From f495bdacba3d2d56d6148b92ddd9ae9d26fa5b94 Mon Sep 17 00:00:00 2001 From: Lei Qiu Date: Thu, 14 May 2020 17:51:24 -0700 Subject: [PATCH] Cherry-pick #18472 to 7.7: Add additional fields to address issue #18465 for googlecloud audit log (#18554) * Add additional fields to address issue #18465 for googlecloud audit log (#18472) --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 74 +++++++++++++++++++ .../module/googlecloud/audit/_meta/fields.yml | 34 +++++++++ .../googlecloud/audit/config/pipeline.js | 36 +++++---- .../audit/test/audit-log-entries.json.log | 2 +- .../audit-log-entries.json.log-expected.json | 8 +- x-pack/filebeat/module/googlecloud/fields.go | 2 +- 7 files changed, 140 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 90bc3db243b..9f3c0eb6af2 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -128,6 +128,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fixed typo in log message. {pull}17897[17897] - Unescape file name from SQS message. {pull}18370[18370] - Improve cisco asa and ftd pipelines' failure handler to avoid mapping temporary fields. {issue}18391[18391] {pull}18392[18392] +- Fix `googlecloud.audit` pipeline to only take in fields that are explicitly defined by the dataset. {issue}18465[18465] {pull}18472[18472] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index e0873004c50..24b8b077bf0 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -13986,6 +13986,80 @@ type: ip The user agent of the caller. This information is not authenticated and should be treated accordingly. +type: keyword + +-- + +[float] +=== response + +The operation response. + + + +*`googlecloud.audit.response.proto_name`*:: ++ +-- +Type property of the response. + + +type: keyword + +-- + +[float] +=== details + +The details of the response. + + + +*`googlecloud.audit.response.details.group`*:: ++ +-- +The name of the group. + + +type: keyword + +-- + +*`googlecloud.audit.response.details.kind`*:: ++ +-- +The kind of the response details. + + +type: keyword + +-- + +*`googlecloud.audit.response.details.name`*:: ++ +-- +The name of the response details. + + +type: keyword + +-- + +*`googlecloud.audit.response.details.uid`*:: ++ +-- +The uid of the response details. + + +type: keyword + +-- + +*`googlecloud.audit.response.status`*:: ++ +-- +Status of the response. + + type: keyword -- diff --git a/x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml b/x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml index df3a5552ce4..556184fabea 100644 --- a/x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml +++ b/x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml @@ -96,6 +96,40 @@ description: > The user agent of the caller. This information is not authenticated and should be treated accordingly. + - name: response + type: group + description: > + The operation response. + fields: + - name: proto_name + type: keyword + description: > + Type property of the response. + - name: details + type: group + description: > + The details of the response. + fields: + - name: group + type: keyword + description: > + The name of the group. + - name: kind + type: keyword + description: > + The kind of the response details. + - name: name + type: keyword + description: > + The name of the response details. + - name: uid + type: keyword + description: > + The uid of the response details. + - name: status + type: keyword + description: > + Status of the response. - name: resource_name type: keyword description: > diff --git a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js b/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js index ac151fae7d8..c467cc77c87 100644 --- a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js +++ b/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js @@ -63,35 +63,43 @@ function Audit(keep_original_message) { // contains the structured audit log fields. var convertProtoPayload = new processor.Convert({ fields: [ - {from: "json.@type", to: "json.type"}, + {from: "json.@type", to: "googlecloud.audit.type"}, {from: "json.authenticationInfo.principalEmail", to: "json.authenticationInfo.principal_email"}, {from: "json.authenticationInfo.authoritySelector", to: "json.authenticationInfo.authority_selector"}, - {from: "json.authenticationInfo", to: "json.authentication_info"}, + {from: "json.authenticationInfo", to: "googlecloud.audit.authentication_info"}, - {from: "json.authorizationInfo", to: "json.authorization_info"}, + {from: "json.authorizationInfo", to: "googlecloud.audit.authorization_info"}, - {from: "json.methodName", to: "json.method_name"}, + {from: "json.methodName", to: "googlecloud.audit.method_name"}, - {from: "json.numResponseItems", to: "json.num_response_items", type: "long"}, + {from: "json.numResponseItems", to: "googlecloud.audit.num_response_items", type: "long"}, - {from: "json.request.@type", to: "json.request.proto_name"}, - {from: "json.request.filter", to: "json.request.filter"}, - {from: "json.request.name", to: "json.request.name"}, - {from: "json.request.resourceName", to: "json.request.resource_name"}, + {from: "json.request.@type", to: "googlecloud.audit.request.proto_name"}, + {from: "json.request.filter", to: "googlecloud.audit.request.filter"}, + {from: "json.request.name", to: "googlecloud.audit.request.name"}, + {from: "json.request.resourceName", to: "googlecloud.audit.request.resource_name"}, {from: "json.requestMetadata.callerIp", to: "json.requestMetadata.caller_ip", type: "ip"}, {from: "json.requestMetadata.callerSuppliedUserAgent", to: "json.requestMetadata.caller_supplied_user_agent"}, - {from: "json.requestMetadata", to: "json.request_metadata"}, + {from: "json.requestMetadata", to: "googlecloud.audit.request_metadata"}, - {from: "json.resourceName", to: "json.resource_name"}, + {from: "json.response.@type", to: "googlecloud.audit.response.proto_name"}, + {from: "json.response.status", to: "googlecloud.audit.response.status"}, + {from: "json.response.details.group", to: "googlecloud.audit.response.details.group"}, + {from: "json.response.details.kind", to: "googlecloud.audit.response.details.kind"}, + {from: "json.response.details.name", to: "googlecloud.audit.response.details.name"}, + {from: "json.response.details.uid", to: "googlecloud.audit.response.details.uid"}, + + {from: "json.resourceName", to: "googlecloud.audit.resource_name"}, {from: "json.resourceLocation.currentLocations", to: "json.resourceLocation.current_locations"}, - {from: "json.resourceLocation", to: "json.resource_location"}, + {from: "json.resourceLocation", to: "googlecloud.audit.resource_location"}, + + {from: "json.serviceName", to: "googlecloud.audit.service_name"}, - {from: "json.serviceName", to: "json.service_name"}, + {from: "json.status", to: "googlecloud.audit.status"}, - {from: "json", to: "googlecloud.audit"}, ], mode: "rename", ignore_missing: true, diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log index 2120a297a5f..6446bf639f4 100644 --- a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log +++ b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log @@ -1,4 +1,4 @@ {"insertId":"-uihnmjctwo","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"resourcemanager.projects.get","resource":"projects/elastic-beats","resourceAttributes":{}}],"methodName":"GetResourceBillingInfo","request":{"@type":"type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest","resourceName":"projects/189716325846"},"requestMetadata":{"callerIp":"192.168.1.1","destinationAttributes":{},"requestAttributes":{}},"resourceName":"projects/elastic-beats","serviceName":"cloudbilling.googleapis.com","status":{}},"receiveTimestamp":"2019-12-19T00:49:36.313482371Z","resource":{"labels":{"project_id":"elastic-beats"},"type":"project"},"severity":"INFO","timestamp":"2019-12-19T00:49:36.086Z"} {"insertId":"-h6onuze1h7dg","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":false,"permission":"compute.machineTypes.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.machineTypes.aggregatedList","numResponseItems":"71","request":{"@type":"type.googleapis.com/compute.machineTypes.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:45:51.711Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/machineTypes","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:45:52.367887078Z","resource":{"labels":{"location":"global","method":"compute.machineTypes.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:45:51.228Z"} -{"insertId":"yonau2dg2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} +{"insertId":"yonau2dg2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"granted":true,"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"response":{"@type":"core.k8s.io/v1.Status","apiVersion":"v1","details":{"group":"batch","kind":"jobs","name":"gsuite-exporter-1589294700","uid":"2beff34a-945f-11ea-bacf-42010a80007f"},"kind":"Status","metadata":{},"status":"Success"},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com"},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} {"insertId":"yonau3dc2zi","logName":"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload":{"@type":"type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo":{"principalEmail":"xxx@xxx.xxx"},"authorizationInfo":[{"permission":"compute.instances.list","resourceAttributes":{"name":"projects/elastic-beats","service":"resourcemanager","type":"resourcemanager.projects"}}],"methodName":"beta.compute.instances.aggregatedList","numResponseItems":"61","request":{"@type":"type.googleapis.com/compute.instances.aggregatedList"},"requestMetadata":{"callerIp":"192.168.1.1","callerSuppliedUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)","destinationAttributes":{},"requestAttributes":{"auth":{},"time":"2019-12-19T00:44:25.198Z"}},"resourceLocation":{"currentLocations":["global"]},"resourceName":"projects/elastic-beats/global/instances","serviceName":"compute.googleapis.com","status":{"code":7,"message":"PERMISSION_DENIED"}},"receiveTimestamp":"2019-12-19T00:44:25.262379373Z","resource":{"labels":{"location":"global","method":"compute.instances.aggregatedList","project_id":"elastic-beats","service":"compute.googleapis.com","version":"beta"},"type":"api"},"severity":"INFO","timestamp":"2019-12-19T00:44:25.051Z"} diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json index cf665ca41d1..61db8fc207d 100644 --- a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json @@ -112,6 +112,12 @@ "global" ], "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", + "googlecloud.audit.response.details.group": "batch", + "googlecloud.audit.response.details.kind": "jobs", + "googlecloud.audit.response.details.name": "gsuite-exporter-1589294700", + "googlecloud.audit.response.details.uid": "2beff34a-945f-11ea-bacf-42010a80007f", + "googlecloud.audit.response.proto_name": "core.k8s.io/v1.Status", + "googlecloud.audit.response.status": "Success", "googlecloud.audit.service_name": "compute.googleapis.com", "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", @@ -165,7 +171,7 @@ "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", - "log.offset": 3541, + "log.offset": 3776, "service.name": "compute.googleapis.com", "service.type": "googlecloud", "source.ip": "192.168.1.1", diff --git a/x-pack/filebeat/module/googlecloud/fields.go b/x-pack/filebeat/module/googlecloud/fields.go index 74ecc3a9487..91fb012da25 100644 --- a/x-pack/filebeat/module/googlecloud/fields.go +++ b/x-pack/filebeat/module/googlecloud/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGooglecloud returns asset data. // This is the base64 encoded gzipped contents of module/googlecloud. func AssetGooglecloud() string { - return "eJzsWltvG7sRfvevmDe3gLMHfc1DAUOOW6Nx4WOrKdAXgSZHWtZccsuLVOXXH/C22qssW+sAAaKnZC/ffJwZznyc9Sd4wf1n2Ci1EUiFcuwCwHIr8DP8LVyERbrK0FDNa8uV/Ax/vQAAuFfMCYS10lASyQSXGxBqY2CtVdV5v7gAWHMUzHwOb34CSSrsG/Y/u6/9da1cna6MGPa/2wA3NBUYFOmxts22XYbGckk8ZsGlsURSbB4aI3GEiP/drcGW2IYFFS9RJSXScGVHDBD4dg9CUWKRgZLhEUMqhG8Pi6sOpC25ifyBG6hV7UR4acdt6UEybWBoCRemgDsJBJ5KopF5uA4aVXLNN04HbldQa/VfpHbFGVClNZpaSWbAqkAo3QVbEgtqJ42/2oHLxq/AGUeE2MeFoN5y2rxftF7pB6IdjAOZzu0chhfc75Tu3zsSjBCQmxyAvBiqpCVc+hz1l7/dFxejbDRuuJLzMXkMeJnNpNnvSuJ8Rv+jJI6aHNsA25r+VLn/sACJdqf0y+y57/M9ci+VsT93Im9ruvL/mo+L97yPZclpmWz7+KgavW/lZoKIcc8pXjPzeWqAT6XVUFJOU5yz9EfE92R+yPYO5K+q/6vqf0jVT2k/T8H/IRn/q9b/qvXhd3Kt7zMijnF7Trrng4bS3XNGAO6cNmA0ZzIRb/jiNG8c9cVyX4cEqVHbfTFiiDhborSchk2w4nKtRuz2PfCK1esOKHhQXUX9CMOtPLlpuKS8JmKFFeFivuxYlggBEghjGo3JG6nlC2TgDGqoyEveTxr/59DY3graflSa2/3KoEBqlZ6XcIMPGR9MjZSvOTJ43rcZKn0FfA1E7gu4sz7jpbKwcUQTaREZDAyE+hZLSfJ5rMtCqB0yXwGdwSi0Gx4dP/S88P1oMhGtyf5tydRgtnMp7DLPOm1oJYvTkwt1xY2ZtY0vUwi47zV31/ctIxNJswkRGW8Kz0oJJH16r1D4d4m2RA1Kh5h3whHcpTF1YiJZi18Id2IzwTW/uSLWav7sLJpR3sNScVp+N6h5N2aDRe/5sbC2ekoUmMMUPxLXVwlGit5AJpfM9LllFiPtbHYKU/6ZbCEzcfAQxzhk+xXaUrFhZ39vJxuPQDLjM/5QBuBWabh+uANKhDBRQvarnimVEwyeMaC1kf2LEbXov+Rx8f+kqgVewWUcSBaMWOKrLhbbvxQ3zX8enfzdod5fjjlHumoVFabBFbdYmREfCSU3b3SQq5799l9DwASN1mmJLE4+CXzlxnpXBWKthcaGUdeCU/IsRsOZmsv54mDZrthNV32DLFBWzawXOyrpkNsjzDKLNRcWZ2zxtwHvJNPzLv2fnYpyTOE0DeDDCRzKypjGSA+tKrTEb73zM/I+IQF5Vs5OR+BYWvpKg3rF+60vEhpcPqEj3j309Wm0MRGeRMA4v4uRrbx8XZENSjuvwgmyOOD2aS19lW3rs6Q8u7LaC48BcKsYa4yPUao043IjRo8t08l4RntpxJHSQJUQaUQR1DEPEy6wRG+wWXmr40x1Ky+ZwdASK/wkfCz/9Xh3FdzCJRWO5dOFr8W5pfkXX2k9pkSxRfPb09+/fL1d3d389qzUixltNY2rwoSlr3jfXcIz2nE5cnTLOK1R2obXuJ58V6IuInRD8qio7EnHD1Ms7RDXqP0+ydGfTqRO2A9KI0oPUnNTUFWNrsYS68ZUxTtiHbGarN+iJkJMkj4ac8XGeweXFjeDjnpCPUrcPPBVGvUcqgmRgNJVsCXChTgkyaZrWiwU6++yg3Q1hmxmbHLXwHCLwnvs05pQH3bUWulsacicS/giN4KbsoBruQ9lN786gO9gtUB8+gv+PVVd43cEj+PVlh+eggOLNDEdgodwXvmaeIBLAwcqOMq2XjjII407ItpDm9lGabcJ+w3TNO0ErtICz98RN4ebeUvk9QZLsWFUxNISWTx7HAber5fHzgQsjFomTnGD48GA+TKOdOLcKE9LOlynDo+EDjoFvO34eN1qnqHyes+ksmdAyeigKfuMazybwk0GCWHSZL3mtB0cE4NzzA8a16hRnjdQeMwg+evZSSFIXVsTOahEb7Iez3zr/Akm4JlDXLqpG86A/raajMzh0/183Np/DzBJ8HVuyWWWDPfFmYOPTNTzaH3PsmRzhiujmPwRdJNsPY8ur1e10nY41oUjo9030eV1PN5TJUxoWYeRBHjTOTfCJNMJNK8kQlZ0/jDhBgehj0qKrPGS1fMT5AcvIyXLOctofWpcC7X7CBnw7WEBHvstMgB9EvVE5hni3nCGSbglaBb9I9SugAWRXoMhDxP5y6fHxaUXUZc3X56WrYPaGE9rixkGgl+JRUn3QAxUSIzTyOBP3o/LxUPg6Nuw2P8ZmNP5IGK5P7NKi3pLRD7SDw5m+UEUpDZeDqLdIUqvMMOBlsDTl9/DBtZIkW/jtcNHdf//68U/erD+ed58xo7n7fwZ93G59OvYoe8D8VaqDWmKGP8OgKEg++LijwAAAP//F4rICQ==" + return "eJzsWltv47oRfs+vmLe0QFYHfd2HAoGzaYNuipzE3QJ9MRhybLGhSJUXu95fX/Am6+o4sbI9B1g/Jbp882lmOPNxpE/wgvvPsFFqI5AK5dgFgOVW4Gf4SzgIi3SUoaGa15Yr+Rn+fAEAcK+YEwhrpaEkkgkuNyDUxsBaq6pzf3EBsOYomPkc7vwEklTYN+x/dl/741q5Oh0ZMex/twFuaCowKNJlbZttuwyN5ZJ4zIJLY4mk2Fw0RuIIEf+7W4MtsQ0LKh6iSkqk4ciOGCDw7R6EosQiAyXDJYZUCN8eFlcdSFtyE/kDN1Cr2olw047b0oNk2sDQEi5MAXcSCDyVRCPzcB00quSab5wO3K6g1urfSO2KM6BKazS1ksyAVYFQOgu2JBbUThp/tAOXjV+BM44IsY8PgnrLaXN/0bqlH4h2MA5kOqdzGF5wv1O6f+5IMEJAbnIA8sNQJS3h0ueoP/ztvrgYZaNxw5Wcj8ljwMtsJs1+VxLnM/ovJXHU5NgC2Nb0d5X7DwuQaHdKv8ye+z7fI/dSGfv7TuRtTVf+r/m4eM/7WJaclsm2j4+q0ftWbiaIGPec4jUzn6cG+FRaDSXlNMU5S39EfE/mh2zvQP6s+j+r/odU/ZT28xT8H5LxP2v9z1offifX+j4j4hi356R73mgo3d1nBODObgNGcyYT8YYvTvPGUV8s93VIkBq13RcjhoizJUrLaVgEKy7XasRu3wOvWL3ugIIH1VXUjzBcypOLhkvKayJWWBEu5suOZYkQIIEwptGYvJBavkAGzqCGirzk9aTxPw6N7T1B249Kc7tfGRRIrdLzEm7wIeODqZHyNUcGz/s2Q6WvgK+ByH0Bd9ZnvFQWNo5oIi0ig4GBUN9iKUk+j3VZCLVD5iugMxiFdsOj44eeF74fTSaiNdm/LZkazHYuhVXmWacFrWRxenKhrrgxs7bxZQoB973m7vq+ZWQiaTYhIuNN4VkpgaRP7xUK/yzRlqhB6RDzTjiCuzSmTkwka/EL4U5sJrjmO1fEWs2fnUUzyntYKk7L7wY1r8ZssOhdPxbWVk+JAnOY4kfi+irBSNEbyOSSmT63zGKknc1OYco/ky1kJg4e4hiHbL9CWyo27Ozv7WTjEUhmfMYfygDcKg3XD3dAiRAmSsh+1TOlcoLBMwa0NrK/MaIW/Zs8Lv6XVLXAK7iMA8mCEUt81cVi+6fipvnn0clfHer95ZhzpKtWUWEaXHGLlRnxkVBy80YHuerZL/81BEzQaJ2WyOLkk8BXbqx3VSDWetDYMOpacEqexWg4U3M5Xxws2xW76apvkAXKqpn1YkclHXJ7hFlmsebC4owt/jbgnWR63kf/e6eiHFM4TQP4cAKHsjKmMdJFqwot8Uvv/Iy8T0hAnpWz0xE4lpa+0qBe8X7ri4QGh0/oiHcPfX0abUyEJxEwzq9iZCsvX1dkg9LOq3CCLA64fVpLX2Xb+iwpz66s9sJjANwqxhrjZZQqzbjciNFtS66d85ejiPubrEdj1A4z+jDwmFOSJcjj9l/TY2O2Z5dCwciUDnrhcmhiBgIet++bZu70/9WFJ3Fxg2nULFQcP9ErjWK3xLrxxH3P4nkKcIOkHe8kUx3tDI3a7LCUBqqESHPOsMXmYUwOlugNNuWzJVunJK/fd4OhJVb4SfiG8I/Hu6tQW7mkwrE8ovCCLutif+Mr+tWUKLZofnn665evt6u7m1+elXoxo3q1cVUY0/a3ze8uvBnt+J7maN91WqO0Da/5EgkWEboheXRn2tt/fti2px3iGrVvtjn604nUCfthuxL3L6TmpqCqGn2a4dp8d6xNZ2GqLWoixCTpozFXbLzZcmlxM5DlJ7S6xM0DX6V58UGSEAkoXQVbIlyIQ9r36ZoWC8X6q+yw/zWGbGZUBdfAcIvCe+zTmlAfdtRa6WxpyJxL+CI3gpuygGu5D9ot3zqA72C1QHz6C/49STfjVwSP72hafohVt8iSYQAewnnla+IBLk0tqeAo25uOwx5L446I9uR3tnn8bcJ+w0heO4GrMZn1rhVxcziZl0R+3mApNoyKWFoiiwOMw1uz18tjZ4we5rUTvX4wYxgwX8a5cBw+55Frh+uUwiB00CngbSLjutU8Q+X1nkllz4CS0UFT9hnXeDaFmwwSwqTJes1pOzgmBueYHzSuUaM8byr5mEHyK/iTQpC6tiZyUIneZD0Ojtb5PW7AM4e4dFM3DJL8aTUZmcP3P/Nxa39UNEnwdW7JZZYM18WZ8jgT9TxaL8Ut2ZzhyigmfwTdJFvPo8vrVa20Hb4bgiPvh95El9dxT06VMKFlHeaa4E3n3AivQ5zAyQ1SSoSs6Ailyg2mKR+VFFnjJavnJ8gPfoyULOc8Rut7hbVQu4+QAd8eFuCx3yID0CdRT2SeIe4NZ5iEW4Jm0T9C7QpYEOk1GPLwWu/y6XFx6UXU5c2Xp2VrozbG09pihrcKX4lFSfdADFRIjNPI4A/ej8vFQ+Do27DY/xGY03kjYrnfs0qLektEngsONmb5QhSkNl4Oot0hSq8ww4aWwNOXX8MC1kiRb+Oxw5c5/v/rxd96sP563nwLE/fb+VuQx+XSP8cOfR+Ip1JtSLO/+DERQ0H2xcX/AgAA//8iHdat" }