxq{2D& z`2<!G%Pygz>LOKxTXx-NDJeR2e6%?9mXwkMZ zXRlzS=i;;>h|la|AoIx4A!w!ow zA-G^%30o&`fxf(bT>S>7`0O~O8ak5cp`f*pebn&_!=}vpyoSc~YMrFl3x4^w{yipa z@1Y@@*VjZozoo-chYGAvbkj3(>SV3N`j;!P?E?$!U#!Ux4 z<1dr5-So)B2z&IsyQQQ2us5vis{AJim!n1u{B8TQ<8+F%GU}UPgVSrSF0=8f?5#-? zxcptwMN{w0aPYS@{^+oIa@ za>QmZr9b^p3g6^06Wx zneh-Bg=XOSjVp46Di9xPXV%@tyL{KUiE@efi+C~64w zRuZ#xD-fe_h0H=LKjnkjNIh{sz1t|M2OOB?TFd99S}DqW4+MIUkwxF}Fm8PcNK(C$ z-+bi7Pm05XMNU7-x5lwm7e?22_U+xQlZzTw56_#Jd!}>MSeavkJFj@aj9ec#x^cLd zy2zKW?C)$o zB|Jf2#YE=U-pyCnvtxYkz3pG`&Mn6!rGAfcm5QLGVv;0li1!FUPW0>&h(yAxm2o7ors`c3fy;=zN!7@5LrEDVIs+2&o0PB6Ff zKMOSU6H_OpN~?J_)XbC;_}*c9@D-3zP$_^yv#xH#6R``nJgai>)JkEt?jVvov-T^@aXAij;_LGOD_ zI4;V9kiU|l$=}frJUfyhFeux0oNyRHo5xCTcm5VW;dY{qk#Foq1fhuVuMrc#Qp;ap zmBs*kaOBS%{zA;-mINHufLjRvqgb&%J3;hE@ofAUhf&XSGtpAwq4=H{T$mE zPi&lmKWpur;zWVrylmPSE_=HU!cl2V9!(#m9flw<9B8g;a!1o{>HmCKonUl+XE-ec zZV)>xGe5X!>J17x1ZTLl;C5Z)4x{4X#ZZe~&G+!9c#8YDJO<~1B>P;&ky_o$Lv~=h zErXlGC_vU%`L*vZJ;RzFc0+~Bl<>1u;IabQT1Bsw>K#w~4c40tp)A1btNROC`8z9m1&AD5W+Ql!6y zaW^HK@jAIarA%+kyK8gFe^@`SdGm6`f&?Z#U)H2fZ|LJ?ryeFiEx6;1=SECVgri6{ zYjfF29}fu`N+0vuaWUHA-J?5gAKkg)=xv&RU2VH~H-6|ELHe$&-nqt(@1U5vM6qtj zy0}71eT#(BC#Fsvu(5}Y?ZZ8kQ&f3|63n?UXmK0Cr~Ho6X}1otp7K&+lskbz37+iS zPmS~ z;_}!}Uac2K1=GL}_vRL&(KwQ~Gdns5VQ_U?a0qrGQI*)!DQw>6s~e|}zRUpFm2YJA zPsy&wDG1YmNsX{BG{35qF3L)bQ?wUV+b+Tx5(MBmW*PV_@iK%9lnWRazWZ9zv}6XQ z4)5qwyQBxvgxxX;A01vH_z!kyq@Qz)PAEG_--#cAf_qs=yvJ9 zS=sG{yC@ZM%BJ?TNAt|s?@zl-Odr{-<(G?$=i8kRz2I35yfo_E{f^=nepNR3;53U> zy2RYyG5n~HTQ&Tc!P}qN80Nv=_XQEF*L3p@5$C|Y?rqiGq1)ck@qgxMb^A`-{oJ`X z&340oD}}WKd|8L_D?Q;M-r6yL{zj7ZJMVN2xUfMZ7)=a#3fJ~wVZW*pyG>nDHv@fD zdYjhhX_(gpeE|O^uk}z%kutlqf01+eu65Dd;E4Kyio8gK_RFK-!CKWTXVrf2iQKlE z^K?Et{@#TH!N$2vltHJ8Ft3l|VaU2Vrdxt-i58gh`!j@|OztAH>hLPL+b`O02 zp4igd`&97xPo1_o`_KO*X!mUywymc*_?!r`hJS&V#)^)uVbE=+aVIw?YXbzQ$1I7D z(1#@-*SP_BD`?h0&n3JLlM`n@LqtYNx7&H$MZ=OY?OI@74NGL2MMhHsBs=H)S~ zA3Wch!!Jb?!i8s~OClbI{}P{_g_ad^f;7vfhd_u`RT}(I#NH9pvv$eqUwey0|CO(1 zr~bO<>SBR0_f6dT|56FgJo+kKh2wpQc z7H<4#e8}jBU?h#?+Z7c^p$k{15_U%+Ug_eJnhJgw-iAGytOroKRtbHKYJ9*qv5K(l zZnJ4x*>G?ac%3^cCn9w@tW*^xMN-fW0gFn>*5~cF#{*fuTq0{;#lEJ61m)T019gAI4XG=FL0No!$CvFA=KZwo`p* z2YPI1M zFGo}J*TXbI&G^7WlwTU0RrkUDkmQ+jEYZU|v6lLI!bzLL_<@ z(#3R$<}>OIIA#rI=$&+1!e=ZdAA|)q+OsSNUvr&ZHiPavTP9mObwcY|kEUQx~98$fz|GL%N`25o`0s8rS)U2^ZJ8Ni)Uj3iSu6ytNH{zfM0<Bu2>KBY_M_pbK_XV6GdSgb-yp;`lZ z@4He1w|s^BnYwC4%!=W|!sNJcmv`O7UZl{sqqluXXv*M(ckKN0<4u%&m+)4mKr_?M zH!XHouh}uRDSKUyP(w-NGYU6RV{aQz?u;$d(*m_~wM1Z@mm((^x1#9;BJb9Aj2ey3 zq820fq81)^(my58DEyxiAQ*>{kZ9I+F`q#Erv&~1?Odqr@PPU*CxE&Y(|8e_9F@_e z_2GDt=N4Kq)TJJrgtG1cGD|zjf)PMCW{C~xOv_6tgSn*9p3Q^o)OV8Y_>Fvg_+}B~T&RRY8$w)<+AoZQ17AZ7yigZHq$+u}bkhu|*{^YcY~N36bS z1mMDN;w!ZN1i_z0a*W3F1$red4sCo<=zbCo%DjZc%a%77;3XoeG(#Uxr+7oiQh!WB z*JWr}CI+T0;!+dmGrEy@LK6+C*^$Y!k&kvHNkbP`HXD2-<0KDwF9QF7O@1(JPc)L_ zXV=P>+qLpACD(N?*%31z2ga0$GDxnJHK1n)K&m@BUMJiD6BXfEpvEAPn*}|-)#tja z9Qj5bB0pHV4VZ?`4;~=Wqcl{cB`hw$$T36($c1~g4#T*pIpq~`*dCQM$Y?cCBb$l~ z(Bl&TfLsVhtCOi$zvtBwf36k3Lz+E>GF0i*Qm*mhMA;bIQfU?q+x&OFbGUD;j!Pjo zedlyyeAJvDI)1QFF9OcbMvrJ*eQr(%5?cF`$#ijZV;*}~ehCqGH%1e(qdc)KJx9OR z!BipsGaaw!rO6SXrK)7`3{SO%@SiKa(}y(7sy2~$Pkp0sU;smE-}?=5mg+Z})wu;c zfO0V}p665j|u#eX52&3XF7ls6FNwvz-X9^uQ9GzeIC zAL=YNR)pxo4A(C&*IFcN$-9<^&?8C(fPNSIfG+A1_cY`{q4gZP6<&x^9k7f34iIA4 zE3MW2!atjAJy3Ou<%ZcODb(9-tspJR%==Fs>3dJ>X?t|3JZaR^3STNR4sv8l6XBJ0r)0XW`r_lH~RlEf9_4(ao zEhBO-yLM+Y5qkeqV@?gRYYhW5+?(!S7dP@L-d3Up@F9OVKrHB27YQA1gy?{|V;MIu zA9aQDZ?iraq`Es_4`(xDTz+5+0S94U_N;fh*-mOB%Lqp$s`cD;b zhn$>nKc&*W?q#g{`AheVKpggUHbEyMJO(y_51uA?9{{`tDFut-gt&#z}|O*y66!KC+M@J@q8Z4sXS=kCX|#@(^^J5AEt z$Acwpgw2ZNvCdFBS1!gybGD6Lgt>k($^AUOiwIc-odYbPrj*0cdVC(2W9(Bdd+gz^ zGCwGMQieNOIzT5f$n&mIs{bKt9e*HoT-IuFa{>nGdAllLE7{U53Pqbm(^T8RfCL6@ zTVD>tgN@XJxal2Z{Bmrp@)(7x9vWq1!VpeioF!wtJDB@%#Y2QN!ewgd?61<3s#%CX zkhlfniC=zdma!A#%{$;$i~IqD|C|1fa0+yt;!Ol$7qrw_Xz0TLf@Q%CDd4kR^r!V9 zj+9HC=`k@?c5E>J?JH-!Bo8|xAEwW>V8ab{fs^Uxsve4@G<1n*d?bnFUW`Ed4nAC< z3XP)9f}NA{C*3cR(_Ykjqd<1(c`ZC|Cw#5B)1FC?*CJA6+*wD|y=i}y}gQafl2 zI82d)qU9K;{7yEDd{F;L)g>5bI?Rmx03HV`na^EC^IBiX;AG1h#(|03tEanE&>%R` zB+8=(`64O3qJ~2=j?~;O^kEg-!s75o1ONNMvZ>@`vx;<9iXrEWM8{1?9qN)YBO{?E z@*O7bJOkVtE_FmfPH9WO3$hX?Vlx`AL)I$W4{v76D(PX@*`t}z)EPi_X)8G|4v_S0Dd&WkYNy2PllU{$ zYv#gA=<-i^Y#Kb*8VYH+*S)_k%&|}DpdUwy`O(73JS=D;6(!G}rVeGrc6n!hJmhl^ zt*YVOVhTHPWeC3;>c)#0%9P@!Bxv&?6kL48;i9%UmHj3+yMs;**<7rPKncTrS);W& z*jeIZ+)73|4x?la0(($tfWRSIjT#@V%t!Ryze4wRCQ?vrNC^w74fF$8Tq?=yj9QVE_B@tJtrv9b^iO2|4s5)>Qrg`8=R5T`Ge?4t zv_1O#F+o)sCz9PuE1SM4wz#;*nQl0m&?3!yK+Vt2r&^~La39!oLrg6su@G3vw^ESO zu20{a2v&+E-Doyl+O>$qE(P?*KCp)I{l<7KSaAzr~$;!^NHK!{q-Mv#HL1 zjCnr+7{Rz?i<3&fj|vw~zkk<-liFo7>5Y@BDll)VNQ1MzZZ38BAEiu^s_qC-E>~?W z8ZV5askMok>PjuSJ&ZhxdPz4Sa+;~94*GZBCe&ai;}Um8=s(I;M z7+#9X7HM+WLZl+*`b(vwSKDuCo#)xwVOvk~8)u|(gw#e6e;2X)u9E7^jNlRInyO0k z$3-k0HQTW{T#p{nssFmEk7SSZ%jMVOOFkJ6#;FXaOVJdvHlemU+hsxt{jE&yvWtjvpEICLHaR< z!wfzK?-EY{)v5$t>~ZZz(J;v`B#<`Ku76>zd?|m~bPJ$#EA02Gez9@A;&nkYxzMIA zLt`Al&-<9Vhmd+txsyK%fNEG9d5ArkhJnX|ZFL^5!5(FX*74Oj_b_@yr6YL?uTn@yH z-t2ZpRF7|*9aDp%^cib5{wvPfd>$p=;CA)?_?)a)`gp+fHY$TZ7>cm|x#@s)(lVn&Kck`~QIoKrU zVjHpe4bQB#6S2%j`;hpr#_TRO7vlwGwuUtX0>ZVOIIac6mGj?e6+X6ld<2B2E{2LB z55K>CzllscRT5A@pGcRDg&zA%{2b(%?lX~o6^+d#WA;w;czfm)o_m6DDIR(Hq_=tY z=YA{I_7}cPc}Mj2SH2*>IbR1()06z%8h3JPzZcRo_?VCNT#uA!VXi!|a>rz12lTG9 zfoQ_ZntXXpY+9|)8MQH#=($0B4-cw)fE7v%9;A6jWkujr+R27brFiq{x;T@Mmf-#{ z)Dtq3zISkx9LDmB-fMcjXL|Z^E()}8ziXHX`S^qQfdNXd4rTDDV86*?e3)adI%MiqQ`oiB9_ueAB8$f#s{$a>H z4Dm|KyoEOoDJKZ6n6fLmjy;r_toVD7p2r_4iDPB>V+WolyW_(`fJ!aR3I=-;*}$6V z*{u&;^QSD04+wS~_!VK>b}id+m?GCS{zU8Fk-9I40G@@HQu0CM?x)cTnZO^(0lB2_ zf*O!S5p~Jd zFRXlW_fceAa249ZO#irc+sxZ7xPk6G{dN6ve4l}HcSYg|*l=W~q6rnQ{2MdlA*m$Z zBo#yOgqUcXGq7+mDX(&7^*u#EiHqT>AgpWq zwZkp>Fo?SWzVJ0UEw@dX@ig2*sbTGAybf%G!N%80u*e{q{z{B%k)izLA;_ah(<*?7 zSTAB0C|Fazgfl!*_x=M14wtu81vY?;4o6K5J7{@9rdi*g8mqB`v-|;cX}@UASVJMn zoOw77?f}{6!sX_aW7Pk?Y>`B*&D_P&>Lu)vLl@)~&VC+6%DMf4@Vj8(^wRPIU)Hl= z0y2ySoiXMu8Vk)pRwT^vtqo4OM8&0HpPHq#1DLtwx) zrg&#{SpFjZ#Bg!JgJLqiLjKW4P20-zwd!W3Bo;OsicKQHQbj0$tIq-ViC57eum;(A~RhYS$X|kB|t`Y|+ z@$>$yv{)8tky6^kHv(SPus=;hgZ(dL1+vlT{{{E*0rZw0`CRcITCGb`Jgg?PKW-(RU2n&&-5L2X1CsB zhn`gJ9CdaJoHK7nH2Y*;w*((DKNbHsrnDS8AUtxR*6SmM^B8>^y?+dL&xdJc6pmJw zYW0G(rreAc2X||b!$OF_7+UE!U=kroD(#<3UX`*AgB;-4Uj&$H@l%%6xS)T{^JL&s zOcfBJAnk+j=hs>74s2(9!T|yuaK68g6r@4H&_Vvsc`5(mw*G(R|B$8fzb^8>Mt=Q& eEA0PEdHLVsz!an*fBXjl`&WbhwJ9wB_5KI8BdYBH diff --git a/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json b/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json index b27f5899e0a..503c455814c 100644 --- a/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json +++ b/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json @@ -972,7 +972,6 @@ "link": "https://support.microsoft.com" }, "dependencies": { - "operator": "AND", "criteria": [ { "kind": "HuntingQuery", @@ -1023,6 +1022,70 @@ "kind": "HuntingQuery", "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]", "version": "[variables('huntingQueryObject10').huntingQueryVersion10]" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-amazonwebservices" + }, + { + "kind": "Solution", + "contentId": "sentinel4azurefirewall.sentinel4azurefirewall" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-networksecuritygroup" + }, + { + "kind": "Solution", + "contentId": "checkpoint.checkpoint-sentinel-solutions" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-ciscoasa" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-ciscomeraki" + }, + { + "kind": "Solution", + "contentId": "corelightinc1584998267292.corelight-for-azure-sentinel" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-fortinetfortigate" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-unifiedmicrosoftsocforot" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-microsoftdefenderforcloud" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-sysmonforlinux" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-windowsfirewall" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-paloaltopanos" + }, + { + "kind": "Solution", + "contentId": "vectraaiinc.vectra_sentinel_solution" + }, + { + "kind": "Solution", + "contentId": "watchguard-technologies.watchguard_firebox_mss" + }, + { + "kind": "Solution", + "contentId": "zscaler1579058425289.zscaler_internet_access_mss" } ] }, From 97eb547e3405bb6cc43ddec467d8b575d104001a Mon Sep 17 00:00:00 2001 From: v-shukore Date: Wed, 5 Jun 2024 11:52:16 +0530 Subject: [PATCH 3/3] update maintemplate --- .../Package/3.0.5.zip | Bin 13509 -> 13562 bytes .../Package/mainTemplate.json | 60 ++++++++++++++---- 2 files changed, 46 insertions(+), 14 deletions(-) diff --git a/Solutions/Legacy IOC based Threat Protection/Package/3.0.5.zip b/Solutions/Legacy IOC based Threat Protection/Package/3.0.5.zip index 6b126f9a83747cac055ca25e839bdb4653f3f0dd..2e3e995cd7e868c4cebb8fa0aa69dfcc965805dd 100644 GIT binary patch delta 4057 zcmV;~4<_)%Y5HjlP)h>@6aWAK2mlFQu?*J?4rgA)SOiB*5?Chy07OHx@eB(Xf7>>W zg#SO_-hs&CkOZ(5|4i&d6I?b)+o0Pth}+w}Z3;uSWk-lC8ls%U#r<*5a*uXTax)|) zQ8FdVc49lNi!`w%YRDN5Df0U`WIT=f^psoZ1xzK2^`)W~;Yk7y@=5Ttgw~i3c+V*g z)VYL$7%t%JHa$JIQJz|_ay*<)f2Xhvq5C=83;&7C_E}h8HJKnBG`YbP5-SHLho$|m zrEl;OOnOI-N6Y+Cr3k3BUQW^+AjD8IKX;j?@Z8(lrstWHJ^s7R9C*EDiNpaxffO+y z7QboyxLskVw%r_&A+N)hqn0wog%?kW%${P4#P^e~EWi%D4EF zGdPBd?)ExpWt=Gsb~ZM-Dh3E-5Cd2UgV~|;oDie{NtZf~1Tyi>0F810F2w0!hthi? zb}Zr*eM%h+Y`nL`6pB9q-2oK8C#OF+4-?5i;9V4P7@l$olV#WR$1wk13wwMPs{5R| z&&3s&j%r4!v_0wP6*9#~f2o-9(R!I;4emo$!xU$kWND^2L-?wg;+#mN6uV`Lw@h&& z-IgidY^FGGAG0V^ycFL3x~Sp|Q@(1dcwxPMSgN=&gDP%psbc%Nsp1=J03(5GTs!Q! zKXo`^();9tjc*CLTXs0k4mUKy7HyoNfSGffx!BR?x2rqWj!t*gf#`$Zy83KnCsa@-AHY z|?!b-3#j`uBd*43A!|H9}x#Ifi*r&3dWI_jehhII=88B#AW;_}u+JAw1TRC~P8IF?hkQRUcCl-Jdr8gB@6E+Oi zdc-{nqvpz$e*!62Rbxhub1Xsv+fPF$vdg}Kzb|3DW<<8)d&RoyKAIiqoA48MgvXrL zi3Ib^5M;*j9wcm!U7TSnc__vCU_l2F)Xvx4fAIM^vPs-Gj=%2y;zP>aZ!w`G`+@p< z@Mr;?X|l(Y!Xw&AsQKUKHI4O2Zk!~r{e?+=1MY`D(Y2H3&QHpd)(D!wbq#4G1 z)g$fi+T4<)_H&S=&}Ew*LUZiWMHq>Clb@L#O}d?Yu=y<^cgv2(+0mv( z*rKg66fkpIGZ#A=c{&MQT|a?Xl>XEbNw{e$Nl-~@_@+Xq$RMNWo=+Y6XnA{yP#dv} ze<4GCFfNvfMejMsn&$_bOe8fA(|@PY1zidYYT0NIT7_z9XUX40>0CG7#eYjpGP>z#wW^oaKxd zfgu!MWP_}AP!i(bnKDa7(n!?7nj+IKo?v*z4gZXp&&9fwj<$@;D`Z@nslZEfy^M=y zLPb`?xMZ1RX~rc(_^KF}oKt)$f0k_-mo4KGPq$@UHk)zD+s7=*xXc2QUKgd3VXaq9 zsVuD54@;?(OEWl?a%oGd*v~<#yv0+&{a+pX`*+jpaTxu^@;!L`|`R)Vi8J>icu~%j7kmu9+hu*2!;Wb50Bt#%_!HaM!haCHfu(udSt*) zr6Hn)s%4{6DH(_Gryf39X&B{ZQ~Yln!PSgNA`D!oAq9j797W6PRalL5EdSB6T(ZXy zo1^`nIoX5Rx`kVQ?TPk@f0Oe4ePS2{I$3RsMzK`i-``IHonUtiu!z}+?+&LPKcq{e zBAqEG30)_4F-&X=`m##OvWWxE@XS4dg4+GQW{*%ww z-R>whkC%p@PA1Z%C7I9e@j?j5Q%Rq?Mcjs?q908kJ6X~b%i~c7fA1{9^8kE0)t?M7 zj)erIY3=Q}G{+|CH=LUr?_;Bfspnv#g^hXwKp7nv;8 zBUU5Nc|FHD$qg}1-QF3zi9PB(XCdZF+`@fqLi!bmeMsi29~SBH`=p;-ba zt*!zm4UoI2AoIYai{d5exZgv(sm3w7tasuZEk4oa=6iMSjK&?uW-#A8kBf=kA}tFm zANLiQ`DRfEb?^Nlf3v(9oxFjmGj#_iS5Sh#zd4ZK$hBiZe*t0Y*0(&IxW%J+J650a zNMXJL#g@^&fkT6s(aEg~!vFW5|H5n+YciIAyfFzV-aoz#-#-JG`Hedq(&Xn#i{HgS zzXRX1tb-wpsV(mys1tS|?D@A!2`mb~xlQ4(uqu3r?0Rrxag9(-W(<3`J16oA;g{YV zm?yDff0i-Pe-ltvQ(p7lG=?xVmE{XGWA_-*V>1R*FUW#_BjPLOK+qFma?CA8#gW2+ zHU%=8w)t?{)J9lL)eXeF1kaY{5gAwV_a&?g9 zjKbrVA+3yw#??ncA3l8!<%?_BU`+>Qm_AH_??pyxe@r)#GvkA3a#|p4+`S_vgF5I~ zjy)b0$UD>$KY(4RXAhu!1!DPKxxguOAuKXj5(A@nx6%uhcmzwp2P_+-F#mVLMyD=+ z>L7|0m0AJ@Bk(ZN8T-8AnQuD|R=)?H@?g4tWcr}hT!W9|appF&!H!Y;2@~={!;h)) zA>8)Je~pj04mh$Ox>fk07&=%H`Z&{}gI@&965RlIlgLYOiF+JYLytlo<61M@?K zWWunxh}yv`68h|WexKtJM7}h7xH2$SfWY+Bf5G35eFC;^f!+D$_D>Ue_W*8$x8-6` zXdE7{f;+!z=~A8HDmil6I@R6021}Du2TCfB31_-gQ9BIJN&4gbMwgOzYUHi$S&v{Q zU5Y)gOqo ze`Ol!%di72!7;TdpsF1l18CJAn%}{Pez!WjGVHFURVb)17=k|H4qtK!zc#H{;mb#? zzuE5iDZ5^(hxKd^k=MSWx1%aZqPL5~LA z)or$yuYl z#G_p?+t(K15&ZfQUIuV zfTy_tr&&PL+yGNd8?g!nMx7dndIu&k;IuX_k(jwiARqQR7ci4P=hi{(`7zxTNH+;V z&SqGiU*}4y&XuKfuIP2HY=X|!e^i~TOX*zI>s;LgoolH&*Ot<`rq{W)2|CwPb*?X^ zb6u}{n4 zZk^L3Pu8zQss%nd2d$aJXb_;h5tbW=1V2eF?o7`pYj~n(vGwj^+AM zvs7=?D)maEX~>Ih5#4P0ZIi>0?IGKgnzJSP>Dn9POoQ%d6^-A0a_GSEd*yngS#6Y? zht0}i+2B{(kbfKgzI-9_e_4e0Kw}9Tzj&Ft0S0ZmT`*3q*=$q}k1EZI5#A~GsaK4b z_Qi{p&r~MI$R90!Tr48w8&WQ@dY1JAOy1%U`GypZaTWl|<{$^KA%&v-KGYw)P&TAI zOtKprRdf8hSbg1tH(i&K~eWEB64Wc-Vl ztBb_e2zf0d`Z!&(O)*fH6K%Y0^*PP9A>|7C?UZ4p`ZaBtW*<+0x)y7Y&PA-EjF5w$ z*d7-<;bO0y1SqfY1JUJg>Z3AjOo#M~^$eQmm7S2WEow-dG~I%ak&@391TZ@km1i#W z-l1cEH1@6aWAK2mtX*u?*J?4oXbLShs*0@gpYy0MkCR@eB(Xf19|D zh5uh^-@)qDs;vYmP-tN_t+u!A%v5uyQC`*2_tn1B4jL!!KN>$vpSAmg#xsc#nU#m;?ZOpt(@j`g_W>Li%rrc<%cy7IZSgN=_g(|LZsbc%3sp4C!4?Te!oIC8f zKXo`^();9%^=}EeTXs0k4%aop=B=EefT?4fnb_eEE`4(2Fa`m~f43RNhz)3$gBO?? z1~pgI1pOdm5q{XS`Yn)tpCDb|f4KZt>-@{@?dA37)|ckxEuwi%Dwb!$FaBT0y%ei0%uUVe`QEBflNF0vWWw%d2qa zliRTnnFf*ZlkZK|yazWHC(rM#&O_@AH>9XBQ~M3%(h}eEeR7{pS&xwYR0W$qWxDWx22O;>)|K~4{7rEe_{eiQF>FcIc9@k zu1DOXFlw$`e<_gip=!*?aZW@?VC#9{M0VLX@cRn-Yer-%zE-TOuA|w8wh520Aw1!< zP9&H=3_)h>??J-W$i)%1@(d+AA1r7fg3|fA`wu=oM>dK3#>v;+UwlZp`z47`$${zfY~;7(=3lL*#+e+sqHh)l(ywag$LK=6*`h>r{U?>Bk`LG?*#s@p<`ok+>NR{PRU-I!YQKYr%kx?pFwiM~+QKa=$thByb zic|xBkmXRMStePSBFzxKEQ&NI94EzYDbg)Pf0{_QrAXJCBF)>z%uA6j2>NaoNt$8I zjV4Lw*6W8QNgGp0(#Dn~wO@iHg(lnd5Sn9GF2YFE8~@DgXwvQEjg4;!xm$KL&W<)T z!se}&p@6Bwnwi+q$kR#a>iPl1y!5A*NWw)^NrFmJ!#5Q=MFtr~*L>>GC(GMQgxZKz ze+(JwgK@D;+#)fik7noIb^{tjiT;oh$Ye-|3RZF^4{>QoH?ZBk7(@+i)}`AGuA0vi zSLMUcCHv78pr?|h{U{10o<^RHWMFE>AM;?fn3WrihSR8S`Aj?7Jw6cp~ zg0v!cJCV&}v8r>1OD(yOS4d9%=w77@f6<;S;mIJ_aPPZWiaQFojTLx?^nz08^5_Sx z`B{Y|>in!UrM`_QtHpCQfG&$#>(warh^PEo{bqc<+u{5mPCU?g2uhm87qnHMOHs=_ zsFpuTffMn63NTmEU0xcW@~btbP?}@#LC%(Vxc(KBb9&SzNZFV{ZyS`eeS)ipe^SP5 z=v(5QkZep`ij3bJf5oybUA8P?ip zN@Z@neppJST$;kEluKJu#eNA=5Dkb9x{?x)-D|MsXXo&yyV>p`;NrZvxG^BuVgQIAAy$Y+5w&g!rmP_^+ zVso_DHOG4}TDNe?uRT#ee{oR0zfTN|iVnZbY8q99rt^TSJgO1m-SAZp~ffb+-$GTo#CkM*bK&-7jZGsTcl}W z;p4gjQ{OCVr|!K!;BS^U!_zk~bf#|q^cr&T_csUf7rAjPf5;#V-FlXX1GjiIZ`LHPgv^IsV4VoAmlkT)g)#d{}r;rpi#Bfn9bLz;YFY4KeQ z^gHl9%Q_f9pW5;cf-+$T!k&Mtl)$3!&20*Qg;n7ovg^UE#Wg}TnK9_z?VQRpgr9nI zV4lXZ{aMCDe~&>~O@7S>(-=V4ROTKnPRNX*~OK@*#-cK$_{{mY>aZ>&~4}pC?mXH?WIKaFy3gdq#taR%1 zr#7NkQLZImFa!@H?UBz5p82-pVDWq4DUYV>N2U*I%?pD-cMG<-~r z58<*$e{Q_Tb-B5DV(NNBSk_;rp)5c$&R;>^HU1_IMle+R!E`xI>31iSOa?Vrc;>H%B`FU!fG zP&quD1$S}X)TKJdS#sp8d8WH~1C}Od4&+pB6V7z0qIwwalk~^Mtu7^R)W}=gv!1|A zx)gslJK&HW3D^2Mpu`_ zf6Fw|mq8n9f@5k^Kv6r`2hgfLFu#Kj{cg2+Vb~o@t58s2&;@STy1r+UtBdsV4OX|+rFdJ5_R#wM?5#El)H554o*%q} z22g8oTwRUaK+~=@xd2gxLMUipYLkT~f7iO?fv9a!bC;lXl>S1w6t#_MFH7FG1uYsh zSHEHVCmIQ}O`*}9?AP!n?BD6{-(wU{CP$6- z0=ITVck_)s=o993$jNSC7SDV#L|1CWEKdqb?^VeT71Vsn#I;s%&0vrHUGijifBpND z-Q(Kuc^5hcSi$A5(|jY_jB#@e4a|3o9>|&kV9gC&%??<_P!2snH4T``4@kuxmI6S{ z0zAzGI86hZW(JsI+K5>w(CgGd)H^VU0jITbip11O0{O7lnShz}F}DtC&yVS*K)Oi? zayrBE@;X;ib*?O=b49OnWgT=re@xZ+a3P%!^*SG}gU;1dovRD!T-EDbT?d_OsXEsd z(z&MBxwZ~EXY2sKkj_VXosZT*=e)aJNXfZ%PTwYH^*ZNWzD7#Ut#kUiSF6`K?*wuw zIk(Q~kteIyIX_t>W#`s9i)o%$Z+$PFCyD7C8{3H~uf+*GtY~s<;mP9Lf9xT$@ap*r z@=)bj>dBF_p+EiVxyffGSHf2k=-|_?UOj6ageZoHP#DqSWaeJK#PZpwgCLj5%yr7n z!1Bxo`_*&Q3D7&+?UZZvYNJuF935906(hV->`|{6&+DsaE1#iy5-;O_kuO-2e2rXO zXSW*;cp2?L7OB4`*$ea4f0dv$WUhly@tWk1afBB#C)G4O&_6O;F+ckZG|C@TS1mWVC>a1@r09&`yMKA006B5ziI#g diff --git a/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json b/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json index 503c455814c..332e914d7aa 100644 --- a/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json +++ b/Solutions/Legacy IOC based Threat Protection/Package/mainTemplate.json @@ -1025,7 +1025,23 @@ }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-amazonwebservices" + "contentId": "azuresentinel.azure-sentinel-solution-squidproxy" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-dns" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-ciscoasa" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-paloaltopanos" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-microsoft365defender" }, { "kind": "Solution", @@ -1033,35 +1049,35 @@ }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-networksecuritygroup" + "contentId": "zscaler1579058425289.zscaler_internet_access_mss" }, { "kind": "Solution", - "contentId": "checkpoint.checkpoint-sentinel-solutions" + "contentId": "azuresentinel.azure-sentinel-solution-infobloxnios" }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-ciscoasa" + "contentId": "azuresentinel.azure-sentinel-solution-gcpdns" }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-ciscomeraki" + "contentId": "nxlogltd1589381969261.nxlog_dns_logs" }, { "kind": "Solution", - "contentId": "corelightinc1584998267292.corelight-for-azure-sentinel" + "contentId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-fortinetfortigate" + "contentId": "corelightinc1584998267292.corelight-for-azure-sentinel" }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-unifiedmicrosoftsocforot" + "contentId": "azuresentinel.azure-sentinel-solution-amazonwebservices" }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-microsoftdefenderforcloud" + "contentId": "azuresentinel.azure-sentinel-solution-windowsforwardedevents" }, { "kind": "Solution", @@ -1069,23 +1085,39 @@ }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-windowsfirewall" + "contentId": "azuresentinel.azure-sentinel-solution-office365" }, { "kind": "Solution", - "contentId": "azuresentinel.azure-sentinel-solution-paloaltopanos" + "contentId": "azuresentinel.azure-sentinel-solution-securityevents" }, { "kind": "Solution", - "contentId": "vectraaiinc.vectra_sentinel_solution" + "contentId": "azuresentinel.azure-sentinel-solution-azureactivedirectory" }, { "kind": "Solution", - "contentId": "watchguard-technologies.watchguard_firebox_mss" + "contentId": "azuresentinel.azure-sentinel-solution-azureactivity" }, { "kind": "Solution", - "contentId": "zscaler1579058425289.zscaler_internet_access_mss" + "contentId": "f5-networks.f5_bigip_mss" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-fortinetfortigate" + }, + { + "kind": "Solution", + "contentId": "checkpoint.checkpoint-sentinel-solutions" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-commoneventformat" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-windowsfirewall" } ] },