diff --git a/winlogbeat/_meta/fields.common.yml b/winlogbeat/_meta/fields.common.yml index 5f668095dab..02c1d508cfb 100644 --- a/winlogbeat/_meta/fields.common.yml +++ b/winlogbeat/_meta/fields.common.yml @@ -162,6 +162,10 @@ type: keyword - name: MaximumPerformancePercent type: keyword + - name: MemberName + type: keyword + - name: MemberSid + type: keyword - name: MinimumPerformancePercent type: keyword - name: MinimumThrottlePercent diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index 7dc0edf65fd..3fba0bd339a 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -6967,6 +6967,20 @@ type: keyword -- +*`winlog.event_data.MemberName`*:: ++ +-- +type: keyword + +-- + +*`winlog.event_data.MemberSid`*:: ++ +-- +type: keyword + +-- + *`winlog.event_data.MinimumPerformancePercent`*:: + -- diff --git a/winlogbeat/include/fields.go b/winlogbeat/include/fields.go index 440f87cca17..05c9ea35a25 100644 --- a/winlogbeat/include/fields.go +++ b/winlogbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetBuildFieldsFieldsCommonYml returns asset data. // This is the base64 encoded gzipped contents of build/fields/fields.common.yml. func AssetBuildFieldsFieldsCommonYml() string { - return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mnq25jVTp9+9XUN6HdbYslS9JNtmH/Sqxk6zO+nZiJzlPkfEMHrEeDSqGkazz60/RwAAzaEaDnK19cZU1dDc0TdNAXyRLU51sCUZx4O3XZq6S51sXW3L4x96awEH+Euu927vxsEfn/cuvZy/sZi+PxlRgQZduzPyScJBPXDzSIoM3vb1ztto7QHsXJKXVfE9J894fNJvtwRTIYxpaHstJrdVnjREkARLjGOPC+Ls4tASQsrhOxofaZ2sNwQC6srmzsgCDbezNkVtXWragJWKrAjIKpmiOC5yp+LqPk883t+Mrnh2gSZGM0T78IJUn+nIzUuHzBYN8UQ/UOWrxDBd1Iv/VjEllQEsTJiMYmpF8AXq/EoSjkiQgnNKyBT0hra8FK9ziAQTPS4QTzkplOK8Yz9MNIlos03FBSzHO2BLuLEZaFYG4tpWBuibbTlT1lPxA66Ke9aCFAe5OknugKMwmaAoDcPsohuReyjgVeiIQJxlWlckcFRDHwZYRL8kkNekgF0eSIb+he1VoDRfJjHH17ygxR2Z9H/letfE48zvgPjXe0LpQ2T2Uu9IFwoy/DCylPNdxFHIy4BIudHuo7k1NjsyO6fP68ofJqalnSN++epjvoZgZnZP/mhdVgxjntA7AWGAx+01feTYaz2mmjuS/IcEr4mNXY/HQMjexgPpn2juS360eMJwFiwt2gaziwE5FLDS+FtPaY5O8ddt1DguQBmejjTg4dZ3YJYNLCMQe06IU2B4fe/kEqWcVLDKwiKZGqJOcVamV31P5r9lGuFykOMUCh0X6Qn9VtkDigcJ50yZrwGk6hQZTg1K2TEhZqrOGkXBv1AAwXnAmJcI6TtnQP/Vl9NQtH+5jvQaR6+wTuPGqEavjToA4neOMBEjjOR3h+yQ9Oj4JakNLfSIxoMlZfYxWfDJToWXzJ/ROigk0YnnqrhLTIcm4cc0SYHKPnAUbd8qZQ8N00B6xu8nUA6rbD6a0xdJp0Np2/TjU5jiZ0YKAgtmKmAYYOwDb0nJPBdMttGk31LZUtYxvO3Gt9bUtHU4ya/R20/CaBvEbfZSy5BFkVSukM/N/YHmpb6gUWMhtNc9VBgXQRuqbXNfljHExVduCtYvMLq7ojWpltGG3rbuFAo97PoinRNTW5NbUDTPLYVgYJMi0DaSkxhlODTSds6AGUm1Abkc0npwO4kE/odursytp2KykdT7HkL6yJP/f6otnZaBuSwNt1ueo1umqC2MjuXI/t3L7h/ovgGRSPDBXWvW2IMGR0TWOgMrfg+Kp940PpzdunVlaGKOHJOV4Pdd5hX/ST7hYV7qVRx8L2XDCZXXygM2SvnlqPE/ZcNLbPvY+WI7AQ5Gd9jZdVo7vK5q3SbZntN69947enB0dvt3brjtXNwgouNfm4Y4kLCXBddDVl1JwIpLZ9p0xVJSrfbGuJfCxuie8IALeMbQc/un+FsBrv9fGnm+5WaTIlcJurWqBejWr1+lumWtyfMHSsNoZtJgdDiyYSpXfnlxJqgro8FhK1yxFXyZnbULyb7nAyfMNymJsE2NpS+XvSMz47bWJaXX5y86K2fk8nePFghaZbrv3y5aryOmx3kjmeNHuMvjjq9ewf1y/nb6FO88JpNQviXjeKbZ4N0x0ShY5W0M6k2clbPFuICwNQfJQ5c8+ZAfxBtI9dlAs4RptL9mw0bc7XYVXbzBal9vd5br+IYBXf7T7Sn2oDe0DFjcatAmQp23NTk1hTJ5IUgnnNRMFTE894r9Yzh4pHuFKsJSW8FBhh/8v9RWd6S9r5LZDzsm79/YkgMrdhXU/apSbbgV1u7G6YvLfJQZcqRlHTe2OwR7qDjjummGatOsqeQO5DziZ6egTlWCqdg7RpYB0JDWhkO2nrsivC7GUAnNRLbw7TaRSGcyVX0p9KSh0Ak08J0IOjOu3Kpg3KO5PVB4K9YP890A7P0DX4IYb5xBKXqpL78n1gblaAnGn6QHEl8HjldcluOoWJXAmzEKdu27BWVolYjgjwZuvXrsajTQT67F1kY0WF4/sz2XtgbzvUH7RQ9pxfBhIWcEaVtvhO7JQIl4VhSppEu6HSQE4mPqXz+c6CbM8qgA5La3Qky6mJxXfvjaIpfqtTnplxrfCZS3i+kiJKzEjhah9OlWCIqPWVrTIWWYV2d43+OGeYLEX1lY6ZL2OG/umXODRB3ipOGfZxlvcnGXjB5qTsZMrKMRj/WreFVngc959x4CMdDYDlaqMgvVdECRTtiNETtEQrpPVmeyCOsquQGOyFE+AtvF6oF48GmFcUmOvOBVE7x69fed4hf5zcW7zTHmut2oQ7B4EWQ9CM7xR9KTOXAUJ/Ow7ksTViAsoTeJJ8zavMVotbKYSvbueoP0LyFDLHkQ9119pKU+HRYoKsiL8xbiRPcsNXjWp/uQGph/V1BOtdpZW7kTwuSQC+nSnYaZP81zx0ZYGwWVLi7OFDdYtIHf2kqYVNo9nUuz8/EV9/IbiJRDJC3cynFX3OSlnjAk3c8ai4gtWklIlFoIN3OTRNaXTVa0yOTRH6GqlMF9gN6OdfjB3EcmOQloinBVM5UW+z8m8+Y5VL2IUNJg2SN+7PDc9rf33dR9aa9p9n0cz8OFwxC50C4QX1DGq7JJ2VkVH38xM1TMIkgjetyZXE6xqleojYTxVs1DnX9YFqDAnHs69FS0AZ86yvfrGrT1cSY1xtGfaZrSw7T2MNYxsIuEcWTOjaLUBtZSSkmaF1tKmCzcq0/vx4eGJh8Zpcnx4eNhe05Du1FufB45E6yF4KKmfB11pStOpMbpqoIOAaAy2kqHtodP9OOjgqFpX6dhdDdK8mmN4ec/XHkJlL5Ta8IP5Z5AeUvLLqOt6eGXgIg4ngi6pWE+3uq8Jbzs9QvoOZTm7h9jsVqh8q2aDcGr+m76B3HoodbppAJbLDhL9QKpvcJcA88IhAk3cTE7+sRNZSqFTo/JemW55Vo1dxu4GXXvMwABVPBDkUneWMlTsVOVbmntTzSEpBivlDKKrqwAVqV1VGje1W975b+x3AS4Auql+3fZZMPRmJ0qGakVn46hkZ5qbqqmjhWwdLSkQHirINAFDuYPDy5pVICAJXgh1RFK8g02GFcY+L5WfjYdKsJA6qU9M4Ox1Z1l3B3QkQ1N0B62O7g78vsGvx3dO7uoDdE8SLNe0VfQOBYmxKhROWvgigHlOwUlZD4A91IbRoBl2N8reedLp9+HRhDzNcFVCzhfIy8Ue3K7Xqxe2q0bnDV/VSh+j92s0w0ttjZXERiOq/VYbA4LMF7lK6EV8TelmMaQFSnE5u2eYp6X2hYOnpFFOMIeTz1/s3onoa1+ouJx7550ernHyiDNy2VQxmzWGxfSeFpivI8BEDk+uX0rCJ8WiErc0hjpj4oKlcYC39sF/AGBF8/Rro/rXtsCn0jgshnPrlHFegfC+A1fzG+GW7dsaCycw3V9EEsXss1aU3hBYYfNxDQFb0iROMC3oOSmyhkLdHkEkpySolpIL/FdDBw9HQYsYFJwuI3knIfmOoLFsl1++4uGy8qEQfH3KqkIMB30SHE+KBzYY8iOmecXjuOzARvLqI81JrC76SAucS0VSlYNhPzV21+2gJmlOJvNFTuoC4lEoQPnFzfNkviC8ZKrq+zlZkuFSNjFxIZHgi3cqY2AE5LVNfr092J9kHSlc57gUcpv8xFgaBXwzq0TKVkUcgvkuVsk5y1jxyX/QHwA5iYTTL2LxXY4ySWCDiVUDF/iJzqv5ta1mdU14QiIW1wUtnhfT7YwzIfJd0MTz5ZKs9GxGCIMFjhKFS7JSqaCjJPiSrKKMlks2l1vCR0g8VyTDrdRLeEwcDHaVpzuM9ipPo0Z7pS/45RYaNUnXOEKnOotjx53wmpMlZVW5q1Fv8EQC65DYc1oOX5/x62uXxaVh46ZPw0bI6bX35DsArsJxts51ha9ZTpN1BH///RBtVn4muIwAAw2AY4newLn0fc6Sx1s3scrW8CqDZpQ8adjormsjSR3so/Z/gwJu5U9jbkMMhtjJo1mBRcUjCBvIyIPIDbxqDAcTmMddOMXdvMSOTrBFXC9VsV1Vuy9OqhWGWGtYg38pI28RHPibCGV7exPR51vMM7ILzxSCqGsEBRp/anHgo0eu3ih3GHn0bFvwqMmG4hs4vyEQxh0zfvZIig85WeJoHXzLcVHOqRAk1RvC8OUey4DYrecb449lpPmpnoLiwI7jwE7iwF7Ggb2KA3sdB/ZrHNibTrD/a8Ko97KBr+Yxnh32HVv5b6hyObTtkaITWbluOoF3Pt29clC/B77UGhr2dU8wkzhx7ST/bHUumeGi8G4Cf+gzu6Jm/N5ooj0H1BN77Rc3dssUUV8VsaLGJjE7Pn/63TdnWXlnItggMUZhPC+te1aAE6oPP1a+9DgnZ75rV84yz2EIssDUTOFSL/s6zknoCsCWhdol+ki9ZzPwxFSflGyo7w2js4Q7E0Fxnq9NmbsGQk5wMtPeInN16abnZ//4+8nxdw+fcWFquxjJTh1/f/3ye7eb0wv/kR4mmzyJRp+gLNQ9QYfB2cyxIOn0n+htY/okpxEWgYcuYYXgLIfFAPXIHwjnsKDHWoZgZMYjR5WMFjOiizWJWWPBuF45QJ9ydOew5c7Vd4G4wUXin8meXXcpCk3HAqWw0C0uH5Uoq1YQIbpeKM8so+lC41WBCTnTHsYaK15AdJCoS1ND2VbfNdfDlrMsI2mALybUYZptF3j394hWnRoDPqrOt5bSpr3ARKAsAgNyapLuNNmaxpTWhSBPcyoZr30MP1eFoHNi7qq6GP+D3cMCm7ujqNF+U5wYr0uZSOYHpMhRqy8CAxO4fPyR60zi/2evMhWpofOOK7I6wKi9k+yzAi048d3BfEuh6Y0KuWH1dqpMOOPJ1rEYxAwskuFLooWx9oJrYfp7HfrQ7g59joddgHW6ypRRVDvJtC1WMzoavRodH41OXr08enly+Pb4zej48NXRr0dHx0eHo6OTt0cnb16evH47OrKZTbdgiZEfmyrNatj9m8nZizpIKklYVQiEy5IlFLbgFmNAoprqFamcAb6zfcEgFxvLl2pd3EzOwKoDFh6o/RyMWlulq+G4CB9UOTftvah+kjy+M956xkRi6nBvjWWnGIDTxzWrUB0f6HTY9lYup5vJWXmAOFlSstLrP0MPDRefRLm6l8rI0Xn8daiATtW/SXS2VOwdE9sugORPWniivE40Kqv+AH2sS/HVRQ42CJjT1831/7yuC/8K6Pk3Ep1vvL/DgR4uW9c9uxgYt05dHhsNWgv4z9pfleozn85jRcr6+OFks9LBZya6woafnZMMJ160jIng3RSJphqQEqlMjsyL73o9ftK5rxlVxTmc8ByTsx1wLW1BEgs/dnKlqCBcjYEWKXmyDrmrmT403tXBw+PXU8Gmv45VdJMOYoKLDSI2HJPDcbyiPzuVCv8Z24ibzrxN7WNaH94WQCf+UExBD4UQSCeNxv1UD/pG607MjRukHsyN1p2Yc5YNYYl3WdSTiKsscUamhHPWlwgO2ow1xDbI9VVN4Xps9HS9ebvTg3/T5UEvlU2AnfS8M3YPCa9tJ9bQCbUHeQikj4Y+zm1NoHHE7ESvzmADJDR0OOxOXWkPXT2onZbdGOHAMJgjzXNGJ42whb2JkiEVhuon5JlCPcNpA/Tj3343aTbvxB3KF7ARs9+4E+/TPO9TaKEg7CbO/wUAAP//HaisWQ==" + return "eJzs/WtzGznSIAp/71+BVxOxsmYpitTNsvft2JUluVsxvmgs9fRcPCGCVSCJVhVQDaBEs0+c/34CmQAKdZFE2aIt92qeecYiWQUkEom8I/Mv5NfDD+9O3/30/yPHkghpCEu5IWbGNZnwjJGUK5aYbNEj3JA51WTKBFPUsJSMF8TMGDk5OieFkr+xxPR++AsZU81SIgV8f82U5lKQYX+3P+j/8BdyljGqGbnmmhsyM6bQL7e2ptzMynE/kfkWy6g2PNliiSZGEl1Op0wbksyomDL4yg474SxLdf+HHzbJFVu8JCzRPxBiuMnYS/vAD4SkTCeKF4ZLAV+R1+4d4t5++QMhm0TQnL0k6//H8JxpQ/Ni/QdCCMnYNctekkQqBp8V+73kiqUviVElfmUWBXtJUmrwY22+9WNq2JYdk8xnTACa2DUThkjFp1xY9PV/gPcIubC45hoeSsN77JNRNLFoniiZVyP07MQ8oVm2IIoVimkmDBdTmMiNWE3XuWFaliphYf7TSfQC/kZmVBMhPbQZCejpIWlc06xkAHQAppBFmdlp3LBusglX2sD7DbAUSxi/rqAqeMEyLiq4Pjic436RiVSEZhmOoPu4T+wTzQu76evbg+H+5mBvc3vnYnDwcrD3cme3f7C38+/1aJszOmaZ7txg3E05tlQMX+Cfl/j9FVvMpUo7Nvqo1Ebm9oEtxElBudJhDUdUkDEjpT0SRhKapiRnhhIuJlLl1A5iv3drIuczWWYpHMNECkO5IIJpu3UIDpCv/c9hluEeaEIVI9pIiyiqPaQBgBOPoFEqkyumRoSKlIyuDvTIoaOBSfceLYqMJxRXOZFyc0yV+4mJ65f2wKdlYn+O8JszremU3YJgwz6ZDiy+lopkcurwAOTgxnKb77CBP9kn3c89IgvDc/5HIDtLJtecze2R4IJQeNp+wVRAip1OG1UmprRoy+RUkzk3M1kaQkVF9TUYekSaGVOOe5AEdzaRIqGGiYjwjbRA5ISSWZlTsakYTek4Y0SXeU7VgsjowMWnMC8zw4ssrF0T9olre+JnbFFNmI+5YCnhwkgiRXi6eSJ+Zlkmya9SZWm0RYZObzsAMaHzqZCKXdKxvGYvyXCwvdveuTdcG7se954OlG7olDCazPwq64f1P2sV/az1yBoT19tr/42PKp0ygZTiuPph+GKqZFm8JNsddHQxY/hm2CV3ihxvpYSO7SYjF5yYuT08ln8aK98mnvbFwuKc2kOYZfbY9UjKDP4hFZFjzdS13R4kV2nJbCbtTklFDL1imuSM6lKx3D7ghg2PNQ+nJlwkWZky8opRywZgrZrkdEFopiVRpbBvu3mV7oNAg4X2/+qW6obUM8sjx6xix0DZFn7KM+1pD5GkSiHsOZGIIAtbtD5/3uczpmLmPaNFwSwF2sXCSQ1LBcZuESAcNU6kNEIau+d+sS/JKU6XWEVATnDRcG7tQexV8PUtKRCniIwZNf3o/B6evQWVxAnO+oLcjtOi2LJL4Qnrk4o2YuabSuZRB1wX9AzCJ0gtXBMrXomZKVlOZ+T3kpV2fL3QhuWaZPyKkb/RyRXtkQ8s5UgfhZIJ05qLqd8U97guk5ll0m/kVBuqZwTXQc4B3Q5leBCByBGFQVupTgcrZixnimaX3HMdd57ZJ8NEWvGi1qm+8Vw3z9KJn4Pw1B6RCWcKyYdrh8hnfAIcCNiU3gh07XUaK8lUDtqBV+BooqS2wl8bqux5GpeGjHC7eTqC/bA74ZARMY0DujvZGwwmNUQ0lx/Y2Rct/RfBf7fqzf3XHcStJVEkbHhvDnJ9zAiQMU9vXF5aW57931Us0GktcL5ijtDaQU0oPoXsEEXQlF8zUFuocK/h0+7nGcuKSZnZQ2QPtVthGNjMJXntDjThQhsqEqfGNPiRthMDU7JE4sQpqcQpK6iiTgVxy9dEMJai/TGf8WTWniqc7ETmdjKrXkfrPp1YxddzHlgqsiT/lZwYJkjGJoawvDCL9lZOpKztot2oVezixaK4Zfs8t7MTEG3oQhOaze0/AbdWFdQzT5q4rU4bx3etNO9XqBGBZwesVs8iibspxqx6BEQYn9Q2vtqxJgHUNj+nycyaBG0Ux+N4PDtjcwWo/oczY+vIbsC03x/0B5sq2Y7VGF3TYUojhcxlqck5iIQ79JlDQWj1CkoR8uzwfAMPptNOHGCJFIKBwXgqDFOCGXKmpJGJzBykz07PNoiSJZiLhWIT/olpUoqUoSC3ypKSmR3McjepSC4VI4KZuVRXRBbWjJTKKjzexmMzmk3sC5RYeZcxQtOcC66NPZnXXrmyY6UyR02MGuLMVlxEnkvRI0nGqMoWAfsTUHIDtDLjyQIUyxmzqi8ssL+0wBRlPg4KzW2iMpNBate2wokEHMfaoTIB5cpB1Nomp2+ErwPBu110Az07PH+3QUoYPFtUEkej8hxQj2fitLbuiPSGe8P9F7UFSzWlgv8B7LHfFiNfoiaAmXIZYzlidd6+I22Tj4COpXL9kkxopiuJkLIJLTODQ9Z/rO3B+2hNMF8LDz9JaWnwzZuj6AwmGW/YEkfVN7cYE4fuTXvYPD1S7QiQG27PApK+3yZ3BC14ExnMZTQSFJtSlYLyaHVDKXQveh4VxzFHbxuX1vqcZHJOFEusXVUzXS+OztyoKJkqMFuw2S/s4xFkcAA1E8FksM+c/+sdKWhyxcwzvdGHWdDaLRwLaU2FXiWr2tUm9baOApcZ0xYOp417LBlFhaYATJ+cy5wF/bjUaGcYpnKy5l1lUq1VlrViE8+tHCiisUCNR8/97OxA3NkxC3YQ2IERAtyxtGCJqd/maooYfrRoHRH5Caz0KnVpEeJGrQwwLix4v5UCNwDsMbSwvCOzY7AKv0Ka1pBWscL92oQT7T1Iwe+E4235eYKnEA4Pqmo0TYlmORWGJ8D72SfjtDr2CfX1HipRniPooNsZSa65XS7/g1XGtV0oU2Bwa25K6rbjdEIWslRhjgnNMk98XiJYbjqVatGzj3qlRBueZYQJa146ukX3pFVcUqaNJQ+LUouwCc+ywNBoUShZKE4Nyxb3MKxomiqm9apsKqB2tKIdbbkJnf4T2Ew+5tNSljpbIDXDO4Fhzi1atMwZuGVJxjX4rU7PeoR6OSsVoVawfCJaWjrpE/KvCrNOTQO/YcWvZ4woOvcwebof9d0XI0RZXcsU1givlMi0RL8hisZRnxcjC8qoj2CNeiRlBROpU/NRR5eiAgJMerdjlRbV/79OgFPdf5LhEVTjhWH6DtU+2nv08NRfqwHyyv6A3p0QYHFn0pEEss72Vh3s1gBDwl6B0eF4OI7fr805ZbKfcLO4XJGD4Mjq7J2789baCIxmbXCkMFwwYVYF07vIWREma8H3TiozI4c5UzyhHUCWwqjFJdfyMpHpSlCHU5DT8/fETtGC8OjwRrBWtZsOpM4NPaKCpm1MAXu825ieMnlZSB5kUz04IMWUmzJFeZ1RAx9aEKz/P2Qtk2LtJdl8vtPfH+4e7Ax6ZC2jZu0l2d3r7w32XgwPyP+73gLyYXliwweomdr08jj6CTV+j54ecT4Q1MLkhEwVFWVGFTeLWLAuSGIFPKidkQA98nIzeJiQwrlCjSphVmI45XuSSamc4OmBR2XGK9W2klAIXkaK2UJz+4ePcCT+WOsIhHfSRFFciN9w9DvkICCnTPrVtv0wY6mNFJtp0tobxaZcilWetA8ww20HbfPvRzfBtaKj5mDqPGl/L9mY1RHFiztgCA/UifP0LChpniOCsIgpC52x3pHjQ4unZ9e79ovTs+v9Svls6Fs5TVaAm7eHRzdBTWo+b9Nv4qXzWN+AmwtrXqKVdHpmJ3I2A+alvDu8CAY4ecb6077zJtEsdhQQtDa9o6kW2ghnJbI5rVEL7kcxJZmkKRnTjIoEju6EKza3Jg/Y+EqW9kQ3MG4XXUhl7qfgeiVHG8W7td4YG3b87wUfaNveQ9+rrfoM3/4s7W67DkdrT5ZROm/ejzO3BzcRv+VO2jDF0ssuvfLhxJs1bmZ8OmPaRJN6HOHcPVhIUbDUg6zLsVdHw/6/rmI8KKai4ZwtOpGKrE2k7E9Bt+8nMl8jXJO16HMz9ITZNC6klDLDVA6iuFAs4draWuBHoWj9QiAWsojKccYTosvJhH8KI8Izz2bGFC+3tvARfMLaWBt9cqEWllKNRMfBJ25FH4rX8YJonhfZghh6Ve0qWssZ1QbiGphKg4a5kIaA0TdnWQZrv3hzXAV/1xLZL6/W2rK0QkaNJIwsLmH7vwJFsMnEHuBrZmd1Oo3bw2fs4s3xRg+jOVdCzoX3ktXAIg71Pe+OBBQVtCJ7Nx6IyDbxNOcNw1o8VhgC6vm+yQZI5iaKqTZiOdqB72tkU2qm+qulmNgiQ8e1VOgOtpNjjCpn4CaRk5s4BhXkzfHhGaRC4IqPw1Axqay3V8dyyrMVLc6q/wQm8DpLvw3ApMyyDk3yu3TM2AWva2KXBNOBgUGvKc/oOGsrs4fZmClDTrjQhjkSq+EG/KzfjABh9tVTIC5yZTk47TyUicu5wvX5UDl4JLeKjBqrgXQQKsK5QnM53gmcrA3EjOrZyqx1xBTwHTuP5cmJVIpZ1beW8DVBxzgwKEGokGIRp4+iEheRyi+auWSWEayCp+jQhg92daOQZJhIMcG9olltTipSK5KqQA7xScFdRLWSnKb3DTuwbJJWsMkAhjZUD2cwfzMWdz6z2jd6WSDZkIv2oiMeR4HH1SLJssTlhUCy/+LmODLeOyBIiiHeAEMRCI5OFA3JyFWaJQaEMEfJmxeQqURuTKuckLfMKJ5gupOO06moICdH25hMZalxwkwyYxqcTNHohBvtMlkrIC0l1xOwa5m0XIc0nToIblxVCpciq1guTUjqIbI0mqcsmqkJGcJEicvh9AvyBCaqV52DrJ4rjoNWA0Gyqpvcm4B2WK4rUB3C7hMyTMB9uzopsH5RIQjngiTdOJDC05B47U70gqR8MmEqNuDBDcgh3djKRXsMNw0TVBjCxDVXUuR1H1JFW4e/nofJedrzQRqgf/L+w0/kNMXUaEgaaDGXtsK6v7///Pnzg4ODFy8acS9UOXjGzeLyjyoy+NBYPYzmIXYeixUMRwJNw1GpDlGLOZR6k1FtNocNj57LZ1sdOZz6PMbTY8+9AFZ/CJuA8s3h9s7u3v7zgxcDOk5SNhl0Q7xC9SDAHGectqGO/I/wZTtx8sEgeuv5QJRDeSsazXY/Zykv68Z5oeQ1T5cKTH9xzAvOmp+w7w9nfA2IznWP0D9KxXpkmhS9cJClIimfckMzmTAq2pJurmvLQif5ihblfOSfedxicYyM3mHfi+Tal7ekd4UH6yk8LrmmdUsrujhSsIRPuHeRBygwQ8W5PZyTVU7iQaIrf0wzP++MZUWkrIK8QudsGFo7SSgWFkGGB2tkGQG1En3SKdzV4nlaP8M8p9OV8pT4bMBkITKMAM2pJuOSZ8aK8w7QDJ2uCLKKshxcdFoHILqHePvs0X3EW24kNpktTOou99XmXeFuVGuuYl+BmyDJroqd4Ogkp4JOwR0HdxE8PC1OgvcgIzYSJZLFjOS48fUtrCR69PaEQ9Seo6chmIzBjq36fcCOMaMcw7uyC5H7uOzCx5j+VsveWyoHrlJj8QrxA+XAhWEhF+4pB+4pB+7/7hy4+GD6UKmrF9Dcr6+VCBezwqdsuKdsuIcB6SkbbnmcPWXDPWXDfU/ZcJEQ+95S4mqgk9XkxfHCzhZL+juSwVgtC6xQ/JoaRo7f/nujKw8MTg3YIY8qFQ5yryLfjFspeGwq3BhJxgvAxDGDwhEPv8JVJLfdQ237ehluN9Lyt05zS1sa5VOu21Ou21Ou21Ou21Ou21OuW5PgnnLdnnLdnnLdnnLdvicW98W5bqmolS46fncOH2+Jgr2uRb6ssnD87pz8XjLFmQa6oELPWVQd1f7ukt1c9IRxSCAK5SqqukJ+rIU1Py1nkGTKDFbrwGHdoM9GqdCQOvISnh9tuEKFCz9JPDrIAF/uAom3KhnpRsRpQyBPo+pCNZSj9SWhEAbMAZgzxXymRur4GNc4ThtKfHW0cZ84XW3FDx5BXj8UhCpFFx4ZiGX3Pipt1GppAAbRrrKMYqZUImIvvt6wu2oVaa+MgKy5YguHsip65vcGt0AzX/q2FhwcL8jJ0XlVmuwDlsnBsWb0mmHpqpgx5dVy8Ec/uSBz+9bJ0bkbvukPtNtsyQ98kGhVY2U4+KUe4LXPeTInh4bkXPC8zHvuyzCuX1RealOrUjqys4wscJBO2VqGlfNeU+mRnBZhSGpHS2aQc2J8pWyqSSG15mOU/ilUfaFiYf/lvtAQHlwfBewGlGqSYNXAWlS5QZH9JKMrix9jHiRFX1nYEB/pT5FiOBSXRA8PFk9q8brTd52gR7mwKzE4AdqIO6L/oFGM2x0ORjER1Xu18dWCiVR7TQgy14BheZTEA/q1t6yn4aDv/9uJhVVGES7qJrGluCgFrAE6KbCUkK4XZ6QkmVEUZkfvDt+e2AMxZhZZ9v3smqW9mDmtr2syQtWlYjEmyiaQwhe3tCqULqRFMdjN1WGAQeBc9slp4FXWknV2b3NMX0B6BCWwfOh6ZCUPg9rvrW2Zz+f9G5wifmeMWcYAvMltaHEPeTLg0b0Grc1yblgvIKBzEyzXHDOS0GQWM3Y2Ab5Uy3rgOqEqZWmf/Jsp6fMSLSn78d0ZiPA3rpCGU3REmbvpdIW5oRezKi/0M1kMkGYN7hmjKVOXk8wX4F7B+ToEmS0nZJtkzBimgEvizARmriV3F1guskogfUkOD3vk4qhHPhz3yIfDHjk87pGj4x45ft8i2aDNfjiu/qxHc1dmLNodsktDT3psNFKt+VREXQWUnCqaIwWGTgiV2j1jqJZhqks0EOSQFbzKjkHmoNvugf3t4XBYW7csOqJ8D754rMdpdQI7mVOjMDeVoT/yigtwZ6MCW9NpSSgbH/sSod618birCvBhmBeHQR0ZMAMl6OMxb8TR3385+fCvGo4CZ/xqGoMrpeikBdoldyoHNQa+SrkIArEBWiz3Qki8cclFSLFZKC4M1EROZhS6hihNno1ZJudkZxvS4CwEZLi9v9GLaF/q2hsVLw8WEpa8ZDqhhT1TVDMyHIAImcIcH4+PjzcqNfwVTa6IzqieOYvv91JCilEY2Q3VJxd0rHskoUpxOmXOdtCoo2Y8SoabMJbGIyRSXDPlQnUfTY98VPjWRwH0h77krKMu8y0yNmzzN49MPUWjHk00KhBFQP4qiSFMAiZe5VlwC6zKNLdItM0o3EAzMAmdFwyABkYYZupVqNHleNuuc9h3WAHS6NVwXkGIPMidSW+9VmOs9ZBEhCRGUZ5BBWemuOxWfLuR/hQLRPb3FAu8Vyywop+vYyA4O+l2peLw8LCuGXtb9fJLMnoOWy66LCOnZ1aHY3C/ahS7NkYNH4P/ceRdfY52+GTCkzIDD1KpWY+MWUJLHUIe11RxZhbeOIoJNadGW6PQDuXA6pMTbGRWwRfl+3tADbaYkQS8ohFyRpW6Cm11uAnuLKxHlbJP9u3cUkk8NKoE+BL8zqi2ar2RYcSqgDFqKla5ncj2XdVg3TRdJ/Xvhs0NBk34axgCfq7uxL93708+fHj/oQbdCs/Genw4goOfJLSAZls9h2irkwL91YUX1Imu7s5FAQIpsgU4XTVUiI5CC7WS0fBYophvywfwiapV0wRha8YIloWiAsA7/F04oAZEY35oFQNYKJhy638mC/S+Zgs7hJYyyBVnreHp2OiTQ5HCHfhEispwdVitn/2bAxXen2/tOMcTWrw0OH5Dl6GkFgLCvoq3hYDeMkM3Y2e1vyrpvNHL92u4q5VHRz/GL2t2FPWqBDkW8GsXo4mRfTJiie67h0YYb/dgVEwQFCNgPaU22CAIYq9Zq0Q7Ib/OmMA9gw3EzkhBX+Mi5QnTZHPTOUldAAN6yxlJdManM5N1XfSPVgPvu26eFrSMWRZt7TflSsHT9DcLqk8aTGYspw38k1rLug7SGfYH/UFMOUrJ2q3ck/DF7d3bqluxCbT68cEgGFAj+S7ArxHw+As2DchRf8DnXBioKBhcr8oYlpWwaPaMAELiCbVSKDQ4+yE+W9xolk0qQ5sKHP0eYboVpXoDMtHp0wgnIIC3+uAe8vZvR7JGBwRxV8ibwYhC3x2L9c6q2sDa0OTq0moXf4akJLAB7YoIrCjEfgCjlliLDGKE7FOjZuRXUnTD7vbitl6uNAHVulbbgX1KWFHl/Uas4jd6TfsZFdP+uzLLziSEI0784zEPuW50bTm5XrIDJJ7frlv9vgNF98X+THpzBQsAKJ7UeEFgOYfQVLTeFsayh6ZMjpouwk3VGZ5TWvVQ9Oh5UzU/BcHhG0IaH7WhJoTKwNIS02qMqo+knESLcOP5oajvS0ig9Z4vDOTK/VRNbJxPHQ2akGTuxvTxb7D94jTqHl627eiEM2ZmbtV8GlpeOH0majGJk7kmMthZMsmktms79DtxN7rxYoc/x9C6qsSrbxmMiC1G4GPcnhMA6kZ09JgbtmpwWcN6TC0VynOWS0hYYRpamLjh0gjxFcFdl5lgCivS8KqDqHtYJ1TYpUP/0PsUJ1ri2tpnq/k4etDtfdygfpHdOSjCxSws2BBnNET9sSG+yjXuXqU9zqggI3zAN4oZVV7nsBH2rI8AIZs0TUc9MnIkvwkkz+CrCc/YJmro6QjDPj74UWPkoJpH+SZYZ6LIgBq6ShqVmqnNgmptkbmJGUV1dcCBvprtwHaNcAYmZGItGKsGHjmid7eNMUcLjWNQMKnBHancWGBnOF+U2xo7kAeezDhTVCWzRbTDzb2pNDfc7rUxn5JxCRdX1ix80Yic6bo/LFKmM8OUY1SNKV66nR2RhePzQcPGUmvOQeUeC2Nakr3mZuHCXqgUc43sBlqqh2tAbka7KSPXCMk+CcKExvcLdTn2YDWpPozvLTA3L7i/aJbJuYXQmoVJfaOcyHBLirxoFPsn2a0JpkKEybZVV5qZ1dKiC6w3q6cP5wU4daphEkUoQyKca2Rf66IaYS4qE+GzrUod+ibJlOlaobPQLbsUUc2Inuu4lsW7D5wae3pbFaS0f0hF7PLABANTCIWCvGYKJII1wIO245UyHm8JI79ykcq5RhWFnB63t2F3f/egjnzkQHfwgrTyI9Tx604DDtKqzse2QJbNrYFpal33oR1/gF0xCrzNN3LFLnQLdIC0GvI3aTrlVvwn7hba/4FCHIbmRWjqFX1l4irxJnZwB8nL0FFoVTV/qy0k0jRFyqkgudQmajPWc9mCZi5JmNYdtDHrsJaR9fuPSZyIUuvZn9AsgVIr7kpbBhkxqNPEjiKXXOBSJZHEKyYRqxiwLfCq71WutPGciqWENxrqekhyKXjVYo9EQ6yvg0Xrd8x+9KXtjCRXjBWkLDACAC/Fh6uOVWjwCpDW8WhFK564hGa9eGeryGyU5B1R/vZguL852Nvc3iGDg5eDvZc7u/2DveeDQT2vJ6WGanbXVcQvvzqB0zRyykQNIxgVgRh2jjVhqMA8MWcKWe1fKi9u8KIsTWpyJpPTnjPdMjnd6MWTBylipNNxFlURmOi8JjKP7rE3+xTDpiuWyDwHng1NkoU0wSkFw1u9pzY3WGkhvy2XaRn1ZsbLMBNpBRNqPZSkEquBitYwHcKmoMmM9SNchO0t1TIVFDqumjbe5KIozaX/UVAhXRKb16RLEz9A9VueZbzzGYyNAY0MOwnn2E1dc38RCOKFaeuUhHwKsW7PPH5m1uJRzIUPTRWvq6UkdvEiz2hgdoGeRbenvHVNh4ll8q1uEikVqC1p0hQkSG9WcPrvvVoVALeyBsJ9cgyWXqM63Arvx/xM9Yw8K5ia0ULbw4et9idcTJmCTJkNiNvRuZNkRtoNoBhSitw2uRTQxpihtQ8+U6s5Nom+Kq/Z9dfhq6Pjr+aQOz22qwm1xyJjrAFzZ7d5iyH9BTrJRZAJQBeBq1Kl+LVPnmRQxUPRzOWCGqlaGgboFk5MozIwqgROrIs36NKrC9mCyCQplWJp33HKShJnWrZGr2lT8QQ5o9gyxtm4WHkE5HVU0o4EBYpoOu+0gU+FMyrt6cLMe2uGaV1CE3ohiV0bWDu9oCk42eujSjMlhczkFBWpSNTIKx/R5/plDVfk/99cXPWN3+7RMjJ7rz8cDL3MvsWp6WnpijeZ0SOzc33u1WcZunZ1IxcMtANt+lGabkW4WeLVhvhn0ypo57ku5s7Yl50LLoqh+WpPIZZZ+U06LWiX2uutFuR3qLZPS65nhGZMGa/IwFmoebIaKQMotOqjNXRUXCOZybnTxy2qAILaRa9IwJEZFWkGKYEztoAo19yaysJEx1Qxu2bwM1Zfoprh29ZXq+YGRoGTDsVVIXdKG0sM8xmDG2YhGR0rrEOMzkBEb1pmVIUs+cp0VFa56lB5MuYKaIR4R6xTrUyRxVmi6yGQsAxraWqKLqDtzAcwUJBXlUUhlXPRJFIkrIBsJRwaLYqsnIIm0PakVBF1CidBeO0Z9eFDUAVB/m70/LnBkUeNzLGaKVhFEcANaJ+/Sc+sYd3z/lXg/YNl6uyTCc4DS87CcBVO3y+O/G/RGm4woq3GDmksDLW7VCaXUUnnlGurmaTgGMV7tWDOMsuZWFoRvdX+XeoNJPAaxdm1t6VHl7g3Haz+nBVk+MKy+e39l8MBFmI+Onn9cvA//jLc3v1f5ywp7QLwEzEzK0eg1ipT+N2w7x4dDtwflRZoeYEu4ZxOSiuXtZFFwVL/Av6rVfLjcNC3/zckqTY/bveH/e3+ti7Mj8PtnXrBGlkaaxg9auFizafPlS1ufSOfR5cyATnUMedCiVG7JYtIhihMZTJSnpWK9ck7adwFAeHuM7rTC+4RuC9pNRitZeICMAjEDWLF1Ci41qm+0aO+HhepbGYwQCMH60srNzqo0y2rRgArrrm+fh4Sf7oUOXTxQcEoZJ4+R/F8oZ1foO0RfCOnkQcsR1FWY3tVtpFXm/2J76iHR7ScmDn1TfG7r7UgjSAzPl/o3MrOmTFFuoGdGibouXalXN3A7k6JVTvg+zDisyumBMt65C1PlLTzb7olbnoOsXlYWsVWTDfa+4hv17ZRcX11qaODe9NRnmSSdqYGfOD6isAIIKoUlxaMurGO69cORKJlVoLuHV1a+EUz58iDJYMrzbkdUeGZMdWsaB1gv7Ra/RKUeOMi1t+BWcD/YCkMe8eCeiEcCN7osIiBlT7DwaDDlMopF1izzBV3WMgSHOp155YjBKAovEWlI4B03Zdph5g700gzRqizbmAZiDWXz2SZDQ7dvDKs2e9l5Ox4uEJv525gX5/4hpMMCReNRyGrC+H3TkBwg+lWSKIHHll6Vb/5yT7RxNqhqYtbBbU3ik24yEQWFf2rvKnBJ9VC1jWLqmg+SKk2vHeEIfIwQf340CRxsREjb3Ud/xpueAb1PIwY3wSNsozxKe/h8pEeGiU5WiKFFK2+c3eWhbeCokhs2AiIsbtZOfMNlITm2sTZcY4wY6MHeKrlr523sR1nD+sZM4tmqA0+yuS0r+H3vv+9n8iUjfpevPmvq1Tm2K9QyXCslOCmqOG92o6ahu1LDVYn8/T4fKPv74DU3kglQ1XTUTU0epJzEWbE/FVrNlWJqWHcRBYY/755uVHANCy4LQae12na0KXKPN7usUR36J0+S5cBEHstI4pA72UVIbvBbWnP6Qp7Eq1HpkFUECNoVPUl2QNRMQ67w2FBaFS4FCIHc907kSlG04WjJOfN8YReuZ4iKYkH0BMHNnqacx2flcPEWpDoSPWT+lsBcLuY2uMvBWTgnB67yddOSiULtnWYa8NUSvO16I4iHY8Vu0ad1D9+frG2gfnj5OefX+Z5xUw4zfxTm4O9l4PB2kaDjbZz5R6Z5WBmXH1m9gUkKsSZF7SZVLCmy/EmpmGsgaDvIUlhSkMkO0gVIWqldiB5Ik/vESbsfusoV8Px1RRCHTKyRnBRcGOoUHZLwUJw5X38ZYxmzd6vmEWBfMJiETUVTzMT7rw5Lg/xtf98SxriIbzVzFmDy9UtRyCkA2oytlKwnhXg0ursr5Ak4ZPB7NiuQ4PHlAUq1GpxQjay52A7wbRHVPRCpp7/TEW6JVW1WFILb/bcbeFCybRMUCeCKU+9g4O8rdxL/3l9+va/7lkw+9yIruGe3ujjyy5F0xl0Ha1SKFwHs7akfbyxHn9qI/e/szfv170Pgu5fIIbW31AXDnDRgYyBIPFD16sJNezwais1xumNoskVWGdo0HfE+agxio/LVi+IFRSSQLyH+WJmH77EGup4GK+pWljaCPX5yM9MYT4C3FRnn2a01HDBDy4ZyonjJPWzaTU35utT+JobLtZguR+/Zj2SyBwyK1naqyoiWo6UqEVhYt8Y+8SS0rAemfE0ZaIHeS/4v1Jki54zUHpkrrjpcDeu/2fNP7vWI2v49Np/1wPu7giGdOb63I/G4LzAOMA0LFEsS1ZVY5v6+3WiSpZs0XSfU1ARjjubFF3ukBrZfS7wt1CMCoZxEQ+ksLIA7W6U26lGThBYa8Bq/CNYxSiSYpj9g4ldlgubSte3j/as/EnCcF7GeLi9MWTBaOArhergKzqAWHr8hoZyAaCWs6zRuSIcilVBGUqHhhs0Qey51kJxvaQ4pz1V/Dpyl0KxGqeMRApCa4VbM5mzLZp5zIeV2uEucZgvXWwncR8rYFlYVOeW1dbVFbiMqFjGrmlkf0rhvYOd4bUon6oomLL2LyqMNaUeIjZZVxOKo2W5EqCmfcvuwcgDWFaYpLWXhdM2QzuKlVULOlM8t3IJC8law+On0+ONW4/S+nAwGDZarAQ9YtUQxp7eTujaB2BG9ayfp3srgu/t8R5O0Z5Uz+hwRbOe/3w4vGXa7b391U28vbd/y9R7ronCSqbeG253TM3F6rK1T+3YleXobxMidxPhb29yNM/K9t7+zsFOo1/K6qB9a4GNjocFUSaGZtUKaOfVs/XB/u6gAeYXaj0dSk/QVijEr/mEN71IX6k2tcONFRjhfqjnxlWSiYnribdQ5ovBNJm1nIuVBeDQlLUTrEOerOrsH9TmgQU1D5hT+M3ugb4uswzWEuvAvcZGwt5iKZmWghWZUk7R+iwFa+umvdf8j3vGbDpMGTuIPbjQmzDSg97HKhPCCze2nHeLa7JmP3aUghnu7zQaEhqqpsxc/kno4gJWg5QBjrNFnnFxpb/aZWDYN8hle4YkmXIF/ikHyUaLmoIzKVRXX2lFSCh0b9W7X0C9U1XYN7qo/uy8ofshq7lZA4zapcEzzgv4k/t4ixPwJybjagYJVWqBuVro4aJVbp/vKRffP6NeMa8HLsHEiNrQ1byJoQAUZtxicIslM0gPrnIVLGSnZ9HlU8zgU5u6LKwlnd6nyMHj6bz56LtuPsKOm4+s2+aj77S5yjqgT102P7/L5mPssPkIumu2vRdefoUvbpZgF6H7TlRMoyN1AZ7Rleu+4fKKUxiWLwH1522n9Kh7KH0l4zQ0TmrdCHP0+bP/fEexlxle7gLyrCiyyi+C32k2lYqbWR6KfXDlAk9RBJVlqYtlYa2YPJdQQ3XG/CXPt8d7PXBLbQCdF4o5bt0nh2nqwZiEgCdkSfghxgvIC1YJ1d6MqwOHzNgCWMITeG0B0gE1K6iiRoaeL1TXIunPtKBXmCzVI5jyOKM7l3vD7fu0lfnaDsSv7zv8Nm7Dr+kxDOdJ6lr1pJ/951uzFiBFoJm14BK8IeBaGrwtow0VUaLcydE5lqb5qz8EnflL3Mw6ovwwqRRV3Z3Y7glljsDUBIOmsz5PXJnHrhUTORo+kRlV6Zwq1iPXXJmSZiSnyYwLpnvkWCZXTIVeD8ql6fytHEMDZMifS0OFjaVyC1Qy44Ylprwzx/mz2pw1crVr87U0gk8H+5f7u99KwqIslJNo7zypeTF7k4ytwmWoeyax+moHWV/XN0nfMKJU5B0zr07fn7frML/hovzUMXYFdDRTGBHkvr+K0BGFe//u4v35+4CZO2JxUyb7j8iQBnAeuzGNQD46gzoG65EY1RakR29YWyCfjOvHaVzbvXmMBnYE17c0suta14ogWf/ZjR1LpFpBmKpsXciGn/trGSMP2QgMG3t+XcsVbxWCPHbq0B0G68Osx1mrqAfE2WCHOuDR35Cl2ZwutOvk2oOLIe5WSXA6uJ55cMfJlVdi4porKfLGDT6/f9AdqFRgJpb+Xu9ozKjBdm1NLBR3YKG7TD8oo7zobq2d02QFqP3ZbWX3nKuiz3e30mbUEwCpMqLIiBJ/EfyTvy/mmCTcG/69pBmE0sOYkR7ni4/CDR7XASvUbIR2t+6yF/RQSVnCU7hQa1VRIKOKsUPPg8bGS92f0Jxnq8qje39OcHzyzAdoFEshPT9lY05Fj0wUY2Od9sgcVeF2rA2fbMFdZg/YNf6bxT5bpg7uej0m7uu3+9rY3eouTSy+38rf6DVrYiu6pbqCXW6uAWcLYIOprejcXdhrQb7b3+0PNofD7U2wx3nShP5hlafHttdxvopD2U2b+88mZryn82vtrJ/PnWer80ndI+W4FKa87QxTNeetM9zZC2F1wC9Lj8NBf7jbr3c9Wdn1KldBpyFWrPV+lMkyDYa49xFU1+adRoOJC1AlaWS2+zlLeZmP4LLkdd6obFDzAgR/UK3sOV6hB+9urcd00EHCiF26SKMRfrFkEtpNGTXnoYur06bCdSJ0sde3bWd7rz69lY/fKtgCKRurjLXA6lhO+arYujUrCUzQrW0BAFYMd1go3yV/tgte19g434nhSdWSvN36KhszZcgJF9qwBnMD3GAk6M8b7YsW+agDfxGcXzsG2ABihcUhvdEJfAeib0Zi52+o8Bvz8gnYFMigBKFCikXO/4h7/QAKw8dfQn2NEayCpyNLKfjBW95o/yRSTHCvaKNonEhdkacwbL2ubg1PKzHL30MThepWbNkkrVC0AmBoQ/Vw5uU3Y3HnM6lcpVys31uFAapF13KRx1gELriBjKklW/x8cXEGn28Ovr32IeyQ/2dfiurVuz5HZFSqzN/C1gwrsJgIwxZIFbqHKgYNEZdPu/AvjGW66EN27v00E192JH61jtw487cBJoFZm+g9OHh+M4gu3f5PIFgvnLMDN/5WjPzMskySuVSukmILMyvYtwtpaFbP227u3jMLLDAx7DnfYeIMd3e6NzNnZiZXJR/XayjFqRqX76KyBtiCZ8zimkZGhuQNrFvg+7b1yTnz8cKkzP3lkzC2dm1w1k59xRpra50cnXf1IWamRwrox1OUphNNik2YUiu7e/HBDV/1aogx19pNy+f0y62tcSancePgrQbsriv81+Ypri3mkkwlBvLPy1Vuw8nNbMXj5mvzFQft5zEWB7Q21JR62Uas96qgVccpTtQdu9od1HMvVuvUAbhu8pINwWlTJVxPY03ljft4S5bQcSuBJ5QjyuR0atlbzpIZFVznTn+CL0PNxOgqA1RJrZKGoKRhCF3emTjUms6NG1p3QN0FX9okzH9T2WSCla3CRFjny48JsYO4ANZfR7WF+Lfies2timmNFQppYBEsjcf/68g7pMalIYo6N5MvxfPXketeif6nk6Nzh757pCYBwa3Aelh/70snWkSGGLrbrHZV9ElHbQPXKhc9ehqC32EoBZyxtAwjFC6zYiqM6KolYCMNashUsqpQGwyCTr+4c0sqmRbr6yY045AiKnbq66IVpYn3M1CTpftQtw0qA4Sam3HVuI1Wg6Na17I5VWLUIyOmlP2Hw/9UliHNOqqpVV1Wo8M8beoGD7KvF40CpDgR4ULzFGvHFkXmmj31Q+XJUpdA5nGBq3gU7Bvpiu1D8z+nbIUZeti4D8sZkaTURubdgR2ppn2WUW14gsWR+2MpjTaKFv1X/q8asrDKZx9uF2Z8qaJuUM45ILiFITtKo+hkuBLsehRG5A5BKtf3BU9Ns4RrdGSa4mT7xqWs0HnTpIIHWlxU/sU11wLG2Cx6a1/oLIcQtrf/G72mnYgpRUcjxNXhxU3nqt7MZNpCxR37a09Dx0JWU97cH1cTd9yysPly57TZFAYUyuiJsLFjNsHOjRk3mClsSFnUyqwVVNUaC5xiXoCiVRPqkRvWuzkQeXEGARVRuzA7YlwL16PWjdKrtSuIl+EX22styBdfDmNijWxXNRFqyuHd/sR30cZ7kxhhYiKREJaWigg2B76giWK5vI4PgSRJxqiAqqZ1kL+0WjzR0hWDt2JtzFyr/GrusY+kgr37xUXjIT0NQk9vF0GjDNnvIAiXOHpYvs59hR8uu8i6dfacqA0FpuoFk3msVkCWuBXdOTcxR7rm1A3TJ2cZs1a+Zox8eH2kyd7u9q7dyp3h/m6/Y2n9CU2g2Vp/FTbGerRCX6zXT9jSrZrBmLC+w7igbLUqS0N2Wb3urlRUeJEX6vQOwpD23e2djuYxO7fiaMXyydcwZZ/M5phC4+dlkdVYBxD18661+MrcD77VjW2+oQL4528xq4bkmhyQv1bI+Z9BU+3XeU9VGduaG8jfQ20+iJ44luyoJxAKzDx8Mewo1bCz14XWWkXh++H2zhPTLG9994npKqPsqidbHFcMIzZVqntnzYkrTgNYapRwhtLNvdgqsWZFC3h3Mqeys9zyraCHCtDeyKFV/856EWgrDW4rAt0sh71U5edOnhA2fJV534+BGOql0MOoSxEBNJ65gQIio/Ybbn4ERWvfT5yNGpJPsexs7HJ6F311x2VPX7S2fkMN03TyvBS+3TAUSYEOvqg60uo6HHZyiovfuhtmuubNcU981n02P3qjKWKzHG9o9HGPG2WVlb2q43KIlgx2dIIqJPGszg9TKGlkIrN6n1qqxtwoqnhEONhJwnWDMfawaNSRc+gj4goC90AhhYZddrIFGgLVw/pqUUQuGZ783rOSi42lvOoRM7e6nPJFoeN2tNbyqHoER5Ubr5lIo1a6UCwGYKlKqFgplIaSKVWfADhSWynThpyeYfUY3SPQDKZHojHnXPn6548w1kR5XiOtDtf+Mt0lbnTrr6NfH/35oHFDZAl2ZCztuYHcGbstdT47cj0Y4M0RKBEji2xrN3Mpwve+n2qPjPxhdT+hqsKrndBl3iGR9hsNuZGDmMXlytJ01g8x5wTKkqM7WMBdJL84cnqGN9QdNVFN5izLHJML6/HHr7rcU+d/lQeOEiNltkmnQmpjJZ+hIqUqjRuoh2EnWb0m6RtGlcAuMdSEWN+Um1k5hiifJRDoq70VkLfJ000rZDqUvpez9/9Tv9v9+X++/Wnv7b+2Dman6p9nvye7//77H4Mfa1sRSGMF3o61Yz+4l/6eXRtFJxOe9D+KD1FX5cq6fvlRkI8BOR/JXwkXY1mK9KMg5K9Elib6BP0DBc3wk6Wg6lMpgHA/io/i1xkT8Zg5LYqoiD4wHRRezpiJmvhBjPITRIwL36Dc+wriMQPngiusmsD1Pqi8zdm8jzDcMLFHjVSkYIrnzDCFgNSAXg6mCpAaBPZfUHncZPHIYdL+WttDBtiu0c1EqjlVKUsvv+SuzumZz+SsGm644xr95PxlhZKfOloCv9juD/vDft1Ly6mgl2hOrYjBnB6+OyRnnju8Q8vtmT+58/m8b2HoSzXdQsFsZYTe8vxkE4Frf9H/NDN5FnUDOXd8BOSVr+Tu39KO/9AMmkgBBwON5x0zrzM5xy7W8JdLdwrjZnLqAwKly3fqWlML4fs1RK86fxGVo/HCtUuTSmMfLBRn1Y1PL5ea0P4EaSi/8gmvgV3Q5IqZewjhLoHrBvkskeve7RC61S8dYtf/WOlnTgB3C97teiTcU80KeP36m+feuqhkJl78Z5/6INF6JAOK+o0mVpMMIeKg4T4+zS0kF4b8EQ/1KlB4DjVpdKDliImh1g6J3dTXrLFL/BvOEx9DEjqdBQxndGGZU5kWPWKSokd4cb2/yZO86BFmkv7G48O8SRqIX9F1l1MUOu/PT6HYcYZCdB5fS/Fk/cZisW9xt4sYjKykQrOkRwqeA0IfHzot0JFrwLXcUrFv4H383W2Va0R4vd10p2AJp5mn4F4oC4rXRlsmNXZ2CEkkKTMsMT0/PkakMbHkzhE36/LNKVeWu2KjGl2v6hkuHoVQty9Yg4NSkTC86uqW2mgeJMWET0tViTlJVCmWR0DoK9r3l6SbBXS8r0r3yJyNQfvh1nznwqgSro0hurgUW4WC9cK4/kKvVygrlfEHTzdCS+WGjUGKZoTYTia1Jl1DW6wenr11qNH9yJnjSSP25lDsDHKDM8f3WXV9YfiEULHwRwuwjuvUgS60TzNC2tCV9nwLvmEVlVvKdS8ib13c9feSlTgwObl4A/WXpMB2ks7wc025I809DBMqhSkGrj/ohJgyqw94fEBmzMnR+T08UE+Fap4K1dwfpKdCNcvj7KlQzVOhmu+6UE2zTk2QvnVnyOd5aCIPzK3Dr6awytvDo5um/1oOiPWjKgmyjYJIx/cOYHgQe6thZCMO7YQ3a4GcGcuKSZnFF94rq2JSpXIF3SzoSxQTo1gGakc40oJINaWi3d7zdEKEjPM6IcmJsZSljvNg1hbClbGJISwvzKLDvXwJrrjzn2ob8VS6xf3w2Mp5PJVueSrd8lS65YGB/5LSLa5b74pAvZj53sHmBsnVAFFvDwY1+DRTnGarDZ94b5ObzCm8dzXYeagkbFejpoEZ9LVZjRwcRLnd7omSed0xrVylvKgkeQjLVCNBa+uu2yc+cKZGlftw5KU7XEVJNfxTwD8gaeEPmWUMLqyg/8b+VflgOtKB/Jg1lNZyMR4Sqf+AgZcjuPNFToVpaMmd5/dhyiz4TYkYYpXrX+lK8K53hja/vyNbKh7HO76YUDyZIUGBx6tWfiKkMCUyL6jwWpNVA8GQqxFjI58pTp/Sobe3VSUhsYwqRcUU3JfYKx7HgdIFXkmEzHaIq9WLUAQwqvXc57LbNyi7Uld3ycpMg28n6mPa8upaJflqZBvE1DmIqTtI9wIiH6Fxlssu7iZT2ZCAy5e5+C6tgieToIGjm02C79ge+LNwiAc2Br5jS+DRmwFxBoq/zue491n01a1Mu5L5N/NskPHa0AzvqGGw0c/q4Ts11S0933qkYyj/Wi+k6CKBRYxD8z/iUSG/OAztAMExXdyvGgt6+kLxgiQS4l/W9ePh2oXjyu/d8GNc8iy9XC01rh+mKcf7AzcIbYCi2ibUywNZBD4TqCJ8E9VqCNlhicxzbsj5z4cYHhEYdGeQLOmH6Mj9nexOnrODF2m6PxwPXhwcjIfbjA0Gg/GLgxf7+wf7z58PB0l14fCO9h3JjCVXulwVbzpyw7eQ5VcIeuc1U+FCajtB7mC8s/0ipS8OXuywnd3BixfJ8/SApnvJ+EXyYrdua0eTr2hFx/WwFmRS1rlAgPx9wUS4cqPkVNEcjOCMimlp126kIynN7RtbimWcjjO2xSYTnvAqwk6q/Ia6fYDovNSJXFnz3FORwtaIKZnJebxguJIadtR174JmrBBL65FpJsc0a+EFv+5aCFvG3rmpo/mFZXyQ99oJXx1zGU+Y0CsLdbzB4V1tlKp1UAyZP+z1SoyEEh2K+DmcQrDUjRibbErm5Pzs+J/ET/eGa4NXRSpmJLXm44xVybS6SD9BIq0bUm9ttPnMYUGTGQsDb/cHK9T0OkVENEVFObKuWD1of+wGFGYWXbrx+8ZbBBW3IC+12gLS3zpiWUbV1lRuDfvD7f6LZlkxuF2XrAqFP8vcgow+izAZ+eXDmxDu8hoMFxgRDyoJr6oR3HzBONyokJaXWWJaVt7cvwX73ZePPcU0OrM3YN7f3t65q+b3A97ddA7Rti4A4Up3J8/rmzGJTXyz8p4voGRmtP5ITgWtirkQlxjsE99eElXkPZIWV9MeGSs27xFhv5iyvEdECV//Rjs6f6kiX3YbV6uJ+Q2tzxKXAdvuv/ihFgFImK65bs6ir253Ni6l/fspul2FCRWVu7Cqyeuy2Wrj4f1JPxzh6VbE59zdlVo1D/Aqjfz0BdTmnRirWBi60MQRD05FuNEsmxAqAr7tqgqO+aBQuRhkr7/WAi4KBLdKVVnOVJguU03v89RwpejC3coAJFE1hXxda+QYqkAVATzaBdGxlllpGN6cNbLyCswYYZ9YUprGjei3dEHGzPlyETOFktYYgVxODvWxoz1rHZTgiwCGP+ZiS4eyz5tkMwt/Wl0ofBgO+vb/hvstRF5CLtv9uGJD3WBiamZBH3XEYscG7/WiuyqLy00osfxznCvtrk1ZFNhP4zK5YtYGptlCc+h2M5PzMGROxaLaJDJn0GAWLpOnWOSXqvgMkbdwMS+8kOOGRDVruNM5UcfWpS54wmWpq6LCLea1u7TFg02kLpcsnPVtnFX17X1dZllofgWluiArBvDqCjI53DZ9kf50RLYpnJLG6cAcZJpl1a40i761tuvzz0/t3JDNDEuV18/HEhtZgf9ot3F5n+Nhg43Fm1pjY7egsoEdbj6jcmg7FmcHQkd2nb1U2ZR4W5dZXhElh3feP4oK9Iyh3TWWOApB4GoyH4/CQgdYbyKW8/Y/cAA6jJehK6i6BBFB8+Gv3T0avvn6LaT9tN+gj7Sf+qs1k/7TBSXWnUbrwkk15mx4zqwWio419DS53AFFNM951qXuNzlGQZU9tt9GtVuJfnZ/tWwJjhGh6Ulx+5qKm0P8k/72J9Hf3H5+B2rcajS1+6DoSZdbHluPWuB/JZm+PLaK6VJJZvdyyJ5WMYq4YVYk+JmuHRusV6+Jkf37gn9nK6n7uZKDX66jcPXu9n2Ba0H3EM5u5YrMW0DXSdEN6vCeoMLxWwLWG4NvM4aZB/G2OgHXvr24PRjubw72Nrd3LgYHLwd7L3d2+wd7O/9evyfUZqYYTZfrTncvLF/AwOT0+CHIwEG5wpiZA7cz0wxn3xzcF2huvheJHNgowNyQVZYW4fseFr9GvhqufFEdqBWjKEdUYLrNmFVlMF+GIaOLZYSSsZJzDVn3vma4A8LrBVBqgE5Dt/YMKu+I0BVv+f140F6rfslLtVtdHsa5VFdcTC9Do8rvg34smTjQox6bDZuspc7NZM62aMYTtjSWHqOoDcB9fUEapv7WYjIEpx+REAzE/Q1FXAOGxyDAAkiPWjx9hlvv+5NdHj/fTjJ5CL4fubM8YTyAUKrSjaZcG4cVlx/xIf7uPr1df8Xs8TCAv8kCpfnIkukDKTV06ZZ8X9bNC8v4zhU3hrn0izHVbH839Dpp5On6Bar2Aqsk63Nm/kGzkp18As/bBzb9e8nUwn3X6OwFKRa6QBqX1U00KALDUjJekFFWXNrvRlUBXF/LHErV+drsYcwxM4Ypolgir5miY2yFAOUpO8p925P/4eSny1en7w4//AtXHirEtr0I//77q/LwaHD4j7+/ujg8PDyEz/ifH5dVdmCLUfrcVRfy84pJYJ9LTPi02wvXCGA+d1202tazgAiqoSw4hCG63oR9cXvkCQBb7WkuplExCfd8IBKYkjyzSD7/dw+QffLPs8N3x5fn/95wPUpq3UkcDDxkMBK4O+guPOCU7PeSiQS7SroJgYDt6G9/eXNxCnPB2H44qA0WRrymChKKSQZxBhzW9xKwa60o2o55/Ov7D8dI0Cc/Xf7dfqqBHlFfs/wYEDVLeE4zolihmPYF9sDfR0Zrw7VRh3tv/T9rRy8/KkM/KpZeGlN8HHPxMV/QouizT2ztv0vbSUBwK7rj7IvG1vcbBarvmOQar+rmCpEkll3FjF+vYgGH47Fi13jlFZyI3iVr52t3U/3bm7fLAnzFFiuA92d+zbAEIb92nnY5sSO1Zd75+9cXvx5+OPn4Furyy4n56Fn4u4uPR6i7/AMzCT+e5lahec0zRk7AVW8J9D1Mqj/OubCAWrpb3vBtZiA/yPIhYGTHjuNBdqt6djg4oXE/jtrGffxihIRj3oGYj8dsXE7jToJ3ZYpGcK6qtB0WA3UyvkUgy0FcKUtV3cugK1Vf3ZpLGgK0mhkrwnNGBbSGc72KqGGk4NcSJA5VshQpoaTgDFqIevgsH/OyC0J38AAIgTiT1AWBtVWSucBYbpHRBLuGUiiP6NsUXsQguKGx1yQUZUBekPfwTnslneQEYoowhasmj7KRq0ipqexL1+xNkJHDYr9qNHtoGWSimAkVHCyGqqJYTPeibnljf3ViBj3Ffe2DnrtO06sowhd67pEk49AIxz9qT4mv/RvXV/ddVAk0T8Gw6emZ59tGVtDzYlT1ljFWXUCkAcaoK0d1ekaM4tecZtmiR4QkOQXVLL6GwQ1MRhVLe1bdC+H6aKqXtD/uJ/10dJ/6AMUS+nN3ObLDLPS3PT3TuMdSRH1i6+6hKGfioXV1C4kFA6LIdrabobn79JZZ7Q7oB//5lnNrn4nbOIcezLQwpbv/4Vsjwym0Jy2UJgnlP+jUqqMWAO0a+MINUMMIzZjC+qbY91hIiBC7uqfhhITCtXLiKkwArbvRsIZy1JyAwVwecFfstt6miBCa5lzDbUXoVCmzcDk4Kmkr8ZiR0+PzrdOz8+qHes1cP2R3idtSZS6lQPcIEyl2Sgg1deE0Vl3RT44/bIQCuJ5hm+QepJ9Qw6YPaurXidJP4CtFoIxxQyGNjLGqiCswUlURD0RInNOlwoJ0Yfbu3qmHxrC8sDraacTo3zB6tbQSvPL7j9gwvHUHEmjRUbzHQ/ciX2UyuSLK2jbagECBdmQJOX53jp2vfr64ODsnW+TizXnVmWFZDKysZMohrvH0GM8j16TEIirW/nHXMOAeJrII5AeR6KrMPM8HOgnnXgQzHCwd512p87beRBiWASbzVFBgocsRxpv3R3+7PH53fmmp4PLizfmya1v1fbr1D7U7dEZapeX2q+KAAydJws4HiRBvafjVotEOb5UN5J7OEYFVptbXdb1yfWO2PvbPo2Z9vXITCWmqa3w911k3+Igpybi4gvVgsyRftADcvq5ILm5a5M7ytb5ArHU3edAvt7aY6M/5FS9YyrFvi/209Vnba2UqW1WBt3cNytUMmgBlPFn0UAZB8XMMcQaxY7VcUFcrtDR2vWu3Mb0qZ52dYLyT4dK3jLl8jfJ0WTyV5SNhfmD/SBVCkQFHwBOryvMK2s7F3JAzvRQ/DCPewBeHgwH+/9Jm6kovNF5EZYG2iGLXXDdl55jZVQPtgHXhUnbbS+vfsaao7GCjJcX5cg0p3HMdrSqdwWd/E1GPrUQK4bZnEtRhV9RfsSnF1r6agSKqe9HzuP9jHtr70Ax6uYFfW6WVbvxaKnJxdOZGxQK7VdMMhC1h/LoKg3PBDacZOf/XO9dZ6JnecD+6Qe2AFSzoHEVaDFpHcybHILNFCx8/VFwgassmNHWDgyXvNF5CE1P60uHYXIapnKyF8dagAYYVOtGwHgrRAByaVoWfnT3gK5y3m3x68x8r7ljwxNRvcDVFvA7nRDivTYCWUhn1Wq08whzMjd9KkVR3XtE6d293DVahVkjTGnICLNhu4yaWjW8YT0c4/JZfQt0HjVd0aZoSzXIqDE98vzdXTZp9SmZUTFmvxtS5DgWljSTX3C6X/8GiWoKCJEzBpeGqV6f3L6gwx8SaSH5M4UtaoyBBB4MLDWjDs4wwodHupOambosWYRMeFcygRaFkoTg1LFvc5yIvel9WpThhxU5s6IsbE9w92PbfM5h8zKelLHW2QGqO+4sQjGvokBUL9UGpIKdnPUJJKnO7AeCSKQX/RLS0dNIn5F8VZmk2pwuNDq66yKbzqjMe0v2o774YIcrqOpqwWlQVyklLNIdR5o/6vBhZUEZ9BGvUIykrGHjJiHQ6A5GiAoJbcdoIqVPdX7pc7E1RdVfi0TVBpxnUg6ougtPSSCFzWWpfgRDwXn0dAPRF0FxPvsPzdxtO+meLqhyJJowms8qngKg8hWaSrENC7w33XzTXXKs9+ajTuL+w3GQNFT9JOc0YefOm3njhodvavoJAOCTqVx2BXXldJAlk0e2tOqjX4kLCvgOyz4qyITQ4ft39+NS856l5z/1B6tzQp+Y9T817yFPznm/TvOcze+est5vntPrGHGHYsFGAm5yeXe/aL07Prvcr5bOhb321njtdDX8ENf0vCOStX1gz0xlekPgdGwrYe/vd4UWwv939O+40s+rMSlIofk0NI8dv/x33MK2fFbDmMklTMqYZFQmc1igQJBVRsrSHuIFku852r9cvT2SOEQD9WR8vCr6sT/KZa5D8OTpcI+P+7pa798u2d2i/icQxbYopll52aY8PWHYNUpqmM6ZNNKnHEc7dg4UUBUsDyOXYK51hy6OSrb0oHRCGcxbnRCqyNpGyPwUNvp/IfI1wTdaiz80L/BhGdCkOKcObtnDDkyVcW4vKVQgDGzfjV+4yAYbIdDmZ8E9hRHgG6jq+3NrCR/AJa0lt9MkFJhkYie6BTzwP7ujxAouOLoihV9Wuok2cUW2ImUuS0THLNJrfQhpISMau6HbtF2+OdcgfXEtkv7zq6JVbIaNGEkYWl7D9X4Ei2GTCEsgkM7Jwmovbw2fs4s3xRg9DItAe3PvCamARh/qedzcCigpakb0bDxPxW8TTnDcMa/FYYQio5/smGyCZmyim2ojlaAe+r5FNqZnqr5ZiYruryrwPGSpRCIfIyU0cgwry5vjwzIqCQ1zxcRgqJpX19upYTvmq6v9bJZ/ABF4zaaf5QP+2Dn3xu3S/2AWva+g/4Srq8skthU0PszFThpxAa/hGLXzADXhTvxkBYkBt5RSIi/wGzWdcwNDFE8HvuOUTljoIFeFcoVEc7wRO1gZiRvWqihCvO0wB37HzQFpaqC8aZx5gRiIyKEGokGKR8z+iovSIwvDxF6wdxCdkBKuAuqLKfbCrG4VyqNCcHfaqme0goBRRFa4hripR64YYzrACE+t9w9orm6QVLC+AoQ3Vw5nF34zFnYdy4dj2YcpFe9ERj6PA4xqRYn+NOQoV+6/u6NXl3m4FHk38m1TQPsvaLFUx9JQa6oCbU00SmWUsMVFB9O5+XBMuUqS9cBIyOdXuCPhMzTA3JMu7di3Lx8VYMWM5UzS7XBkbXD/xc8Ss0Cd8efCf8Qn4NNgnro3eaDXKTYF4wDbFEKYmNFFSa6IYXD3WPbhBNnIDwklPJdNWPWtrXAd0d7I3GExqyFjJ0V1vi4GQDyEEZgwgxJjYVFETthMsFNcRf5MTTIEXMmXOfVhbchWxC/dngWBAT01rDkKPWPdKM9a1iIFx9/VyesU04aYqtx9z6krztnRqCdKXhoaDIViLauuJ5PbAWFuDJ2VGFcAbhmQ5N76IWDOj7J00LozMMeNdMFfYjbHqBY3nsgYG5APLGtqrBMYoYO0a4kkX1B7Z95z4sNIEPlrsgz5F0za9pTvP2R4bT9iAsv1k98Xz7XTMXkwGw+e7dLi/83w8PtjefT7Zb3iSVuLLrClentiqBpaOO3X0sKxlP0ZUGk4myGW4LuDohWaZnOP2p1wbxceliYjZjeFSv1UJyfBByFms6roqgA4Kn32hDYVrg+D5qk6ICE73uI81fptQDSs4sUYcT9w9h9op8lpBs3B9kpXatKrRW130FaNGdw2ClqQTcISSRBbhbnN41G7kqNJf8G4JdN0Wrt22I1fWQVcsXsemO251IpIpW2lAxVMTDSQBUzb4TEQJZi6RF9WakvuXPVf02rH9DY5plGAa3/uHy359bLE6kYr1ok3wSw9ssYqHjL0SFQZ14iRA5i+++NGWo6UGS45AaFNUAwDhu+jF2YZ1QnU02Lcg2Ol11LsjnGTJtFhfr7SuGb32rZhEwgrj+zC52RBiQLFXrhyQ7p5KVIezOmVGwonmYlpyPQu7Vh1KONJWXpCyqIl6J+ektqCSWKt2t78dXgTT3oMdWEI1fIML1ammYjCeejbIJnKFgGO3qJwKTFHTrENN8PNtDtx/GmXtdXTR7EEju3h7EcdvrPXbdDu+l5yAFyOqgTRhsHk79NmanhAkdKSY+5VEk5z4DTqd4CDWOHJjUMUa0DVP6A2sd+41p1GNq3Y0Sa79XtuO1fUjXv9HvR+b35CQpFezLdq7UvFgI0km5RWhViThDSxmiBTZomlbRC3gAnfv6NXW3+7vxnYW5PLVzKzqm1usLHzq7sxOnywIUGGoaauuEtZHilI470jejMNpLoPzUaYYumTJpxTDpxTDpxTDR5JiiGfS172pGMk3zDNEkJ7yDJ/yDB8GpKc8w+Vx9pRn+JRn+F3lGYKw+O7yDB3UZJV5hk6035FfRzOXlFadWhlS7zpz7KKrbcQoCsaWmD76nMMb0dH/Qnw8wpzD5ZW6r5h42EHz3zzxMFY1nxIPnxIPnxIPnxIPnxIPnxIPmwT3lHj4lHj4lHj4lHj4PbG4L048hM4OCIwLiF1U39wSEHNV6S1NZlRrPln4TCZsgwjlFmmSSKw8A/WtcC5i6CcpZO5dSF4RsDC/5UYxcnhx8T+O/kYmiuYMSod2JiNC/Q2pYJ11QNzs2Mo/1NjkKlRzBFvQjXl6fN4j7356/WsPqh9u+AQHCt0iLTty4GLkBNfQNzQxPOn/FaDwNWbdiHHRSmuPOOUvlK1y++OwgXbpGs8Lmpi1jfosLJkBUff/6s2xau2hsq2fD4NOV1yAbQPqG01mUCgqlEoEn5qBMKync5iqBzuUJDIvMq4x62gqaebBi6pJCssKrK2NMde1jXvEIcOWfgWe7fAbpgzR/kmpoMJQqC6JPlxPPjW1FvcZfg+bEXIkmTWlIe8Pdou8DlO5sXjNz0y8Dh/6u0ICFpTVEtNQipMwq/BjqXxDuJhae9Zwq75IRRQzSuoCNeksApZOp7g8X5WncfLfnl58OHFHq26MISmvTOJbeuZobiMya9TocfcvV+LXV2OKOUFY5FtqFP9ELnCcenXQXtxbpU+esU/9UAePGkOTq35ux4Q6eAiJ3ro4HAx2B1thgo0m1vCBLnx9Jc0j5Lksj7sKXTE3/fq4Q5bWhbtVF4u8gNPp60WWKvtOMXivESp9wwuNr3GkA1Os4xX3uftUh/U+OF49MHrrYrj74sVt59r+fgPa/iTWby0p+jvdppvVjhv27ttwlqWxW9MtVsRclsfuvcYIuHZl9Ly14GrI3qd/FYWy0nHZx5piP5FJqb0joKpR6wtCEm40yyagk3Ho9wJFK7MFodeSQx32zZQVZhb13J/UsvM/9fcGL7yyzpRBRQ2q+bF7dNBKeDFbWUX+c+w15Jv5u2qsOCWSWVqq8LVLyY1Q2mJ4b84vT46Ofz65/HB+ePnr6cXPl4cn55fD7YPLo1dHl+c/H27vLd023lW4iHC3Iiycnbzd9J2ytKEi3aSZFKy2axKS7UMpeAcbuM4D6YMNhFmWeYl1PzfZpyQrNb8GBjlqL+kymVEuRkRzkTgPeNxIhWDYAO+EhZKSGdftvJ23p6f9/tJdtW+CZEUoPvRtRmJcR5O3suVr2K9MmxlkZ968F5+1B1UCtN8Falw8pH6ZbMKVNjWy8DdjZiHBrNqRIIZrO7P5eRs1o3rWz9O9Fe3PUY1BiSlThbISsSrR/PZ4j6QczEQ5IccnH8I21jO+4YLeEifnNd6y0FwbJhIXXcKivOCHxDY0vUiWhSBVtSnoKaz6vZVFwRTcSgF8NY/I4PXz/aPnr7eP9vZevT5+fnxwcvDq4PXuq9evXg+OXpwcfc6e6BkdfrNNOf/5cPjd78qLk50XO8cvdoY7BwcHB8fbBwfb+/tH28cvhnvbw93j4fHw6Ojk1fbhZ+5OJXG+yf5s7+1371DAYXTH4Mt3qBoVd+phzs3+wfPX+/v7h4O93ZPXw+eHg4OT7dfbw/3tk8NXu0evjgbH2/t7J8Pj5wfP916dPN999Xrn6Plw++jwxfbx4eulO9K7NXKty5WpPMfVnS3fIs/q++X4N5aEUDtC4D+BJtcpj1zp6dYuNRF49O7Ht4tjDIl9kNKQo8Meef/Lj6dioqg2qkzAt3rBaN4jx0c/5gufSHJ89KPPa1gegb/RnVXJcRckgqvGVbo+zuvuoVqleibnmLNZMGWJzRLZ+fmbrUrRJmRGRapn9KodI0132d54eJDuj/f2kufD7efbBy92treHyYv9Md3evS89CWku6cQsRVI3dfw+poZtXfCcxcoyNBZ19c5rWoEmQkJ+E3OHNbVHOT6bHV3K17cH28PNgf3vxWDwEv7bHwwG/166M2a03jFcBf2KC3a60dKLHb54PniIxWLFtwdOJmi0LdOSJDTLLLsU5PzdqeOqhmVZrZw+xkZmUhvgK0Z2dA5x2OOaUGwC5QJXzqrqk18tjiOubZ+sNXZptGidMov2grtLQ3GOnrs21EL+fD7vuxt8/UTeF+HIKr8le24x5IoRB7TcyZDzhe8j+P6XH49r/XYeig/rssDgzSWa1Ku6GhesKzdNt+5Qs+XxmxnLMnmj3XKDNb+9t3/509Fba83vHOx2PH1ydLzE8+v9fn/5w16qZrvcVTtB7IxVmxYIVcJteMRxD3mh65HXleijWVJs7+2rpTvTMG3oOAPCX2KlYykzRkXXgl7hT2SS0dqy+MQ7u4hgU2k4UvucQp5cwrSelBmhIrrjrqjQ0P/K+dQEYSJRC2hdZ0ohWLa0ISvYJ3Pp3WtfdSuDTw9b7yDcLO2TM4Yb61qeRkmTcN/w8N1h1Qf6mfdjWubJqcBWV1RrPhWWc+gtk+lNWInV5u0aNnHcG3/of5qZPPsLzQqx6WHc5KneaNhXriN4pb5ncg6RZd2mOgvl1p2tg+K8aV3mKyU4rhuOWCA4Ny+kT1S+LoGeLvtug0qXJjNXlfZReg0dbPf1GraX9K28hjdBsmq5tgKvYbwXn7UHj9pr6MD903gN/W59z17DeE/+HF7Db7krD+01bOzOn8RruOQOxcb6d+c1dGtcqdfw/F7+wZZfsBIVUc38b+AfdNP/RndWZop2OwhdF9CHchDuvNjd3R3S8f7e871dtr09eD4esuF4d+/5eGd/d5jeEx8P4SC84Lk14PKi5S9zzqHH4CCM1vvFDsL7LvirOwjdYlfrrzpf2jPVYMkdLMBalv5k9xOZr4QFrLb/7bsS6obU7i16SVVQpX09Mvu9VHzKBc2cfdtBAf3tpTfbTbJqB8M7KPTJ/2ApGuEg/YJ/AdyV8TLvWqK5q919yIdSNPGXIX1OVPTVzXlRx1XRUT9Idw1bSGP6g3l+TNGkUbKczmTpTw8lOU+UDBWXVTLjhiFl0iyzho01ga85m1eWVZXw7w5BBDiJrk4QxX4vmbVYNysi8d1952zsf/fm00RJYTaZSBu18jbtcn4vmbKCJ6dpWEd1iWdMk6v4zXvkY1noV5j0enOxZJy4ul91iN8guLpam7sggzd0q8bEzlYeMyt1iJFTZrU/0AzDkNXNPrzn5RFuBXGGmxcVojRMbTqvDosw2bpiuzuevNie7Ow9fz7e2U3pPt1J2IvtF+mADdju8539JnpDK+Vvg+QwfQPV/nt/P9sXAQh1a+BORs6oLpUr4wAXfEKhZ11GoSCrQQf8Qraikwst9A0Gk8H+c0oHY/pisD1+HnGFUmUxR/jlw5s7uMEvH974/EdfatTFKMDJDeeUGeba4MPB++XDG92DNEj3pOdYFgdjxeCSNknlXFiSkEQnM5azXqiEUFAzc+9L4v14yxy01d6Adcq2v8Wmsl51V7weHlur173VMmeu8iwFfOZ0gcm6zkF+emZXu2VRaPGK12uzRQ8oQpYmVBkMo+KN/lMX9bNj45X+qEYNVuacSl+JY+RCe66oYItoOiJ8IczgPdGrQu3FzCXZ+vud2rnBLHPyk3eoAe40BLSUKmtUVW0MwTXW7NQM6p5z4zyePbuLQhrLCtUC8qdncN7q7zcGzxiFS4QFU1ymJC+1gUHGltclWZmytKPsAtrI8PCYkbVCTNcqP4d9fa1vv2vvUOEkYHRpbZpXxWIefFfOpDJR8VSLFDB5kJz+Moro38hirYGc0V9GaLTUS1J4oBu3cSdl9oAK2De723A6wVv9lgXCZUie2yPtLkRC4/dSs+rALiJfCRQHrWwcLsjI0rMdbwSxQ/C9wIF3Bc81UcxaR6DqWyNZedvBKzz1OqZxFZyOdPs6B3i5u7uzhdV6//fvP9aq9/7FyKK2e/5A/gl2cP0XkcsUKsdXfAZIXxPNmKhhtl0BLGqrIEI10lwKbqRV55EDyDFI7jQIgzGzrMYRTg/rk1MdkwKFYCvUbcYx7Ktwg8AwQX4robRQZTgC77JytFmzJVBOuKUbXgvDUtD051QHQHs1Od/ZHOSziMiOdsPPNfoqqNYR1Tx4XM4N37Aq+g0YzKpKKpxRM2vMHfFWh6C1BjgrqFwWV8xqwbG7u9PiHLu7OzWgrAm1WKWSABM4Ig41GAFe/MXFvbvWEOvRaw1ia8mu/w2yC+J5aeyAiGeBmvyo0AWtRUj7LpzQ6KIa+u4i2H3bGoW5WjDfuDThqV40GS4W1ZQwIhZWEoTlhangAdDxyZF7u1FQvtYBgoyZmTNWT2Ewc4m6akNAf+tqaZYFP5VKezyl0tBoWxURnMPoN/NEkDZrDbmLtyBHLzv1ToT3BrlV9yc8FYEjT0XgPqsI3ApTin9xw3foKDEENeeO/3xHlz5w3DU7SNRqKoUuEvAoqrdwc5Zd02BfOD9DvauEu2Rr6QNa6kC7OiiMHVdIst9wpp1E9ZWlSC6hWg1FFzFPvZnsHVFUEAr5Pk7hBmmtI/9wfo8SMH/a+n3fsnTfU9W+zqp9f/aCfd9Brb5vXabvqULfnRX6Hl1xvqe6fKhkXNKpdytGqgapvl1C4cAxvNpR9amVOXMF8shYyXkUU4yr7S2c40vP5JxYZiYg3OujzNDeLJG5VRaD7e6i7GUA1dvN99ARWGhU+RW4hputuSX8bOYbON1MmCsBqEJdC6hzOqGK14B69E7hhkyJ6OOyRh/Ntb6Vf/Aso1t7/QF5hrvxv8jR2S9uZ8j7czLcvhyisfOWJvaLf26Qw6LI2K9s/DdutvYHe/1hf7gXwHv2t58v3r7p4Ts/seRKbhDXvG5ruN0fkLdyzDO2Ndw7Ge4eOHRv7Q923b2NgHTdn9CcZ6vywr0/Jzg+eeZtJMXSGTU9krIxp6JHJoqxsU57ZM5FKud6o31ZF55swf3nCAG9L5iiUeFEryuCdeLzdUMqroI2Kje0fULSeSt/o9esia0rpgRblVrfWgPOFsDGVAQ6v+mE7PZ3+4PN4XB7c8oEUzxpQv8nMQlu2Gsfto92+qbN/WcTM15b/Vo76+dz5zlhwkjdI+W4FKa87QxTNeetM7zaVMEW8MvS43DQHzY55WpBbTQevUVyWu4e6VfXZSaYomOe+WZWTsX6R+uHm7Usq2TVBlrCvUM7piYtX4+/0nkdlrJURTJXYnhVBk/ceNeRhjVs4lxDWIhp4YWC3y9UpfWlnF1Q1h+OzdDd9dkkto6PQZDZuc5/OT/ZsH8Aw6MZPBgGrV6gho6hBbYir12Dno2aV7a6Nfp7SbOFnpZUpX38u5/IfOv3ORvPWFZsTeQl5BZkW1dCzjOWTpkdequ2wEtfsY/p/szk//k7DBQAqyOjeva/G51xY5+04h1vbb/o+n/W/LrW/nuPwgwdZYlXUSKxPlFIN65hQSdSVTymtjmVuhaHuyFNHe72Jtdab7XKGR794/x8WUxEED9a+djCaqNTXxulcPic11YTmqYcayOCsyCerevtG45Hcs2iypDAw7Ym9Hcg8+wvyTW7BD/zZQScvkwUo4al/zmCEuph2pi3coal4k8+FVJbznH0j5N4hf9t7e+pIDlN3p8TvCBBtvvD7f5+Lw7w1tHhUkg+nB3d434mE2UO4m+lB8Rz0ci3FhU04PqWrWkfjq4t6jgdJ8uiYMV1g3HFjjU8Oz3e8CE113u4qPLhuoUlwdBGn5zG0Yimi8lN4Ab1nss2XpvSY1nSn8+oueT60h4Bnm44Wm/SeBi9Reunx//t2KPN7cHwBbT0v0ehgNXWvD0kivluczcxmEjP6Xlug7nFOTd8Cj9UuPCbEag/bexLEzHdO5JM+eaYC/stGHbJlP9v+8ePAY/7w+E90GgJ73KlxI9zWK1EJ1R0k2pr8XYlw8HwoH8forDjC6b610ykclV3Ly/qjV1bAh5AIAhCuyItE3ScseUXJBXrW81ricVMMkk72/aun9thMFCqqJg6J+igP7Aa93DQH6BZCX/6qiQzRnKpDdHsmqk4C/GVVTG1G1FeW9vDGkmaaZ2D1xW4dpFJbjxScmYUTzR5hkWXyTUEearEZEwA/AQtbQvFr3nGpsyl+bv4gWEK7zts9FyN/WrUOBpgxwjj2temCoaFBi0YTwOYNtwlgEQW7AYloEP98qo6kO5m6qo0bbQ01b3+3v22mIlrriRUblnKqfmV9vokBuuuTadiQUJ6K1CJ26Ee+ZwdAtc8Vwyq2TyCLTIsL6R6TLtz4SC6a2PAC5hTUyKi/z/mnq25jVTp9+9XUN6HdbYslS9JNtmH/Sqxk6zO+nZiJzlPkfEMHrEeDSqGkazz60/RwAAzaEaDnK19cZU1dDc0TdNAXyRLU51sCUZx4O3XZq6S51sXW3L4x96awEH+Euu927vxsEfn/cuvZy/sZi+PxlRgQZduzPyScJBPXDzSIoM3vb1ztto7QHsXJKXVfE9J894fNJvtwRTIYxpaHstJrdVnjREkARLjGOPC+Ls4tASQsrhOxofaZ2sNwQC6srmzsgCDbezNkVtXWragJWKrAjIKpmiOC5yp+LqPk883t+Mrnh2gSZGM0T78IJUn+nIzUuHzBYN8UQ/UOWrxDBd1Iv/VjEllQEsTJiMYmpF8AXq/EoSjkiQgnNKyBT0hra8FK9ziAQTPS4QTzkplOK8Yz9MNIlos03FBSzHO2BLuLEZaFYG4tpWBuibbTlT1lPxA66Ke9aCFAe5OknugKMwmaAoDcPsohuReyjgVeiIQJxlWlckcFRDHwZYRL8kkNekgF0eSIb+he1VoDRfJjHH17ygxR2Z9H/letfE48zvgPjXe0LpQ2T2Uu9IFwoy/DCylPNdxFHIy4BIudHuo7k1NjsyO6fP68ofJqalnSN++epjvoZgZnZP/mhdVgxjntA7AWGAx+01feTYaz2mmjuS/IcEr4mNXY/HQMjexgPpn2juS360eMJwFiwt2gaziwE5FLDS+FtPaY5O8ddt1DguQBmejjTg4dZ3YJYNLCMQe06IU2B4fe/kEqWcVLDKwiKZGqJOcVamV31P5r9lGuFykOMUCh0X6Qn9VtkDigcJ50yZrwGk6hQZTg1K2TEhZqrOGkXBv1AAwXnAmJcI6TtnQP/Vl9NQtH+5jvQaR6+wTuPGqEavjToA4neOMBEjjOR3h+yQ9Oj4JakNLfSIxoMlZfYxWfDJToWXzJ/ROigk0YnnqrhLTIcm4cc0SYHKPnAUbd8qZQ8N00B6xu8nUA6rbD6a0xdJp0Np2/TjU5jiZ0YKAgtmKmAYYOwDb0nJPBdMttGk31LZUtYxvO3Gt9bUtHU4ya/R20/CaBvEbfZSy5BFkVSukM/N/YHmpb6gUWMhtNc9VBgXQRuqbXNfljHExVduCtYvMLq7ojWpltGG3rbuFAo97PoinRNTW5NbUDTPLYVgYJMi0DaSkxhlODTSds6AGUm1Abkc0npwO4kE/odursytp2KykdT7HkL6yJP/f6otnZaBuSwNt1ueo1umqC2MjuXI/t3L7h/ovgGRSPDBXWvW2IMGR0TWOgMrfg+Kp940PpzdunVlaGKOHJOV4Pdd5hX/ST7hYV7qVRx8L2XDCZXXygM2SvnlqPE/ZcNLbPvY+WI7AQ5Gd9jZdVo7vK5q3SbZntN69947enB0dvt3brjtXNwgouNfm4Y4kLCXBddDVl1JwIpLZ9p0xVJSrfbGuJfCxuie8IALeMbQc/un+FsBrv9fGnm+5WaTIlcJurWqBejWr1+lumWtyfMHSsNoZtJgdDiyYSpXfnlxJqgro8FhK1yxFXyZnbULyb7nAyfMNymJsE2NpS+XvSMz47bWJaXX5y86K2fk8nePFghaZbrv3y5aryOmx3kjmeNHuMvjjq9ewf1y/nb6FO88JpNQviXjeKbZ4N0x0ShY5W0M6k2clbPFuICwNQfJQ5c8+ZAfxBtI9dlAs4RptL9mw0bc7XYVXbzBal9vd5br+IYBXf7T7Sn2oDe0DFjcatAmQp23NTk1hTJ5IUgnnNRMFTE894r9Yzh4pHuFKsJSW8FBhh/8v9RWd6S9r5LZDzsm79/YkgMrdhXU/apSbbgV1u7G6YvLfJQZcqRlHTe2OwR7qDjjummGatOsqeQO5DziZ6egTlWCqdg7RpYB0JDWhkO2nrsivC7GUAnNRLbw7TaRSGcyVX0p9KSh0Ak08J0IOjOu3Kpg3KO5PVB4K9YP890A7P0DX4IYb5xBKXqpL78n1gblaAnGn6QHEl8HjldcluOoWJXAmzEKdu27BWVolYjgjwZuvXrsajTQT67F1kY0WF4/sz2XtgbzvUH7RQ9pxfBhIWcEaVtvhO7JQIl4VhSppEu6HSQE4mPqXz+c6CbM8qgA5La3Qky6mJxXfvjaIpfqtTnplxrfCZS3i+kiJKzEjhah9OlWCIqPWVrTIWWYV2d43+OGeYLEX1lY6ZL2OG/umXODRB3ipOGfZxlvcnGXjB5qTsZMrKMRj/WreFVngc959x4CMdDYDlaqMgvVdECRTtiNETtEQrpPVmeyCOsquQGOyFE+AtvF6oF48GmFcUmOvOBVE7x69fed4hf5zcW7zTHmut2oQ7B4EWQ9CM7xR9KTOXAUJ/Ow7ksTViAsoTeJJ8zavMVotbKYSvbueoP0LyFDLHkQ9119pKU+HRYoKsiL8xbiRPcsNXjWp/uQGph/V1BOtdpZW7kTwuSQC+nSnYaZP81zx0ZYGwWVLi7OFDdYtIHf2kqYVNo9nUuz8/EV9/IbiJRDJC3cynFX3OSlnjAk3c8ai4gtWklIlFoIN3OTRNaXTVa0yOTRH6GqlMF9gN6OdfjB3EcmOQloinBVM5UW+z8m8+Y5VL2IUNJg2SN+7PDc9rf33dR9aa9p9n0cz8OFwxC50C4QX1DGq7JJ2VkVH38xM1TMIkgjetyZXE6xqleojYTxVs1DnX9YFqDAnHs69FS0AZ86yvfrGrT1cSY1xtGfaZrSw7T2MNYxsIuEcWTOjaLUBtZSSkmaF1tKmCzcq0/vx4eGJh8Zpcnx4eNhe05Du1FufB45E6yF4KKmfB11pStOpMbpqoIOAaAy2kqHtodP9OOjgqFpX6dhdDdK8mmN4ec/XHkJlL5Ta8IP5Z5AeUvLLqOt6eGXgIg4ngi6pWE+3uq8Jbzs9QvoOZTm7h9jsVqh8q2aDcGr+m76B3HoodbppAJbLDhL9QKpvcJcA88IhAk3cTE7+sRNZSqFTo/JemW55Vo1dxu4GXXvMwABVPBDkUneWMlTsVOVbmntTzSEpBivlDKKrqwAVqV1VGje1W975b+x3AS4Auql+3fZZMPRmJ0qGakVn46hkZ5qbqqmjhWwdLSkQHirINAFDuYPDy5pVICAJXgh1RFK8g02GFcY+L5WfjYdKsJA6qU9M4Ox1Z1l3B3QkQ1N0B62O7g78vsGvx3dO7uoDdE8SLNe0VfQOBYmxKhROWvgigHlOwUlZD4A91IbRoBl2N8reedLp9+HRhDzNcFVCzhfIy8Ue3K7Xqxe2q0bnDV/VSh+j92s0w0ttjZXERiOq/VYbA4LMF7lK6EV8TelmMaQFSnE5u2eYp6X2hYOnpFFOMIeTz1/s3onoa1+ouJx7550ernHyiDNy2VQxmzWGxfSeFpivI8BEDk+uX0rCJ8WiErc0hjpj4oKlcYC39sF/AGBF8/Rro/rXtsCn0jgshnPrlHFegfC+A1fzG+GW7dsaCycw3V9EEsXss1aU3hBYYfNxDQFb0iROMC3oOSmyhkLdHkEkpySolpIL/FdDBw9HQYsYFJwuI3knIfmOoLFsl1++4uGy8qEQfH3KqkIMB30SHE+KBzYY8iOmecXjuOzARvLqI81JrC76SAucS0VSlYNhPzV21+2gJmlOJvNFTuoC4lEoQPnFzfNkviC8ZKrq+zlZkuFSNjFxIZHgi3cqY2AE5LVNfr092J9kHSlc57gUcpv8xFgaBXwzq0TKVkUcgvkuVsk5y1jxyX/QHwA5iYTTL2LxXY4ySWCDiVUDF/iJzqv5ta1mdU14QiIW1wVkVYwauwK9iZiuC1o8V/cVptsZZ0Lku6CJn4xLstIiFCGBFjhqDi7JSuWfjlo2l2QVZSldsrnchz5CtrsiGW4aX8IL5mCwqzzdYbRXeRo12iv9qiD37ahJusYRitxZHDtuv9ecLCmryl1PEgZPJLCOwz2n5fD1Gb++dllcGjZu+jRshJxee+/MA+AqHGdgXVf4muU0WUfw998P0bbsZ4LLCDDQADiW6A0cht/nLHm8dbO5bA2v0nZGyZOGje66tszUbUKU0WFQwFPAacwVjMEQO3k0K7CoeARhAxl5+rmBp5ThYALzuFuuuOue2NEJtojrparwqwoGxkm1whBrgmvwL2WkFerAx5iitzcRfb7FPCO78EwhiLq7UKDxRyUHPnrk6mF0h5FHz7YFj5psqPiB8xsCseMx42ePpPiQkyWO1sG3HBflnApBUr0hDF/usQyI3Xq+Mf5YRpqf6v0pDuw4DuwkDuxlHNirOLDXcWC/xoG96QT7vyaMeqQb+FQf405iH8+V04iq0UPbbjA6e5brGxR4XNTdKwf1e+DzsKFhnxQFM9ka107G0VbnkhkuCu/68Ye+7StqxtmOJtpdQb3r1854Y7c2EvVVEStqbBKz42ioH5tzlpV3JmwOsnEUxt3T+oQFOKH68GPlS49zcub7k+Us87yUIPVMzRQu9bKv45wssgBsWaj9sI/UIzoD90/1ScmG+t4wOku4MxEU5/na1NZrIOQEJzPtojJXN316fvaPv58cf/fwGb+ptl+T7NTx99cvv3f7Vr3wPQNgssmTaPQJalHdE3QYnM0cC5JO/4kuPqZPchphEXjoElYIznJYDFAE/YFwDgt6rGUIRmbcgFSdajEjukKUmDUWjOsKBPQpR3cOW+5cfRcIVlwk/pns2XWXotD0ZlAKC93i8lGJsmoFYanrhXIHM5ouNF4VDZEz7dasseIFhCSJuh421Ir1/YE9bDnLMpIG+GLiK6bZdtF+f49o1fk44KPqfGspbdoLTNjLIjAgpxDqTpOtaUxpXX3yNKeS8dqx8XNVCDon5q6qi/HFj/VJC2zujqJG+01xYryunyKZH5AiR62+CAxM4PLxR64zif+fvcpUeIhOdq7I6qim9k6yzwq04MT3QfMthaYLLCSk1dupMuGM+1zHYhAzsEiGL4kWxtr1roXp7/UiRLt7ETpufQHW6dJWRlHtJNO2Qs7oaPRqdHw0Onn18ujlyeHb4zej48NXR78eHR0fHY6OTt4enbx5efL67ejIplPdgiVGfmx+Nqth928mZy/qyKwkYVUhEC5LllDYgluMAYlqqlekEhX4Hv4FgwRwLF+qdXEzOQOrDlh4oPZzMGptabCGtyR8UDXktMuk+kny+M64CBoTianDvTWWnQoETh/XrEJ1UKLTYdtbuZxuJmflAeJkSclKr/8MPTT8ihLlX18qI0cXD9DxCbo+wCbR2VKxd0xsu+qSP2nhifI60Sjn+gP0sa7/V1dW2CBgTl83Fx30ui78K6Dn30h0kvP+Dgd6uGxd9+xiYNw6xYBsCGot4D9rJ1mqz3w6eRYp6+OHk0JLR7yZkA4b83ZOMpx4ITombHhT+JtqQEqk0kcyL6js9fhJJ9xmVFUEcWKCTKJ4wLW0VVAs/NhJ0KIifzUGWqTkyXoBr2b60HhXRyyPX08Fm/46ViFVOnIKLjaI2HBMDgcPi/6UWCrmaGzDfDqTRbWPaX14WwCd+EOBDD0UQiCdNBr3Uz3oG607MTdukHowN1p3Ys5ZNoQl3mVRT/avssQZmRLOWV/2OWgz1hDbINdXNYXrsdHT9ebtTg/+TZcHvVQ2AXbS887YPSS8tp1YQyfUHuQhkD4a+ji3NYHGEbMTvTqDDZDQ0OGwO1+mPXT1oHZadmOEA8NgjjTPGZ00whb2JkqGVBiqn5BnCvUMpw3Qj3/73aTZvBN3KEnBRsx+4068T/O8T6GFIr+bOP8XAAD//+OxySQ=" } diff --git a/winlogbeat/scripts/mage/update.go b/winlogbeat/scripts/mage/update.go index c83400af3ed..ddc3fee13b7 100644 --- a/winlogbeat/scripts/mage/update.go +++ b/winlogbeat/scripts/mage/update.go @@ -56,7 +56,12 @@ func (Update) Config() error { // Dashboards collects all the dashboards and generates index patterns. func (Update) Dashboards() error { mg.Deps(fb.FieldsYML) - return devtools.KibanaDashboards() + switch SelectLogic { + case devtools.XPackProject: + return devtools.KibanaDashboards(devtools.OSSBeatDir("module"), devtools.XPackBeatDir("module")) + default: + return devtools.KibanaDashboards(devtools.OSSBeatDir("module")) + } } // Fields updates all fields files (.go, .yml). diff --git a/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/01c54730-fee6-11e9-8405-516218e3d268.json b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/01c54730-fee6-11e9-8405-516218e3d268.json new file mode 100644 index 00000000000..94328a56ebb --- /dev/null +++ b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/01c54730-fee6-11e9-8405-516218e3d268.json @@ -0,0 +1,4158 @@ +{ + "objects": [ + { + "attributes": { + "description": "Uses Simple Metric Visualizations", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "22", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "22", + "panelRefName": "panel_0", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 22, + "i": "23", + "w": 22, + "x": 17, + "y": 0 + }, + "panelIndex": "23", + "panelRefName": "panel_1", + "title": "Group Management Actions [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "25", + "w": 9, + "x": 39, + "y": 0 + }, + "panelIndex": "25", + "panelRefName": "panel_2", + "title": "Event Codes [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 1": "rgb(247,251,255)", + "1 - 2": "rgb(198,219,239)", + "2 - 3": "rgb(107,174,214)", + "3 - 4": "rgb(33,113,181)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 21, + "i": "35", + "w": 26, + "x": 0, + "y": 22 + }, + "panelIndex": "35", + "panelRefName": "panel_3", + "title": "Actions performed over Groups [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "36", + "w": 9, + "x": 0, + "y": 52 + }, + "panelIndex": "36", + "panelRefName": "panel_4", + "title": "Group Creation Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "37", + "w": 9, + "x": 9, + "y": 52 + }, + "panelIndex": "37", + "panelRefName": "panel_5", + "title": "Group Changes Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "38", + "w": 9, + "x": 18, + "y": 52 + }, + "panelIndex": "38", + "panelRefName": "panel_6", + "title": "Group Deletion Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "39", + "w": 16, + "x": 0, + "y": 72 + }, + "panelIndex": "39", + "panelRefName": "panel_7", + "title": "Users Added to Group Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "40", + "w": 17, + "x": 16, + "y": 72 + }, + "panelIndex": "40", + "panelRefName": "panel_8", + "title": "Users Removed From Group Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "42", + "w": 15, + "x": 33, + "y": 72 + }, + "panelIndex": "42", + "panelRefName": "panel_9", + "title": "Group Membership Enumeration Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "43", + "w": 21, + "x": 27, + "y": 43 + }, + "panelIndex": "43", + "panelRefName": "panel_10", + "title": "Logon Details [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "44", + "w": 16, + "x": 0, + "y": 65 + }, + "panelIndex": "44", + "panelRefName": "panel_11", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "45", + "w": 9, + "x": 18, + "y": 43 + }, + "panelIndex": "45", + "panelRefName": "panel_12", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "46", + "w": 9, + "x": 0, + "y": 43 + }, + "panelIndex": "46", + "panelRefName": "panel_13", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 9, + "i": "47", + "w": 9, + "x": 9, + "y": 43 + }, + "panelIndex": "47", + "panelRefName": "panel_14", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "48", + "w": 17, + "x": 16, + "y": 65 + }, + "panelIndex": "48", + "panelRefName": "panel_15", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "49", + "w": 15, + "x": 33, + "y": 65 + }, + "panelIndex": "49", + "panelRefName": "panel_16", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 21, + "i": "50", + "w": 22, + "x": 26, + "y": 22 + }, + "panelIndex": "50", + "panelRefName": "panel_17", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 21, + "i": "51", + "w": 48, + "x": 0, + "y": 86 + }, + "panelIndex": "51", + "panelRefName": "panel_18", + "version": "7.3.1" + } + ], + "timeRestore": false, + "title": "[Winlogbeat Security] Group Management Events - Simple Metrics", + "version": 1 + }, + "id": "01c54730-fee6-11e9-8405-516218e3d268", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "6f0f2ea0-f414-11e9-8405-516218e3d268", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "b01aaea0-f415-11e9-8405-516218e3d268", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "11b5c0e0-f417-11e9-8405-516218e3d268", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b948eaf0-f49c-11e9-8405-516218e3d268", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "98884120-f49d-11e9-8405-516218e3d268", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "9e534190-f49d-11e9-8405-516218e3d268", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "bb9cf7a0-f49d-11e9-8405-516218e3d268", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "ce867840-f49e-11e9-8405-516218e3d268", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "fee83900-f49f-11e9-8405-516218e3d268", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "bc165210-f4b8-11e9-8405-516218e3d268", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "name": "panel_10", + "type": "search" + }, + { + "id": "a13bf640-fee8-11e9-8405-516218e3d268", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "5eeaafd0-fee7-11e9-8405-516218e3d268", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "f42f3b20-fee6-11e9-8405-516218e3d268", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "b5f38780-fee6-11e9-8405-516218e3d268", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "1b5f17d0-feea-11e9-8405-516218e3d268", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "0f2f5280-feeb-11e9-8405-516218e3d268", + "name": "panel_16", + "type": "visualization" + }, + { + "id": "24954800-fef0-11e9-8405-516218e3d268", + "name": "panel_17", + "type": "visualization" + }, + { + "id": "9066d5b0-fef2-11e9-8405-516218e3d268", + "name": "panel_18", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI0LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "# **Group Management Events**\n\n#### This dashboard shows information about Group Management Events collected by winlogbeat\n#\n#\n#\nEvent | Description|Event | Description\n-- | --|--|--\n|4727|A security-enabled global group was created.|4728|A member was added to a security-enabled global group.| \n|4729|A member was removed from a security-enabled global group.|4730|A security-enabled global group was deleted.| \n|4731|A security-enabled local group was created.|4732|A member was added to a security-enabled local group.|\n|4733|A member was removed from a security-enabled local group.|4734|A security-enabled local group was deleted.|\n|4735|A security-enabled local group was changed.|4737|A security-enabled global group was changed.|\n|4754|A security-enabled universal group was created.| 4755|A security-enabled universal group was changed.| \n|4756|A member was added to a security-enabled universal group.|4757|A member was removed from a security-enabled universal group.| \n|4758|A security-enabled universal group was deleted.| 4764|A group\\'s type was changed.|\n|4799|A security-enabled local group membership was enumerated.|", + "openLinksInNewTab": false + }, + "title": "Group Management Events [Winlogbeat Security]", + "type": "markdown" + } + }, + "id": "6f0f2ea0-f414-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4732", + "4733", + "4734", + "4735", + "4764", + "4799", + "4727", + "4737", + "4728", + "4729", + "4730", + "4754", + "4755", + "4756", + "4757", + "4758" + ], + "type": "phrases", + "value": "4731, 4732, 4733, 4734, 4735, 4764, 4799, 4727, 4737, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events - Event Actions - Donut [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Group Management Events - Event Actions - Donut [Winlogbeat Security]", + "type": "pie" + } + }, + "id": "b01aaea0-f415-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4727", + "4728", + "4729", + "4730", + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4754", + "4755", + "4756", + "4757", + "4758", + "4764", + "4799" + ], + "type": "phrases", + "value": "4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4737, 4754, 4755, 4756, 4757, 4758, 4764, 4799" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events - Event Actions - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Group Management Events - Event Actions - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "11b5c0e0-f417-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4727", + "4728", + "4729", + "4730", + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4754", + "4755", + "4756", + "4757", + "4758", + "4764", + "4799" + ], + "type": "phrases", + "value": "4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4737, 4754, 4755, 4756, 4757, 4758, 4764, 4799" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events - Groups vs Actions - Heatmap [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 1": "rgb(247,251,255)", + "1 - 2": "rgb(198,219,239)", + "2 - 3": "rgb(107,174,214)", + "3 - 4": "rgb(33,113,181)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 4, + "colorsRange": [], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": true + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Group Management Events - Groups vs Actions - Heatmap [Winlogbeat Security]", + "type": "heatmap" + } + }, + "id": "b948eaf0-f49c-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4727", + "4754" + ], + "type": "phrases", + "value": "4731, 4727, 4754" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Created - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Groups Created - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "98884120-f49d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI5LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4735", + "4737", + "4755" + ], + "type": "phrases", + "value": "4735, 4737, 4755" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Changes - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Group Changes - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "9e534190-f49d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4734", + "4730", + "4758" + ], + "type": "phrases", + "value": "4734, 4730, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Deleted - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Groups Deleted - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "bb9cf7a0-f49d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4732", + "4728", + "4756" + ], + "type": "phrases", + "value": "4732, 4728, 4756" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Added - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "winlog.event_data.MemberName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Performed by Logon ID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 4, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 5, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Added - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "ce867840-f49e-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4733", + "4729", + "4757" + ], + "type": "phrases", + "value": "4733, 4729, 4757" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Removed from Group - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "winlog.event_data.MemberName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Performed by Logon ID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 4, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 5, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Removed from Group - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "fee83900-f49f-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4799" + ], + "type": "phrases", + "value": "4799" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4799" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Enumeration [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Creator", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Creator LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Group Enumeration [Winlogbeat Security]", + "type": "table" + } + }, + "id": "bc165210-f4b8-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzM0LDFd" + }, + { + "attributes": { + "columns": [ + "user.name", + "source.domain", + "source.ip", + "winlog.logon.id", + "winlog.logon.type" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4624" + ], + "type": "phrases", + "value": "4624" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4624" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Logon Details [Winlogbeat Security]", + "version": 1 + }, + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4732", + "4728", + "4756" + ], + "type": "phrases", + "value": "4732, 4728, 4756" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Added - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Users Added to Groups" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Reds", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "Background", + "percentageMode": false, + "style": { + "bgColor": true, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Added - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "a13bf640-fee8-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzM2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4734", + "4730", + "4758" + ], + "type": "phrases", + "value": "4734, 4730, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Groups Deleted- Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Groups Deleted" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Greens", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "Background", + "percentageMode": false, + "style": { + "bgColor": true, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Groups Deleted- Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "5eeaafd0-fee7-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzM3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4727", + "4754" + ], + "type": "phrases", + "value": "4731, 4727, 4754" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Groups Created - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Groups Created" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Reds", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "Background", + "percentageMode": false, + "style": { + "bgColor": true, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Groups Created - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "f42f3b20-fee6-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzM4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4735", + "4737", + "4755", + "4764" + ], + "type": "phrases", + "value": "4735, 4737, 4755, 4764" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Groups Changes - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Groups Changed" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Greys", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "Background", + "percentageMode": false, + "style": { + "bgColor": true, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Groups Changes - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "b5f38780-fee6-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzM5LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4733", + "4727", + "4729" + ], + "type": "phrases", + "value": "4733, 4727, 4729" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Removed from Group - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Users Removed from Groups" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Greens", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "Background", + "percentageMode": false, + "style": { + "bgColor": true, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Removed from Group - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "1b5f17d0-feea-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzQwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4799" + }, + "type": "phrase", + "value": "4799" + }, + "query": { + "match": { + "event.code": { + "query": "4799", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Group Membership Enumeration - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Group Membership Enumerated" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Blues", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": true, + "labels": { + "show": true + }, + "metricColorMode": "Background", + "percentageMode": false, + "style": { + "bgColor": true, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Group Membership Enumeration - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "0f2f5280-feeb-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzQxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4764", + "4799", + "4727", + "4728", + "4729", + "4730", + "4754", + "4755", + "4756", + "4757", + "4758" + ], + "type": "phrases", + "value": "4731, 4732, 4733, 4734, 4735, 4737, 4764, 4799, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Group Management Action Distribution over Time [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-30d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-11-04T10:56:42.142Z", + "min": "2019-10-05T09:56:42.142Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H" + } + }, + "y": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Group Management Action Distribution over Time [Winlogbeat Security]", + "type": "histogram" + } + }, + "id": "24954800-fef0-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzQyLDFd" + }, + { + "attributes": { + "columns": [ + "event.action", + "group.name", + "group.domain", + "winlog.event_data.SubjectUserName", + "user.domain", + "host.name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4764", + "4799", + "4727", + "4728", + "4729", + "4730", + "4754", + "4755", + "4756", + "4757", + "4758" + ], + "type": "phrases", + "value": "4731, 4732, 4733, 4734, 4735, 4737, 4764, 4799, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Group Management Details - Search View [Winlogbeat Security]", + "version": 1 + }, + "id": "9066d5b0-fef2-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzQzLDFd" + } + ], + "version": "7.5.2" +} diff --git a/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/71f720f0-ff18-11e9-8405-516218e3d268.json b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/71f720f0-ff18-11e9-8405-516218e3d268.json new file mode 100644 index 00000000000..2245645c4c8 --- /dev/null +++ b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/71f720f0-ff18-11e9-8405-516218e3d268.json @@ -0,0 +1,4399 @@ +{ + "objects": [ + { + "attributes": { + "description": "Includes Visual Builder Metric Interval size 90 days", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "1", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 19, + "i": "2", + "w": 18, + "x": 17, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "User Management Actions [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 9, + "x": 0, + "y": 51 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Created Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "4", + "w": 13, + "x": 35, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Event Codes [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "5", + "w": 9, + "x": 9, + "y": 51 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Enabled Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "6", + "w": 9, + "x": 0, + "y": 74 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Disabled Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "7", + "w": 9, + "x": 18, + "y": 51 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Deleted Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 4": "rgb(247,252,245)", + "12 - 16": "rgb(35,139,69)", + "4 - 8": "rgb(199,233,192)", + "8 - 12": "rgb(116,196,118)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 25, + "i": "8", + "w": 48, + "x": 0, + "y": 19 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Actions performed over Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "9", + "w": 9, + "x": 18, + "y": 74 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "title": "Passwords Changes [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "15", + "w": 9, + "x": 9, + "y": 74 + }, + "panelIndex": "15", + "panelRefName": "panel_9", + "title": "Unlocked Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "16", + "w": 9, + "x": 18, + "y": 97 + }, + "panelIndex": "16", + "panelRefName": "panel_10", + "title": "Users Changes [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "20", + "w": 9, + "x": 0, + "y": 97 + }, + "panelIndex": "20", + "panelRefName": "panel_11", + "title": "Locked-out Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 23, + "i": "21", + "w": 21, + "x": 27, + "y": 44 + }, + "panelIndex": "21", + "panelRefName": "panel_12", + "title": "User Management Actions Distributions over Time [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 46, + "i": "22", + "w": 21, + "x": 27, + "y": 67 + }, + "panelIndex": "22", + "panelRefName": "panel_13", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "23", + "w": 48, + "x": 0, + "y": 113 + }, + "panelIndex": "23", + "panelRefName": "panel_14", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "24", + "w": 9, + "x": 0, + "y": 67 + }, + "panelIndex": "24", + "panelRefName": "panel_15", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "25", + "w": 9, + "x": 9, + "y": 44 + }, + "panelIndex": "25", + "panelRefName": "panel_16", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "26", + "w": 9, + "x": 18, + "y": 44 + }, + "panelIndex": "26", + "panelRefName": "panel_17", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "27", + "w": 9, + "x": 0, + "y": 44 + }, + "panelIndex": "27", + "panelRefName": "panel_18", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "28", + "w": 9, + "x": 9, + "y": 67 + }, + "panelIndex": "28", + "panelRefName": "panel_19", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "29", + "w": 9, + "x": 18, + "y": 67 + }, + "panelIndex": "29", + "panelRefName": "panel_20", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "30", + "w": 9, + "x": 0, + "y": 90 + }, + "panelIndex": "30", + "panelRefName": "panel_21", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "31", + "w": 9, + "x": 18, + "y": 90 + }, + "panelIndex": "31", + "panelRefName": "panel_22", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "32", + "w": 9, + "x": 9, + "y": 90 + }, + "panelIndex": "32", + "panelRefName": "panel_23", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "33", + "w": 9, + "x": 9, + "y": 97 + }, + "panelIndex": "33", + "panelRefName": "panel_24", + "version": "7.3.1" + } + ], + "timeRestore": false, + "title": "[Winlogbeat Security] User Management Events", + "version": 1 + }, + "id": "71f720f0-ff18-11e9-8405-516218e3d268", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "2dc6b820-b9e8-11e9-b6a2-c9b4015c4baf", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "833e0110-b9ec-11e9-b6a2-c9b4015c4baf", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5e7f0ed0-bcd2-11e9-b6a2-c9b4015c4baf", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b2cecf10-bcd3-11e9-b6a2-c9b4015c4baf", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0620c3d0-bcd4-11e9-b6a2-c9b4015c4baf", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "8f20c950-bcd4-11e9-b6a2-c9b4015c4baf", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "ee0319a0-bcd4-11e9-b6a2-c9b4015c4baf", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "dce77e60-bcd7-11e9-b6a2-c9b4015c4baf", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "da5ffe40-bcd9-11e9-b6a2-c9b4015c4baf", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "da2110c0-bcea-11e9-b6a2-c9b4015c4baf", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "abf96c10-bcea-11e9-b6a2-c9b4015c4baf", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "4ac8f5f0-bcfe-11e9-b6a2-c9b4015c4baf", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "8f723a10-bd97-11e9-b9c5-fddc96658612", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "name": "panel_13", + "type": "search" + }, + { + "id": "324686c0-fefb-11e9-8405-516218e3d268", + "name": "panel_14", + "type": "search" + }, + { + "id": "97c70300-ff1c-11e9-8405-516218e3d268", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "bf45dc50-ff1a-11e9-8405-516218e3d268", + "name": "panel_16", + "type": "visualization" + }, + { + "id": "7322f9f0-ff1c-11e9-8405-516218e3d268", + "name": "panel_17", + "type": "visualization" + }, + { + "id": "d3a5fec0-ff18-11e9-8405-516218e3d268", + "name": "panel_18", + "type": "visualization" + }, + { + "id": "1b6725f0-ff1d-11e9-8405-516218e3d268", + "name": "panel_19", + "type": "visualization" + }, + { + "id": "60301890-ff1d-11e9-8405-516218e3d268", + "name": "panel_20", + "type": "visualization" + }, + { + "id": "9dd22440-ff1d-11e9-8405-516218e3d268", + "name": "panel_21", + "type": "visualization" + }, + { + "id": "c9d959f0-ff1d-11e9-8405-516218e3d268", + "name": "panel_22", + "type": "visualization" + }, + { + "id": "1f271bc0-231a-11ea-8405-516218e3d268", + "name": "panel_23", + "type": "visualization" + }, + { + "id": "fa876300-231a-11ea-8405-516218e3d268", + "name": "panel_24", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzQ0LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Description [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "# **User Management Events**\n\n#### This dashboard shows information about User Management Events collected by winlogbeat\n#\n#\n#\nEvent | Description\n-- | --\n4720 | A user account was created\n4722 | A user account was enabled\n4723 | An attempt was made to change an account's password\n4724 | An attempt was made to reset an account's password\n4725 | An user account was disabled\n4726 | An user account was deleted\n4738 | An user account was changed\n4740 | An user account was locked out\n4767 | An account was unlocked\n4781 | The name of an account was changed", + "openLinksInNewTab": false + }, + "title": "User Management Events - Description [Winlogbeat Security]", + "type": "markdown" + } + }, + "id": "2dc6b820-b9e8-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzcxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4765", + "4766", + "4767", + "4780", + "4781", + "4794", + "5376", + "5377" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4765, 4766, 4767, 4780, 4781, 4794, 5376, 5377" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4765" + } + }, + { + "match_phrase": { + "event.code": "4766" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4780" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4794" + } + }, + { + "match_phrase": { + "event.code": "5376" + } + }, + { + "match_phrase": { + "event.code": "5377" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Event Actions - Donut [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "User Management Events - Event Actions - Donut [Winlogbeat Security]", + "type": "pie" + } + }, + "id": "833e0110-b9ec-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzcyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4720" + }, + "type": "phrase", + "value": "4720" + }, + "query": { + "match": { + "event.code": { + "query": "4720", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Created - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Created User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Created - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "5e7f0ed0-bcd2-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzczLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4765", + "4766", + "4767", + "4780", + "4781", + "4794", + "5376", + "5377" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4765, 4766, 4767, 4780, 4781, 4794, 5376, 5377" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4765" + } + }, + { + "match_phrase": { + "event.code": "4766" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4780" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4794" + } + }, + { + "match_phrase": { + "event.code": "5376" + } + }, + { + "match_phrase": { + "event.code": "5377" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Event Actions - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Short Description", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "User Management Events - Event Actions - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "b2cecf10-bcd3-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc0LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4722" + }, + "type": "phrase", + "value": "4722" + }, + "query": { + "match": { + "event.code": { + "query": "4722", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Enabled - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Enabled User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Enabled - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "0620c3d0-bcd4-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4725" + }, + "type": "phrase", + "value": "4725" + }, + "query": { + "match": { + "event.code": { + "query": "4725", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Disabled - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Disabled User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Disabled - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "8f20c950-bcd4-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4726" + }, + "type": "phrase", + "value": "4726" + }, + "query": { + "match": { + "event.code": { + "query": "4726", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Deleted - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Deleted User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Deleted - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "ee0319a0-bcd4-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4765", + "4766", + "4767", + "4780", + "4781", + "4794", + "5376", + "5377" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4765, 4766, 4767, 4780, 4781, 4794, 5376, 5377" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4765" + } + }, + { + "match_phrase": { + "event.code": "4766" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4780" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4794" + } + }, + { + "match_phrase": { + "event.code": "5376" + } + }, + { + "match_phrase": { + "event.code": "5377" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Affected Users vs Actions - Heatmap [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 14": "rgb(247,251,255)", + "14 - 28": "rgb(198,219,239)", + "28 - 42": "rgb(107,174,214)", + "42 - 55": "rgb(33,113,181)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Operation", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 4, + "colorsRange": [], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": true + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "User Management Events - Affected Users vs Actions - Heatmap [Winlogbeat Security]", + "type": "heatmap" + } + }, + "id": "dce77e60-bcd7-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4723", + "4724" + ], + "type": "phrases", + "value": "4723, 4724" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Password Changes - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Password Change to", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Password Changes - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "da5ffe40-bcd9-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc5LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4767" + }, + "type": "phrase", + "value": "4767" + }, + "query": { + "match": { + "event.code": { + "query": "4767", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unlocked Users - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Unlocked User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer Logonid", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Unlocked Users - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "da2110c0-bcea-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4738" + }, + "type": "phrase", + "value": "4738" + }, + "query": { + "match": { + "event.code": { + "query": "4738", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Changes Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Changed User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Changes Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "abf96c10-bcea-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4740" + }, + "type": "phrase", + "value": "4740" + }, + "query": { + "match": { + "event.code": { + "query": "4740", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Locked Out - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Locked User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Locked Out - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "4ac8f5f0-bcfe-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4767", + "4781", + "4798" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4798" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Event Distribution in time [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-45d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "filters", + "format": {}, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-11-04T14:10:39.628Z", + "min": "2019-09-20T13:10:39.628Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H" + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Event Distribution in time [Winlogbeat Security]", + "type": "histogram" + } + }, + "id": "8f723a10-bd97-11e9-b9c5-fddc96658612", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkxLDFd" + }, + { + "attributes": { + "columns": [ + "user.name", + "source.domain", + "source.ip", + "winlog.logon.id", + "winlog.logon.type" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4624" + ], + "type": "phrases", + "value": "4624" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4624" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Logon Details [Winlogbeat Security]", + "version": 1 + }, + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkyLDFd" + }, + { + "attributes": { + "columns": [ + "event.action", + "winlog.event_data.TargetUserName", + "user.domain", + "winlog.event_data.SubjectUserName", + "winlog.event_data.SubjectDomainName", + "winlog.logon.id", + "related.user" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4767", + "4781" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "User management Details - Search [Winlogbeat Security]", + "version": 1 + }, + "id": "324686c0-fefb-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Disabled - VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(219,223,0,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4725\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Disabled", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Disabled - VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "97c70300-ff1c-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzYwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Enabled - VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(251,158,0,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4722\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Enabled", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Enabled - VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "bf45dc50-ff1a-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzYxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Deleted - VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(176,188,0,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4726\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Deleted", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Deleted - VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "7322f9f0-ff1c-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzYyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Created - VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(159,5,0,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4720\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Created", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Created - VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "d3a5fec0-ff18-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzYzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Unlocks - VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(254,146,0,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4767\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Unlocks", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Unlocks - VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "1b6725f0-ff1d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzY0LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Password Changes - VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(22,165,165,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4723\" OR event.code: \"4724\"" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Password Changes/Reset", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Password Changes - VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "60301890-ff1d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzY1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users locked Out - VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(51,51,51,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4740\"" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Locked Out", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users locked Out - VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "9dd22440-ff1d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzY2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Changes VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(179,179,179,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4738\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Changes", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Changes VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "c9d959f0-ff1d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzY3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Users Renamed VB Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "8d597960-ff18-11e9-8249-2371c695f3b0", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(171,20,158,1)", + "id": "a3f59730-ff18-11e9-8249-2371c695f3b0", + "operator": "gte", + "value": 1 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code: \"4781\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Renamed", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Renamed VB Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "1f271bc0-231a-11ea-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:01.724Z", + "version": "WzY4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4781" + }, + "type": "phrase", + "value": "4781" + }, + "query": { + "match": { + "event.code": { + "query": "4781", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Renamed - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Old User Name", + "field": "winlog.event_data.OldTargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Renamed - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "fa876300-231a-11ea-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzk1LDFd" + } + ], + "version": "7.5.2" +} diff --git a/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/8223bed0-b9e9-11e9-b6a2-c9b4015c4baf.json b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/8223bed0-b9e9-11e9-b6a2-c9b4015c4baf.json new file mode 100644 index 00000000000..5e7bc0d2665 --- /dev/null +++ b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/8223bed0-b9e9-11e9-b6a2-c9b4015c4baf.json @@ -0,0 +1,4742 @@ +{ + "objects": [ + { + "attributes": { + "description": "Uses Simple Metric Visualizations", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "1", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 19, + "i": "2", + "w": 18, + "x": 17, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "User Management Actions [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "3", + "w": 9, + "x": 0, + "y": 44 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Created Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "4", + "w": 13, + "x": 35, + "y": 0 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Event Codes [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "5", + "w": 9, + "x": 9, + "y": 44 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Enabled Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "6", + "w": 9, + "x": 0, + "y": 66 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Disabled Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "7", + "w": 9, + "x": 18, + "y": 44 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Deleted Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 4": "rgb(247,252,245)", + "12 - 16": "rgb(35,139,69)", + "4 - 8": "rgb(199,233,192)", + "8 - 12": "rgb(116,196,118)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 20, + "i": "8", + "w": 48, + "x": 0, + "y": 19 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Actions performed over Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "9", + "w": 9, + "x": 18, + "y": 66 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "title": "Passwords Changes [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "10", + "w": 9, + "x": 0, + "y": 39 + }, + "panelIndex": "10", + "panelRefName": "panel_9", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "11", + "w": 9, + "x": 9, + "y": 39 + }, + "panelIndex": "11", + "panelRefName": "panel_10", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 5, + "i": "12", + "w": 9, + "x": 18, + "y": 39 + }, + "panelIndex": "12", + "panelRefName": "panel_11", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "13", + "w": 9, + "x": 0, + "y": 60 + }, + "panelIndex": "13", + "panelRefName": "panel_12", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "14", + "w": 9, + "x": 18, + "y": 60 + }, + "panelIndex": "14", + "panelRefName": "panel_13", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "15", + "w": 9, + "x": 9, + "y": 66 + }, + "panelIndex": "15", + "panelRefName": "panel_14", + "title": "Unlocked Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "16", + "w": 9, + "x": 18, + "y": 88 + }, + "panelIndex": "16", + "panelRefName": "panel_15", + "title": "Users Changes [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "17", + "w": 9, + "x": 0, + "y": 82 + }, + "panelIndex": "17", + "panelRefName": "panel_16", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "18", + "w": 9, + "x": 9, + "y": 60 + }, + "panelIndex": "18", + "panelRefName": "panel_17", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "19", + "w": 9, + "x": 18, + "y": 82 + }, + "panelIndex": "19", + "panelRefName": "panel_18", + "title": "", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "20", + "w": 9, + "x": 0, + "y": 88 + }, + "panelIndex": "20", + "panelRefName": "panel_19", + "title": "Locked-out Users [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 27, + "i": "21", + "w": 20, + "x": 27, + "y": 39 + }, + "panelIndex": "21", + "panelRefName": "panel_20", + "title": "User Management Actions Distributions over Time [Winlogbeat Security]", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 38, + "i": "22", + "w": 21, + "x": 27, + "y": 66 + }, + "panelIndex": "22", + "panelRefName": "panel_21", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "23", + "w": 48, + "x": 0, + "y": 104 + }, + "panelIndex": "23", + "panelRefName": "panel_22", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 6, + "i": "24", + "w": 9, + "x": 9, + "y": 82 + }, + "panelIndex": "24", + "panelRefName": "panel_23", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 16, + "i": "25", + "w": 9, + "x": 9, + "y": 88 + }, + "panelIndex": "25", + "panelRefName": "panel_24", + "version": "7.3.1" + } + ], + "timeRestore": false, + "title": "[Winlogbeat Security] User Management Events - Simple Metric", + "version": 1 + }, + "id": "8223bed0-b9e9-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "2dc6b820-b9e8-11e9-b6a2-c9b4015c4baf", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "833e0110-b9ec-11e9-b6a2-c9b4015c4baf", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5e7f0ed0-bcd2-11e9-b6a2-c9b4015c4baf", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "b2cecf10-bcd3-11e9-b6a2-c9b4015c4baf", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "0620c3d0-bcd4-11e9-b6a2-c9b4015c4baf", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "8f20c950-bcd4-11e9-b6a2-c9b4015c4baf", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "ee0319a0-bcd4-11e9-b6a2-c9b4015c4baf", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "dce77e60-bcd7-11e9-b6a2-c9b4015c4baf", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "da5ffe40-bcd9-11e9-b6a2-c9b4015c4baf", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "102efd20-bcdd-11e9-b6a2-c9b4015c4baf", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "855957d0-bcdd-11e9-b6a2-c9b4015c4baf", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "c359b020-bcdd-11e9-b6a2-c9b4015c4baf", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "0cb2d940-bcde-11e9-b6a2-c9b4015c4baf", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "568a8130-bcde-11e9-b6a2-c9b4015c4baf", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "da2110c0-bcea-11e9-b6a2-c9b4015c4baf", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "abf96c10-bcea-11e9-b6a2-c9b4015c4baf", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "84502430-bce8-11e9-b6a2-c9b4015c4baf", + "name": "panel_16", + "type": "visualization" + }, + { + "id": "ab6f8d80-bce8-11e9-b6a2-c9b4015c4baf", + "name": "panel_17", + "type": "visualization" + }, + { + "id": "5d92b100-bce8-11e9-b6a2-c9b4015c4baf", + "name": "panel_18", + "type": "visualization" + }, + { + "id": "4ac8f5f0-bcfe-11e9-b6a2-c9b4015c4baf", + "name": "panel_19", + "type": "visualization" + }, + { + "id": "8f723a10-bd97-11e9-b9c5-fddc96658612", + "name": "panel_20", + "type": "visualization" + }, + { + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "name": "panel_21", + "type": "search" + }, + { + "id": "324686c0-fefb-11e9-8405-516218e3d268", + "name": "panel_22", + "type": "search" + }, + { + "id": "5e19ff80-231c-11ea-8405-516218e3d268", + "name": "panel_23", + "type": "visualization" + }, + { + "id": "fa876300-231a-11ea-8405-516218e3d268", + "name": "panel_24", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzcwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Description [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "# **User Management Events**\n\n#### This dashboard shows information about User Management Events collected by winlogbeat\n#\n#\n#\nEvent | Description\n-- | --\n4720 | A user account was created\n4722 | A user account was enabled\n4723 | An attempt was made to change an account's password\n4724 | An attempt was made to reset an account's password\n4725 | An user account was disabled\n4726 | An user account was deleted\n4738 | An user account was changed\n4740 | An user account was locked out\n4767 | An account was unlocked\n4781 | The name of an account was changed", + "openLinksInNewTab": false + }, + "title": "User Management Events - Description [Winlogbeat Security]", + "type": "markdown" + } + }, + "id": "2dc6b820-b9e8-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzcxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4765", + "4766", + "4767", + "4780", + "4781", + "4794", + "5376", + "5377" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4765, 4766, 4767, 4780, 4781, 4794, 5376, 5377" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4765" + } + }, + { + "match_phrase": { + "event.code": "4766" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4780" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4794" + } + }, + { + "match_phrase": { + "event.code": "5376" + } + }, + { + "match_phrase": { + "event.code": "5377" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Event Actions - Donut [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "User Management Events - Event Actions - Donut [Winlogbeat Security]", + "type": "pie" + } + }, + "id": "833e0110-b9ec-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzcyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4720" + }, + "type": "phrase", + "value": "4720" + }, + "query": { + "match": { + "event.code": { + "query": "4720", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Created - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Created User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Created - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "5e7f0ed0-bcd2-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzczLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4765", + "4766", + "4767", + "4780", + "4781", + "4794", + "5376", + "5377" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4765, 4766, 4767, 4780, 4781, 4794, 5376, 5377" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4765" + } + }, + { + "match_phrase": { + "event.code": "4766" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4780" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4794" + } + }, + { + "match_phrase": { + "event.code": "5376" + } + }, + { + "match_phrase": { + "event.code": "5377" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Event Actions - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Short Description", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "User Management Events - Event Actions - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "b2cecf10-bcd3-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc0LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4722" + }, + "type": "phrase", + "value": "4722" + }, + "query": { + "match": { + "event.code": { + "query": "4722", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Enabled - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Enabled User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Enabled - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "0620c3d0-bcd4-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4725" + }, + "type": "phrase", + "value": "4725" + }, + "query": { + "match": { + "event.code": { + "query": "4725", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Disabled - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Disabled User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Disabled - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "8f20c950-bcd4-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4726" + }, + "type": "phrase", + "value": "4726" + }, + "query": { + "match": { + "event.code": { + "query": "4726", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Deleted - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Deleted User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Deleted - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "ee0319a0-bcd4-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4765", + "4766", + "4767", + "4780", + "4781", + "4794", + "5376", + "5377" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4765, 4766, 4767, 4780, 4781, 4794, 5376, 5377" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4765" + } + }, + { + "match_phrase": { + "event.code": "4766" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4780" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4794" + } + }, + { + "match_phrase": { + "event.code": "5376" + } + }, + { + "match_phrase": { + "event.code": "5377" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "User Management Events - Affected Users vs Actions - Heatmap [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 14": "rgb(247,251,255)", + "14 - 28": "rgb(198,219,239)", + "28 - 42": "rgb(107,174,214)", + "42 - 55": "rgb(33,113,181)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Target User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Operation", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 4, + "colorsRange": [], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": true + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "User Management Events - Affected Users vs Actions - Heatmap [Winlogbeat Security]", + "type": "heatmap" + } + }, + "id": "dce77e60-bcd7-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4723", + "4724" + ], + "type": "phrases", + "value": "4723, 4724" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Password Changes - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Password Change to", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Password Changes - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "da5ffe40-bcd9-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzc5LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4720" + }, + "type": "phrase", + "value": "4720" + }, + "query": { + "match": { + "event.code": { + "query": "4720", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Created - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Users Created" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Created - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "102efd20-bcdd-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzgwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4722" + }, + "type": "phrase", + "value": "4722" + }, + "query": { + "match": { + "event.code": { + "query": "4722", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Enabled - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Users Enabled", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Enabled - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "855957d0-bcdd-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzgxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4726" + }, + "type": "phrase", + "value": "4726" + }, + "query": { + "match": { + "event.code": { + "query": "4726", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Deleted - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Deleted Users" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Deleted - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "c359b020-bcdd-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzgyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4725" + }, + "type": "phrase", + "value": "4725" + }, + "query": { + "match": { + "event.code": { + "query": "4725", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Disabled - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Disabled Users", + "field": "user.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Disabled - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "0cb2d940-bcde-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzgzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4723", + "4724" + ], + "type": "phrases", + "value": "4723, 4724" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Password Reset / Changes [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Password Changes" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Password Reset / Changes [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "568a8130-bcde-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg0LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4767" + }, + "type": "phrase", + "value": "4767" + }, + "query": { + "match": { + "event.code": { + "query": "4767", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unlocked Users - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Unlocked User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer Logonid", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Unlocked Users - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "da2110c0-bcea-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4738" + }, + "type": "phrase", + "value": "4738" + }, + "query": { + "match": { + "event.code": { + "query": "4738", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Changes Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Changed User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Changes Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "abf96c10-bcea-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4740" + ], + "type": "phrases", + "value": "4740" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4740" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Unlocks - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Users Locked Out" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Unlocks - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "84502430-bce8-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4767" + ], + "type": "phrases", + "value": "4767" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4767" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Unlocked Users - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Users Unlocks" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Unlocked Users - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "ab6f8d80-bce8-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4738" + ], + "type": "phrases", + "value": "4738" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4738" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Changes - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Changes in Users" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Changes - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "5d92b100-bce8-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzg5LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4740" + }, + "type": "phrase", + "value": "4740" + }, + "query": { + "match": { + "event.code": { + "query": "4740", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Locked Out - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Locked User", + "field": "winlog.event_data.TargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Locked Out - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "4ac8f5f0-bcfe-11e9-b6a2-c9b4015c4baf", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4767", + "4781", + "4798" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + }, + { + "match_phrase": { + "event.code": "4798" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Event Distribution in time [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-45d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "filters", + "format": {}, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-11-04T14:10:39.628Z", + "min": "2019-09-20T13:10:39.628Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H" + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Event Distribution in time [Winlogbeat Security]", + "type": "histogram" + } + }, + "id": "8f723a10-bd97-11e9-b9c5-fddc96658612", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkxLDFd" + }, + { + "attributes": { + "columns": [ + "user.name", + "source.domain", + "source.ip", + "winlog.logon.id", + "winlog.logon.type" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4624" + ], + "type": "phrases", + "value": "4624" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4624" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Logon Details [Winlogbeat Security]", + "version": 1 + }, + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkyLDFd" + }, + { + "attributes": { + "columns": [ + "event.action", + "winlog.event_data.TargetUserName", + "user.domain", + "winlog.event_data.SubjectUserName", + "winlog.event_data.SubjectDomainName", + "winlog.logon.id", + "related.user" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4720", + "4722", + "4723", + "4724", + "4725", + "4726", + "4738", + "4740", + "4767", + "4781" + ], + "type": "phrases", + "value": "4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4720" + } + }, + { + "match_phrase": { + "event.code": "4722" + } + }, + { + "match_phrase": { + "event.code": "4723" + } + }, + { + "match_phrase": { + "event.code": "4724" + } + }, + { + "match_phrase": { + "event.code": "4725" + } + }, + { + "match_phrase": { + "event.code": "4726" + } + }, + { + "match_phrase": { + "event.code": "4738" + } + }, + { + "match_phrase": { + "event.code": "4740" + } + }, + { + "match_phrase": { + "event.code": "4767" + } + }, + { + "match_phrase": { + "event.code": "4781" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "User management Details - Search [Winlogbeat Security]", + "version": 1 + }, + "id": "324686c0-fefb-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4781" + ], + "type": "phrases", + "value": "4781" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4781" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Renamed - Simple Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Renamed Users" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "dimensions": { + "metrics": [ + { + "accessor": 0, + "format": { + "id": "number", + "params": {} + }, + "type": "vis_dimension" + } + ] + }, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000, + "type": "range" + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 60, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Users Renamed - Simple Metric [Winlogbeat Security]", + "type": "metric" + } + }, + "id": "5e19ff80-231c-11ea-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzk0LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": { + "query": "4781" + }, + "type": "phrase", + "value": "4781" + }, + "query": { + "match": { + "event.code": { + "query": "4781", + "type": "phrase" + } + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Renamed - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Old User Name", + "field": "winlog.event_data.OldTargetUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performer LogonId", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Renamed - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "fa876300-231a-11ea-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "Wzk1LDFd" + } + ], + "version": "7.5.2" +} diff --git a/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/bb858830-f412-11e9-8405-516218e3d268.json b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/bb858830-f412-11e9-8405-516218e3d268.json new file mode 100644 index 00000000000..c252877a4ae --- /dev/null +++ b/x-pack/winlogbeat/module/security/_meta/kibana/7/dashboard/bb858830-f412-11e9-8405-516218e3d268.json @@ -0,0 +1,3857 @@ +{ + "objects": [ + { + "attributes": { + "description": "Includes Visual Builder Metric\nInterval size 90 days", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "22", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "22", + "panelRefName": "panel_0", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 20, + "i": "23", + "w": 21, + "x": 17, + "y": 0 + }, + "panelIndex": "23", + "panelRefName": "panel_1", + "title": "Group Managment Actions [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "25", + "w": 10, + "x": 38, + "y": 0 + }, + "panelIndex": "25", + "panelRefName": "panel_2", + "title": "Event Codes [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "29", + "w": 16, + "x": 0, + "y": 61 + }, + "panelIndex": "29", + "panelRefName": "panel_3", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "30", + "w": 9, + "x": 18, + "y": 41 + }, + "panelIndex": "30", + "panelRefName": "panel_4", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "31", + "w": 9, + "x": 0, + "y": 41 + }, + "panelIndex": "31", + "panelRefName": "panel_5", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "32", + "w": 9, + "x": 9, + "y": 41 + }, + "panelIndex": "32", + "panelRefName": "panel_6", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "33", + "w": 17, + "x": 16, + "y": 61 + }, + "panelIndex": "33", + "panelRefName": "panel_7", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 7, + "i": "34", + "w": 15, + "x": 33, + "y": 61 + }, + "panelIndex": "34", + "panelRefName": "panel_8", + "title": "", + "version": "7.3.1" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 1": "rgb(247,251,255)", + "1 - 2": "rgb(198,219,239)", + "2 - 3": "rgb(107,174,214)", + "3 - 4": "rgb(33,113,181)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 21, + "i": "35", + "w": 27, + "x": 0, + "y": 20 + }, + "panelIndex": "35", + "panelRefName": "panel_9", + "title": "Actions performed over Groups [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "36", + "w": 9, + "x": 0, + "y": 48 + }, + "panelIndex": "36", + "panelRefName": "panel_10", + "title": "Group Creation Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "37", + "w": 9, + "x": 9, + "y": 48 + }, + "panelIndex": "37", + "panelRefName": "panel_11", + "title": "Group Changes Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "38", + "w": 9, + "x": 18, + "y": 48 + }, + "panelIndex": "38", + "panelRefName": "panel_12", + "title": "Group Deletion Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "39", + "w": 16, + "x": 0, + "y": 68 + }, + "panelIndex": "39", + "panelRefName": "panel_13", + "title": "Users Added to Group Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "40", + "w": 17, + "x": 16, + "y": 68 + }, + "panelIndex": "40", + "panelRefName": "panel_14", + "title": "Users Removed From Group Summary [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "42", + "w": 15, + "x": 33, + "y": 68 + }, + "panelIndex": "42", + "panelRefName": "panel_15", + "title": "Group Enumeration - Table [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 20, + "i": "43", + "w": 21, + "x": 27, + "y": 41 + }, + "panelIndex": "43", + "panelRefName": "panel_16", + "title": "Logon Details [Winlogbeat Security]", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 21, + "i": "44", + "w": 21, + "x": 27, + "y": 20 + }, + "panelIndex": "44", + "panelRefName": "panel_17", + "version": "7.3.1" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 22, + "i": "45", + "w": 48, + "x": 0, + "y": 82 + }, + "panelIndex": "45", + "panelRefName": "panel_18", + "title": "Group Management Operations Details [Winlogbeat Security]", + "version": "7.3.1" + } + ], + "timeRestore": false, + "title": "[Winlogbeat Security] Group Management Events", + "version": 1 + }, + "id": "bb858830-f412-11e9-8405-516218e3d268", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "6f0f2ea0-f414-11e9-8405-516218e3d268", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "b01aaea0-f415-11e9-8405-516218e3d268", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "11b5c0e0-f417-11e9-8405-516218e3d268", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "ffebe440-f419-11e9-8405-516218e3d268", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "e22c6f40-f498-11e9-8405-516218e3d268", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "ee292bc0-f499-11e9-8405-516218e3d268", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "400b63e0-f49a-11e9-8405-516218e3d268", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "a5f664c0-f49a-11e9-8405-516218e3d268", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "546febc0-f49b-11e9-8405-516218e3d268", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "b948eaf0-f49c-11e9-8405-516218e3d268", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "98884120-f49d-11e9-8405-516218e3d268", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "9e534190-f49d-11e9-8405-516218e3d268", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "bb9cf7a0-f49d-11e9-8405-516218e3d268", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "ce867840-f49e-11e9-8405-516218e3d268", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "fee83900-f49f-11e9-8405-516218e3d268", + "name": "panel_14", + "type": "visualization" + }, + { + "id": "bc165210-f4b8-11e9-8405-516218e3d268", + "name": "panel_15", + "type": "visualization" + }, + { + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "name": "panel_16", + "type": "search" + }, + { + "id": "24954800-fef0-11e9-8405-516218e3d268", + "name": "panel_17", + "type": "visualization" + }, + { + "id": "9066d5b0-fef2-11e9-8405-516218e3d268", + "name": "panel_18", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2020-02-04T20:38:59.746Z", + "version": "WzQsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events - Description [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "# **Group Management Events**\n\n#### This dashboard shows information about Group Management Events collected by winlogbeat\n#\n#\n#\nEvent | Description|Event | Description\n-- | --|--|--\n|4727|A security-enabled global group was created.|4728|A member was added to a security-enabled global group.| \n|4729|A member was removed from a security-enabled global group.|4730|A security-enabled global group was deleted.| \n|4731|A security-enabled local group was created.|4732|A member was added to a security-enabled local group.|\n|4733|A member was removed from a security-enabled local group.|4734|A security-enabled local group was deleted.|\n|4735|A security-enabled local group was changed.|4737|A security-enabled global group was changed.|\n|4754|A security-enabled universal group was created.| 4755|A security-enabled universal group was changed.| \n|4756|A member was added to a security-enabled universal group.|4757|A member was removed from a security-enabled universal group.| \n|4758|A security-enabled universal group was deleted.| 4764|A group\\'s type was changed.|\n|4799|A security-enabled local group membership was enumerated.|", + "openLinksInNewTab": false + }, + "title": "Group Management Events - Description [Winlogbeat Security]", + "type": "markdown" + } + }, + "id": "6f0f2ea0-f414-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4732", + "4733", + "4734", + "4735", + "4764", + "4799", + "4727", + "4737", + "4728", + "4729", + "4730", + "4754", + "4755", + "4756", + "4757", + "4758" + ], + "type": "phrases", + "value": "4731, 4732, 4733, 4734, 4735, 4764, 4799, 4727, 4737, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events - Event Actions - Donut [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metric": { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + }, + "isDonut": true, + "labels": { + "last_level": true, + "show": true, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Group Management Events - Event Actions - Donut [Winlogbeat Security]", + "type": "pie" + } + }, + "id": "b01aaea0-f415-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4727", + "4728", + "4729", + "4730", + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4754", + "4755", + "4756", + "4757", + "4758", + "4764", + "4799" + ], + "type": "phrases", + "value": "4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4737, 4754, 4755, 4756, 4757, 4758, 4764, 4799" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events - Event Actions - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event Action", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Event Code", + "field": "event.code", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Group Management Events - Event Actions - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "11b5c0e0-f417-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Added - Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(128,137,0,1)", + "id": "bfcaced0-f419-11e9-928e-8f5fd2b6c66e", + "operator": "gt", + "value": 1 + }, + { + "background_color": "rgba(211,49,21,1)", + "id": "a7d935e0-f497-11e9-928e-8f5fd2b6c66e", + "operator": "gte", + "value": 3 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code:4732 OR event.code:4728 OR event.code:4756" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Added to Group", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Added - Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "ffebe440-f419-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:38:59.746Z", + "version": "WzgsMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Deleted - Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(200,201,197,1)", + "id": "bfcaced0-f419-11e9-928e-8f5fd2b6c66e", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(153,172,99,1)", + "id": "a7d935e0-f497-11e9-928e-8f5fd2b6c66e", + "operator": "gt", + "value": 0 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code:4734 OR event.code:4730 OR event.code:4758" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Groups Deleted", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Groups Deleted - Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "e22c6f40-f498-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:38:59.746Z", + "version": "WzksMV0=" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Created - Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(200,201,197,1)", + "id": "bfcaced0-f419-11e9-928e-8f5fd2b6c66e", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(244,78,59,1)", + "id": "a7d935e0-f497-11e9-928e-8f5fd2b6c66e", + "operator": "gt", + "value": 0 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code:4731 OR event.code:4727 OR event.code:\"4754\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Groups Created", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Groups Created - Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "ee292bc0-f499-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:38:59.746Z", + "version": "WzEwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Changed - Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(200,201,197,1)", + "id": "bfcaced0-f419-11e9-928e-8f5fd2b6c66e", + "operator": "lte", + "value": 0 + }, + { + "background_color": "rgba(252,196,0,1)", + "id": "a7d935e0-f497-11e9-928e-8f5fd2b6c66e", + "operator": "gt", + "value": 0 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code:4735 OR event.code:4737 OR event.code:\"4755\" OR event.code:\"4764\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "60d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Groups Changed", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Groups Changed - Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "400b63e0-f49a-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:38:59.746Z", + "version": "WzExLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Removed - Table [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(176,188,0,1)", + "id": "bfcaced0-f419-11e9-928e-8f5fd2b6c66e", + "operator": "gt", + "value": 0 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code:4733 OR event.code:4727 OR event.code:4729" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Users Removed from Group", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Users Removed - Table [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "a5f664c0-f49a-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:38:59.746Z", + "version": "WzEyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Enumeration - Metric [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "background_color": "rgba(159,5,0,1)", + "id": "bfcaced0-f419-11e9-928e-8f5fd2b6c66e", + "operator": "gt", + "value": 0 + } + ], + "default_index_pattern": "winlogbeat-*", + "default_timefield": "@timestamp", + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "event.code:4799" + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "90d", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Group Membership Enumeration", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "metric" + }, + "title": "Groups Enumeration - Metric [Winlogbeat Security]", + "type": "metrics" + } + }, + "id": "546febc0-f49b-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-02-04T20:38:59.746Z", + "version": "WzEzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4727", + "4728", + "4729", + "4730", + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4754", + "4755", + "4756", + "4757", + "4758", + "4764", + "4799" + ], + "type": "phrases", + "value": "4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4737, 4754, 4755, 4756, 4757, 4758, 4764, 4799" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Management Events - Groups vs Actions - Heatmap [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 1": "rgb(247,251,255)", + "1 - 2": "rgb(198,219,239)", + "2 - 3": "rgb(107,174,214)", + "3 - 4": "rgb(33,113,181)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "colorSchema": "Blues", + "colorsNumber": 4, + "colorsRange": [], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "enableHover": false, + "invertColors": false, + "legendPosition": "right", + "percentageMode": false, + "setColorRange": false, + "times": [], + "type": "heatmap", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "color": "black", + "overwriteColor": false, + "rotate": 0, + "show": true + }, + "scale": { + "defaultYExtents": false, + "type": "linear" + }, + "show": false, + "type": "value" + } + ] + }, + "title": "Group Management Events - Groups vs Actions - Heatmap [Winlogbeat Security]", + "type": "heatmap" + } + }, + "id": "b948eaf0-f49c-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4727", + "4754" + ], + "type": "phrases", + "value": "4731, 4727, 4754" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Created - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Groups Created - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "98884120-f49d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzI5LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4735", + "4737", + "4755" + ], + "type": "phrases", + "value": "4735, 4737, 4755" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Changes - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Group Changes - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "9e534190-f49d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4734", + "4730", + "4758" + ], + "type": "phrases", + "value": "4734, 4730, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Groups Deleted - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performer LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Groups Deleted - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "bb9cf7a0-f49d-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4732", + "4728", + "4756" + ], + "type": "phrases", + "value": "4732, 4728, 4756" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Added - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "winlog.event_data.MemberName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Performed by Logon ID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 4, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 5, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Added - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "ce867840-f49e-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4733", + "4729", + "4757" + ], + "type": "phrases", + "value": "4733, 4729, 4757" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Users Removed from Group - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "User", + "field": "winlog.event_data.MemberName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Performed by", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Performed by Logon ID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 4, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 5, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Users Removed from Group - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "fee83900-f49f-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzMzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4799" + ], + "type": "phrases", + "value": "4799" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4799" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Group Enumeration - Table [Winlogbeat Security]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Group", + "field": "group.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Domain", + "field": "group.domain", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Creator", + "field": "winlog.event_data.SubjectUserName", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Creator LogonID", + "field": "winlog.logon.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 3, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 4, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 5, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Group Enumeration - Table [Winlogbeat Security]", + "type": "table" + } + }, + "id": "bc165210-f4b8-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzM0LDFd" + }, + { + "attributes": { + "columns": [ + "user.name", + "source.domain", + "source.ip", + "winlog.logon.id", + "winlog.logon.type" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4624" + ], + "type": "phrases", + "value": "4624" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4624" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Logon Details [Winlogbeat Security]", + "version": 1 + }, + "id": "7e178c80-fee1-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:02.784Z", + "version": "WzkyLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4764", + "4799", + "4727", + "4728", + "4729", + "4730", + "4754", + "4755", + "4756", + "4757", + "4758" + ], + "type": "phrases", + "value": "4731, 4732, 4733, 4734, 4735, 4737, 4764, 4799, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Group Management Action Distribution over Time [Winlogbeat Security]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-30d", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + }, + { + "accessor": 2, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-11-04T10:56:42.142Z", + "min": "2019-10-05T09:56:42.142Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": "PT12H" + } + }, + "y": [ + { + "accessor": 3, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false + }, + "labels": { + "show": true + }, + "legendPosition": "bottom", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Group Management Action Distribution over Time [Winlogbeat Security]", + "type": "histogram" + } + }, + "id": "24954800-fef0-11e9-8405-516218e3d268", + "migrationVersion": { + "visualization": "7.4.2" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzQyLDFd" + }, + { + "attributes": { + "columns": [ + "event.action", + "group.name", + "group.domain", + "winlog.event_data.SubjectUserName", + "user.domain", + "host.name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.code", + "negate": false, + "params": [ + "4731", + "4732", + "4733", + "4734", + "4735", + "4737", + "4764", + "4799", + "4727", + "4728", + "4729", + "4730", + "4754", + "4755", + "4756", + "4757", + "4758" + ], + "type": "phrases", + "value": "4731, 4732, 4733, 4734, 4735, 4737, 4764, 4799, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "event.code": "4731" + } + }, + { + "match_phrase": { + "event.code": "4732" + } + }, + { + "match_phrase": { + "event.code": "4733" + } + }, + { + "match_phrase": { + "event.code": "4734" + } + }, + { + "match_phrase": { + "event.code": "4735" + } + }, + { + "match_phrase": { + "event.code": "4737" + } + }, + { + "match_phrase": { + "event.code": "4764" + } + }, + { + "match_phrase": { + "event.code": "4799" + } + }, + { + "match_phrase": { + "event.code": "4727" + } + }, + { + "match_phrase": { + "event.code": "4728" + } + }, + { + "match_phrase": { + "event.code": "4729" + } + }, + { + "match_phrase": { + "event.code": "4730" + } + }, + { + "match_phrase": { + "event.code": "4754" + } + }, + { + "match_phrase": { + "event.code": "4755" + } + }, + { + "match_phrase": { + "event.code": "4756" + } + }, + { + "match_phrase": { + "event.code": "4757" + } + }, + { + "match_phrase": { + "event.code": "4758" + } + } + ] + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Group Management Details - Search View [Winlogbeat Security]", + "version": 1 + }, + "id": "9066d5b0-fef2-11e9-8405-516218e3d268", + "migrationVersion": { + "search": "7.4.0" + }, + "references": [ + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "winlogbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-02-04T20:39:00.715Z", + "version": "WzQzLDFd" + } + ], + "version": "7.5.2" +}