diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 111d5373a617..20c3b4e56b63 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -141654,6 +141654,16 @@ type: integer -- +*`sophos.xg.fw_rule_type`*:: ++ +-- +Firewall Rule type which is applied on the traffic + + +type: keyword + +-- + *`sophos.xg.user_name`*:: + -- @@ -141910,6 +141920,16 @@ type: keyword ICMP code of ICMP traffic +type: keyword + +-- + +*`sophos.xg.victim`*:: ++ +-- +Target in which signature is classified + + type: keyword -- diff --git a/x-pack/filebeat/module/sophos/fields.go b/x-pack/filebeat/module/sophos/fields.go index b784d8fbff3b..958e032f1948 100644 --- a/x-pack/filebeat/module/sophos/fields.go +++ b/x-pack/filebeat/module/sophos/fields.go @@ -19,5 +19,5 @@ func init() { // AssetSophos returns asset data. // This is the base64 encoded zlib format compressed contents of module/sophos. func AssetSophos() string { - return "eJzsvd1yI7mVJ37vp8C/J+LfVY5qVVd1u2dd6/GGLKnd2ilVy5Kq27HhiAwQeUjCQgJZAJIU68rvsLczL+cn2cBHJvMDSVIkQKlmdybC0SWSBz8cAAcH5/MbdA+rd0iJci7UbxDSVDN4h75yf/jqNwjloIikpaaCv0N//A1CyH8bXYm8YvAbhKYUWK7e2c/M/32DOC7gHeKgl0Len1CuQU4xgRPz9+ZrCIkFyKWkGt4hLav2J3pVwjuDbSlk3vp7AE39fx9wAUhMkZ5DPTJqRkbLOUiwn2mJp1NK0BwrNAHgSEwUyAXkJ4MJSIUfgXYmRVW2/tpny5quhcUx6+AfJz82QGiI9SCFmnX+vnmEcZYP2H43p8p8D1GFKgU50gIRXOrKM1jiJSpAKTwz/8YaEVGAMpMW5vMeaYTeixk6ByJykOGJOFq0D2rf6dR0YQFcZ2ZqkQl7wIm571muLM+J4Bq4VuYAUK405rqGoYIYNS32AZhj3f9giI46TGYIhDVazimZI4wUKEUFR3OqFcLoA+hfqeagVL36J4Ot0UxWzUXFcsRhARJNoNl3JZYK0BVobKBhNJWiaA314r2YqdfXmNyDVi8H5M+pBKLZ6hXSHjdGN+CkgdvhvAXzJMhIBgtge3CSCd4/nx1OnkMpgWDtkeQwpRxyJDizsDSeMEAFLsOoCjXLoh2YDWt85c/55fkbtMCs8iee5sA1nVK/O+EBE42YmLn1koOFsLOjhrzfLfZ7ZjlKLDUlFcPS/t4v7MnozhiQ3munhHbGgPL4ThldksVx1+Tt/1uTzWtiRk2zIIcdXzH5e2Yn0l+WZ4NugfcResmhSVCikiTR3Xs421Kd/8OQKY01FMD1cwSHq5zqjDDcO8PPBB5wLVfPEdjc6FTPERjl+wFLqzHVkuP57rQc8D7SIy3bpgB5zDfUiF4Teme2vli/+w2agR4yUBIOe0X09JAB9S2viHEu9owjR+Iib5lNguxz7BpMMxL7UICDj2YfOYZaXXH6qYK1Gi2b+fs/rbqP2jPBibkcsBbP/WU7Im4WNK04bHP3zAxDp5Tg9nl+L2boYgFco1srnFHFc5DmCSLBC6rB1Kf0AXKkQBsinR93x1DjD5Z6EQa0D36wNIswIP2oRRlaAuPbl/bbmIN5PYInj+PBXKhE+mp7X/4klG6LSNbfkQp4Tvms/lCFtk3LhvTl8Jfus8EGPxpl7OX14nuE81waWTl23PvMHcxeiy+VuYsfUrP3h/972Wu4lV429OWCM6S1rWU5wmhGF8AbI9mXqwgYFu1nv0j7Asmfo/L3ZXg0Rg0aolxlEj4lWOu289AusJ33ZGW5fOGGRtf2IL3y1myN0d2qBETwUIJMAAHVc5Do4yXXb35AQqIfmcD6u7dogpXdRbWDbEpnlbSq35Z576PufsHztm7QdI/PCPYF8+uZSGVm2/Q6rkf+4g0MQi6xzJMpdS2J1pp2m5OX17909D2MJDDcX1KE1EppKPwl6mEbanNwO1U55pl/C0lnlGNW/6arrWzhQyr9a0NgxOX1Lz8EWODhDzhxOAsaREMux7h91ht1qDjue/vMAecgj+K7/skOhS7PD/GSOrxtZ6kls5+v9Fkb2RjJktvZcK1oXa4VLXtQzNPlTDAGRAv5JQpgw70niLkxe44qRBzrIDdIO4rqe9FXW9AGRj/DF19BJs9FVS2EssFuheBoshosGkISPlWgtCGoaFGylV8n82Uj6BFgMkeK5oBefIv0XFbo7e9+9xItsUIKgDejbODEs1Bed+CEKgVXkI4V5IvZFURUXDc2haqYOKFnjrIKUkAv8EQsoMUMyoORlbV4U1oCLkbPD/lits0TswpyWvX1tBiM+iqkOTaGBTpFVP+tevvtm98rJ9Jfl1aA1qD/NpjN38x78D1egURv0QUnuFQVc54V86R8lFwPUT/Q+RGIrQyN8t1b9G9muq/Qd9+hf0NESKMv21n4QV+h/5/p/26+SBXqMuWr4BJykcOzfevyJWQEMzbB5D6tBuzAcaHtscHavSsME4HnpaBc26eJhnCAs90cGUgpEsWnrfVBVQKhmFnEFqnSQhrNmq+c1mE+WGBGc7cxQqAQmoqK5+aGYWDBUz7zytHW4MXuiRhQjuEL9Mdhg9toZBVWTOD8udxzHg5S9DOgArSkJPDq8E/h9pftW9hd97UQNtc+1muNVkzrZTtBP4mlWZrhm5NyJKR5jGmB7gHKLUx7FjfeF8I0KQgolS1onuWpvK4XteSZAQeJtT3kueFg6124oFJXmJlHe8f2zgMmDlpQ8+y2vnLLDDcLf9Qvz5E00lpZg4plGpYz0M3XtnJCyURBT0/OCRcJt5kTMokraCj4L89r2+sNFEIDuvX7nUiwF+1kNSYozf/VjpgvwPHiR8pUyWjKyIZn/ZxXdKD2PwvdzMjchPvdnjpzB/i9Xu+6+tXir5D/Gh5GJ16mlD2Bj96Mah5H12en1173JZgb9tCiFLKv8SJ7RX5xYRDV8zB/fHRXlX2I26d7yJTafcpX65+sH+xOz7Ev8xP09nc/oKXlewGYI8xY2FZgjfpWTVrbj9ASJDiyWCMGWGkkeC9dpMvEJ1cTv2wmBs5qCret592vQuaWcTaqCcicCyZmq74jbkrlQItF6HeIzLHERDsmmkO9svit0ZyjivuYHtaxmY9m1MZO6HaO+pROhA2+S/uiKIySKXjtRpB4OSrTrGTtqZWYWI3V+Si4tzkIQipZU1Qa8xzLHHEhC8zo51B8r5BFkD+5j3LYm0WimgyupEcxaY26AfOa0SnYGQce+AqI4PmIgr1e7kzplHaWDROinIiiZKCDG2DUiIqtAq8l7YnBVr6Z1E+0kW/N2MHtPLaVuztzdPsVgut5pGVa56fGinlZRznlT8T4C56nYLsh+Vnw1NUWNohFM3qtYrrw2rs+hwciKtmJPkUaHrQ/fGgBUrXSKfJNcWCB9T10s60Ax5rmOk2PCJlDnu4e9EE2/ppSzYi1jlFH2jRfbPvXh7eVFMWJpVrZpHxFgGNJhVPri4pp+o2mIBEuS1Znv6yL1RSY41koNRchZt079XvRgXJYFaL6a4XEkjvPmMZF2bcMesRmNANxePq0QmROzetG5KBO0FWltH0mtYmaU4n1SFwu1rDnIm0UYNOpwb2AY2hCdpHrAR3vJExBAiduQ2CjWud0QXOj2dj9EBZkt7Ugu+sxLzzJh5LKo81wvZ7OF/RgdiLVbOUmq4zQM/qaAWU36GbbaMRFHzXhvDLSuJFnJ4Mhm3AyUcWWQMVAkTuUYsP/2EfFapCfKqiOtpXM7na7aC0fl1ghCyIf2TcW3JvYTI2oFHQYmkCmzQqd4PadFSmwllkCqGWWQnsuY4qiLtG30akm0JVat8jTPCF7z8fgHTO4Lh915+wrNrfJtX2cBesLolcNIbYhCJOBEh9DsVYVS+12GnlFiUoTUcBrh6F5vNiobDEd7BDMPQs6D8iRDQILkFSnTB3ZMLF6dJ8E2PLsbDL5pE1eHNQOdLd0k+liqFm/UwmETun64RPWbp0zZ6ymiteV00czBRagMTHSfJ0wUZuocu9kCeL2z+ZjLcIv3Vd6+yUoJPr51ofGUlUHBPTtanb8eoXGsiRVKRSNKDh22lv2Oc1zV2HKhvLXZ3e0Ck/FdJaudNEjRRGvCpCUPFYWBed2hCy2DRNrZ7I1J8OJJXe+B1NbAM+F9AGzG2cmJn9/guo1tWtXTP4OJPyONsDS54IP2G0k6GZgTtKnrFX31fBA+qx/L2a8lWuOm9hiLjTCaO4rXoQDaJmYZXWgypMI9XojPlqoH6NmSkf2/dmGW9my1FZ8hBV/wShZpT49G+TCtQXgq2dzthqRyxVLGTcdZuBNxcACC4tTwTU8pNZYG0CX3Nnr1vVQcZ4r8z/2UsWsBhQqALPlciZzzGeQcVimlgVjjktYtlz9VgnRWtJJpaElIYYx+spBN9p6+/oLiw5V4mjCruEco8nKVm5imn0I9uOLHJi2/hZ43NoMMMOwuuCgWsd8yQXIE3QLblEqBfIEz8CW8vaR7lMhawwD2jUZp7cT+3vkft+qWyEkmkixNJ/Vf/W6pnt2jdaTvsyvsdSxzXQN4dgWFX+mxCA79FhnSrC8URtTHSlRgncoprqLTznCDKRuoovkelD/N+fe8uKjVQTABiEFFOYcccG/kVCCfclsin6wz4ZjXjmkktIcmOa9YlfS6nGvqfOw1e6fwcyWVM+9suxkPTq3A05stglHgn8zE+a/N9wEVknJAopjwnnjljPwtQVgQIopMtJBU1An6HYtU/qNDdqZVWkQn7l0vkqZR4xLGXXBNrkXv57xGBFWKV1vSP+PwTLZn1BlVtLnRHv7hlF87afjKtDRtR93wsIveleWKZ1S9vW2h5dBeW5RIKyUINTaS81qBN+TdsHe03t4hzAq5ytFCWYop+r+FSql7YnyCoEmX4cVZSzxPrmXj7zoXZ6NxAVokAqVWNkqXsoWcnC1CIgoCiPFRMdpP0ytAU02qnvuPngqja+1hgkuJie+iSjKangGEywbRkvKc7H08bREcAKlftVEUowyYzDNacXYCn2qMHPGz1wUmHIvNXhrICZGrq621TOWurRh6kYlfE/5PeQ+F6gORMfKWqf8A8V88lUD7YTmmxaODapCJBV17dZNzizRB1DD+/n2qXD9XHrLK7odlutpnM4gC9pv7JTaxOrHtGjd/t+saX8XWdOeUpb+jDdT/tGO1hxjCXlFANWeIwib2xRIilkWuE2TXSK3dshabe7fj60L0Nwwo3YBIPdqr5IDMSzGfnRz0c2xmjcn1KiFgSzDisxd5G+dY9OkGZ7VlHolwsxEmmFOlCTmV82/h5mmyMhzjqiNuas4YYCl+ZMthLeG5hMIvbVT1omd270PTvhVwzpPz/rGIqKYUN7UzW5fWD5tVD7i9lpQWaljW/ra2ogFMG7xO46DNHAkztzoribjuKXUveCSm8Yb9jkr8+U5+uAkzQtfuAG5bns+6ddgexnWq50B+ils+S3z8+W5ZalPeWvExNB60PXIuTBAN4UTt4mMLFhSFX6kLtQqZS37rlfXJ2g7dWGjHZu7x/cRd41h/VkzMLo836rJxrLPbdFkDbC3PF9rtCfozOVn+nqnzH2wWZu1AGX3G2++8ua4SaWbzE2hm8uo4gyU44xwF8pSoAWWFE/YIAvQFWWgHJUMjwgCBVwlrY/SWdC2qupGPjGSymgYdX4hNet8+/ryuq9DI18y1lkUxvKy92wouHMu5NrT4kCiS67RLZ1xbIXFyBYthUxZvPbrgfwym/S61t2Erepo/9MAaZ1lu8tyEdg4H36+Q5QTVuVgxJnvVGt+foJeXDzgomTwDl07g4gja6X3SdguYj1zR/dtWuPU+moJI6Pq3qjce+B6RCpey4z5wV8NN1Tdb3C5aklnM5DpWtiFWfZL2xfgMVjtdC5BzQXLze5xb/WRTqMd1/sRLAtD37uXyi9unI7xsinGcXkeTiPZ2TtPRFFmR467sqviY69sG1dn31PV5BsDR3Cbnzq17WZEXpGxV5pXS58oaqyNvJGWQtrKA0au1/hGusRhmS+xfJoIvWFVfSNdsb+IzCRGSiO/MEIUoytM6nrKYeXWiKCjvmME/6ZWUOVmKeTemtGbWkvAKnpssNJYV7EU58YehSl7smeHGXwiHhDNX4/fX+ZmrY6B0CD6OCh87M6CQRE+uvU9lrj73mCTnw/77u1znVEuqlg+zlYeiZpFP1NGksY0Ogwsst9HJpy6MmNnS5wyZuQeUhUhoNS0YujCjI+IyEGZLVEX+w2/LCjP4SEyAxhVej/N80DZYge2TzFZg5iAtP7NAkvKbARPwILn/O98hrBl4jfmt8GZ8QT7UExccaEn0oj96OhFE89ZglSlT7p1EmbAMq8irAPi6wpPL0eSDJ2Za3gfpw4occpXE+TlbVXu2+ZDTLlCOWhMWcDIMBGVbv1uZGqCHT02s7bY4iaOzeIYv0g1FCVLFs1zinKYYu8C8pUvax++j9Y0WvECJMMrm8ilhb9c0YvAiTQf2Fe3/zVM6yxwZ6tXmurKFmZEwYmt3wbDgk2HHteoXqyWfYfg2EgTyCoiisKcpzTb6MxRR7QV7FtKsaC5s5/VVeQKUKOBULkg+zsaH28t+5GytdZI2nF5YdXgobRBT08j6+vR08r6v4vJnnanvaf3P8XEO2DCp6uk6QrnntuAYrfyt9eX6HKgULVhJKta67NLNiOImNjVZMPOoj6kH2MP87HVYeXeiYhsIvLUGV+DjLu+0uGxIINlRD2ax6+W4FwGR8g8b5mAfeqwC6Bt/CF0RvPGlTNixCtivxoHaeARbv54Sl4z77JKeU3V3b2vP7rqObUjygZrPACp2lYEF/o1gVB6a12FaVPgxhEMIUGreN41iDTZlXiBKcNDRwZqTOHI5ldOQcqRTgvuDO1j64/nd/OPlcIXgHIO2MGUfLiBorOTEYlIi2xS5fkqun2GFlnUPKAW3UrBfoXON1qp4lOUVESsctBLsctUdYyEBKra0auu5iqucqqbzLp1XTSPKNTYbp2x4UTJ2r2weZIuSiw2BxdHe5Wf/XKBXvhciV8qZnTlCWU2gcPGgV08lEKZb75E3wwNDbzvhbnnYsk7DyEFpLLFLBZd6iOdNgk+ggmuHxZ6Vme5f/CpSe9hhskKfRx9rjE6kfgpkvL9wB0WU44KTPlU4gI2hmOUWNquvenrJHSUy2s7LPogchccvS4L2Io6C4BCW7QvGypgGJHqhdStG/cBluinitun5JXIgaEXlC9OfvsKUUFeoYn5HzD/gzlmK0XVyW/D/kVNymzK8KBzfmwdqqvhn10jO6i1dVk5uaqbX4npxkINWiRF6v468TjrMggKpNnIQUCLIq7c7SH75epXLAHduQDg3/72l6tfT28ufvtbF3O7wBLT0T25FPI+Zsry1gP2az1g28M2agTDPLYS4XN24lYpaa4DTMx1sUrwhJkKCVxRElOAtExJCRAX8a0gAf9ALKLZEtNhc+KDrQO29nlsoub4xE5RV9Uk0aHQk1xpGTvz3eZrJzOIte/SaPdonfORzki6b7LLujHYQKXxySbrvBef72JITOmooameajJD7L5TDVYjCkyzn94TFsp71xN8vOHCgPf6/81w1LXK7Dr/PckWy1s2eg9kI8gn2Ry1H3cTPiGOELTVWdnWu/SFbiLa6yg7WyfzpTW7DXbuds90XbKaHsMfZpO+ppgyw+u6mMu1lxmX5+3cNluJyzwHNcwCJQzGowrrmOvMqIh7zGefwGsbbu2zj85EUVS8b4kaoOP7FW46FN0HeNB/hrBO3WBT+2nWh2K7xTz/kwh7zdbYNNZ0H8lwMLrhwB1wqlIlJVREixI91gveol9iyYdOh+cOXfGizEQqYXz74eoa/ezsqOug1DCQT0cNJbj9y3v0qQI5Uru1YjyT0K/UmTa4oWUQXaGbOuksGNbVaOkk4kXaJipitxEwRMu9DEfbqOqAc+xgunn8Bg2YYVkkWC1DNoF5AZcRE5AbolUerStth2bcalcd0jnWfa3wULoT4GReYBkrraShuyrxoH3xwd4nTAbhVFFoZvPoe4HANG4CVUN4OrOllhKQFZO/J6Ba4uidMFzFqejbyzrdMxr7wvGV2wowqmd00DzDxDZGiZ9+YmgrHvHx3iI8mZWL7/mDnke/3wnPiJZZrqLWXW9RN5T38zztQHjBcHSJwTPgM8ojJkUOSaeIjebZNFNLqkl0+cGzKRNLhYv4sStt2lwv0lFP4HUhPKM8pTihvARZTFbRAt4HtEtyn4b4ArMUe4WWWSmFFll8l5Slvvg+sxbH+LRZsrPJxCzLUzDbEI4f/0Z4VuCHTOtYZoMuYbOjGSS4FArKE4GmPB3okqmMTVgW2y3aof1tQuLRK4O3aMeuhdimHTurt037dwlp/5CQ9r8mpP3fEtL+fRraWpQMTyCFSGmox3+e8ayomFW+J6sE92RNvLxPoJcUFaOzokyjfRstE7NZ7CAkT5mmUEoUfCLxbSM8Uy4gMcEKKknSvCYN4TSvSbVSVZmgFynhTVp1kqeqFto8PeAhgQjRQpuHWSra9lmThHjF6QPHXCggCTbh4gfDlUSXwuIHUeo54DyBWU0UZUZYAhu2IZzASWLpyslKxzeLGsoqCeWyyhL4NIikmhLMEiQQqQzPgJNVxKirNm2O2eoz5JMUuBeZLQOahLIrB5MGtQusTUJ9MisXP6SxQatsQvXvkxQaIyqL2yuuR1iK6KJaJTnmlioQGT/LTTkbf7ReWy3CoOfOzh/fOOKIW7UvCXFXTT5eBbkW7SllkOINo7JpikWk05jJ2V3CKXQDldHSBilmSUQdLRff50qXg2L+kWgrSZLQZnQKKZ4xyhqaC8hptITRLm3K0+ySQuQVA0VECm574nSWQDaJUi2xjtrzv0U9FEEehbCEGVVa4viWkDXtBBqfhDIVq2UyXitbiVwmkq8uMt9t8QTUtQRcJFAkXSpQKtjplOvlXFCVuQ6z8amvsMRJNng+kggbg/LC9bePTZcqjXn0Pse50pNKxmoWWFMF1ysoBdUqOtb4enSdkxybrO3cMI3f7HrfSgObaM5wnsc+AzSP7VatSwcluItokREpRJGkKpEhnOCZRossTXCkr3iUgs3lffTyTKWKX7KUlqqUNDJRhjXVVfToM0Y5xCuxs6aqonbUaeja5Nv4Zi0mXNXTbMpE9Ou8IZ4g5N+8eaNLHUM0gcQxb+gEUKPHJjAxS7J1+SzJAS6FjC3Aikk1S3HMCqpICrFQqCQbNkUfCA7aFleKTje6DHcFoGNH/DmqscPx+HIZ+wWSJKNMuAbQ0V+iIr5mJCSdZYF+XAfTXXKQ8e+sMnNNeaOTjdqZek3WtXhNsskSJG76njixhYEnG1salJkzJEWHi5UyH2ZkHivPf0AaHkoa3RFQgixmEnM9qLkbg/IyCeH4V6+rRPbxY68LaATCUswyrMqIDQPapCWOTVUCZin0OwnE8sFVHU1EPD6TDeW4JVxblIXMEyCOb8hUCWzDytmGE8QDKIgdCOAaHid4nCj4FH8DhAq0RqOa4Cml6CyB4FVlbCubkiTFOZAkj65IK0lCVXEjENbxWmy1aVYqelXNBeGxEyWC3WIPJeqKdMaevp7p+NvKEY3v0Wt6esamuyqjV2ut8kmSOPRKsgR3YaVAZjmNnfWepG1F7RlKwQZNlMZFbGvwIqNcaTxNoBksqNQp1PBFyROUbtJCVjymmTVUFi1QUfS00gLdVBwNhm6iRxI2y/sFM5qjMwk51egMy9xXM1S2/HsYjuuclZBLYx1CLRnbRB/Z+gZEMBRK1WniIShPx7mLomRiBYPGglv5NxVVtKLeO+4xw0NnM7L9ziTM4AEVuF9oYe2L5bOq3wwkOUhGlW3OUI/ul94WUEKqKkshNRoWHkVoOccaUY1KCdOxrXBAWO5jmlCEGO9fHQ0ERLmv7D5SF5pRnrojfwuqGa2NUyEtZqDnIE/W31dzUQ1uNIQ4LEA27Yi0QCWWCtAVaGw7gruzihsWvHgvZur1tUt7fYnOfYuvV0jPA12KbDHgG/Ctjy1sjj6A/pVqDiq8zsNNnYR5U9uyuzlFdnA3WQVYkvkJ5TSIz/bcPUJ97Z74tL0wbDDEa4Yrbnv9zirbx7Uu4h4u4N6r175hTunLcTdzaopw+/7FI499sxBZxJym3Sqv2mHRHTxoeyrGzAXH6EY9IpDWjes+2A7VnI10vLTVcxO2A7f1cxVoJOFTBUpvKNq9f7Ty42vlO5XBtuVxozqJ3bdINXGnXXPKJkwOkfWNdf5uK7Srd8GZx+z9v72/oRns8rwWCnbs8N6wr4Z4QbyP3MLmcplgBciFazdo0OBUNavkf/E0eHnTCr5BLqQrXx9kI0JYIQVg253hzf2qJOYKkyO09x1UmHZDc6v2rjcNqaTtgLYJdAmyoE7dOBbo9ZCuMQddUAYzQAwWwBBWis64W7h1v/7w1rclmZ9QftvxN+z0yZN0ejbIKk4/VdBvk4jDh6+Fd7+Kift1Qak1Gpq7A0kE52BjK9CS6vmYoEAokBnSaOwS9kovevTTwrDTypPmimJiRglmyCAYefpYFE+Lzg410qbx6XhXzlcqDK8VzrYUvajW2Bc8ZhSrbC6SvwncI655rtleKuumRkYqtlvwhOsBIHdoDFp7p/lGLIQBlienTAnzEO+ct3PrLEc/+V+coFO+av41oK7tW15xjXB+QkRRVhpkWAwnMeObiaV7nn3VXwvbY7GzIFT/rXr77Zvfm7fveWs5ao59FYTt92kW12O2q+EGr0Cif21scuq1h2HBhU997Pyf9HuerzF3dv3G9dgzeHmbbPu63zDFjHOCPvx8d2HmDhKc8cTaS3OqiIQSc7IyWqVXz1g/FgRZDr1Cd1fv0CXX3719hS4/nF/89R36eMn1D9+jF8v5CnGgeg4SkblQvlWakBKItt9688P/+P9efh3kCOh5QhnX54eVqScFDrfjUYl33yOP+a3bi5c1qPARz58X6LZs2oJ8z4JxO1/wIbw9xXT9OvmFSl1hht6ffgiC/Sw4pLNl7bcz/pfgcBLmrYH7xYhQO5HtwtMuwXO8gzeswwxrWOInaJFud/c1Os1zae20bpeH4DRXLynKff2ch/pCLs+urt2tNOoeK7A6ovejY1Rymqq/u9HltYEyYv0yPNyzE0QUHpqxx3lYa2KZ6651XAHRgovznJovY7Z22LZ6+YfvuSNuAPMktAdc+BN+3t0CAyjrWOsket2uVxpGHzzCayF1I5IHQje3Dja7AFSvtktedWTeu/lQPqsvk3paV2OM5xB6Nx7LiuvR2ZcvVkoQalROZzca6DjIyGWJ+QxOmqcTEXxKZ5WEHE1Wlibw3EYNheVMuWfpgUHS6Ii2HBx0mqDeAYuo+7dTuKIbACQUQkPmI7vjxxnFZ23OVYYzF4qfgHSpZRri0wRbYpogW5ilOA6p6p+UCZiK86y2xKVTy/sveDOPk/5obWPCE2iwF3oOkoNGd6sSXqGP9TX23hrAvkPXtQFscBP8PKap1a16jqBMjDyNa9DeLv4KYcaCykS5/qINcMPSBuYtQJo7kHItkNL2MqccfbwcFSjEBsgmk1fRRbYhKsoEbd8MYQkqdkSvIZsgxcXdiLFD0a29PQFa11ohY8Bn0TtFWsxG+UiohY5ooE7lwazlgOGI2HCCKcLoRyGXWObDPt0Inc5ssJdE2Jz4BxtLNwG9BOBh1TNy1cTH+riFxqztqnNgkC0ZbyMjBjOk3Me52rCEgmojlnyLjfAUFwzzY/jxdzBQ1gEiLRPlYIJdk+Xak7IwL9iZfcB2b57YnkogtgrBIl49uN089lhqSiqGJbL1olEN4sXFw7v3Yiam03D3dyCZnkPy5e2AvTMDutPYwn1hcBu4p5WeA9c+WHwUtqpiVk7YLaDHDTkO/aMCOQpYVJqI43LaDzkO+LYiBJQawWwrj+9XHG2/wBOLCxkVdybkCgUSEwbYjiGcOhihh9FIJevgU6Xg5l4xciukHDY/RANFqTurRbx6dCP3JkauaqnNGWAU8mY+3g7T04cpR4rqKiA/kU0uAC+iPdU5VgjnojS3i54DlUgs+XrJHOM0fhBcFCNxtbYnh6KuRP1xlQij3FOeG/kjpGoYgNGPlAE69cBOBmzYxdjLm4m5MzkaMN7M/0nCFUZZcOujFuJyITTHACNi5rsfwAgXr3fr8zVic2I8IHQiUmYPBCY/gTleUFFZ7ZKIopSioCMRinBscBccT5hNIpuis83YKF80YichyD7CjtaJggA6CKM2l9kDYGD8Bl/q1W3dsuvzNrrt1mmWFdf9dLbYGn1u08Azss+zfictyN7HM+AgKamnZBliA/36oQVUz+1VG+rthjzYE/LmRGk57vys57RP2a0nm9PbzXPy6oUbK+G8gk/T5hGuaQHKyHWn7UkoYdSJ5FchWlGIrQthCw8euAxyx621T+3uJ9ta3+02pzeZitbkdOepeYPxthkO5mZnvBYIOwiDL3d2b7fOTh517dxBizI3uX3lotVSPY4A2SLHGwHy5W7H77YvWazWBsdZst3kozyqBIl5xnaQH0fdjjHnNtiMjVJvU9B6duromTuVnmcF6Ll4Ai8J7liSkYPhvza64LaWkhRJrU4bvDo3gnl7rQGyYV8msoT89eR3336LXrw/P71+ic6p0pTPKqrmkNtU+CAWJmYieV2gTZ4wGy07dTj8MtsvjkSMSZHYqrgp/9OsaghBc2KsRT5a0+fHHBdiw/6bvN+W4c9iCvlMMQ+VSV9HimEWqzpdbyI3OKeVciMgIZGiBWVYOvFkxKY5Q8Te6+H0KnvOFc2PWWmkHSn/0WyE2orYq4u5PuTp8ixO+aazbt0aPtOwZf/1RiL7yWAveMMNtNIy8rApU8iUgQEDl41ltZAzzOnnDVHVPN1W2JXZe3C6vadG2D2lMphLmqjqz49mOHtbuBJfrnZRJ6r5J8BMzwmWgEoJuSgox8GEu5Z4usaaAtdqa3g8w8ec7Xv8pJN1pR+hTLRxzdH52giuEkttiyGtp7pZrB6x2JEXNrtI1CnkILGGPIsWVLZhfxjh82M9YuM8u5ZiQfOmeJj/Hi5L5jXVwcbwxX/MtdbVacMKznqSND/SLJshfa0/vRqZZrB5qI2cXFDnPZ/3FfeREnCN0hmzKfhjNU94sDpT60etTOhZYKJOR7UaK1ZIaSGdxDfUCtDYjva1/daJ+dbX4dkXNM8ZHE/KXdnxdpVzgeVtyb295FzdHuM40732o7UqDPFV7Z19hUqGzZKZ+1lIBJzIVTlm5behkEd4T+4QQSebt+VPQml0hcmc8pEnXY4TSY6v+rz+yG2kfynBiA+jH7kiZ+oEvc9xiX6x/3D6US64yzv92/DyRHO8AKM5McASfapArpCtQahKwRXUGlU4OdXMN7O/OY689DXwiKEsaV0Fkrvpu7p84zjrKR0B6noD3fjiqLsitV2e0hrM+nu8Li3dKWJk3ob+4qUKyYrz4DtWvWpuHud5dmWkRnLsPMXMvzDTLwRGS8pzsVRIlUDolBLzyatQnqCPkx0eEDM9h3cdc4Ne2IqwwMn6GrKuy5ctbqGK23v8PcwwWaGPqlv4tvHAFv1E2ujRtWaEIzzYR2779lPLQrG5anaTmRtxwPGmDkAg+7+TaWrTeYbs6047vUI9Vp3XqdeBGdsZBjea/80ekz1OXO/YVH2Erze917Luwk59vArocDbHMdg1DoPu2qwDMt0yDFYoXJBie/KzTRuI2RJwNMPNTjmHKeXeVm+Fk63qV+BypOigRbdXolgibGsDTE/9iy0YG5tt6rn7WkojtSkbG7bWmMyLI5fAX49qGY4Gr6P2ciRp8jKhPF4Hsahnw0zZJhWmvTwDQqqdtmOXxZXRXqf3B7p2DlCnvfu2oC6xrPeU+fOr9VSWczoopY7M6TBvWRf8vtP0dPSeJa6shZCrdAv+B1Vi/setFWNqIN0q6rV6HrqaDFv+8NpS3zK3J1OJBrOq661vntXoLsiAaynKfURHLqrJwLiw0x73Y5rXNmxJR7AYXXbHcc/hmShKzFfNebTHzrbTd++VBUhzDWWUT0VYKcDqPnWO0Bb50XtF1siWkLYq+vRTqhiBHyvGVugvFWZ0SiFH5zbv2RkHg1CWMMmIEPf0iZzuv8IEufHX72fMxrT56NVm1+7wstJW5d6zhen2s37TDOG77HhztLPJn6C7VemmvrYcGOa4FRxfPAnTLGox2R5sg8EZIuTXKlS2tg/mGKa6RrnsonOWxVLI2tpvXcw370eWvFUrJ/J2qnlRpu1DtIEVZuStlvsaphQikSbSBWXGMeuBSqzDpknCM6xievtbhKVPp49MuZIs4jK3qEZcleYxmlUyljWkRVOBzPAs3ptyTTr69dQlHTX8sUva7/oEggUeNHCrWsV/nBj60XZzo+jNJfRCZWJrVG6IY+QSdmTunR3Wqlev/X+feQiv/X/4uKaQ2R8zkOHoPD+dJ/Seu8m0nefW4tpqtTaYTu4bopknFeVTkHLE7zqc91Hm1Vb8t7I+aJ49Asi6LvG0tQyBI2Xd2iLpkQoMcbTtd+H89mbb3dkIYtn+07/DMEBrvOEnLecgj2OPMDq7j3h6cWZbP75EZ3b8MDSQ+kjFUkb4fAbSN/+EThTmhuK8kNR13GJka8HNoF+rVqXojStNP+9rlXx8aZTwaqNb+jlsraH3iWTK5b9fIA4zoalbwHKO1UgHKEWOXVaotZRu8PHmgmapk3WAGgS49PZYXTi9zr8JB6QoOjtGRkW3vlHT9fButNGykSZUqSq60mkp22CpdNa6w3woFiFImdQGOliUtvS8MIOjW+uc3iSdjhIh0VQG917kF7c2tHPzZdSSnvuBfLz03IBxXIQqxbJFyhu971L1huwgmDwzWw9X0cs0qlSE6T34F3Wi4gZfrduVtC8kK1u/R8r664REl7en/351ja7NPYV+5iPdV9ZoE2VS74P2binCaK0YInMg92ovI/JuQjhtDbJQ07mmXmdTIsyGgfoWhGspuEHLBUkHRSGfQMl1OJqqIKOPBotZY10drcNnG+UCM5q7jRgA0ReER6tqvUkQWo7dw0r1xXaknV8HkEamPde6VBm1PWiTkLZLmYIhBD+D00RnvM58EZLq1ZYTRURRJK0TtyNuh8MbhMIp+EsqgfVfmrFNLEuGeabUUzW8NSM7Gf6rn22doxVE61KNs1LQY4RVhwA7BMgisKDCrwHLVjLHnA8KZ6QuN+VHtUBGfLZHKtvcXCy+5+Gv708/+HvvdW/45kLRQvZt/9FrtlF1ny0Eq1Ix4LTu48x9n5umM3bdzrfiVCv0woFQL221DpvYW3fU7ZFHFnRwNqxKJM3ee6wfOdU+XOCkm3SwAGkjBaYVQ0RwAqU2D+Vbt4Yj5RWWy5TS1zHePNjrFtoGaCmkRsLw96c/nYZCcINsj73vhJwdP8Cyn2DQMbFOsCt2EiwU8+eLn68vr9EVfigoz5u23uFlNXM7ehhmp4niyLT8NAaz2zStRn0KpyxGD892WY7Z9HgJm0+dhF9PObna0TGWeal8ee6r9HoUGxGy4y3KE9cKqGdc/JfPG24Sc3g+1CRjn25rLzFP6CeKbvTtqu0rvnHqFi659xVSVSBEHSv0B6Wl4LM/Thgm94wqDfkfXvu/vWo+pXwKJPzRlEpYYhZUZPCEtX6DMM+REmhkW0qYUaXlyrzsjyksSqznvlh/gwH1MQxAWqPUsWC6RGiXr0WEbFUhb/TJBjlw3YpJadRtUc6FOnloPzbCm9w8zrCCd2gCuv3s70DsRuRfibxiYA9xiaVyXSrNeA8zpFaKiVn70t2osUOgyv3OjPvjcA926YXHHJ5YH2Y7/GDLcOfm5L1YrVarb4rimzx/uc79dIWABbGnNN+MSNMCAu2qD+DDHS0AvZjP3xXFO6X2hOWYGXpPHoDsSuTQbl+0bi+8E5iBXnEAlNuuvXZ3LEzMogL56NSXN2/NE19iokEq18f4xbdvzP+/ebkdUMBrfMgG8rX13H6Bk9kJqgW/+9t2QEQUpeDDwM0DUJ3VJOvyDnTi5RATs5mRQxbpjzVSWbEdllJVk7jMu60mrtRLzcDNGOaTzD1I4iH4CbDUE8C6b+MPK4iSWgtrzKO1AGuzZbAAZs+WxNMpJZuBBL0ihxwspmlhjcmWcAsH+uc//jc6ZUwszYNSonPgdKs8rGSoTtNuhr3A5VFJPKG2/XQL1wsFRPBcbTnx02VmNveYGAqXIdoCqDk2N+Z2vzx3eY7WIuTbBfmX905raQO3494dQ5LjIw91+YOG/rMh58x+WnjGNHU9J2BWf8sho4PKOgfAueTa9Vs9ra3WjJKVWbN9loqWKnMUou6ny+vbA4F5UHGl87WDZAV0Dco/B3YChctySpkGmYJnp+tycOhHO0rNwn341youl3UwfwGA4y14G+J26dHmWVzxtT8O2fcRHITjhqp7fzG3XRhj1Qi3otNA5lwwMYuoQNw1NJuo+n2gjeRsRFpEqoweKtjCVTVQTRylkEitOJlLwelnyB+FvaY4eTbczKjKCBNVxBdPj4tnHerhO4pnY53hD71HDUn7iKCciMIWo3Sy6pV9TrxC10JqdLoZn6h0eoCi0jMxBvBPW3RrSTIaVkEGf94C6ue617L30Vxer+tD7arpS5IVuO9WOoBRfUxXp2d7gbKF0uQqC3Q1P+jhmjcmWj9CV49cc3InZTJXOvpitp2Je6yogfREzOsh34mDdc/+iHqlp9g2KO2660oxSFo7QCfrnwXnJZ+iu7Nra5P/eH69+5omgtZes73xUVKUkV8Hl2dX143xxv1jZyRxt70dnPi9vzsSBVxn5f0gFX1fM8XdoN+8TXS342xGIoEAXUB+DDT1WDvwxjbKTwSnbsK/A2sWRwCyG1dcAb2I+sGdIchsvs1QQwjpMbviiyuLhjCtINoXYMQ7uYVs5FY+BGQyLg5k+uNRKkk+Cw5pnBl+lc0Ateb8/vTDToDigfngM8VbYLZewulY0l6yNl9+3cYXjyo+X/qItsCgMsvpoKnDIZy5tleKrzhABT9B10I5T5Pzy7/75z/+Q8jZP//xn6/QP//xHxJKtqr/8c9//OdmwERw3vUJHYz4wvl0eaMRU4WYmJmHtS0U2+lEOwoqqhnTezSbWE3f1JlzINtNDovocM6akdE6JavASoPcGRXNy/RG8oM8Li2EcQ2XLYzWA0JP4GTwx4OgN6azuA7+xiDXaguzZfxC9TWvKAAKUKpTPz18DhlWyiWSRLWAr3GMjBBWUisGWXzf8LWnaJ81zSbaDKVkWE+F7Oc9HoLCU2yqobhterJlgaLbkw0H1objmv4WGK6Y6lMzw15jMc/r6d21vcxAbz2wUGZVFXPsCx8yij5+3Da2K5wT2Td0dx2iGxZWVnN8Prbclsb2zGySTMwot+mdcVfK0kUduuMnJK7iboZ3QVkduuHhH4BU1g82qIl4OIaadrfeYhAHXqTRS64wW2IJSBHsGpZE00emUhSZ67+BA1WBDoyN4jnIbu+GLQJHpMJyA0aQgJF7j8ATLit1iPC1Y/fJBsc23wzkgR+ggQ8ohh8lVMaMTLPkdogCmOpQWc0DBv7x7tpWSbUV99wZcViWWKFcLDkTON/2XjSomvdxPGznNUkj4A1Qa7OagnyHPpYGl43U8xi3IKQM4m6TW/q519BgjrXtoYJtNaHuBhkFFVcSX2M974DyeIww3BFQXJH8Y92BA2GlBKHWLli3rN8lGHaqSyKKAvOIup3ZSp6oz6KYA29t+6mo+Jb9FPUMHnz+XF3puCvnq7kfhOtThSXmut9d8PAtblau3qyd/b4ecZvrR5IsBdv8be5I7yDQc6WT4Lhxrp5HIJGAVUzpfWPpoeV85VOriJC52z6gbTaZbX1a4uJ1gRklVGwTT+EyxwdB7BIM75QSF4HuLYftkhIX6HQHK6NRRmI+a3v0tpzaLPae+EtDur/dwqy3YfqR/ei3Lva/QzQ4uliAlDSHTIv7QX+7Q0KTPF3UpRvEQMQzMsQ3DPE1eD7HPIsNVwLEw68gowy6gxnzhNytybacA6e/2FflFgtYZbXSzLbJifvM9/quUzS3PvTbOOJeK20c26+UudZl3aV29BA/PrihDoL56e7uGg264IY5YnNAjpwAsqPxOFGqXlM/z7Zt9RCXMFFUA5pixrbFFHolL8V2rh9tu25oeCBgiUV8cr+nSjdhhLaOohmGVbmL3l7CpDXstqUUXEc37dUL6eIc7QA7yue4Z76RzDskKRBNF1Sv4gL4FSZNEokfwL22C6zJ3OiRPEcEu6IIc6i/K22r6i0r193lsZ9Q7V2+gyF/jt8Mi3keour8dPoG1TVC661ENRRoAraWHsds9XnbU6kA66qM6oq9cjS3+nWMahJz3I7nf6dpR5/zFknnmjynsaje7mJRtQchrlnKWoG2+wVypYMdsg45gi2H0XmX9vjk4xoK7eRvtxqUW+ps1JPW1Wc3Y/DaQVTJ3SE4zvP4Zsft8tY3vM5KCVP6EFXImMsaXXfphmU+1ZAgLe3WKHlnfbIbuaCqaXwuPGh026UbPvnUblAsY7sEzxvCNqBwu/YS09rhAvF2MfPEdUl/3OqIrtfcKlDxl/yqQ3ZkxdO5i7ascqXnGWGDgnCHucArPUdnXaLjoxdA5phTFVHVswCGdEeVKsepuIftLEw3iMF1xOSgl0JGzGUOkw0iYIJgNsMaljii4H0fojo+fnQGvA9R3bIL4j5bz8J0gxgEy0OF3g97rg5pBsfmsIw+9ochzeDYtIweunE5IBledSujsroObvwQEicEm0K7u0WQeFRjfX8Oh2Mo7+IDw8ssx7pf7v4QFxNeog7F4LhXUT0cV1tdG76tYtzqaX2S4ZE1llrTkSV+fMm92wG9DddNrHysG0sNtaoNBwc1sJTGg8ap+851SC847O1KvRez7Pbi5peLm+zD6dVFxFW2tJGjjTq0g1gmmNxXZVZE3d9/skRRsX2bhxprHjL7Lr2RoyUXMZX52y694JiBJvUHjPhTm9rIaXI+l9Fz/Hifzk2I5IjeEmjRfMB0e/SCY9pm72rYcO2ggUNEg6PDg5YRr6QuueCI1z9d317c3rbsRQePOiQ5fj9ksS8ItH1budjseOO6x/8uN1Me1d53c3G+1c43kZiTeWRN60+W6A5mlqo03Mwj3cVDamGNO2eQkbIKjjllYtDnbMuwhh76l3/ZsplXSkMRc1hHcQt/FcgnGDNilEqHWng8TiPeeB1qYVVOaMyyAooxK+1+ufK2SsNVl2pw/KmEiC6JDrXwfCXmqqBaQ25bnUZ8ILZIox7tEQHpilbExlHTfRSI+wmNVrukAdAlum09YkJor8XjUORSlClQdOluXIuYEJq12GF8IhijajQYZZ94pgHB8B0Wv57ckGRw5DPBp3S2qd7xHvdKmGhwfHQDpZAj236PoYcEg8M2edKxxh0SDI57ByM2gz2G7NAa1RciytUuubBeNGxDeMCAHWrB8WKWWsZbuOlMmSqzRSviTtSTblnud5i7+sRoPAh3NpLflfe5/cv7S0RwNZtrNHFB/r+e/rgZzUNMU3MbzF9vbx+LBfQcZOzgyzk4uhw0mkobHmoG+D8BAAD//4kNiE8=" + return "eJzsvW1zI7mRJ/7enwL/2Yj/dDt61NM949lzn9cXsqTx6LbVI0vqGceFIypAVJKEhQKqARQp9it/h3u7++X8SS7wUMV6QJEUCVDqvduNcEyLZOKHBJDITOTDN+geVu+QEuVcqN8gpKlm8A595f7w1W8QykERSUtNBX+H/vgbhJD/NroSecXgNwhNKbBcvbOfmf/7BnFcwDvEQS+FvD+hXIOcYgIn5u/N1xASC5BLSTW8Q1pW7U/0qoR3BttSyLz19wCa+v8+4AKQmCI9h3pk1IyMlnOQYD/TEk+nlKA5VmgCwJGYKJALyE8GE5AKPwLtTIqqbP21z5Y1XQuLY9bBP05+bIDQEOtBCjXr/H3zCOMsH7D9bk6V+R6iClUKcqQFIrjUlWewxEtUgFJ4Zv6NNSKiAGUmLcznPdIIvRczdA5E5CDDE3G0aB/UvtOp6cICuM7M1CIT9oATc9+zXFmeE8E1cK3MAaBcacx1DUMFMWpa7AMwx7r/wRAddZjMEAhrtJxTMkcYKVCKCo7mVCuE0QfQv1LNQal69U8GW6OZrJqLiuWIwwIkmkCz70osFaAr0NhAw2gqRdEa6sV7MVOvrzG5B61eDsifUwlEs9UrpD1ujG7ASQO3w3kL5kmQkQwWwPbgJBO8fz47nDyHUgLB2iPJYUo55EhwZmFpPGGAClyGURVqlkU7MBvW+Mqf88vzN2iBWeVPPM2BazqlfnfCAyYaMTFz6yUHC2FnRw15v1vs98xylFhqSiqGpf29X9iT0Z0xIL3XTgntjAHl8Z0yuiSL467J2/+3JpvXxIyaZkEOO75i8vfMTqS/LM8G3QLvI/SSQ5OgRCVJorv3cLalOv+HIVMaayiA6+cIDlc51RlhuHeGnwk84FquniOwudGpniMwyvcDllZjqiXH891pOeB9pEdatk0B8pg21IheE7IzW1+s7X6DZqCHDJSEw6yInh4yoL7FihjnYs85ciQu8pbbJMg+x67BNCOxDwU4+Gj2kWOo1RWnnypYq9Gymb//06pr1J4JTszlgLV47pbtiLhZ0LTisM3dMzMMnVKC2+f5vZihiwVwjW6tcEYVz0EaE0SCF1SDqU/pA+RIgTZEOj/ujqHGDZZ6EQa0DzZYmkUYkH7Uogw9gfH9S/ttzMG8HsGTx/FgLlQifbW9L38SSrdFJOvvSAU8p3xWf6hC26blQ/py+Ev32WCDH40y9vJ68T3CeS6NrBw77n3mDmavxZfK3MUPqdn7w/+97DXcSi8b+nLBOdLa3rIcYTSjC+CNk+zLVQQMi/bzX6S1QPLnqPx9GS8aow4NUa4yCZ8SrHX78dAusJ33ZGW5fOGGRtf2IL3y3myN0d2qBETwUIJMAAHVc5Do4yXXb35AQqIfmcD6u7dogpXdRfUD2ZTOKmlVvy3z3kfd/YLnbZ9B0xmfEfwL5tczkcrNtsk6rkf+4h0MQi6xzJMpdS2J1pp2m5OX17909D2MJDDcX1KE1EppKPwl6mEbanNwO1U55pl/C0lnlGNW/6arrWzhQyr9a0NgxOX1Lz8EWODhDzhxOAsaREMux7h91ht1qDjue/vMAecgj/J2/ZMdCl2eH/JK6vC2H0stmf3eSp+1k42RLLmfDdeK1uVa0bIHxZguZ4IxIFrIL1EAG+49QcyN2XNUIeJYB7lB2lFU34u+2oI2MPoZWnwFmTwXVbUQyga7FYKjyWqwaAhJ+FSB0oagokXJVn6dzJeNoEeAyRwpmgN68S3Sc1mht7/73Uu0xAopAN6MsoETz0J53YETqhRcQTpWkC9mVxBRcd34FKpi4oSeOcoqSAG9wBOxgBYzKA9GVtbiTWkJuBg9P+SL2TZPzCrIadXX02Iw6quQ5tg4FugUUf236u23b36vnEh/XVoBWoP+22A2fzP24Hu8AoneogtOcKkq5l5WjEn5KLkeon7g40cgtjI0yndv0b+Z6b5C332H/g0RIY2+bGfhB32F/n+m/7v5IlWoy5SvgkvIRQ7P1tblS8gIZmyCyX1aDdiB40LbY4O1sysME4HnpaBcW9NEQzjA2W6ODKQUieLT1vqgKoFQzCxii1RpIY1mzVdO6zAfLDCjudsYIVAITUXFc3PDMLDgKZ955Whr8GL3RAwox3gL9Mdhw7PRyCqsmMD5c7nnPByk6GdABWhJScDq8KZw+8vWFnbXfS2EzbWP9VqjFdN62U7QT2JplmZoc1KOhDTGmBboHqDcwrRnceN9IUyTgoBS2YLmWZ7q1fWiljwz4CCxtoc8Nxxs2YULKnWFmTHaO753HnBx0IIas9u+lVtmuFn4o355jqSR1so6VCzTsJyBbr62lRNKJgp6enJOuEi4zZyQSZ6ChoL/8rz2vd5AITSgW7/fiQR70U5WY4LS/F/9EPMFPLz4kTJVMpoysuFZm/OKDtT+Z6GbGZmbcL/bU2fuAL/X611XWy3+Cvmv8cLoxMuUsid4ozejGuPo+uz02uu+BHPDHlqUQvY1XmSvyC8uDKJ6Hu6Pj+6qsoa4Nd1DrtSuKV+tf7I22J2eYy3zE/T2dz+gpeV7AZgjzFjYV2Cd+lZNWvuP0BIkOLJYIwZYaSR4L12ky8QnVxO/bCYGzmqKZ1vPu1+FzC3jbFQTkDkXTMxW/Ye4KZUDLRah3yEyxxIT7ZhoDvXK4rdOc44q7mN6WMdnPppRGzuh2z3Up3xE2PB2aS2KwiiZgtfPCBIvR2Walaw9tRITq7G6NwrufQ6CkErWFJXGPMcyR1zIAjP6ORTfK2QR5E/uoxz2ZpGoJoMr6VFMWqNuwLxmdAp2xgEDXwERPB9RsNfLnSmd0s+yYUKUE1GUDHRwA4w6UbFV4LWkPTHYyjeT+ok28q0ZO7idx7Zyd2eObr9CcD2PtEzr/NRYMS/rKKf8iRh/wfMUbDckPwueutrCBrFoRq9VTBdee9fn8EBEJTvRp0jDg/aHDy1AqlY6Rb4pDiywvoduthXgWNNcp+kRIXPI092DPsjGX1OqGbHWMepIm+aL7ff14W0lRXFiqVY2KV8R4FhS4dT6omKafqMpSITLktXZL+tiNQXmeBZKzUWI2eed2l50oBxWhaj+WiGx5O5lTOOi7HsGPWIzmoE4PH1aITKnxroROagTdFUpbc2kNlFzKrEeicvFGvZcpI0CbDo1uBdwDE3ILnI9oOOdhClI4MRtCGxU65wuaG40G7sfwoLsthZkdz3mhSf5UFJ5tBmu19O9BT2YnUg1W7nJKiP0jL5mQNkNutk3GnHRR104r4w0buTZyWDIJpxMVLElUDFQ5A6l2PA/9lGxGuSnCqqjbSWzu90uWsvHJVbIgshH9o0F9yY2UyMqBR2GJpBps0InuH1nRQqsZZYAapml0J7LmKKoS/RtdKoJdKXWLfI0JmTPfAzeMYPr8lF3zr5ic5tc2+exYH1B9KohxHYEYTJQ4mMo1qpiqZ+dRqwoUWkiCnjtMDTGi43KFtPBDsHcs6BjQI5sEFiApDpl6siGidWj+yTA1svOJpdP2uTFQe1Ad0s3mS6Gmn13KoHQKV0bPmHt1j3mjNVU8bpy+mimwAI0LkaarxMmahdV7h9Zgri92XysRfila6W3LUEh0c+3PjSWqjogoO9Xs+PXKzSWJalKoWhEwbHT3rLmNM9dhSkbyl+f3dEqPBXTWbrSRY8URbwqQFLyWFkUnNsRstg2TKydydacDCeW3PkeTG0BPBfSB8xunJmY/P0JqtfUT7ti8ncgYTvaAEufCz5gt5Ggm4E5SZ+yVt1XwwPps/69mPFerjluYou50Aijua94EQ6gZWKW1YEqTyLU6434aKF+jJopHdn3ZxtuZctSW/ERVvwFo2SV+vRskAvXFoCvns3ZakQuVyxl3HSYgTcVAwssLE4F1/CQWmNtAF1y569b10PFea7M/9hLFbMaUKgAzJbLmcwxn0HGYZlaFow9XMKy9dRvlRCtJZ1UGloSYhijrxx0o623r7+w6FAljibsGs4xmqxs5SamWUOwH1/kwLT1t4BxazPADMPqgoNqHfMlFyBP0C24RakUyBM8A1vK20e6T4WsMQxo12Sc3k7s75H7fatuhZBoIsXSfFb/1euazuwarSd9mV9jqWO76RrCsT0q/kyJQXbosc6UYHmjNqY6UqIE/6CY6i4+5QgzkLqJLpLrQf3f3POWFx+tIgA2CCmgMOeIC/6NhBKsJbMp+sGaDce8ckglpTkwjb1iV9Lqca+pe2Grn38GM1tSPffKspP16NwOOLHZJhwJ/s1MmP/ecBNYJSULKI4J541bj4GvLQADUkyRkQ6agjpBt2uZ0m9s0M6sSoP4zKXzVcoYMS5l1AXb5F78esZjRFildL0h/T8Gy2R/QpVZSZ8T7f0bRvG1n46rQEfXftwJC1v0rixTOqXs622Gl0F5blEgrJQg1PpLzWoE7Um7YO/pPbxDGJXzlaIEM5RTdf8KldL2RHmFQJOvw4oylnif3MtHXvQuz0biAjRIhUqsbBUvZQs5uFoERBSFkWKi82g/TK0BTTaqe+4+eCqNr7WGCS4mJ76JKMpqeAYTLBtGS8pzsfTxtERwAqV+1URSjDJjMM1pxdgKfaowc87PXBSYci81eGsgJkaurrbXM5a6tGHqRiV8T/k95D4XqA5Ex8p6p7yBYj75qoF2QvNNC8cGVSGSirp26ybnlugDqOH9fPtUuH4uvecV3Q7L9TSPziAL2m/slNrF6se0aN3+36xpfxdZ055Slv6MN1P+0Y7WHGMJeUUA1S9HEHa3KZAUsyxwmya7RG7tkLXa3L8fWxeguWFG/QJA7tVeJQdieIz96Oaim2M1b06oUQsDWYYVmbvI3zrHpkkzPKsp9UqEmYk0w5woScyvmn8PM02RkeccURtzV3HCAEvzJ1sIbw3NJxB6b6esEzu3vz444VcN6zw96xuLiGJCeVM3u31h+bRR+Yjba0FlpY7t6WtrIxbAuMfvOA+kgSNx5kZ3NRnHPaXOgkvuGm/Y57zMl+fog5M0L3zhBuS67fmkX4PtZVivdg7op/Dlt9zPl+eWpT7lrRETQ+9B90XOhQG6KZy4TWRkwZKqsJG6UKuUtey7r7o+QdupCxv92NwZ30fcNYb1Z83A6PJ8qyYbyz+3RZM1wN7yfK3RnqAzl5/p650y98FmbdYClN1vvPnKu+MmlW4yN4VuLqOKM1COM8JdKEuBFlhSPGGDLEBXlIFyVDI8IggUcJW0PkpnQduqqhv5xEgqo2HU+YXUrPPt68vrvg6NfMlY51EYy8ves6HgzrmQ65cWBxJdco1u6YxjKyxGtmgpZMritV8P5JfZpNe17iZsVUf7nwZI6yzbXZaLwMb58PMdopywKgcjznynWvPzE/Ti4gEXJYN36No5RBxZK71Pwn4R+zJ39LdN65xaXy1hZFTdG5V7D1yPSMVruTE/+Kvhhqr7DU+uWtLZDGS6FnZhlv3SfgvwGKx2Opeg5oLlZvc4W32k02jn6f0InoXh27uXyi9unI7xsinGcXkeTiPZ+XWeiKLMjhx3ZVfFx17ZNq7Ov6eqyTcGjuA2P3Vq282IvCJjVppXS58oaqyNvJGWQtrKA0au1/hGusRhmS+xfJoIvWFVfSNdsb+IzCRGSiO/MEIUoytM6nrKYeXWiKCj2jGCf1MrqHKzFHK2ZvSm1hKwih4brDTWVSzFufFHYcqezOwwg0/EA6L56/H7y9ys1TEQGkQfB4WP3VkwKMJHt77HEnffG2zy82HfvX2uM8pFFeuNs5VHombRz5SRpDGdDgOP7PeRCaeuzNjZEqeMGbmHVEUIKDWtGLow4yMiclBmS9TFfsOWBeU5PERmAKNK76d5Hihb7MDWFJM1iAlI+75ZYEmZjeAJePDc+zufIWyZ+I35bXBmPME+FBNXXOiJNGI/OnrRxHOWIFXpk26dhBmwzKsI64D4usLTy5EkQ+fmGt7HqQNKnPLVBHl5X5X7tvkQU65QDhpTFnAyTESlW78bmZpgR4/NrD22uIljszjGL1INRcmSRfOcohym2D8B+cqX9Ru+j9Y0WvECJMMrm8ilhb9c0YvAiTQfWKvb/xqmdRa489UrTXVlCzOi4MTWtsGwYNOhxzXqK1bLv0NwbKQJZBURRWHOU5ptdOaoI9oK9i2lWNDc+c/qKnIFqNFAqFyQ/R8aH+8t+5GytdZI2nF5YdXgobRBT08j6+vR08r6v4vJnn6nvaf3P8XEP8CET1dJ0xXOPbcBxW7lb68v0eVAoWrDSFa11meXbEYQMbGryYadRTWkH+MP87HVYeXeiYhsIvLUGV+DjLu+0uGxIINlRD2ax6+W4J4MjpB53nIB+9RhF0DbvIfQGc2bp5wRJ14R22ocpIFHuPnjKXnNvMsq5TVVd/e+/uiq59QPUTZY4wFI1fYiuNCvCYTSW+sqTJsCN47gCAl6xfOuQ6TJrsQLTBkePmSgxhWObH7lFKQc6bTgztA+vv54727eWCl8ASj3ADuYkg83UHR2MiIRaZFNqjxfRffP0CKLmgfUolsp2K/Q+UYvVXyKkoqIVQ56KXaZqo6RkEBVO3rV1VzFVU51k1m3rovmEYUa260zNpwoWT8vbJ6kixKLzcHF0azys18u0AufK/FLxYyuPKHMJnDYOLCLh1Io882X6Juho4H3X2HuuVjyjiGkgFS2mMWiS32k0ybBR3DB9cNCz+os9w8+Nek9zDBZoY+j5hqjE4mfIinfD9xhMeWowJRPJS5gYzhGiaXt2pu+TkJHuby2w6IPInfB0euygK2oswAotEX7sqEChhGpLKRu3bgPsEQ/VdyaklciB4ZeUL44+e0rRAV5hSbmf8D8D+aYrRRVJ78Nvy9qUmZThged82PrUF0N/+wa2UGtr8vKyVXd/EpMNxZq0CIpUvfXicdZl0FQIM1GDgJaFHHlbg/ZL1e/YgnozgUA//a3v1z9enpz8dvfupjbBZaYju7JpZD3MVOWtx6wX+sB2y9so04wzGMrET5nJ26VkuY6wMRcF6sEJsxUSOCKkpgCpOVKSoC4iO8FCbwPxCKaLTEdNic+2Dtga5/HJmqOT+wUdVVNEh0KPcmVlrEz322+djKHWPsujXaP1jkf6Zyk+ya7rBuDDVQan2yyznvx+S6GxJSOOprqqSZzxO471WA1osA0++k9YaG8dz3BxzsuDHiv/98MR12rzK7z35Nssbzlo/dANoJ8ks1Rv+NuwifEEYK2Oivbsktf6CaivY6ys3UyX1q322Dnbn+ZrktW02O8h9mkrymmzPC6LuZy7WXG5Xk7t81W4jLmoIZZoITBeFRhHXOdGRVxj/nsE3htw6199tGZKIqK9z1RA3R8v8JNh6L7AA/6zxDWqRtsaj/N+lBst5jnfxLhV7M1No013UcyHIxuOHAHnKpUSQkV0aJEj2XBW/RLLPnw0eG5Q1e8KDORShjffri6Rj87P+o6KDUM5NNRQwlu//IefapAjtRurRjPJPQrdaYNbmg5RFfopk46C4Z1NVo6iXiRtomK2G0EDNFyL8fRNqo68Dh2MN08foMGzLAsEqyWIZvAvYDLiAnIDdEqj9aVtkMzbrWrDukc675WeCjdCXAyL7CMlVbS0F2VeNC++ODXJ0wG4VRRaGbz6HuBwDRuAlVDeDqzpZYSkBWTvyegWuLonTBcxano28s+umc09oXjK7cVYFTP6KB5holtjBI//cTQVjyi8d4iPJmVi+/5g55Hv98Jz4iWWa6i1l1vUTeU93t52oHwguHoEoNnwGeUR0yKHJJOERvNs2mmllST6PKDZ1MmlgoX8WNX2rS5XqSjnuDVhfCM8pTihPISZDFZRQt4H9AuyX0a4gvMUuwVWmalFFpk8Z+kLPXF95n1OManzZKdTSZmWZ6C2YZw/Pg3wrMCP2Rax3IbdAmbHc0gwaVQUJ4INOXpQJdMZWzCstjPoh3a3yYkHr0yeIt27FqIbdqxs3rbtH+XkPYPCWn/a0La/y0h7d+noa1FyfAEUoiUhnp884xnRcWs8j1ZJbgna+LlfQK9pKgYnRVlGu3baJmYzWIHIXnKNIVSouATie8b4ZlyAYkJVlBJksaaNITTWJNqpaoyQS9Swpu06iSmqhbamB7wkECEaKGNYZaKtjVrkhCvOH3gmAsFJMEmXPxguJLoUlj8IEo9B5wncKuJoswIS+DDNoQTPJJYunKy0vHdooaySkK5rLIEbxpEUk0JZgkSiFSGZ8DJKmLUVZs2x2z1GfJJCtyLzJYBTULZlYNJg9oF1iahPpmVix/S+KBVNqH690kKjRGVxe0V1yMsRXRRrZIcc0sViIyf5aacjz9ar60WYdBz5+eP7xxxxK3al4S4qyYfr4Jci/aUMkhhw6hsmmIR6TRmcnaXcArdQGW0tEGKWRJRR8vF97nS5aCYfyTaSpIktBmdQgozRllHcwE5jZYw2qVNeZpdUoi8YqCISMFtT5zOEsgmUaol1lF7/reohyLIoxCWMKNKSxzfE7KmnUDjk1CmYrVMxmtlK5HLRPLVRea7LZ6AupaAiwSKpEsFSgU7nXK9nAuqMtdhNj71FZY4yQbPRxJhY1BeuP72selSpTGP3uc4V3pSyVjNAmuq4HoFpaBaRccaX4+uc5Jjk7WdG6bxm13vW2lgE80ZzvPYZ4DmsZ9V69JBCe4iWmREClEkqUpkCCcw02iRpQmO9BWPUrC5vI9enqlU8UuW0lKVkkYmyrCmuooefcYoh3gldtZUVdSOOg1dm3wb363FhKt6mk2ZiH6dN8QThPwbmze61DFEE0gcY0MngBo9NoGJWZKty2dJDnApZGwBVkyqWYpjVlBFUoiFQiXZsCn6QHDQtrhSdLrRZbgrAB074s9RjR2Ox5fL2BZIkowy4RpAR7dERXzNSEg6ywL9uA6mu+Qg499ZZeaa8kYnG7Uz9Zqsa/GaZJMlSNz0PXFiCwNPNrY0KDPnSIoOFytlPszIPFae/4A0PJQ0+kNACbKYScz1oOZuDMrLJITjX72uEtnHj70uoBEISzHLsCojNgxok5Y4NlUJmKXQ7yQQywdXdTQR8fhMNpTjlnBtURYyT4A4viNTJfANK+cbThAPoCB2IIBreJzAOFHwKf4GCBVojUY1gSml6CyB4FVlbC+bkiTFOZAkj65IK0lCVXEjENbxWmy1aVYqelXNBeGxEyWC3WIPJeqKdMaevp7p+NvKEY3/otf09IxNd1VGr9Za5ZMkceiVZAnuwkqBzHIaO+s9SduK+mUoBRs0URoXsb3Bi4xypfE0gWawoFKnUMMXJU9QukkLWfGYbtZQWbRARdHTSgt0U3E0GLqJHknYLO8XzGiOziTkVKMzLHNfzVDZ8u9hOK5zVkIujXUItWRsE31k6xsQwVAoVaeJh6A8HecuipKJFQwaC27l31RU0Yp677jHDA+dz8j2O5MwgwdU4H6hhfVbLJ9V/WYgyUEyqmxzhnp0v/S2gBJSVVkKqdGw8ChCyznWiGpUSpiObYUDwnIf04QixHhvdTQQEOW+svtIXWhGeeqO/C2oZrQ2ToW0mIGegzxZf1/NRTW40RDisADZtCPSApVYKkBXoLHtCO7OKm5Y8OK9mKnX1y7t9SU69y2+XiE9D3QpssWAb8C3PrawOfoA+leqOajwOg83dRLmTW3L7uYU2cHdZBVgSeYnlNMgPttz9wj1tXvi0/bCsMEQrxmuuO31O6tsH9e6iHu4gHuvXvuGOaUvx93MqSnC7fsXjxj7ZiGyiDlNu1VetcOiO3jQ9lSMuQuO0Y16RCCtG9d9sB2qORvpeGmr5yZsB27r5yrQSMKnCpTeULR7/2jlx9fKdyqDbcvjRnUSu++RauJOu+6UTZgcIvs21vm7rdCu3gVnHrP3//b+hmawy/NaKNixw3vDWg3xgngfuYXN5TLBCpAL127QoMGpalbJ/+Jp8PKmFXyDXEhXvj7IRoSwQgrAtjvDm/tVScwVJkdo7zuoMO2G5lbtXW8aUknbAW0T6BJkQZ26cSzQ6yFdYw66oAxmgBgsgCGsFJ1xt3Drfv3hrW9LMj+h/Lbjb9jpkyfp9GyQVZx+qqDfJhGHD18L734VE/frglJrNDR3B5IIzsHGVqAl1fMxQYFQIDOk0dgl7JVe9GjTwrDTypPmimJiRglmyCAYMX0siqdFZ4caadP4dLwr5ysVhtcKZ1uKXlRr7AseM4pVNhfJbQJnxDXmmu2lsm5qZKRiuwVPuB4AcofGoLV3mm/EQhhgeXLKlDCGeOe8ndvHcvST/8UJOuWr5l8D6tra8oprhPMTIoqy0iDDYjiJG99MLJ159lV/LWyPxc6CUP236u23b35vbN/z1nLUHPsqCNvv0yzui9mujhu8Aon+tfHJqdcehgUXPvWx83/S73m+xtzZ9RvXY8/g5W2y7et+wxQzzgn68PPdhZk7SHDOE+svzakiEkrMycpolV49Y/1YEGQ59ArdXb1Dl1x/9/YVuvxwfvHXd+jjJdc/fI9eLOcrxIHqOUhE5kL5VmlCSiDafuvND//j/3v5dZAjoOcJZVyfH1amnhQ43I5HJd59jzzmt24vXtagwkc8f16g27JpC/I9C8btfMGH8PYU07V18guVusIMvT/9EAT7WXBI58vab2f8L8HhJMxbA/eLEaF2ItuFp12C53gHb1iHGdawxE/QIt3u7mt0mufS+mndLg/Baa5eUpT7vnMe+hZyeXZ17W6l0eexAqsjvn50nEpOU/V3N7q8NlBGvF+Gh3t2gojCQzP2OA9rTSxz3bWOKyBacHGeU/NlzNYPtq1e/uF77ogbwJiE9oALf8LPu1tgAGUda51Er9v1SsPog0d4LaRuRPJA6Ob2gc0uANWr7ZJXHZn3bj6Uz+rLpJ7W1RjjOYTsxmN5cT06a/lipQShRuV0fqOBjoOMXJaYz+CkMZ2I4FM6qyTkaLKyNIHnNmooLGfKPUsPDJJGR7Tl4KDTBPUOWETdv53CFd0BIKEQGjIf2R0/zig+a3OuMpy5UPwEpEst0xCfJtgS0wTZwizFcUhV/6RMwFScZ7UnLp1a3rfgzTxO+qO1nQlPoMFe6DlIDhrdrUp4hT7W19h76wD7Dl3XDrDBTfDzmKZWt+o5gjIxYhrXoL1f/BXCjAWViXL9RRvghqUNzFuANHcg5Vogpe1lTjn6eDkqUIgNkE0mr6KLbENUlAnavhnCElTsiF5DNkGKi7sRY4eiW397ArSutULGgM+id4q0mI3ykVALHdFAncqDWesBhiNiwwmmCKMfhVximQ/7dCN0OrPBXhJhc+IfbCzdBPQSgIdVz8hVEx/7xi00Zu2nOgcG2ZLxNjJiMEPKfZyrDUsoqDZiybfYCE9xwTA/xjv+Dg7KOkCk5aIcTLDrsly/pCyMBTuzBmz35on9UgnEViFYxKsHt9uLPZaakophiWy9aFSDeHHx8O69mInpNNz9HUim55B8eTtg78yA7jS2cF8Y3AbuaaXnwLUPFh+FraqYlRN2C+hxQ45D/6hAjgIWlSbiuJz2Q44Dvq0IAaVGMNvK4/sVR9sv8MTiQkbFnQm5QoHEhAG2YwinDkboYTRSyT7wqVJwc68YuRVSDpsfooGi1J3VIl49upF7EyNXtdTmDDAKeTMf74fp6cOUI0V1FZCfyCYXgBfRnuocK4RzUZrbRc+BSiSWfL1kjnEaPwguipG4WtuTQ1FXov64SoRR7inPjfwRUjUMwOhHygCdemAnAzbs4uzlzcTcmRwNGG/m/yThCqMsuPVRC3G5EJpjgBEx890PYISL17v1+RqxOTEeEDoRKbMHApOfwBwvqKisdklEUUpR0JEIRTg2uAuOJ8wmkU3R2WZslC8asZMQZB9hR+tEQQAdhFGby+wBMDB+gy/16rZu2fV5G9126zTLiut+OltsjT63aeAZ2ces30kLsvfxDDhISuopWYbYQL9+aAHVc3vVhnq7IQ/2hLw5UVqOP37Wc9qn7NaTzent5jl59cKNlXBeQdO0McI1LUAZue60PQkljD4i+VWIVhRi60LYwoMHLoPccWvtU7v7ybbWd7vN6U2mojU53Xlq3mG8bYaDudkZrwXCDsLgy53d262zk0ddO3fQosxNbl+5aLVUjyNAtsjxRoB8udvxu+1LFqu1wXGWbDf5KI8qQWKesR3kx1G3Y8y5DTZjo9TbFLSenzp65k6l51kBei6e4JUEdzzJyMHwXxtdcFtLSYqkXqcNrzo3gnl/rQGyYV8m8oT89eR3336LXrw/P71+ic6p0pTPKqrmkNtU+CAWJmYieV2gTS9hNlp26nD4ZbZfHIkYkyKxV3FT/qdZ1RCC5sRYj3y0ps+POS7Ehv03eb8tx5/FFHozxTxUJn0dKYZZrOp0vYnc4JxWyo2AhESKFpRh6cSTEZvmDBF7r4fTq+w5VzQ/ZqWRdqT8R7MRai9iry7m+pCny7M45ZvOun3W8JmGLf+vdxLZTwZ7wTtuoJWWkYddmUKmDAwYPNlYVgs5w5x+3hBVzdNthV2ZvQen23tqhN1TKoO5pImq/vxohrO3hSvx5WoXdaKafwLM9JxgCaiUkIuCchxMuGuJp2usKXCttobHM3zM2b7HTzpZV/oRykQb1xydr43gKrHUthjSeqqbxeoRix15YbOLRJ1CDhJryLNoQWUb9ocRPj/WIzaPZ9dSLGjeFA/z38NlybymOtgYvviPuda6Om1YwVlPkuZHmmUzpK/1p1cj0ww2D7WRkwvqXs/nfcV9pARco3TGbAr+WM0THqzO1PpRKxN6Fpio01GtxooVUlpIJ/ENtQI0tqN9bb91Yr71dXj2Bc1zBseTcld2vF3lXGB5W3JvLzlXt8c4znSv/WitCkN8Vb/OvkIlw2bJzP0sJAJO5Koc8/LbUMgj2JM7RNDJxrb8SSiNrjCZUz5i0uU4keT4qs/rj9xG+pcSjPgw+pErcqZO0Pscl+gX+w+nH+WCu7zTvw0vTzTHCzCaEwMs0acK5ArZGoSqFFxBrVGFk1PNfDP7m+PIS18DjxjKktZVILmbvqvLN46zntIRoK430I0vjrorUtvlKa3DrL/H69LSnSJGxjb0Fy9VSFacB+1Y9aq5edzLsysjNZJj5ylm3sJMvxAYLSnPxVIhVQKhU0rMJ69CeYI+TnZ4QMz0HN51zA16YSvCAifra8g+Xb5scQtV3N7j72GGyQp9VN3Ct80LbNFPpI0eXWtGOILBPnLbt00tC8XmqtlNZm7EAcebOgCB7P9OpqlN5xmyrzvt9Ar1WHVep14HZmxnGNxo/jd7TPY4cb1jU/URvt71Xsu6Czv18Sqgw9kcx2HXPBh012YdkOmWYbBC4YIU25OfbdpAzJaAoxludso5TCn3vnornGxVvwKXI0UHLbq9EsUSYVs7YHrqX2zB2PhsU8/d11IaqU3Z+LC1xmReHLkE/npUy3A0sI7ay5GkycuE8ngdxKKeDTNlm1SY9vIMCKl22o5dFldGe53eH+jaOUCd9u7bgrrEst5T5s+v1lNZzumglDoyp8PYsi74fafp6eg9S1xZCyFX6Rb8D6rE/I9bK8bUQLpV1Gv1PHQ1Gbb84bWlvmVuT6YSDWZV11vfPKvRXZAB11KU+4iOXFSTgXNhpz3uxzTWNmxJR7AYXXbHcc/hmShKzFfNebTHzrbTd/bKAqS5hjLKpyKsFGB1nzpHaIv86FmRNbIlpK2KPv2UKkbgx4qxFfpLhRmdUsjRuc17ds7BIJQlTDIixD19okf3X2GC3Phr+xmzMW0+erXZ9XN4WWmrcu/ZwnT7Wb9phvBddrw72vnkT9DdqnRTX3sODHPcCo4vnoRpFrWYbA+2weAcEfJrFSpb2wdzDFddo1x20TnPYilk7e23T8w370eWvFUrJ/J2qnlRpu1DtIEVZuStnvsaphQikSbSBWXGMeuBSqzDrknCM6xivva3CEufTh+ZciVZxGVuUY24Ko0xmlUyljekRVOBzPAsnk25Jh39euqSjhr+2CXtd30CwQIPGrhVreIbJ4Z+tN3cKHpzCb1QmdgalRviGLmEHZl7Z4e16tVr/99nHsJr/x8+rink9scMZDg6z0/nCV/P3WTaj+fW49pqtTaYTu4bohmTivIpSDny7jqc91Hm1Vb8t7I+6J49Asi6LvG0tQyBI2WftUXSIxUY4mjb78K925ttd2cjiGX7T/8OwwCt8YaftJyDPI4/wujsPuLpxZlt/fgSndnxw9BA6iMVSxnh8xlI3/wTOlGYG4rzQtKn4xYjWwtuBv1atSpFb1xp+nlfr+TjS6OEVxvd0s9hbw29TyRTLv/9AnGYCU3dApZzrEY6QCly7LJCraV0g483FzRLnawD1CDApbfH6sLpdf5NOCBF0dkxMiq69Y2arod3o42WjTShSlXRlU5L2QZLpfPWHfaGYhGClEl9oINFaUvPCzM4urWP05uk01EiJJrK4P4V+cWtDe3cfBm1pOd+IB8vPTdgHBehSrFskfJG7z+pekd2EEyema2Hq+hlGlUqwvQevEWdqLjBV+t2Je0LycrW75Gy73VCosvb03+/ukbX5p5CP/OR7itrtIkyqfdBe7cUYbRWDJE5kHu1lxN5NyGctgZZqOlcU6+zKRFmw0B9C8K1FNyg5YKkg6KQT6DkOhxNVZBRo8Fi1lhXR+vw2Ua5wIzmbiMGQPQF4dGqWm8ShJZj97BSfbEdaefXAaSRac+1LlVGbQ/aJKTtUqZgCMHP4DTRGa8zX4SkerXlRBFRFEnrxO2I2+HwDqFwCv6SSmB9SzO2i2XJMM+UeqqGt2ZkJ8N/9bOtc7SCaF2qcVYKeoyw6hBghwBZBBZU2BqwbCVzzPmgcEbqclN+VAtk5M32SGWbm4vF9zz89f3pB3/vve4N31woWsi+7z96zTaq7rOFYFUqBpzWfZy573PTdMau2/lWnGqFXjgQ6qWt1mETe+uOuj3yyIIOzoZViaTZe4/1I6fahwucdJMOFiBtpMC0YogITqDUxlC+dWs4Ul5huUwpfR3jjcFet9A2QEshNRKGvz/96TQUghtke+x9J+Ts+AGW/QSDjot1gl2xk2ChmD9f/Hx9eY2u8ENBed609Q4vq5nb0cMwO00UR6blpzGY3aZpNepTOGUxeni2y3LMpsdL2HzqJPx6ysnVjo6zzEvly3Nfpdej2IiQHW9RnrhWQD3j4r983nCTmMPzoSYZ+3Rbf4kxoZ8outG3q7ZWfPOoW7jk3ldIVYEQdazQH5SWgs/+OGGY3DOqNOR/eO3/9qr5lPIpkPBHUyphiVlQkcET1voNwjxHSqCRbSlhRpWWK2PZH1NYlFjPfbH+BgPqYxiAtE6pY8F0idAuX4sI2apC3uiTDXLguhWT0qjbopwLdfLQNjbCm9wYZ1jBOzQB3Tb7OxC7EflXIq8Y2ENcYqlcl0oz3sMMqZViYta+dDdq7BCocr8z4/443INdeuExhyfWh9kOP9gy3Lk5eS9Wq9Xqm6L4Js9frnM/XSFgQewpzTcj0rSAQLvqA/hwRwtAL+bzd0XxTqk9YTlmhuzJA5BdiRza7YvW7YV3AjPQKw6Actv11+6OhYlZVCAfnfry5q0x8SUmGqRyfYxffPvG/P+bl9sBBV6ND9lAvrae2y9wMjtBteB3f9sOiIiiFHwYuHkAqrOaZF3egU68HGJiNjNyyCL9sUYqK7bDUqpqEpd5t9XElXqpGbgZw3ySOYMkHoKfAEs9Aaz7Pv6wgiip9bDGPFoLsD5bBgtg9mxJPJ1SshlI8FXkkIPFNC2sM9kSbuFA//zH/0anjImlMSglOgdOt8rDSobqNO3m2AtcHpXEE2rbT7dwvVBABM/VlhM/XWZmc4+JoXAZoi2AmmNzY273y3OX52g9Qr5dkLe8d1rLGmHco9XFaA/ZQShteHncG25IcnzkocVx0NB/NuScc1ILz5im+ugEzB7dIgrooP7PAXAuuXZdYU9r3zqjZGV21j5LRUuVOQpRd/3l9e2BwDyouBv92kGyO7wG5Y2WnUDhspxSpkGm4Nnpumgd+tGOUrNwH/61SuBlHcxfAOB4C96GuF16tHkWV3ztj0P2XzIOwnFD1b1XH9oPLWM1E7ei00DmXDAxi6jm3DU0m9j/faCNZJZEWkSqjLYs2MLVXlBNtKeQSK04mUvB6WfIH4W9pjh5NtzMqMoIE1VEu6zHxbMO9fAdxbOx/vWH3qOGpDV1KCeisCUznax6ZY2eV+haSI1ON+MTlU4PUFR6JsYA/mmLBSBJRsMqyODPW0D9XHeE9i9Jl9frKla72iOSZAXuP34dwKg+pqvTs71A2XJucpUFeq8fZF7njSPZj9DVI9ec3EmZzJWOvpjtJ889VtRAeiLm9ZDvxMFSCi2I6DvbD9ErPcW222vXXVeKQWrdATpZ/yy4t/wpuju7ti8HH8+vd1/TRNDaa7Y3PkqKMrJ1cHl2dd24mNw/dkYSd9vbwYnf+7sjWVCiaT+M+RDdwZUXotwfuLWWQxWyLXFszZItexy4zsr7QRb/vh6eu0GrflsjwI6zGYkEAnQB+THQ1GPtwJvJSg86lMSCY2nvxprFEYDsxhVXezCi0nJnCDKbqjRUW0LK1a744grIIUwrHfcFGFFRaCEbURUOAZmMi4OL5vEolSSfBYc070B+lc0AtTr//vTDToDigfngk+xbYLZqBulY0l6yNl9+3cYXjyo+X/qItsCgMsvpoB/GIZy5tleKL9ZABT9B10K5RzoX0vDun//4DyFn//zHf75C//zHf0go2ar+xz//8Z+bARPBefc57WDEF+45nDdqOlWIiZlRGmyN3U4T31FQUX2r/jG4CXP1/bA5B7LdD7KIDuesGRmts9kKrDTInVHRvEzvuT/oGaiFMK43tYXRPsvQEzgZ/PEg6I2mGzc2otGfWx11toxfqL7mFQVAAUp1Ss+Hz6HX8WO75dc4RkYIK6kVgyz+s/q1p2htrWYTbYZSMqynQka0ta49xaaQjNumJ1sWKLqT23BgbefV9LfAcHVon5oZ9hqLeV5P767tZQZ664GFMquqmGNf+Ghb9PHjtrFdzaHID1Z31yG6YWFlNcfn42BuaWzPzFHKxIxymxkbd6UsXdShO35C4iruZngXz9ahGx7+AUhlH+cG5SQPx1DT7paqDOLAizR6yRVmSywBKYJdr5do+shUiiJzrUtwoKDSgWFlPAfZbXuxReCIVFhuwAgSMHLvEXjCFbkOEb527D7Z4Njmm4EU+gM08AHFsFFCZcygPktuh9CEqQ5VJD0k9uzu2haYtcUK3RlxWJZYoVwsORM432YvGlSNfRwP23lN0gh4A9T6rKYg36GPpcFlgxw9xi0IKYO42+SWfu71gphjbdvPYFuIqbtBRkHFlcTXWM87oDweIwx3BBRXJP9YNy9BWClBqPUL1t3+d4kjnuqSiKLAPKJuZ7aSJ+oTUObAW9t+Kiq+ZT9FPYMHnz9XkjvuyvlC+Afh+lRhibnuN2Y8fIublas3a2e/r0fc9vQjSZaCbf42d6R3EOi50klw3LinnkcgkYBVTOl9Y+mh5Xzls9KIkLnbPqBtIp7tGlvi4nWBGSVUbBNP4QrRB0HsEgzvlBIXgcY3h+2SEhfodAcvo1FGYpq1PXpbTm0We0/8pSHd325h1tsMh8iP+7cubaJDNDi6WICUNIdMi/tBa8BD4qU8XdSlG8RAxDNyxDcM8eWLPsc8iw1XAsTDVpBRBt3BjHlC7tZkW48Dp79Yq3KLB6yyWmlmOwzFNfO9vusUza2GfhtH3GuljWP7lTLXuqwb/I4e4scHN9SROT/d3V2jQQPhMEdsYsqRs1J2dB4nynJsSg/ajrce4hImimpAU8zYtkBHr+Sl2M610bbrhoYHApZYRJP7PVW6iW20JSjNMKzKXUj5EiatYbctpeA6umuvXkgXfGkH2FE+xz3zjWTeIXOCaLqgehUXwK8waTJb/ADO2i6wJnOjR/IcEezqScyh/q60Xb63rFx3l8c2odq7fAdH/hy/GdZBPUTV+en0DarLq9ZbiWoo0ARsGUKO2erzNlOpAPtUGfUp9srR3PquY1STmON2Xv53mnb0OW+RdK4/dhqP6u0uHlV7EOK6pawXaPu7QK50sLnYIUew9WB03qU9Pvm4jkI7+dutDuWWOhv1pHX12c0YvHYQVXJ3CI7zPL7bcbu89b3Cs1LClD5EFTLmskbXXbphmU81JMiVuzVK3lmf7EYuqGoanwsPGt126YZPPrUbFMvYT4LnDWEbULhde4np7XCBeLu4eeI+SX/c+hBdr7lVoOIv+VWH7MiKp3su2rLKlZ5nhA1q6R32BF7pOTrrEh0fvQAyx5yqiKqeBTCkO6pUOU7FPWxnYbpBDK6ZKAe9FDJignWYbBABEwSzGdawxBEF7/sQ1fHxozPgfYjqll0Q12w9C9MNYhAsD9XIP8xcHdIMjs1hGX3sD0OawbFpGT1043JAMrzqVkZldQnh+CEkTgg2NYp3iyDxqMZaJh0Ox1De5Q0ML7Mc636ngEOemPASdSgGx72K+sJxtfVpw3ekjFt4rk8yPLLGUms6ssSPr1Z4O6C34bqJlY91Y6mhVqHm4KAGltJ40HN237kO6QWHvV2p92KW3V7c/HJxk304vbqIuMqWNnK0UYd2EMsEk/uqzIqo+/tPligqtm/zUE/SQ2bfpTdytOQipjJ/26UXHDPQ3/+AEX9qUxs5Te7NZfQcP/5N5yZEckRvCXS3PmC6PXrBMW2ffDXsVXfQwCGiwdHhQcuIV1KXXHDE65+uby9ub1v+ooNHHZIcvx+y2BcE2r6tXGx2vHGd8b/LzZRH9ffdXJxv9fNNJOZkHlnT+pMluoObpSoNN/NId/GQWljjzhlkpKyCY06ZGLSI2zKsoYf+5V+2bOaV0lDEHNZR3MJfBfIJxowYpdKhFh6P04g3XodaWJUTGrOsgGLMS7tfrryt0nDVpRocfyoh4pNEh1p4vhJzVVCtIbddYiMaiC3SqEd7REC6ohWxcdR0HwXifkKj1S5pAHSJbluPmBDaa/E4FLkUZQoUXbob1yImhGYtdhifCMaoGg1G2SeeaUAwfIfFL3I3JBkc+UzwKZ1tKhW9x70SJhocH91AKeTItt9j6CHB4LBNnnSscYcEg+PewYjPYI8hO7RG9YWIcrVLLqwXDTs4HjBgh1pwvJj1n/EWbjpXpsps0Yq4E/WkW577HeauPjEaD8KdjeR35X1u//L+EhFczeYaTVyQ/6+nP25G8xDT1dwG89fb28diAT0HGTv4cg6OLgeNptKGh5oB/k8AAAD///D/2q8=" } diff --git a/x-pack/filebeat/module/sophos/xg/_meta/fields.yml b/x-pack/filebeat/module/sophos/xg/_meta/fields.yml index d5716542bfab..f99e9e6ad99c 100644 --- a/x-pack/filebeat/module/sophos/xg/_meta/fields.yml +++ b/x-pack/filebeat/module/sophos/xg/_meta/fields.yml @@ -74,6 +74,11 @@ description: > Firewall Rule ID which is applied on the traffic + - name: fw_rule_type + type: keyword + description: > + Firewall Rule type which is applied on the traffic + - name: user_name type: keyword description: > @@ -204,6 +209,11 @@ description: > ICMP code of ICMP traffic + - name: victim + type: keyword + description: > + Target in which signature is classified + - name: sent_pkts type: long description: > diff --git a/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml b/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml index 54df75d6c2e4..713b82419c01 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml @@ -428,6 +428,9 @@ processors: ############# ## Cleanup ## ############# +- lowercase: + field: sophos.xg.fw_rule_type + ignore_failure: true - lowercase: field: network.protocol ignore_failure: true @@ -442,11 +445,25 @@ processors: - sophos.xg.dst_port - sophos.xg.tran_dst_port - sophos.xg.recv_bytes + - sophos.xg.bytes_received - sophos.xg.recv_pkts + - sophos.xg.packets_received - sophos.xg.src_port - sophos.xg.tran_src_port - sophos.xg.sent_bytes + - sophos.xg.bytes_sent - sophos.xg.sent_pkts + - sophos.xg.packets_sent + - sophos.xg.src_trans_ip + - sophos.xg.src_trans_port + - sophos.xg.dst_trans_ip + - sophos.xg.dst_trans_port + - sophos.xg.src_zone_type + - sophos.xg.dst_zone_type + - sophos.xg.src_zone + - sophos.xg.dst_zone + - sophos.xg.con_event + - sophos.xg.qualifier ignore_missing: true on_failure: - set: diff --git a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml index 2db7a8ad8495..c43b7bbec760 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml @@ -161,6 +161,72 @@ processors: if: "ctx.event.severity == '7' " value: debug +# Fix up naming differences between products. +- rename: + field: sophos.xg.device_name + target_field: sophos.xg.device + ignore_missing: true + if: 'ctx.sophos?.xg?.device_name != null && ctx.sophos?.xg?.device_model != null' +- rename: + field: sophos.xg.device_model + target_field: sophos.xg.device_name + ignore_missing: true +- rename: + field: sophos.xg.device_serial_id + target_field: sophos.xg.device_id + ignore_missing: true + if: 'ctx.sophos?.xg?.device_serial_id != null' +- rename: + field: sophos.xg.severity + target_field: sophos.xg.priority + ignore_missing: true + if: 'ctx.sophos?.xg?.severity != null' +- rename: + field: sophos.xg.src_country + target_field: sophos.xg.src_country_code + ignore_missing: true + if: 'ctx.sophos?.xg?.src_country != null' +- rename: + field: sophos.xg.dst_country + target_field: sophos.xg.dst_country_code + ignore_missing: true + if: 'ctx.sophos?.xg?.dst_country != null' +- rename: + field: sophos.xg.hb_status + target_field: sophos.xg.hb_health + ignore_missing: true + if: 'ctx.sophos?.xg?.hb_status != null' +- rename: + field: sophos.xg.app_resolved_by + target_field: sophos.xg.appresolvedby + ignore_missing: true + if: 'ctx.sophos?.xg?.app_resolved_by != null' +- rename: + field: sophos.xg.app_technology + target_field: sophos.xg.application_technology + ignore_missing: true + if: 'ctx.sophos?.xg?.app_technology != null' +- rename: + field: sophos.xg.app_category + target_field: sophos.xg.application_category + ignore_missing: true + if: 'ctx.sophos?.xg?.app_category != null' +- rename: + field: sophos.xg.app_name + target_field: sophos.xg.application_name + ignore_missing: true + if: 'ctx.sophos?.xg?.app_name != null' +- rename: + field: sophos.xg.app_risk + target_field: sophos.xg.application_risk + ignore_missing: true + if: 'ctx.sophos?.xg?.app_risk != null' +- rename: + field: sophos.xg.os_name + target_field: sophos.xg.platform + ignore_missing: true + if: 'ctx.sophos?.xg?.os_name != null' + ########################## ## ECS Observer Mapping ## ########################## @@ -249,12 +315,14 @@ processors: - sophos.xg.srczone - sophos.xg.dstzone - sophos.xg.log_occurrence + - sophos.xg.log_version - sophos.xg.nat_rule_id - sophos.xg.in_display_interface - sophos.xg.out_display_interface - syslog5424_pri ignore_missing: true + ############################### ## Product Speific Pipelines ## ############################### diff --git a/x-pack/filebeat/module/sophos/xg/test/firewall.log b/x-pack/filebeat/module/sophos/xg/test/firewall.log index 1abc96cc5225..680adfc89d1f 100644 --- a/x-pack/filebeat/module/sophos/xg/test/firewall.log +++ b/x-pack/filebeat/module/sophos/xg/test/firewall.log @@ -20,3 +20,13 @@ <30>device="SFW" date=2018-06-01 time=10:55:41 timezone="BST" device_name="XG310" device_id=SFDemo-9a04c43 log_id=016602600003 log_type="Firewall" log_component="Heartbeat" log_subtype="Denied" status="Deny" priority=Information duration=0 fw_rule_id=16 policy_type=1 user_name="" user_gp="" iap=2 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port3.611" out_interface="" src_mac=08:00:27:4c:49:e3 src_ip=10.198.37.57 src_country_code= dst_ip=72.163.4.185 dst_country_code= protocol="ICMP" icmp_type=8 icmp_code=0 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="" srczone="" dstzonetype="" dstzone="" dir_disp="" connid="" vconnid="" hb_health="Red" message="" appresolvedby="Signature" app_is_cloud=0 <01>Feb 11 13:12:45 _gateway device="SFW" date=2021-02-11 time=13:12:45 timezone="CET" device_name="XG210" device_id=dem-dev log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=0 fw_rule_id=9 nat_rule_id=16 policy_type=1 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" vlan_id="" ether_type=Unknown (0x0000) bridge_name="" bridge_display_name="" in_interface="Port2.109" in_display_interface="CD21-IPs_WAN" out_interface="Port5.200" out_display_interface="Port5" src_mac=11:22:33:44:55:66 dst_mac=66:55:44:33:22:11 src_ip=1.2.3.4 src_country_code=ESP dst_ip=4.3.2.1 dst_country_code=GB protocol="TCP" src_port=33370 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=2.4.6.8 tran_src_port=0 tran_dst_ip=8.6.4.2 tran_dst_port=0 srczonetype="WAN" srczone="WAN" dstzonetype="DMZ" dstzone="Zone 9" dir_disp="" connevent="Start" connid="3933925696" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud=0 <01>device="SFW" date=2020-06-05 time=03:45:23 timezone="CEST" device_name="SF01V" device_id=SFDemo-ta-vm-55 log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=0 fw_rule_id=5 nat_rule_id=2 policy_type=1 user_name="" user_gp="" iap=13 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" vlan_id="" ether_type=Unknown (0x0000) bridge_name="" bridge_display_name="" in_interface="Port2" in_display_interface="Port2" out_interface="Port1" out_display_interface="Port1" src_mac=00:50:56:99:51:94 dst_mac=00:50:56:99:3D:AC src_ip=10.146.13.30 src_country_code= dst_ip=10.8.142.181 dst_country_code= protocol="TCP" src_port=45294 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip=10.8.13.110 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="LAN" srczone="LAN" dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Start" connid="2674291981" vconnid="" hb_health="No Heartbeat"message="" appresolvedby="Signature" app_is_cloud=0 log_occurrence=1 +<30>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="010202601001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" log_version=1 severity="Information" fw_rule_id="N/A" nat_rule_id="0" fw_rule_type="NETWORK" ether_type="IPv4 (0x0800)" in_interface="Port6" src_mac="2c:33:11:f2:bb:47" src_ip="127.0.0.1" src_country="USA" dst_ip="127.0.0.1" dst_country="CHE" protocol="TCP" src_port=42324 dst_port=443 hb_status="No Heartbeat" message="Invalid packet." app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="Port6" +<30>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="010101600001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" log_version=1 severity="Information" fw_rule_id="59" nat_rule_id="28" fw_rule_type="USER" ips_policy_id=1 ether_type="Unknown (0x0000)" in_interface="Port6" out_interface="LAG10GB.306" src_mac="2C:33:11:F2:BB:47" dst_mac="00:AA:20:15:0E:2A" src_ip="51.103.157.232" src_country="CHE" dst_ip="127.0.0.16" dst_country="CHE" protocol="TCP" src_port=51021 dst_port=443 src_trans_ip="127.0.0.1" dst_trans_ip="127.0.0.1" src_zone_type="WAN" src_zone="WAN" dst_zone_type="LAN" dst_zone="LAN" con_event="Start" con_id="1924732224" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="Port6" out_display_interface="LAG10GB.306" +<29>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="018201500005" log_type="Firewall" log_component="ICMP ERROR MESSAGE" log_subtype="Allowed" log_version=1 severity="Notice" fw_rule_id="12" nat_rule_id="0" fw_rule_type="USER" ether_type="IPv4 (0x0800)" in_interface="LAG10GB.302" src_mac="00:0c:29:a7:37:d4" src_ip="127.0.0.1" src_country="R1" dst_ip="10.100.1.33" dst_country="R1" protocol="ICMP" icmp_type=3 icmp_code=3 src_zone_type="LAN" src_zone="LAN" con_event="Interim" con_id="14687552" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="LAG10GB.302" +<29>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="018201500005" log_type="Firewall" log_component="ICMP ERROR MESSAGE" log_subtype="Allowed" log_version=1 severity="Notice" fw_rule_id="5" nat_rule_id="0" fw_rule_type="USER" ips_policy_id=13 app_name="SIP Request" app_risk=3 app_technology="Network Protocol" app_category="VoIP" ether_type="IPv4 (0x0800)" in_interface="LAG10GB.20" src_mac="20:67:7c:ee:28:48" src_ip="127.0.0.12" src_country="CHE" dst_ip="185.165.190.34" dst_country="RUS" protocol="ICMP" icmp_type=3 icmp_code=10 src_zone_type="WAN" src_zone="WAN" con_event="Interim" con_id="11841597" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="LAG10GB.20" +<30>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="010101600001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" log_version=1 severity="Information" fw_rule_id="85" nat_rule_id="125" fw_rule_type="USER" ether_type="Unknown (0x0000)" in_interface="Port6" out_interface="LAG10GB.333" src_mac="2C:33:11:F2:BB:47" dst_mac="00:AA:20:15:0E:2A" src_ip="127.0.0.1" src_country="MCO" dst_ip="127.0.0.18" dst_country="CHE" protocol="TCP" src_port=7781 dst_port=33094 dst_trans_ip="127.0.0.1" dst_trans_port=3389 src_zone_type="WAN" src_zone="WAN" dst_zone_type="LAN" dst_zone="LAN" con_event="Start" con_id="1034987392" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="Port6" out_display_interface="LAG10GB.333" +<29>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="018201500005" log_type="Firewall" log_component="ICMP ERROR MESSAGE" log_subtype="Allowed" log_version=1 severity="Notice" fw_rule_id="5" nat_rule_id="0" fw_rule_type="USER" ips_policy_id=13 ether_type="IPv4 (0x0800)" in_interface="LAG10GB.20" src_mac="e4:3d:1a:90:5e:10" src_ip="127.0.0.1" src_country="CHE" dst_ip="127.0.0.1" dst_country="USA" protocol="ICMP" icmp_type=3 icmp_code=10 src_zone_type="WAN" src_zone="WAN" con_event="Interim" con_id="13303728" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="LAG10GB.20" +<30>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="010101600001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" log_version=1 severity="Information" duration=37 fw_rule_id="13" nat_rule_id="0" fw_rule_type="USER" app_name="DNS" app_risk=1 app_technology="Network Protocol" app_category="Infrastructure" ether_type="Unknown (0x0000)" in_interface="LAG10GB.20" out_interface="Port6" src_mac="48:DF:37:B4:8E:AA" dst_mac="00:AA:20:AC:B5:AA" src_ip="127.0.0.1" src_country="CHE" dst_ip=127.0.0.1" dst_country="USA" protocol="UDP" src_port=43988 dst_port=53 packets_sent=1 packets_received=1 bytes_sent=61 bytes_received=233 src_zone_type="DMZ" src_zone="DMZ" dst_zone_type="WAN" dst_zone="WAN" con_event="Stop" con_id="2550962432" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="LAG10GB.20" out_display_interface="Port6" +<29>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="018201500005" log_type="Firewall" log_component="ICMP ERROR MESSAGE" log_subtype="Allowed" log_version=1 severity="Notice" fw_rule_id="12" nat_rule_id="0" fw_rule_type="USER" ether_type="IPv4 (0x0800)" in_interface="LAG10GB.302" src_mac="00:0c:29:a7:37:d4" src_ip="127.0.0.1" src_country="R1" dst_ip="10.100.1.32" dst_country="R1" protocol="ICMP" icmp_type=3 icmp_code=3 src_zone_type="LAN" src_zone="LAN" con_event="Interim" con_id="3230141495" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="LAG10GB.302" +<29>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="018201500005" log_type="Firewall" log_component="ICMP ERROR MESSAGE" log_subtype="Allowed" log_version=1 severity="Notice" fw_rule_id="5" nat_rule_id="0" fw_rule_type="USER" ips_policy_id=13 ether_type="IPv4 (0x0800)" in_interface="LAG10GB.20" src_mac="20:67:7c:ee:88:c0" src_ip="127.0.0.1" src_country="AZE" dst_ip="192.241.215.211" dst_country="USA" protocol="ICMP" icmp_type=3 icmp_code=10 src_zone_type="WAN" src_zone="WAN" con_event="Interim" con_id="3227724200" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="LAG10GB.20" +<30>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="010101600001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" log_version=1 severity="Information" fw_rule_id="13" nat_rule_id="0" fw_rule_type="USER" ether_type="Unknown (0x0000)" in_interface="LAG10GB.20" out_interface="Port6" src_mac="20:67:7C:EE:88:B8" dst_mac="00:AA:20:AC:B5:AA" src_ip="127.0.0.1" src_country="CHE" dst_ip="142.250.184.198" dst_country="USA" protocol="UDP" src_port=37704 dst_port=443 src_zone_type="DMZ" src_zone="DMZ" dst_zone_type="WAN" dst_zone="WAN" con_event="Start" con_id="927688256" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="LAG10GB.20" out_display_interface="Port6" diff --git a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json index d6bb070314e0..c23e7fce2e34 100644 --- a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json @@ -1984,5 +1984,668 @@ "forwarded", "sophos-xg" ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "2c:33:11:f2:bb:47", + "client.port": 42324, + "destination.ip": "127.0.0.1", + "destination.port": 443, + "event.action": "denied", + "event.category": [ + "network" + ], + "event.code": "010202601001", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" ether_type=\"IPv4 (0x0800)\" in_interface=\"Port6\" src_mac=\"2c:33:11:f2:bb:47\" src_ip=\"127.0.0.1\" src_country=\"USA\" dst_ip=\"127.0.0.1\" dst_country=\"CHE\" protocol=\"TCP\" src_port=42324 dst_port=443 hb_status=\"No Heartbeat\" message=\"Invalid packet.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port6\"", + "event.outcome": "success", + "event.severity": "6", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 20153, + "network.transport": "tcp", + "observer.ingress.interface.name": "Port6", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.1" + ], + "server.ip": "127.0.0.1", + "server.port": 443, + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "CHE", + "sophos.xg.ether_type": "IPv4 (0x0800)", + "sophos.xg.fw_rule_type": "network", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.log_component": "Invalid Traffic", + "sophos.xg.log_subtype": "Denied", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message": "Invalid packet.", + "sophos.xg.message_id": "01001", + "sophos.xg.priority": "Information", + "sophos.xg.src_country_code": "USA", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "2c:33:11:f2:bb:47", + "source.port": 42324, + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "51.103.157.232", + "client.mac": "2C:33:11:F2:BB:47", + "client.port": 51021, + "destination.ip": "127.0.0.16", + "destination.mac": "00:AA:20:15:0E:2A", + "destination.port": 443, + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "010101600001", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"59\" nat_rule_id=\"28\" fw_rule_type=\"USER\" ips_policy_id=1 ether_type=\"Unknown (0x0000)\" in_interface=\"Port6\" out_interface=\"LAG10GB.306\" src_mac=\"2C:33:11:F2:BB:47\" dst_mac=\"00:AA:20:15:0E:2A\" src_ip=\"51.103.157.232\" src_country=\"CHE\" dst_ip=\"127.0.0.16\" dst_country=\"CHE\" protocol=\"TCP\" src_port=51021 dst_port=443 src_trans_ip=\"127.0.0.1\" dst_trans_ip=\"127.0.0.1\" src_zone_type=\"WAN\" src_zone=\"WAN\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" con_event=\"Start\" con_id=\"1924732224\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port6\" out_display_interface=\"LAG10GB.306\"", + "event.outcome": "success", + "event.severity": "6", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 20794, + "network.transport": "tcp", + "observer.egress.interface.name": "LAG10GB.306", + "observer.ingress.interface.name": "Port6", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.16", + "51.103.157.232" + ], + "rule.id": "59", + "server.ip": "127.0.0.16", + "server.mac": "00:AA:20:15:0E:2A", + "server.port": 443, + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "1924732224", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "CHE", + "sophos.xg.ether_type": "Unknown (0x0000)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.ips_policy_id": "1", + "sophos.xg.log_component": "Firewall Rule", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00001", + "sophos.xg.priority": "Information", + "sophos.xg.src_country_code": "CHE", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "51.103.157.232", + "source.mac": "2C:33:11:F2:BB:47", + "source.port": 51021, + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "00:0c:29:a7:37:d4", + "destination.ip": "10.100.1.33", + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "018201500005", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"018201500005\" log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" log_version=1 severity=\"Notice\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" ether_type=\"IPv4 (0x0800)\" in_interface=\"LAG10GB.302\" src_mac=\"00:0c:29:a7:37:d4\" src_ip=\"127.0.0.1\" src_country=\"R1\" dst_ip=\"10.100.1.33\" dst_country=\"R1\" protocol=\"ICMP\" icmp_type=3 icmp_code=3 src_zone_type=\"LAN\" src_zone=\"LAN\" con_event=\"Interim\" con_id=\"14687552\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"LAG10GB.302\"", + "event.outcome": "success", + "event.severity": "5", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "notification", + "log.offset": 21680, + "network.transport": "icmp", + "observer.ingress.interface.name": "LAG10GB.302", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "10.100.1.33", + "127.0.0.1" + ], + "rule.id": "12", + "server.ip": "10.100.1.33", + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "14687552", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "R1", + "sophos.xg.ether_type": "IPv4 (0x0800)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.icmp_code": "3", + "sophos.xg.icmp_type": "3", + "sophos.xg.log_component": "ICMP ERROR MESSAGE", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00005", + "sophos.xg.priority": "Notice", + "sophos.xg.src_country_code": "R1", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "00:0c:29:a7:37:d4", + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.12", + "client.mac": "20:67:7c:ee:28:48", + "destination.ip": "185.165.190.34", + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "018201500005", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"018201500005\" log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" log_version=1 severity=\"Notice\" fw_rule_id=\"5\" nat_rule_id=\"0\" fw_rule_type=\"USER\" ips_policy_id=13 app_name=\"SIP Request\" app_risk=3 app_technology=\"Network Protocol\" app_category=\"VoIP\" ether_type=\"IPv4 (0x0800)\" in_interface=\"LAG10GB.20\" src_mac=\"20:67:7c:ee:28:48\" src_ip=\"127.0.0.12\" src_country=\"CHE\" dst_ip=\"185.165.190.34\" dst_country=\"RUS\" protocol=\"ICMP\" icmp_type=3 icmp_code=10 src_zone_type=\"WAN\" src_zone=\"WAN\" con_event=\"Interim\" con_id=\"11841597\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"LAG10GB.20\"", + "event.outcome": "success", + "event.severity": "5", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "notification", + "log.offset": 22372, + "network.transport": "icmp", + "observer.ingress.interface.name": "LAG10GB.20", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.12", + "185.165.190.34" + ], + "rule.id": "5", + "server.ip": "185.165.190.34", + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.application_category": "VoIP", + "sophos.xg.application_name": "SIP Request", + "sophos.xg.application_risk": "3", + "sophos.xg.application_technology": "Network Protocol", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "11841597", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "RUS", + "sophos.xg.ether_type": "IPv4 (0x0800)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.icmp_code": "10", + "sophos.xg.icmp_type": "3", + "sophos.xg.ips_policy_id": "13", + "sophos.xg.log_component": "ICMP ERROR MESSAGE", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00005", + "sophos.xg.priority": "Notice", + "sophos.xg.src_country_code": "CHE", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.12", + "source.mac": "20:67:7c:ee:28:48", + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "2C:33:11:F2:BB:47", + "client.port": 7781, + "destination.ip": "127.0.0.18", + "destination.mac": "00:AA:20:15:0E:2A", + "destination.port": 33094, + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "010101600001", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"85\" nat_rule_id=\"125\" fw_rule_type=\"USER\" ether_type=\"Unknown (0x0000)\" in_interface=\"Port6\" out_interface=\"LAG10GB.333\" src_mac=\"2C:33:11:F2:BB:47\" dst_mac=\"00:AA:20:15:0E:2A\" src_ip=\"127.0.0.1\" src_country=\"MCO\" dst_ip=\"127.0.0.18\" dst_country=\"CHE\" protocol=\"TCP\" src_port=7781 dst_port=33094 dst_trans_ip=\"127.0.0.1\" dst_trans_port=3389 src_zone_type=\"WAN\" src_zone=\"WAN\" dst_zone_type=\"LAN\" dst_zone=\"LAN\" con_event=\"Start\" con_id=\"1034987392\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"Port6\" out_display_interface=\"LAG10GB.333\"", + "event.outcome": "success", + "event.severity": "6", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 23173, + "network.transport": "tcp", + "observer.egress.interface.name": "LAG10GB.333", + "observer.ingress.interface.name": "Port6", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.1", + "127.0.0.18" + ], + "rule.id": "85", + "server.ip": "127.0.0.18", + "server.mac": "00:AA:20:15:0E:2A", + "server.port": 33094, + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "1034987392", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "CHE", + "sophos.xg.ether_type": "Unknown (0x0000)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.log_component": "Firewall Rule", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00001", + "sophos.xg.priority": "Information", + "sophos.xg.src_country_code": "MCO", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "2C:33:11:F2:BB:47", + "source.port": 7781, + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "e4:3d:1a:90:5e:10", + "destination.ip": "127.0.0.1", + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "018201500005", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"018201500005\" log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" log_version=1 severity=\"Notice\" fw_rule_id=\"5\" nat_rule_id=\"0\" fw_rule_type=\"USER\" ips_policy_id=13 ether_type=\"IPv4 (0x0800)\" in_interface=\"LAG10GB.20\" src_mac=\"e4:3d:1a:90:5e:10\" src_ip=\"127.0.0.1\" src_country=\"CHE\" dst_ip=\"127.0.0.1\" dst_country=\"USA\" protocol=\"ICMP\" icmp_type=3 icmp_code=10 src_zone_type=\"WAN\" src_zone=\"WAN\" con_event=\"Interim\" con_id=\"13303728\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"LAG10GB.20\"", + "event.outcome": "success", + "event.severity": "5", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "notification", + "log.offset": 24035, + "network.transport": "icmp", + "observer.ingress.interface.name": "LAG10GB.20", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.1" + ], + "rule.id": "5", + "server.ip": "127.0.0.1", + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "13303728", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "USA", + "sophos.xg.ether_type": "IPv4 (0x0800)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.icmp_code": "10", + "sophos.xg.icmp_type": "3", + "sophos.xg.ips_policy_id": "13", + "sophos.xg.log_component": "ICMP ERROR MESSAGE", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00005", + "sophos.xg.priority": "Notice", + "sophos.xg.src_country_code": "CHE", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "e4:3d:1a:90:5e:10", + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "48:DF:37:B4:8E:AA", + "client.port": 43988, + "destination.ip": "127.0.0.1", + "destination.mac": "00:AA:20:AC:B5:AA", + "destination.port": 53, + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "010101600001", + "event.dataset": "sophos.xg", + "event.duration": 37000000000, + "event.end": "2022-03-29T07:32:23.000-02:00", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" duration=37 fw_rule_id=\"13\" nat_rule_id=\"0\" fw_rule_type=\"USER\" app_name=\"DNS\" app_risk=1 app_technology=\"Network Protocol\" app_category=\"Infrastructure\" ether_type=\"Unknown (0x0000)\" in_interface=\"LAG10GB.20\" out_interface=\"Port6\" src_mac=\"48:DF:37:B4:8E:AA\" dst_mac=\"00:AA:20:AC:B5:AA\" src_ip=\"127.0.0.1\" src_country=\"CHE\" dst_ip=127.0.0.1\" dst_country=\"USA\" protocol=\"UDP\" src_port=43988 dst_port=53 packets_sent=1 packets_received=1 bytes_sent=61 bytes_received=233 src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Stop\" con_id=\"2550962432\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"LAG10GB.20\" out_display_interface=\"Port6\"", + "event.outcome": "success", + "event.severity": "6", + "event.start": "2022-03-29T07:31:46.000-02:00", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 24742, + "network.transport": "udp", + "observer.egress.interface.name": "Port6", + "observer.ingress.interface.name": "LAG10GB.20", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.1" + ], + "rule.id": "13", + "server.ip": "127.0.0.1", + "server.mac": "00:AA:20:AC:B5:AA", + "server.port": 53, + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.application_category": "Infrastructure", + "sophos.xg.application_name": "DNS", + "sophos.xg.application_risk": "1", + "sophos.xg.application_technology": "Network Protocol", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "2550962432", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "USA", + "sophos.xg.ether_type": "Unknown (0x0000)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.log_component": "Firewall Rule", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00001", + "sophos.xg.priority": "Information", + "sophos.xg.src_country_code": "CHE", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "48:DF:37:B4:8E:AA", + "source.port": 43988, + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "00:0c:29:a7:37:d4", + "destination.ip": "10.100.1.32", + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "018201500005", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"018201500005\" log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" log_version=1 severity=\"Notice\" fw_rule_id=\"12\" nat_rule_id=\"0\" fw_rule_type=\"USER\" ether_type=\"IPv4 (0x0800)\" in_interface=\"LAG10GB.302\" src_mac=\"00:0c:29:a7:37:d4\" src_ip=\"127.0.0.1\" src_country=\"R1\" dst_ip=\"10.100.1.32\" dst_country=\"R1\" protocol=\"ICMP\" icmp_type=3 icmp_code=3 src_zone_type=\"LAN\" src_zone=\"LAN\" con_event=\"Interim\" con_id=\"3230141495\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"LAG10GB.302\"", + "event.outcome": "success", + "event.severity": "5", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "notification", + "log.offset": 25720, + "network.transport": "icmp", + "observer.ingress.interface.name": "LAG10GB.302", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "10.100.1.32", + "127.0.0.1" + ], + "rule.id": "12", + "server.ip": "10.100.1.32", + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "3230141495", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "R1", + "sophos.xg.ether_type": "IPv4 (0x0800)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.icmp_code": "3", + "sophos.xg.icmp_type": "3", + "sophos.xg.log_component": "ICMP ERROR MESSAGE", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00005", + "sophos.xg.priority": "Notice", + "sophos.xg.src_country_code": "R1", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "00:0c:29:a7:37:d4", + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "20:67:7c:ee:88:c0", + "destination.ip": "192.241.215.211", + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "018201500005", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"018201500005\" log_type=\"Firewall\" log_component=\"ICMP ERROR MESSAGE\" log_subtype=\"Allowed\" log_version=1 severity=\"Notice\" fw_rule_id=\"5\" nat_rule_id=\"0\" fw_rule_type=\"USER\" ips_policy_id=13 ether_type=\"IPv4 (0x0800)\" in_interface=\"LAG10GB.20\" src_mac=\"20:67:7c:ee:88:c0\" src_ip=\"127.0.0.1\" src_country=\"AZE\" dst_ip=\"192.241.215.211\" dst_country=\"USA\" protocol=\"ICMP\" icmp_type=3 icmp_code=10 src_zone_type=\"WAN\" src_zone=\"WAN\" con_event=\"Interim\" con_id=\"3227724200\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"LAG10GB.20\"", + "event.outcome": "success", + "event.severity": "5", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "notification", + "log.offset": 26414, + "network.transport": "icmp", + "observer.ingress.interface.name": "LAG10GB.20", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.1", + "192.241.215.211" + ], + "rule.id": "5", + "server.ip": "192.241.215.211", + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "3227724200", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "USA", + "sophos.xg.ether_type": "IPv4 (0x0800)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.icmp_code": "10", + "sophos.xg.icmp_type": "3", + "sophos.xg.ips_policy_id": "13", + "sophos.xg.log_component": "ICMP ERROR MESSAGE", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00005", + "sophos.xg.priority": "Notice", + "sophos.xg.src_country_code": "AZE", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "20:67:7c:ee:88:c0", + "tags": [ + "forwarded", + "sophos-xg" + ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.1", + "client.mac": "20:67:7C:EE:88:B8", + "client.port": 37704, + "destination.ip": "142.250.184.198", + "destination.mac": "00:AA:20:AC:B5:AA", + "destination.port": 443, + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.code": "010101600001", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"010101600001\" log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" log_version=1 severity=\"Information\" fw_rule_id=\"13\" nat_rule_id=\"0\" fw_rule_type=\"USER\" ether_type=\"Unknown (0x0000)\" in_interface=\"LAG10GB.20\" out_interface=\"Port6\" src_mac=\"20:67:7C:EE:88:B8\" dst_mac=\"00:AA:20:AC:B5:AA\" src_ip=\"127.0.0.1\" src_country=\"CHE\" dst_ip=\"142.250.184.198\" dst_country=\"USA\" protocol=\"UDP\" src_port=37704 dst_port=443 src_zone_type=\"DMZ\" src_zone=\"DMZ\" dst_zone_type=\"WAN\" dst_zone=\"WAN\" con_event=\"Start\" con_id=\"927688256\" hb_status=\"No Heartbeat\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\" in_display_interface=\"LAG10GB.20\" out_display_interface=\"Port6\"", + "event.outcome": "success", + "event.severity": "6", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 27129, + "network.transport": "udp", + "observer.egress.interface.name": "Port6", + "observer.ingress.interface.name": "LAG10GB.20", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.1", + "142.250.184.198" + ], + "rule.id": "13", + "server.ip": "142.250.184.198", + "server.mac": "00:AA:20:AC:B5:AA", + "server.port": 443, + "service.type": "sophos", + "sophos.xg.app_is_cloud": "FALSE", + "sophos.xg.appresolvedby": "Signature", + "sophos.xg.con_id": "927688256", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "USA", + "sophos.xg.ether_type": "Unknown (0x0000)", + "sophos.xg.fw_rule_type": "user", + "sophos.xg.hb_health": "No Heartbeat", + "sophos.xg.log_component": "Firewall Rule", + "sophos.xg.log_subtype": "Allowed", + "sophos.xg.log_type": "Firewall", + "sophos.xg.message_id": "00001", + "sophos.xg.priority": "Information", + "sophos.xg.src_country_code": "CHE", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "source.ip": "127.0.0.1", + "source.mac": "20:67:7C:EE:88:B8", + "source.port": 37704, + "tags": [ + "forwarded", + "sophos-xg" + ] } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/sophos/xg/test/idp.log b/x-pack/filebeat/module/sophos/xg/test/idp.log index 57d9e84066d2..3d58cb4dfd52 100644 --- a/x-pack/filebeat/module/sophos/xg/test/idp.log +++ b/x-pack/filebeat/module/sophos/xg/test/idp.log @@ -3,4 +3,4 @@ <30>device="SFW" date=2020-05-18 time=14:38:56 timezone="CEST" device_name="XG230" device_id=1234567890123457 log_id=020804407002 log_type="IDP" log_component="Signatures" log_subtype="Drop" priority=Warning idp_policy_id=7 fw_rule_id=25 user_name="" signature_id=53589 signature_msg="SERVER-WEBAPP DrayTek multiple products command injection attempt" classification="Web Application Attack" rule_priority=2 src_ip=67.43.156.12 src_country_code=NLD dst_ip=172.16.68.20 dst_country_code=R1 protocol="TCP" src_port=59476 dst_port=80 platform="Linux,Mac,Other,Unix,Windows" category="server-webapp" target="Server" <30>device="SFW" date=2018-05-23 time=16:20:34 timezone="BST" device_name="XG750" device_id=SFDemo-f64dd6be log_id=020703406001 log_type="IDP" log_component="Anomaly" log_subtype="Detect" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name="" signature_id=26022 signature_msg="FILE-PDF EmbeddedFile contained within a PDF" classification="A Network Trojan was detected" rule_priority=1 src_ip=10.0.0.168 src_country_code=R1 dst_ip=10.1.1.234 dst_country_code=R1 protocol="TCP" src_port=28938 dst_port=25 platform="Windows" category="Malware Communication" target="Server" <30>device="SFW" date=2018-05-23 time=16:16:43 timezone="BST" device_name="XG750" device_id=SFDemo-f64dd6be log_id=020704406002 log_type="IDP" log_component="Anomaly" log_subtype="Drop" priority=Warning idp_policy_id=1 fw_rule_id=2 user_name="" signature_id=26022 signature_msg="FILE-PDF EmbeddedFile contained within a PDF" classification="A Network Trojan was detected" rule_priority=1 src_ip=10.0.1.31 src_country_code=R1 dst_ip=10.1.0.115 dst_country_code=R1 protocol="TCP" src_port=40140 dst_port=25 platform="Windows" category="Malware Communication" target="Server" - +<28>device_name="SFW" timestamp="2022-03-29T11:31:46+0200" device_model="XG310" device_serial_id="C54AAAAAQDJQB7D" log_id="020804407002" log_type="IDP" log_component="Signatures" log_subtype="Drop" log_version=1 severity="Warning" ips_policy_id=13 fw_rule_id="5" signature_id=1181127040 message="PROTOCOL-DNS PowerDNS Recursive Out of Bounds Read Denial of Service" classification="Misc Attack" rule_priority="Major" src_ip="127.0.0.13" src_country="CHN" dst_ip="127.0.0.1" dst_country="CHE" protocol="UDP" src_port=30447 dst_port=53 os_name="Linux" category="protocol-dns" victim="Server" diff --git a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json index 2bfe7cdce631..e728a095d850 100644 --- a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json @@ -366,5 +366,74 @@ "forwarded", "sophos-xg" ] + }, + { + "@timestamp": "2022-03-29T07:31:46.000-02:00", + "client.ip": "127.0.0.13", + "client.port": 30447, + "destination.ip": "127.0.0.1", + "destination.port": 53, + "event.action": "drop", + "event.category": [ + "intrusion_detection", + "network" + ], + "event.code": "020804407002", + "event.dataset": "sophos.xg", + "event.kind": "alert", + "event.module": "sophos", + "event.original": "device_name=\"SFW\" timestamp=\"2022-03-29T11:31:46+0200\" device_model=\"XG310\" device_serial_id=\"C54AAAAAQDJQB7D\" log_id=\"020804407002\" log_type=\"IDP\" log_component=\"Signatures\" log_subtype=\"Drop\" log_version=1 severity=\"Warning\" ips_policy_id=13 fw_rule_id=\"5\" signature_id=1181127040 message=\"PROTOCOL-DNS PowerDNS Recursive Out of Bounds Read Denial of Service\" classification=\"Misc Attack\" rule_priority=\"Major\" src_ip=\"127.0.0.13\" src_country=\"CHN\" dst_ip=\"127.0.0.1\" dst_country=\"CHE\" protocol=\"UDP\" src_port=30447 dst_port=53 os_name=\"Linux\" category=\"protocol-dns\" victim=\"Server\"", + "event.outcome": "success", + "event.severity": "4", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "denied" + ], + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "warning", + "log.offset": 3001, + "network.transport": "UDP", + "observer.product": "XG", + "observer.serial_number": "C54AAAAAQDJQB7D", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "related.ip": [ + "127.0.0.1", + "127.0.0.13" + ], + "rule.category": "Misc Attack", + "rule.id": "1181127040", + "server.ip": "127.0.0.1", + "server.port": 53, + "service.type": "sophos", + "sophos.xg.category": "protocol-dns", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG310", + "sophos.xg.dst_country_code": "CHE", + "sophos.xg.fw_rule_id": "5", + "sophos.xg.ips_policy_id": "13", + "sophos.xg.log_component": "Signatures", + "sophos.xg.log_subtype": "Drop", + "sophos.xg.log_type": "IDP", + "sophos.xg.message": "PROTOCOL-DNS PowerDNS Recursive Out of Bounds Read Denial of Service", + "sophos.xg.message_id": "07002", + "sophos.xg.platform": "Linux", + "sophos.xg.priority": "Warning", + "sophos.xg.rule_priority": "Major", + "sophos.xg.src_country_code": "CHN", + "sophos.xg.timestamp": "2022-03-29T11:31:46+0200", + "sophos.xg.victim": "Server", + "source.ip": "127.0.0.13", + "source.port": 30447, + "tags": [ + "forwarded", + "sophos-xg" + ] } ] \ No newline at end of file