├── CONTRIBUTING.md ├── tests └── system │ ├── requirements.txt │ ├── vulsbeat.py │ ├── test_base.py │ └── config │ └── vulsbeat.yml.j2 ├── include ├── include.go └── fields.go ├── _meta ├── config │ ├── beat.docker.yml.tmpl │ ├── beat.yml.tmpl │ └── beat.reference.yml.tmpl └── fields.yml ├── data └── meta.json ├── config ├── config_test.go └── config.go ├── docs └── index.asciidoc ├── .gitignore ├── NOTICE.txt ├── main.go ├── vulsbeat.docker.yml ├── make.bat ├── cmd └── root.go ├── tools └── tools.go ├── .editorconfig ├── main_test.go ├── Makefile ├── beater └── vulsbeat.go ├── magefile.go ├── go.mod ├── README.md ├── vulsbeat.yml ├── LICENSE └── vulsbeat.reference.yml /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/system/requirements.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /include/include.go: -------------------------------------------------------------------------------- 1 | package include 2 | -------------------------------------------------------------------------------- /_meta/config/beat.docker.yml.tmpl: -------------------------------------------------------------------------------- 1 | vulsbeat: 2 | period: 1s 3 | -------------------------------------------------------------------------------- /data/meta.json: -------------------------------------------------------------------------------- 1 | {"uuid":"cade4504-e8d9-4926-9402-cebdb84c8269"} 2 | -------------------------------------------------------------------------------- /config/config_test.go: -------------------------------------------------------------------------------- 1 | // +build !integration 2 | 3 | package config 4 | -------------------------------------------------------------------------------- /docs/index.asciidoc: -------------------------------------------------------------------------------- 1 | = {Beat} Docs 2 | 3 | Welcome to the {Beat} documentation. 4 | 5 | 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.idea 2 | /build 3 | 4 | .DS_Store 5 | /vulsbeat 6 | /vulsbeat.test 7 | *.pyc 8 | -------------------------------------------------------------------------------- /_meta/fields.yml: -------------------------------------------------------------------------------- 1 | - key: vulsbeat 2 | title: vulsbeat 3 | description: 4 | fields: 5 | - name: results 6 | type: nested 7 | required: true 8 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | vulsbeat 2 | Copyright {year} Firstname Lastname 3 | 4 | This product includes software developed by The Apache Software 5 | Foundation (http://www.apache.org/). 6 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | 6 | "github.com/kazuminn/vulsbeat/cmd" 7 | 8 | _ "github.com/kazuminn/vulsbeat/include" 9 | ) 10 | 11 | func main() { 12 | if err := cmd.RootCmd.Execute(); err != nil { 13 | os.Exit(1) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /_meta/config/beat.yml.tmpl: -------------------------------------------------------------------------------- 1 | ################### {Beat} Configuration Example ######################### 2 | 3 | ############################# {Beat} ###################################### 4 | 5 | vulsbeat: 6 | # Defines how often an event is sent to the output 7 | period: 1s 8 | -------------------------------------------------------------------------------- /_meta/config/beat.reference.yml.tmpl: -------------------------------------------------------------------------------- 1 | ################### {Beat} Configuration Example ######################### 2 | 3 | ############################# {Beat} ###################################### 4 | 5 | vulsbeat: 6 | # Defines how often an event is sent to the output 7 | period: 1s 8 | -------------------------------------------------------------------------------- /vulsbeat.docker.yml: -------------------------------------------------------------------------------- 1 | vulsbeat: 2 | period: 1s 3 | 4 | processors: 5 | - add_cloud_metadata: ~ 6 | - add_docker_metadata: ~ 7 | 8 | output.elasticsearch: 9 | hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}' 10 | username: '${ELASTICSEARCH_USERNAME:}' 11 | password: '${ELASTICSEARCH_PASSWORD:}' 12 | -------------------------------------------------------------------------------- /tests/system/vulsbeat.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | from beat.beat import TestCase 4 | 5 | 6 | class BaseTest(TestCase): 7 | 8 | @classmethod 9 | def setUpClass(self): 10 | self.beat_name = "vulsbeat" 11 | self.beat_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../")) 12 | super(BaseTest, self).setUpClass() 13 | -------------------------------------------------------------------------------- /make.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | REM Windows wrapper for Mage (https://magefile.org/) that installs it 4 | REM to %GOPATH%\bin from the Beats vendor directory. 5 | REM 6 | REM After running this once you may invoke mage.exe directly. 7 | 8 | WHERE mage 9 | IF %ERRORLEVEL% NEQ 0 go install github.com/kazuminn/vulsbeat/vendor/github.com/magefile/mage 10 | 11 | mage %* 12 | -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/kazuminn/vulsbeat/beater" 5 | 6 | cmd "github.com/elastic/beats/v7/libbeat/cmd" 7 | "github.com/elastic/beats/v7/libbeat/cmd/instance" 8 | ) 9 | 10 | // Name of this beat 11 | var Name = "vulsbeat" 12 | 13 | // RootCmd to handle beats cli 14 | var RootCmd = cmd.GenRootCmdWithSettings(beater.New, instance.Settings{Name: Name}) 15 | -------------------------------------------------------------------------------- /tools/tools.go: -------------------------------------------------------------------------------- 1 | // +build tools 2 | 3 | // This package contains the tool dependencies of the project. 4 | 5 | package tools 6 | 7 | import ( 8 | _ "github.com/pierrre/gotestcover" 9 | _ "github.com/tsg/go-daemon" 10 | _ "golang.org/x/tools/cmd/goimports" 11 | 12 | _ "github.com/mitchellh/gox" 13 | _ "github.com/reviewdog/reviewdog/cmd/reviewdog" 14 | _ "golang.org/x/lint/golint" 15 | ) 16 | -------------------------------------------------------------------------------- /config/config.go: -------------------------------------------------------------------------------- 1 | // Config is put into a different package to prevent cyclic imports in case 2 | // it is needed in several locations 3 | 4 | package config 5 | 6 | import ( 7 | "time" 8 | ) 9 | 10 | type Config struct { 11 | Period time.Duration `config:"period"` 12 | Path string `config:"path"` 13 | } 14 | 15 | var DefaultConfig = Config{ 16 | Period: 1 * time.Second, 17 | Path: "", 18 | } 19 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # See: http://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | charset = utf-8 6 | end_of_line = lf 7 | insert_final_newline = true 8 | trim_trailing_whitespace = true 9 | 10 | [*.json] 11 | indent_size = 4 12 | indent_style = space 13 | 14 | [*.py] 15 | indent_style = space 16 | indent_size = 4 17 | 18 | [*.yml] 19 | indent_style = space 20 | indent_size = 2 21 | 22 | [Makefile] 23 | indent_style = tab 24 | 25 | [Vagrantfile] 26 | indent_size = 2 27 | indent_style = space 28 | -------------------------------------------------------------------------------- /tests/system/test_base.py: -------------------------------------------------------------------------------- 1 | from vulsbeat import BaseTest 2 | 3 | import os 4 | 5 | 6 | class Test(BaseTest): 7 | 8 | def test_base(self): 9 | """ 10 | Basic test with exiting {Beat} normally 11 | """ 12 | self.render_config_template( 13 | path=os.path.abspath(self.working_dir) + "/log/*" 14 | ) 15 | 16 | vulsbeat_proc = self.start_beat() 17 | self.wait_until(lambda: self.log_contains("vulsbeat is running")) 18 | exit_code = vulsbeat_proc.kill_and_wait() 19 | assert exit_code == 0 20 | -------------------------------------------------------------------------------- /main_test.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | // This file is mandatory as otherwise the vulsbeat.test binary is not generated correctly. 4 | 5 | import ( 6 | "flag" 7 | "testing" 8 | 9 | "github.com/kazuminn/vulsbeat/cmd" 10 | ) 11 | 12 | var systemTest *bool 13 | 14 | func init() { 15 | testing.Init() 16 | systemTest = flag.Bool("systemTest", false, "Set to true when running system tests") 17 | 18 | cmd.RootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("systemTest")) 19 | cmd.RootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("test.coverprofile")) 20 | } 21 | 22 | // Test started when the test binary is started. Only calls main. 23 | func TestSystem(t *testing.T) { 24 | 25 | if *systemTest { 26 | main() 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | BEAT_NAME=vulsbeat 2 | BEAT_PATH=github.com/kazuminn/vulsbeat 3 | BEAT_GOPATH=$(firstword $(subst :, ,${GOPATH})) 4 | SYSTEM_TESTS=false 5 | TEST_ENVIRONMENT=false 6 | ES_BEATS_IMPORT_PATH=github.com/elastic/beats/v7 7 | ES_BEATS?=$(shell go list -m -f '{{.Dir}}' ${ES_BEATS_IMPORT_PATH}) 8 | LIBBEAT_MAKEFILE=$(ES_BEATS)/libbeat/scripts/Makefile 9 | GOPACKAGES=$(shell go list ${BEAT_PATH}/... | grep -v /tools) 10 | GOBUILD_FLAGS=-i -ldflags "-X ${ES_BEATS_IMPORT_PATH}/libbeat/version.buildTime=$(NOW) -X ${ES_BEATS_IMPORT_PATH}/libbeat/version.commit=$(COMMIT_ID)" 11 | MAGE_IMPORT_PATH=github.com/magefile/mage 12 | NO_COLLECT=true 13 | CHECK_HEADERS_DISABLED=true 14 | 15 | # Path to the libbeat Makefile 16 | -include $(LIBBEAT_MAKEFILE) 17 | 18 | .PHONY: copy-vendor 19 | copy-vendor: 20 | mage vendorUpdate 21 | -------------------------------------------------------------------------------- /beater/vulsbeat.go: -------------------------------------------------------------------------------- 1 | package beater 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "io/ioutil" 7 | "os" 8 | "path/filepath" 9 | "time" 10 | 11 | "github.com/elastic/beats/v7/libbeat/beat" 12 | "github.com/elastic/beats/v7/libbeat/common" 13 | "github.com/elastic/beats/v7/libbeat/logp" 14 | 15 | "github.com/future-architect/vuls/models" 16 | "github.com/kazuminn/vulsbeat/config" 17 | ) 18 | 19 | // vulsbeat configuration. 20 | type vulsbeat struct { 21 | done chan struct{} 22 | config config.Config 23 | client beat.Client 24 | } 25 | 26 | // New creates an instance of vulsbeat. 27 | func New(b *beat.Beat, cfg *common.Config) (beat.Beater, error) { 28 | c := config.DefaultConfig 29 | if err := cfg.Unpack(&c); err != nil { 30 | return nil, fmt.Errorf("Error reading config file: %v", err) 31 | } 32 | 33 | bt := &vulsbeat{ 34 | done: make(chan struct{}), 35 | config: c, 36 | } 37 | return bt, nil 38 | } 39 | 40 | // Run starts vulsbeat. 41 | func (bt *vulsbeat) Run(b *beat.Beat) error { 42 | logp.Info("vulsbeat is running! Hit CTRL-C to stop it.") 43 | 44 | var err error 45 | bt.client, err = b.Publisher.Connect() 46 | if err != nil { 47 | return err 48 | } 49 | 50 | results := models.ScanResults{} 51 | for _, file := range bt.getJSONFileNames() { 52 | raw, err := ioutil.ReadFile(file) 53 | if err != nil { 54 | fmt.Println(err.Error()) 55 | os.Exit(1) 56 | } 57 | 58 | var result models.ScanResult 59 | json.Unmarshal(raw, &result) 60 | 61 | results = append(results, result) 62 | } 63 | 64 | event := beat.Event{ 65 | Timestamp: time.Now(), 66 | Fields: common.MapStr{ 67 | "type": b.Info.Name, 68 | "results": results, 69 | }, 70 | } 71 | bt.client.Publish(event) 72 | logp.Info("Event sent") 73 | 74 | select { 75 | case <-bt.done: 76 | return nil 77 | } 78 | } 79 | 80 | // Stop stops vulsbeat. 81 | func (bt *vulsbeat) Stop() { 82 | bt.client.Close() 83 | close(bt.done) 84 | } 85 | 86 | func (bt *vulsbeat) dirwalk(dir string) []string { 87 | files, err := ioutil.ReadDir(dir) 88 | if err != nil { 89 | panic(err) 90 | } 91 | 92 | var paths []string 93 | for _, file := range files { 94 | paths = append(paths, filepath.Join(dir, file.Name())) 95 | } 96 | 97 | return paths 98 | } 99 | func (bt *vulsbeat) getJSONFileNames() []string { 100 | jsonDirs := bt.dirwalk(bt.config.Path) 101 | 102 | var jsonFiles []string 103 | for _, dir := range jsonDirs[1:] { 104 | jsonFiles = append(jsonFiles, bt.dirwalk(dir)...) 105 | } 106 | return jsonFiles 107 | } 108 | -------------------------------------------------------------------------------- /tests/system/config/vulsbeat.yml.j2: -------------------------------------------------------------------------------- 1 | ################### Beat Configuration ######################### 2 | 3 | 4 | 5 | ############################# Output ########################################## 6 | 7 | # Configure what outputs to use when sending the data collected by the beat. 8 | # You can enable one or multiple outputs by setting enabled option to true. 9 | output: 10 | 11 | ### File as output 12 | file: 13 | # Enabling file output 14 | enabled: true 15 | 16 | # Path to the directory where to save the generated files. The option is mandatory. 17 | path: {{ output_file_path|default(beat.working_dir + "/output") }} 18 | 19 | 20 | # Name of the generated files. The default is `vulsbeat` and it generates 21 | # files: `vulsbeat`, `vulsbeat.1`, `vulsbeat.2`, etc. 22 | filename: {{ output_file_filename|default("vulsbeat") }} 23 | 24 | # Maximum size in kilobytes of each file. When this size is reached, the files are 25 | # rotated. The default value is 10 MB. 26 | #rotate_every_kb: 10000 27 | 28 | # Maximum number of files under path. When this number of files is reached, the 29 | # oldest file is deleted and the rest are shifted from last to first. The default 30 | # is 7 files. 31 | #number_of_files: 7 32 | 33 | 34 | 35 | ############################# Beat ######################################### 36 | 37 | # The name of the shipper that publishes the network data. It can be used to group 38 | # all the transactions sent by a single shipper in the web interface. 39 | # If this options is not defined, the hostname is used. 40 | #name: 41 | 42 | # The tags of the shipper are included in their own field with each 43 | # transaction published. Tags make it easy to group servers by different 44 | # logical properties. 45 | #tags: ["service-X", "web-tier"] 46 | 47 | 48 | 49 | ############################# Logging ######################################### 50 | 51 | #logging: 52 | # Send all logging output to syslog. On Windows default is false, otherwise 53 | # default is true. 54 | #to_syslog: true 55 | 56 | # Write all logging output to files. Beats automatically rotate files if configurable 57 | # limit is reached. 58 | #to_files: false 59 | 60 | # Enable debug output for selected components. 61 | #selectors: [] 62 | 63 | # Set log level 64 | #level: error 65 | 66 | #files: 67 | # The directory where the log files will written to. 68 | #path: /var/log/vulsbeat 69 | 70 | # The name of the files where the logs are written to. 71 | #name: vulsbeat 72 | 73 | # Configure log file size limit. If limit is reached, log file will be 74 | # automatically rotated 75 | #rotateeverybytes: 10485760 # = 10MB 76 | 77 | # Number of rotated log files to keep. Oldest files will be deleted first. 78 | #keepfiles: 7 79 | -------------------------------------------------------------------------------- /magefile.go: -------------------------------------------------------------------------------- 1 | // +build mage 2 | 3 | package main 4 | 5 | import ( 6 | "fmt" 7 | "time" 8 | 9 | "github.com/magefile/mage/mg" 10 | "github.com/magefile/mage/sh" 11 | 12 | devtools "github.com/elastic/beats/v7/dev-tools/mage" 13 | "github.com/elastic/beats/v7/dev-tools/mage/target/build" 14 | "github.com/elastic/beats/v7/dev-tools/mage/target/common" 15 | "github.com/elastic/beats/v7/dev-tools/mage/target/pkg" 16 | "github.com/elastic/beats/v7/dev-tools/mage/target/unittest" 17 | ) 18 | 19 | func init() { 20 | devtools.SetBuildVariableSources(devtools.DefaultBeatBuildVariableSources) 21 | 22 | devtools.BeatDescription = "One sentence description of the Beat." 23 | devtools.BeatVendor = "Firstname Lastname" 24 | devtools.BeatProjectType = devtools.CommunityProject 25 | devtools.CrossBuildMountModcache = true 26 | } 27 | 28 | // Package packages the Beat for distribution. 29 | // Use SNAPSHOT=true to build snapshots. 30 | // Use PLATFORMS to control the target platforms. 31 | func Package() { 32 | start := time.Now() 33 | defer func() { fmt.Println("package ran for", time.Since(start)) }() 34 | 35 | devtools.UseCommunityBeatPackaging() 36 | 37 | mg.Deps(Update) 38 | mg.Deps(build.CrossBuild, build.CrossBuildGoDaemon) 39 | mg.SerialDeps(devtools.Package, pkg.PackageTest) 40 | } 41 | 42 | // Update updates the generated files (aka make update). 43 | func Update() error { 44 | return sh.Run("make", "update") 45 | } 46 | 47 | // Fields generates a fields.yml for the Beat. 48 | func Fields() error { 49 | return devtools.GenerateFieldsYAML() 50 | } 51 | 52 | // Config generates both the short/reference/docker configs. 53 | func Config() error { 54 | p := devtools.DefaultConfigFileParams() 55 | p.Templates = append(p.Templates, "_meta/config/*.tmpl") 56 | return devtools.Config(devtools.AllConfigTypes, p, ".") 57 | } 58 | 59 | // Clean cleans all generated files and build artifacts. 60 | func Clean() error { 61 | return devtools.Clean() 62 | } 63 | 64 | // Check formats code, updates generated content, check for common errors, and 65 | // checks for any modified files. 66 | func Check() { 67 | common.Check() 68 | } 69 | 70 | // Fmt formats source code (.go and .py) and adds license headers. 71 | func Fmt() { 72 | common.Fmt() 73 | } 74 | 75 | // Test runs all available tests 76 | func Test() { 77 | mg.Deps(unittest.GoUnitTest) 78 | } 79 | 80 | // Build builds the Beat binary. 81 | func Build() error { 82 | return build.Build() 83 | } 84 | 85 | // CrossBuild cross-builds the beat for all target platforms. 86 | func CrossBuild() error { 87 | return build.CrossBuild() 88 | } 89 | 90 | // BuildGoDaemon builds the go-daemon binary (use crossBuildGoDaemon). 91 | func BuildGoDaemon() error { 92 | return build.BuildGoDaemon() 93 | } 94 | 95 | // GolangCrossBuild build the Beat binary inside of the golang-builder. 96 | // Do not use directly, use crossBuild instead. 97 | func GolangCrossBuild() error { 98 | return build.GolangCrossBuild() 99 | } 100 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/kazuminn/vulsbeat 2 | 3 | go 1.15 4 | 5 | replace ( 6 | github.com/Azure/go-autorest => github.com/Azure/go-autorest v12.2.0+incompatible 7 | github.com/Microsoft/go-winio => github.com/bi-zone/go-winio v0.4.15 8 | github.com/Shopify/sarama => github.com/elastic/sarama v1.19.1-0.20200629123429-0e7b69039eec 9 | github.com/cucumber/godog => github.com/cucumber/godog v0.8.1 10 | github.com/docker/docker => github.com/docker/engine v0.0.0-20191113042239-ea84732a7725 11 | github.com/docker/go-plugins-helpers => github.com/elastic/go-plugins-helpers v0.0.0-20200207104224-bdf17607b79f 12 | github.com/dop251/goja => github.com/andrewkroh/goja v0.0.0-20190128172624-dd2ac4456e20 13 | github.com/dop251/goja_nodejs => github.com/dop251/goja_nodejs v0.0.0-20171011081505-adff31b136e6 14 | github.com/fsnotify/fsevents => github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 15 | github.com/fsnotify/fsnotify => github.com/adriansr/fsnotify v0.0.0-20180417234312-c9bbe1f46f1d 16 | github.com/google/gopacket => github.com/adriansr/gopacket v1.1.18-0.20200327165309-dd62abfa8a41 17 | github.com/insomniacslk/dhcp => github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 // indirect 18 | github.com/kardianos/service => github.com/blakerouse/service v1.1.1-0.20200924160513-057808572ffa 19 | github.com/tonistiigi/fifo => github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c 20 | golang.org/x/tools => golang.org/x/tools v0.0.0-20200602230032-c00d67ef29d0 // release 1.14 21 | ) 22 | 23 | require ( 24 | github.com/akavel/rsrc v0.9.0 // indirect 25 | github.com/dlclark/regexp2 v1.4.0 // indirect 26 | github.com/dop251/goja v0.0.0-20201207172445-6060b0671c09 // indirect 27 | github.com/dop251/goja_nodejs v0.0.0-20201201133918-0226646606a0 // indirect 28 | github.com/elastic/beats/v7 v7.0.0-alpha2.0.20201209222322-cc2dd9f826f4 29 | github.com/elastic/go-sysinfo v1.4.0 // indirect 30 | github.com/fatih/color v1.10.0 // indirect 31 | github.com/future-architect/vuls v0.13.7 32 | github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect 33 | github.com/gophercloud/gophercloud v0.1.0 // indirect 34 | github.com/hashicorp/errwrap v1.1.0 // indirect 35 | github.com/josephspurrier/goversioninfo v1.2.0 // indirect 36 | github.com/magefile/mage v1.10.0 37 | github.com/mitchellh/gox v1.0.1 38 | github.com/mitchellh/hashstructure v1.1.0 // indirect 39 | github.com/pierrre/gotestcover v0.0.0-20160517101806-924dca7d15f0 40 | github.com/prometheus/procfs v0.2.0 // indirect 41 | github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect 42 | github.com/reviewdog/reviewdog v0.11.0 43 | github.com/tsg/go-daemon v0.0.0-20200207173439-e704b93fd89b 44 | go.elastic.co/apm v1.9.0 // indirect 45 | go.uber.org/multierr v1.6.0 // indirect 46 | go.uber.org/zap v1.16.0 // indirect 47 | golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9 // indirect 48 | golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 49 | golang.org/x/net v0.0.0-20201209123823-ac852fbbde11 // indirect 50 | golang.org/x/sys v0.0.0-20201207223542-d4d67f95c62d // indirect 51 | golang.org/x/text v0.3.4 // indirect 52 | golang.org/x/tools v0.0.0-20201208233053-a543418bbed2 53 | gopkg.in/yaml.v2 v2.4.0 // indirect 54 | honnef.co/go/tools v0.0.1-2020.1.6 // indirect 55 | howett.net/plist v0.0.0-20201203080718-1454fab16a06 // indirect 56 | k8s.io/klog v1.0.0 // indirect 57 | sigs.k8s.io/structured-merge-diff/v3 v3.0.0 // indirect 58 | ) 59 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # vulsbeat 2 | 3 | Welcome to vulsbeat.Please push Star. 4 | 5 | This software allows you Vulnerability scan results of [vuls](https://github.com/future-architect/vuls) can be imported to Elastic Stack. 6 | You can do various things with elasticsearch. For example, analyze or detect complex threats with SIEM. 7 | 8 | 9 | Ensure that this folder is at the following location: 10 | `${GOPATH}/src/github.com/kazuminn/vulsbeat` 11 | 12 | ## Getting Started with vulsbeat 13 | 14 | ### Requirements 15 | 16 | * [Golang](https://golang.org/dl/) 1.7 later 17 | * [vuls](https://github.com/future-architect/vuls) v0.13.9 later 18 | * [mage](https://github.com/magefile/mage) 19 | 20 | ### Config 21 | 22 | change path: in vulsbeat.yml. 23 | 24 | ``` 25 | path: "/path/to/results/" 26 | ``` 27 | 28 | ### Init Project 29 | To get running with vulsbeat and also install the 30 | dependencies, run the following command: 31 | 32 | ``` 33 | make setup 34 | ``` 35 | 36 | It will create a clean git history for each major step. Note that you can always rewrite the history if you wish before pushing your changes. 37 | 38 | To push vulsbeat in the git repository, run the following commands: 39 | 40 | ``` 41 | git remote set-url origin https://github.com/kazuminn/vulsbeat 42 | git push origin master 43 | ``` 44 | 45 | For further development, check out the [beat developer guide](https://www.elastic.co/guide/en/beats/libbeat/current/new-beat.html). 46 | 47 | ### Build 48 | 49 | To build the binary for vulsbeat run the command below. This will generate a binary 50 | in the same directory with the name vulsbeat. 51 | 52 | ``` 53 | make 54 | ``` 55 | 56 | 57 | ### Run 58 | 59 | To run vulsbeat with debugging output enabled, run: 60 | 61 | ``` 62 | ./vulsbeat -c vulsbeat.yml -e -d "*" 63 | ``` 64 | 65 | 66 | ### Test 67 | 68 | To test vulsbeat, run the following command: 69 | 70 | ``` 71 | make testsuite 72 | ``` 73 | 74 | alternatively: 75 | ``` 76 | make unit-tests 77 | make system-tests 78 | make integration-tests 79 | make coverage-report 80 | ``` 81 | 82 | The test coverage is reported in the folder `./build/coverage/` 83 | 84 | ### Update 85 | 86 | Each beat has a template for the mapping in elasticsearch and a documentation for the fields 87 | which is automatically generated based on `fields.yml` by running the following command. 88 | 89 | ``` 90 | make update 91 | ``` 92 | 93 | 94 | ### Cleanup 95 | 96 | To clean vulsbeat source code, run the following command: 97 | 98 | ``` 99 | make fmt 100 | ``` 101 | 102 | To clean up the build directory and generated artifacts, run: 103 | 104 | ``` 105 | make clean 106 | ``` 107 | 108 | 109 | ### Clone 110 | 111 | To clone vulsbeat from the git repository, run the following commands: 112 | 113 | ``` 114 | mkdir -p ${GOPATH}/src/github.com/kazuminn/vulsbeat 115 | git clone https://github.com/kazuminn/vulsbeat ${GOPATH}/src/github.com/kazuminn/vulsbeat 116 | ``` 117 | 118 | 119 | For further development, check out the [beat developer guide](https://www.elastic.co/guide/en/beats/libbeat/current/new-beat.html). 120 | 121 | 122 | ## Packaging 123 | 124 | The beat frameworks provides tools to crosscompile and package your beat for different platforms. This requires [docker](https://www.docker.com/) and vendoring as described above. To build packages of your beat, run the following command: 125 | 126 | ``` 127 | make release 128 | ``` 129 | 130 | This will fetch and create all images required for the build process. The whole process to finish can take several minutes. 131 | -------------------------------------------------------------------------------- /vulsbeat.yml: -------------------------------------------------------------------------------- 1 | ################### {Beat} Configuration Example ######################### 2 | 3 | ############################# {Beat} ###################################### 4 | 5 | vulsbeat: 6 | # Defines how often an event is sent to the output 7 | period: 1s 8 | path: "/path/to/results/" 9 | 10 | # ================================== General =================================== 11 | 12 | # The name of the shipper that publishes the network data. It can be used to group 13 | # all the transactions sent by a single shipper in the web interface. 14 | #name: 15 | 16 | # The tags of the shipper are included in their own field with each 17 | # transaction published. 18 | #tags: ["service-X", "web-tier"] 19 | 20 | # Optional fields that you can specify to add additional information to the 21 | # output. 22 | #fields: 23 | # env: staging 24 | 25 | # ================================= Dashboards ================================= 26 | # These settings control loading the sample dashboards to the Kibana index. Loading 27 | # the dashboards is disabled by default and can be enabled either by setting the 28 | # options here or by using the `setup` command. 29 | #setup.dashboards.enabled: false 30 | 31 | # The URL from where to download the dashboards archive. By default this URL 32 | # has a value which is computed based on the Beat name and version. For released 33 | # versions, this URL points to the dashboard archive on the artifacts.elastic.co 34 | # website. 35 | #setup.dashboards.url: 36 | 37 | # =================================== Kibana =================================== 38 | 39 | # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. 40 | # This requires a Kibana endpoint configuration. 41 | setup.kibana: 42 | 43 | # Kibana Host 44 | # Scheme and port can be left out and will be set to the default (http and 5601) 45 | # In case you specify and additional path, the scheme is required: http://localhost:5601/path 46 | # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 47 | #host: "localhost:5601" 48 | 49 | # Kibana Space ID 50 | # ID of the Kibana Space into which the dashboards should be loaded. By default, 51 | # the Default Space will be used. 52 | #space.id: 53 | 54 | # =============================== Elastic Cloud ================================ 55 | 56 | # These settings simplify using Vulsbeat with the Elastic Cloud (https://cloud.elastic.co/). 57 | 58 | # The cloud.id setting overwrites the `output.elasticsearch.hosts` and 59 | # `setup.kibana.host` options. 60 | # You can find the `cloud.id` in the Elastic Cloud web UI. 61 | #cloud.id: 62 | 63 | # The cloud.auth setting overwrites the `output.elasticsearch.username` and 64 | # `output.elasticsearch.password` settings. The format is `:`. 65 | #cloud.auth: 66 | 67 | # ================================== Outputs =================================== 68 | 69 | # Configure what output to use when sending the data collected by the beat. 70 | 71 | # ---------------------------- Elasticsearch Output ---------------------------- 72 | output.elasticsearch: 73 | # Array of hosts to connect to. 74 | hosts: ["localhost:9200"] 75 | 76 | # Protocol - either `http` (default) or `https`. 77 | #protocol: "https" 78 | 79 | # Authentication credentials - either API key or username/password. 80 | #api_key: "id:api_key" 81 | username: "elastic" 82 | password: "changeme" 83 | 84 | # ------------------------------ Logstash Output ------------------------------- 85 | #output.logstash: 86 | # The Logstash hosts 87 | #hosts: ["localhost:5044"] 88 | 89 | # Optional SSL. By default is off. 90 | # List of root certificates for HTTPS server verifications 91 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 92 | 93 | # Certificate for SSL client authentication 94 | #ssl.certificate: "/etc/pki/client/cert.pem" 95 | 96 | # Client Certificate Key 97 | #ssl.key: "/etc/pki/client/cert.key" 98 | 99 | # ================================= Processors ================================= 100 | 101 | # Configure processors to enhance or manipulate events generated by the beat. 102 | 103 | processors: 104 | - add_host_metadata: ~ 105 | - add_cloud_metadata: ~ 106 | - add_docker_metadata: ~ 107 | 108 | 109 | # ================================== Logging =================================== 110 | 111 | # Sets log level. The default log level is info. 112 | # Available log levels are: error, warning, info, debug 113 | #logging.level: debug 114 | 115 | # At debug level, you can selectively enable logging only for some components. 116 | # To enable all selectors use ["*"]. Examples of other selectors are "beat", 117 | # "publisher", "service". 118 | #logging.selectors: ["*"] 119 | 120 | # ============================= X-Pack Monitoring ============================== 121 | # Vulsbeat can export internal metrics to a central Elasticsearch monitoring 122 | # cluster. This requires xpack monitoring to be enabled in Elasticsearch. The 123 | # reporting is disabled by default. 124 | 125 | # Set to true to enable the monitoring reporter. 126 | #monitoring.enabled: false 127 | 128 | # Sets the UUID of the Elasticsearch cluster under which monitoring data for this 129 | # Vulsbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch 130 | # is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch. 131 | #monitoring.cluster_uuid: 132 | 133 | # Uncomment to send the metrics to Elasticsearch. Most settings from the 134 | # Elasticsearch output are accepted here as well. 135 | # Note that the settings should point to your Elasticsearch *monitoring* cluster. 136 | # Any setting that is not set is automatically inherited from the Elasticsearch 137 | # output configuration, so if you have the Elasticsearch output configured such 138 | # that it is pointing to your Elasticsearch monitoring cluster, you can simply 139 | # uncomment the following line. 140 | #monitoring.elasticsearch: 141 | 142 | # ============================== Instrumentation =============================== 143 | 144 | # Instrumentation support for the vulsbeat. 145 | #instrumentation: 146 | # Set to true to enable instrumentation of vulsbeat. 147 | #enabled: false 148 | 149 | # Environment in which vulsbeat is running on (eg: staging, production, etc.) 150 | #environment: "" 151 | 152 | # APM Server hosts to report instrumentation results to. 153 | #hosts: 154 | # - http://localhost:8200 155 | 156 | # API Key for the APM Server(s). 157 | # If api_key is set then secret_token will be ignored. 158 | #api_key: 159 | 160 | # Secret token for the APM Server(s). 161 | #secret_token: 162 | 163 | 164 | # ================================= Migration ================================== 165 | 166 | # This allows to enable 6.7 migration aliases 167 | #migration.6_to_7.enabled: true 168 | 169 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | -------------------------------------------------------------------------------- /include/fields.go: -------------------------------------------------------------------------------- 1 | // Licensed to Elasticsearch B.V. under one or more contributor 2 | // license agreements. See the NOTICE file distributed with 3 | // this work for additional information regarding copyright 4 | // ownership. Elasticsearch B.V. licenses this file to you under 5 | // the Apache License, Version 2.0 (the "License"); you may 6 | // not use this file except in compliance with the License. 7 | // You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | // Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. 19 | 20 | package include 21 | 22 | import ( 23 | "github.com/elastic/beats/v7/libbeat/asset" 24 | ) 25 | 26 | func init() { 27 | if err := asset.SetFields("vulsbeat", "fields.yml", asset.BeatFieldsPri, AssetFieldsYml); err != nil { 28 | panic(err) 29 | } 30 | } 31 | 32 | // AssetFieldsYml returns asset data. 33 | // This is the base64 encoded gzipped contents of fields.yml. 34 | func AssetFieldsYml() string { 35 | return "eJzs/WtzGzmSMAp/71+BVxvxyp6lSqRulnXORDxqSe5WrC8aS57e6fGGBFaBJEZVQDWAEs1+Yv/7CWQCKNRFEiWbbrtHszsekawCEolE3pCX/yC/HL5/e/r2p/8fOZZESENYxg0xM67JhOeMZFyx1OSLAeGGzKkmUyaYooZlZLwgZsbIydE5KZX8F0vN4If/IGOqWUakgO9vmNJcCjJKXiTD/2SfyuSH/yBnOaOakRuuuSEzY0p9sLk55WZWjZNUFpssp9rwdJOlmhhJdDWdMm1IOqNiyuArO/SEszzTyQ8/bJBrtjggLNU/EGK4ydmBfeAHQjKmU8VLw6WAr8gr9w5xbx/8QMgGEbRgB2T9/xheMG1oUa7/QAghObth+QFJpWLwWbHfKq5YdkCMqvArsyjZAcmowY+N+daPqWGbdkwynzEBqGI3TBgiFZ9yYVGY/ADvEXJh8c01PJSF99gno2hqUT1RsqhHGNiJeUrzfEEUKxXTTBgupjCRG7GernfTtKxUysL8p5PoBfyNzKgmQnpocxLQM0DyuKF5xQDoAEwpyyq307hh3WQTrrSB91tgKZYyflNDVfKS5VzUcL13OMf9IhOpCM1zHEEnuE/sEy1Ku+nrW8PR3sZwd2Nr+2K4fzDcPdjeSfZ3t39dj7Y5p2OW694Nxt2UY0vJ8AX+eYnfX7PFXKqsZ6OPKm1kYR/YRJyUlCsd1nBEBRkzUtljYSShWUYKZijhYiJVQe0g9nu3JnI+k1WewVFMpTCUCyKYtluH4AD52v8c5jnugSZUMaKNtIii2kMaADjxCLrKZHrN1BWhIiNX1/v6yqGjg8n/u0bLMucpQLd2QNYmUm6MqVobkDUmbuw3pZJZlcLv/xsjuGBa0ym7A8OGfTI9aHwlFcnl1CEC6MGN5XbfoQN/sk+6nwdEloYX/PdAd5ZObjib2zPBBaHwtP2CqYAVO502qkpNZfGWy6kmc25msjKEiprsGzAMiDQzphz7IClubSpFSg0TEeUbaYEoCCWzqqBiQzGa0XHOiK6KgqoFkdGJi49hUeWGl3lYuybsE9f2yM/Yop6wGHPBMsKFkUSK8HR7I39meS7JL1LlWbRFhk7vOgExpfOpkIpd0rG8YQdkNNza6e7ca66NXY97TwdSN3RKGE1nfpVNGvtnTEJIV1tr/xOTEp0ygZTi2Pph+GKqZFUekK0eOrqYMXwz7JI7Ro65UkLHdpORDU7M3J4ey0CNFXITtxVULCzOqT2FeW7P3YBkzOAfUhE51kzd2O1BcpWWzGbS7pRUxNBrpknBqK4UK+wDbtjwWPt0asJFmlcZIz8yavkArFWTgi4IzbUkqhL2bTev0glINFho8he3VDeknlkmOWY1PwbKtvBTnmtPe4gkVQlhz4lEBFnYovUpN+R8xlTMvWe0LJmlQLtYOKlhqcDZLQKEo8aJlEZIY/fcL/aAnOJ0qdUE5AQXDefWHsRBDV9iSYE4bWTMqEmi83t49gb0Eic5mwtyO07LctMuhacsITVtxNw3k8yjDtguKBqET5BauCZWvhIzU7KazshvFavs+HqhDSs0yfk1I/9FJ9d0QN6zjCN9lEqmTGsupn5T3OO6SmeWS7+WU22onhFcBzkHdDuU4UEEIkcUBnWlPh3jiudZ4vmUm6V9ov1Qc55nKVWePTVPzMknw0RmxbAdsoGaidtf3AtPs05hQbZsNRfhBjAynDYqFj3jwYmiiFjUM8KQltJLJW94xgZW8dAlS/mEpwTfBgWH66CGOUxFHKVgRvHU0kjQO18ke8mQPKNFtrfzfEByPoaf8et/7tGtbbY/2Z9sDye7w+FoTLd3dtgO293J9rOX6Xh/Kx2Phi/SAKJdjyFbw63hxnBrY7hLtrYPRsOD0ZD853A4HJIPF0f/EzA8oVVuLgFHB2RCc80a28fKGSuYovklz5qbx9x2NDYwZsq3suXOxvo5CM8sh5twpvD0c+3OwTM+AQECUkY/b28xt5qIKkC78wo4TZXUdiO0ocqyw3FlyBVSCM+u4DjZg9TdoX26YxE9aSCivfwO7T5q6R8E/82qpw9fd1CXLIdBvgTvzUEvGzMCXIj3EKBbXtZYnv13FQt0Wiewx5ihd3ZQE4pPoTRDDWLKbxionVS41/Bp9/OM5eWkyi0PtBzArTAMbOaSvHL8mHChDRWpU0Nb4kTbiUGmWCJx2hCptSFWUgWcIYzNNRGMZWhDzmc8nXWnCow5lYWdzJpH0bpPJ5Z/eMEBS0WJ4r+SE8MEydnEEFaUZtHdyomUjV20G7WKXbxYlHdsnxdWdgJC8zldaKKN/Tfg1qryeuZJE7fVWVP4rlXGkho1IojcgNX6WSRxN9GY1Y+ABsInjY2vd6xNAI3NL2g6syZdF8XxOB7PjnGvANV/dyKhiewWTHvJMBluqHQr1kJ1QwWtjBSykJUm5yDR71FHDwWh9SuoBJBnh+fP8WA65dIBlkohGBj8p8IwJZghZ0oamUov35+dnj0nSlYgDUvFJvwT06QSGUM5baWvkrkdzHI3qUghFSOCmblU10SWTFEjldVXvY3OZjSf2BcosepKzgjNCi64NvZk3njd2I6VyQIVaWqIczvgIopCigFJc0ZVvqglINgoAVqZ83QBdsGMgcpgF5gsre+IqhgHffQuUZnLoHQ1tsKJBByH0DyXKejGDqLONjl1MXwdCN7tohvo2eH52+ekgsHzRS1xNNo+AfV4Jk4b645Ib7Q72nvZWLBUUyr478Aek64Y6V17S88Da/IyxmbE0rwZTrqWOQFVWBU61lzIXWpNC9fvIthhvs56f5LS0trr10fRWUtz3jL5jupv7rD5Dt2b9lB5uqPaERo33NI8krjfDnfUnI7rgUNbTrEpVRno+FaFl0IPoudRvx9z9IxyKWhOJrmcE8VSa/42PAwXR2duVJRANZgd2OwX9vEIMjhomolg2dlnzv/xlpQ0vWbmmX6ewCzolCgdq+hMhd4/q8I1JvUmqQKdmmkLhzOaPJaMokJTACYh57JgwYypNJqDhqmCrHmXplRrtQNEsYnnSg4U0VqgxiPmfnbmOu7smAVzFcz1CAHu+FmwxNRvcz1FDD86HhwR+QmslKp0ZRHiRq3tZC4seP+qBG4AmM1oCHuHc89gNX6FNJ0hrQKF+7UBJ9d7+oJ/EMfb9PMEjy4cHlTJaJYRzQoqDE+Bx7NPxmlv7BPq5QNUlrxM1EGHM5LccLtc/jurfSB2oUyBpaa5qajbjtMJWchKhTkmNM898XnOb7nmVKrFwD7qlQ9teJ4TJnSlnKbp3MhWQcmYNpY8LEotwiY8zwPjomWpZKk4NSxfPMD+pVmmmNarsp2A2tHZ4WjLTej0nMBmijGfVrLS+QKpGd4JDHNu0aJlwcB9TnKuwb14ejawZjDKU6kItQLkE9HS0klCyD9qzAa9r9aC8BwoOvcwebq/StwXV4iypjYpCDeRsphV6OJFEXiV8PLKgnKVIFhXA5KxkonMqfOoi0tRAwGeF7djtbaU/NsJaqqTfyNZHXmgFobpe1T1aI/Rj9N8rQHIj/YHdLaFCy939tzWI4vsbsn+TgMwJODPcIk5nozjJI2xp0wmKTeLyxUZ9kdW1+7dhTdWt2fO1dcARwrDBRNmVTC9jZwMYbIOfG+lMjNyWDDFU9oDZCWMWlxyLS9Tma0EdTgFOT1/R+wUHQiPDm8Fa1W76UDq3dAjKmjWxRSwu/uN4CmTl6XkQdY072SkmHJTZSh/c2rgQweC9f9L1nK44dt4sZ3sjXb2t4cDspZTs3ZAdnaT3eHuy9E++d/1DpCP43EtH51masPL0egn1NQ9GgbE+ShQe5ITMlVUVDlV3CxigbggqRXMoC5Ggu/Iy7vgAUJK5go1oZRZTu+U5kkupXICYwAejxmvVdJasiB4OSlnC83tH/4CKfXHV0cgvJUmuiWH6zGOfoECBNuUSb/arp9kLLWRYiNLO3ug2JRLscoT9R5muOtAbfzt6Da4VnSkHEy9J+pvFRuzJqJ4eQ8M4YHGLKdnQbfyjA9lwrPTs5sdqyednt3sPW/KhoKmK1jwm8OjfliakwtqkvZie89k/4LXL6ythybL6ZmdyCnwGNDz9vAiWMPkGUumiXPh0Dy22gmaft6707hPCAcgMgCthQk+PzEluaQZGdOcihTO44QrNrf2BxjcSlb2mLbUTbvoUirzMG3TayLaKN6vgsbYsON/L/hAQ/MBSllj1Wf49qNUsK0mHJ09WUYzvH0/ztwe3Eb8luVowxTLLvuUv4fLJmtRzPh0xrSJBve4wDkGAHBZssyDpqux1xnDPr+qL1BQxkTDOQNwIhWE2CTuuSSVxZq14dfiL9o3Oxhs5G5sMmaYKkCSloqlXFsTB9wXFI1OuKaGIKtqnPOU6Goy4Z/CiPDMs5kx5cHmJj6CT1jT5nlCLtTC0qSRaK9/4lZyoXQcL4jmRZkviKHX9f6hkZpTbeDaACON0B4W0hCwteYsz2H1F6+P66vxtVQm1fVaVxRG2GjsfkD7qpwBF/HeAnEHNWVS2SP8W0Vza0uGLcWrJgzpiNSGPPekAjoCYZ9SVpo68gJeq935HbJO4AqHkpIqwyMPFulAAEyC41z2v+531DJqXQqUnsruiZ05paJ2YZEmXQ0iDIRQrM6CxiyX834y7z8TzXMT43ZtPp8njGqTFAs3AhIGngyqzVp0sYVAuFFmVNeRVLBWEJ1hmkFNa7oabyW6Go8ah2/QIOIaPAx5cD4UH+pQj7E2wDMnpGXkPId7D6a47LkttgsIxHZPsICR5SUsY3nu9mg6Z5OJFUY3zM7qCMWt/hm7eH38fIDXgddCzoV3vzbAIo65DLyfG5iAJVlPK9EhSboMsj1vGDa6i7a7BHTwfXNG4Iq3McV6J5Zjj/B9g24qzVSyWpKJfQN4JSIVXjTYyfGWs2DggJOT28QiFeT18eEZxELhio/DUDGtrHdXxwrK88+U9tYQJTCQV7ST7kSWS/bYNN+0a88ubF3XDB5MWnpDeU7Hedd8OszHTBlywoU2zJFMAwfgkf/DCApmXz1F4SJXFpXVjUzyQXa4Ph88Ab7rzTKnxqrHPQSJcC5JkZ/r9sPJukDMqJ6tihIcpoCP2HkwvFApZu2yTpgidQxHECqkWMTx4GhhRKTyQTMX3nQFq+AZXn3AB7u6qyDcUykmuFc0b8xJRdajL0G4TQ9RrSTK7ZYgN0RZz2Yt4ZH5VjjX+cxafOiug6BgLrqLi1gXBdbVXbKSefuO4osR6KFSFCL5gfBgJu+rhGSXZox/C+D1f65d8zEV9BLCbdYGZE0x0H7F9NIOiLHwd+CsDpqQFQIeYib8F7eHTGAqFMGzFK7WYCgwHMRE0ZAeUS8D7z4x7M4b7xB8R24N9J6QN3VgLtdxhCAV5ORoCy0fe5wmzKQzpsEvG41OuNEutr4G0h7FZkpII7af6xB51gTBjasq4YL2FSukCXFqRFZG84xFM7UhQ5gocVHlfkGedET9qvMpN7NXcNB6IAifd5N7B4sdlusaVIewh9yOp3CzsToxtn5RIwjngrSB+C6RZyEVxLGoBcn4ZMJU7B4DzzmHBAgr2C3D2TBMUGEIEzdcSVE04yJr2jr85TxMzrOBv6cE+ifv3v9ETjNM1oD4mKrNLbsa9N7e3osXL/b391++fNmLzhVK2x6EevZHc071HbgMOAw4+jxcoqrYwWbGdZnTRaw4xfYspm1uZOxmWbPWaaI852Zx+XsdWvDFGXU0D7HzWPxgPANwCmBANWvq8OpKb1hrfWPUulpwga+rO2SnPuD59NhLE4DVs7Y2oHxjtLW9s7v3Yv/lkI7TjE2G/RCvkI4DzHFoehfq6M4EvuxGWH8xiN547hoFW9+JRrOVFCzjVdPL6JKcvwpLdXPFzKrv0DaO6Fl4Z0AOf7diu/6mJ1tmseEmWfa0+vV/HR7oMYD3fMuuHTlXc/X97KpYkIev/4ZnS0U2fXaQhUcBTJj4Vcf5vnSuB4TahQ7INC1rh6VUJONTbmguU0ZFV1Oe68ay8LZ2RYtyl7WPZLexkiszdqn5VFCrkDa0XZkxct745Xa192LGNGsnhjasOtAfx1xQtYBJSZhULx+rjllF95haYylzRkUf2n7En8DgpSWo4BwD9B0sFn0uTLRrWRhVsXtsh+juxFBTrSyK8jDLuIuR7mIZKJ0pg9cSzIHSk8BUobnu0kOnVhlO1aI0cqpoOeMpYUpJhfnbnVFvaM6zOFREKmJUpY2fj7xm9IaRSkRhwHgM/av1K/581uOHYedWRRPpjKXXfdmJJ+/fv3t/+eHtxfsP5xcnx5fv3727WHqPKqxEsKKIinMcviGwA+kHflfHofFUSS0nhhxJVcpG/tb9NxkWjWwZCXrH8Vg/N1IxtPrirezZHpLOmldPf7d7SiF0vH79tvcgKRUT7n2s7ADsQcvHwpCNSyEp8kUz93q8IEbKXLvkV/BGQjolS6/R4kM67JDMww4yEOtn4rWf76AnFkRKkwPdMIVXjnRqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9ILAkPNpMHXFh/p45HVFnAZS87IAMUSATuXsxFlMhJPEhUFCaSVTOWl5HzE9wHGIkShtbOMSEWVrIaHrSeZSTWKv2T9eJ51lT+eUGnKzVGYqUKJgsxrAiQJTTM6paiDzRDpyuCrKYsBxedtm6dolI1d08flay5o2hN20yDWV39l8a8K9yOetF1+F7QQ5FmV6WI4uikoIJOkflzXRNCR4nCUjkRH4lyWGJOctz6+g5eEj1aF5BBJttIdXLRE1AaqZm1FoDElJ9NjPZKmpzCcqgo+wh9lY2EqIELExuQOgkMPGQu3QWRYpEUVQyhvUlhnlf1rC1Ks7ovwQrZ4CRU53Lc77YUomiCVAptTSSWocyhGgpIxWnRmD/jRh375COQOaK5Yn3bhB4NTWR6moxz5BqFtCBMIoztTXkXgdOMKgV444IrcJsA/mPR/5zHQlillg2145vMpGokgi2VThW0Blc17AulU4VhIa3qKZ3qKZ3q3yOdKj6APqDXlQJs78uXzqmKRcRTYtVTYtWXAekpsaoL41Ni1VNi1XeUWBXLpG8iuyoCaGUpVry0s8VLvyeviDUSikrFb6hh5PjNr8/7UorgKIBx9U1lVUEaT+T5cisFf1iNGyPJeAGYOGZQt/HLr3AVeVIP0K2+XrLUrbT8tTKmso7a95Q29ZQ29ZQ29ZQ29ZQ29ZQ29ZQ29ZQ2detkT2lTX4SgntKmntKmntKmntKmntKmGoFBWY7yz1/kv34NH+/uLLJM8CiEzuV8rKjiTJNsIWiBTguPUEkz37zF9YkAr6b7+Q0VC1epOe4z4cqpSrKmZxRqkTTmWXM9PkJOCBgWXiEfV6GpF2jizOB40E4rskYmMs/lnIvpgYfmL+QYF7CRc3Ht5luQZ1dJludXz13xZ++QkYL8wkUm57p+/xzBfYdBhs+uEi373vsg+KcNUCo7a+/A0gBjkfNx34AFTd+dL38L3owwTr6jEN4W5E8Rvd9+RG97y/48Ab6tlT3F+64q3reF6Kfw31vwZFXgpMh2V8QQ3xzv4hQPgkfP6GhFAJ3/fDh6HERbu3urg2lrd+9xUO2625KVQLU72noYVCvi0A3z3Sk3bbFZl5kvaKn9FVPM06FjqxQk4/q6e2yumRIs395KvOa7TM4bNauyU19VeY4Q20k6a28Bf3Tw0SmWH7HvyvbWx0ctiCVUpTNuWBrSxVYQ53z2gcTTEEPVlJngsrDL7izx097OA1ZhRRQVixUt4DTUssRpOmQ28NmJGYEeiUXJc7YBSQdfVJ0oWRIBturVtmJlHrHYMxoHDt2/ODv8ZW/Xoy+/uptmC6QHrmwv2U5e7g2HyejFzmj3AUvkRblKd9chOrlCkkcplXHFJM5O8KSRQ0EcFGRjA2744DESwUXsL2mzV++EiylTpeLCpYRy1/CT0ImBVh2IMRfR7QtNWM0Me33UGpGiQgdrSZOZ1YFkmlZKWRUTg4Gx/ZZrPwl9m4yiwdoC6DEBuKlNKYEP07qb9nw+TyZcMbYARrE5zuV008wUo2bDmpyWN21uDUc7m8PRplE0veZiulHQfE4V20DkbNgJuZgmM1PkXWkyTPf2h9vpDnu5tTWyf2Qp3X25t01ptr2XZZMHEIjvYXkJh+ELBMAFiv8crnV+dnj69iI5+e+TByzFtbRd9Ul203zO+tYCW/746fDEe23g73fB/4Kidu1uBASHmmh0Sjt+ew4f73CovWp0/LETHr89J79VDA6atbuo0HMWNdO2v7tCRM7+YhzOXOiaU7cx82MtSKm4BNfZlGEfUTesG/TZVSY0FKA4gOevnru2tgs/STw63Ar5FBx0Z9cNht2IOG3I6tF4OUkbF/8OBrQS50yxeu9QTeAax+lCia9ePX9IjkdjxUtnk7VYrSAUnLdRihAV7g28e6XpzM1FtOtipZiplIhuFXwPeldJOtJyGYErpmu2cHip0yv8BiCeNfPt0BvZI+MFOTk6r8Mb3mNLLhwLeC5wythxVdTLwR/95ILM7VsnR+du+Hbgqd1LS2NRM1vsNgm/NFO67HOelsmhIQUXvKiKgfsyjOsXVVTaNBpXX9lZrixwkGTUWQbX9QXlwBoIYUiI6UhBQHKo4g19ozUppdZ8jJd+GXSYsnoerd17ztHt00T6AaWapNiJ1KVvrfeRXZLmdGUJRlgzhGL8ZtgQn9qXIcVA52AXdYiN2joc8fRtL+hRMbLPio0DqCJWh8E+PkKweQgYxYpfPkwaXy2ZyLS/6IRiNsB9/NLjAf0aO2J7NEz8//eudtXFXeI4LyPjqiAt0EmJ7cl0s7ErdY46OSFHbw/fnFjCHzOLLPt+fmO1qYgJra9rcoU3kzUrMVFamRS+Ma5UiulSWhQHr3M0CJy/hJwGniSk8WEq7TGdPkOuoK2ez2G6smKERbl50bZAzNYtYXp+a4xZJmDjtpjVC3+9BuHEN+C+tywaFgwY6N0F7xCl6Szm4GwCDKiR/8a1pX+WJeRXpqSvVVOAQ3HmLviQV9YIHNdYwyl68pD6CXWF9aIuZnWtqEfyEqDNpjuL0Yypy0lOp6u7m/E3q1skZ8ZaKJYd4swEZm5UUiqx12xdVOiAHB4OyMXRgLw/HpD3hwNyeDwgR8cDcvyuxw37z7X3x2sDsvb+0F+63lZN4ItujV0Txm/HV/hUw2VG5rWLUsmpogWSHrrOTETBGNvJlGvaFw0EaeElrxMkkS3oHot4azQaNdYty56EkS++eHc/KgVe4qCihPUm3CXJNRcQXI16aEM1JaRgWtMpS+KgP67hTtjhrm7nicG6OAyquoAZuLqOx7wVR3/7cPL+Hw0cBZ741XQC15jVyQk0L+4V/w3W/SXkP4i8FgixZAvO3Fa9UCHFBrggoGN6OqOKpsYaDs8waHh7CzKeLT7IaGvveRyDK3XjjZpZB4MGG+UyndLSnh2qGRkNQUZMYY6Px8fHz2uF+keaXhOdUz1zBtpvlYQs0zCyGyohF3SsBySlSnE6Zc4K0Kht5jzKe54wlsUjpFLcMOUSQT6aAfmo8K2PAuiMuRu1h0nRsJ+PSXx4tLrTlxDxlATxLSVBBLr4ytkQvOEMcCu8K4Whwyy+o6D9+Xzej/SnCH1kgU8R+g+L0K8J6OuYAc4auluDODw8bObBe5P08nOSRg87Hrc8J6dnVmFjUFnzKvZUXLVcCf7HK++5c7TDJxOeVjk4hCrNBmTMUlrp4E2+oYozs/AmUEypBTXamn52KAdWQk4+GeU7sgN8UX0XD6iZMQVWP3gyI+Rc1bopvWYwuPdOYfe8jH2ybxeWSuKhUS/Al+B3RjWHKMkwYt37HNUVq8lOZE/t7/V/rkXOEWvX1B9HbQPH67tfQ933c/Vnir99B3FoDehWeCjW41MRvPE+XCgbOAxbjRQIrym2oLd8XfUu8uZDGNWU3zANXeWje4BGm3l4LFUsDtPLhA6jTBC2tkN/WShqALx33vnuG0C05pfClzcqmXLrfyZL9KLmCzuEljJIFGeT4bF4npBDkUEzgVSK2jztVOKyh+r2WwXvl7fWmmMGHfoODtxQpDZt3NecHN13X/OGGboRO519kUPnVV6+Pm7vhXcUSKPYbxVXLIN6oV8guubk6DzcfoMAC/i1i9HEyIRcsVQn7qErTJfxYNTcD1Qi4DmVNljmF66a89yRUERpv8yYwD2DDUyV1JGmxkXGU6bJxoZzgrqLCAuQxafO+XRm8r6OCdFq4P0osDtncPdt2FS5m2aa/cuC6hPS0xkraAv/pBFy30M6o2SYDGPKUUo26mmehC+WDp+nIrpVc9G+QL4L8F4EPH7QDFk7KA74nLvOKUsGdbRyhv05LJo9I4CMlpRa8TNHsRO8Fbj33GiWT6KUXIGjP+BObUW1QQCZ6NppXRcggHd62laUIOMDl3ogcO6ke8CIUlx6FutdUo2BtaHp9aVVK76n3MELDPBNoU5iysIdDmDOEmWZw50e+9RqYbuk0L7LzxTL5rBbg9i6cLUEqdaN2AHMpw81IqKj/y96Q5OcimnytsrzMwm3Byf+8Zgn3HgW5XlC+OJunuDOY199XQge/mRuSTTIpbc7sBSv4mnjbAcWcmgfJVBuyBUZ1J3aj61ql1BicIbnLvCaWuV/LQOnAUHgKhbUOUzUhKstMJnEtB4j9DCwE9WLcOP5oahPDbLUBOlN2K4I+yDV1TidJxwtk1CQxI3p76XBiItLcQywSqIfpO5ATcbMzK2+TuOSk7RZnBIn44IbDgHcdqtyqe3aDv1O3I9uqzeFAqRwoS0qrHGWk4JRXSlWYMspkd2C2egxCBo39JoFGo7RHJNHjeOCFRLCQ5i2w/jhshrTrhToDQ88yLAC3O+VYgk5Z7jnV5isZgXXFS6bG9f3AA6/D4WAhMtwwx6OcBwp4CCFQp/GGtwNobxc66clipw9WvfH0YPC768MXLZe010RynthaF4criCit8gpVMQGEqhVyhkVHq8pNWwqQY/344fNtQzjChCyQbPsakCu3LnZgHPD4KsJz9kGqu3ZFd74+HuPBtcHfT0KJnERhTlQWF/DqEoztVFSrS0yNzAmqKkjONBXsx2YTAUHaUIm1qyxuuERzulrUGKUFZrKoHVSgztSe7XA+HCuKbc1diAPPJlxpqhKZ3FMentvanUOt3ttzKdkXEGlpDULXzQiZ7rpHos07Nww5bhda4oDt7NXZOGERVC7sZGdc1e5x8KYkILDzcLdeKGmzDXyrHwRN8FzM9pNufJhmdy13qJxlTpdjT1YbaoP43uzzM0LzjCa53JuIbS2YtrcKCd33JIinxo1Vt+ArQn2Q4TJrqlXmZlV3aJyh7frrF/ONXDarHAMGmwIZXOVp/kE7WXIrowwFxUJ9qFUlWZBaGRMN1qfOYVRk0pEFYMHRLEpVVke7z5wf3iaWD2msn9IRezywC4D+wgFjbxhCqQMRAx7lclrcDzeEuYjJlHPIafH3W3Y2dvZbyIfOdA9vCCrnQtN/LrTgIN0eh+yTZCPc18x2hVMppYgVZScpRgF3mapcwp7IpX9DF6RkpdQQPtWms641SFSV/bs/0AZZkOLEtkGNfFXdWVGB2sDfwAtQ7ehL1QeXT7nHZFyKkhhRbLmpkLjduBCAc1ckjCtO2hj1mNCI+v3H9M4+KQR+J3SPIXkNFdDLYcoGFSMYu+RiytwcZBI4jWTiNUW2BZ4FZCOexKyvzPCjeMSLUgKKbiRddxdPcT6Opi5fsfsR9/izkhyzVhJqhLvA+Cl+HA1sWrNZIS0iUcrWvHEpTQfxDtbX9ZGhRtiX+rWcLS3Mdzd2Nq+GO4fDHcPtneS/d0Xvza9qBk1VLP7at99fjkUnKYVSCYaGME7ErjWxsh7q37IqGmcNSGk8uIGKzPStCFncjkdODsvl9Png3jyIEWMdDrOoi4BHp3XVBZR4TPsrVqDDZsOWQcF8GzI6xfSBE8VDG/1nsbcYOqFoLZCZlVekz4WuMHEf9R6KMmkiWrPx8P0CJuSpjOWRLgI21upZert9tQ2bL3JRVmZS/+joEK6wDVv/1UmfoDqNzzPee8zeFMGNDLqJZxjN3XDJ0bgTi9M26Qk5FOIdXvm8TOzZpNi7jbR1Ld3jTjEPl7kGQ3MLjJvCtg95Z3SO0wsE2p1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXD5J8dgLraavawwCehnqmfkWcnUjJbaHj5t7DdR/s5zuMWjcyfJDDRLoHjBFPl4Cim0UXb54DIAR6rVHDse0dBms++vwx+Pjr+al+702K7Gm1p3lE7ZpzuT3eEwa0ImpqyboL+8TnIRZALQReCqVCl+4wMmGdSCVjR38Z9Gqo6GAbqFr10CysBVLXBiXbxFl15dyBchnypxnLKWxLmWndEb2lQ8QcGoMHEOPGbXWHkdNaghQYEims57beBT4YxKe7rQ6LdmmNZVYTUGIYldG1g7g6ApONnrr5pmSgqZy2mjgIwVNfLa3+9zfdDAFfl/24urv/HbfbWUzN5NRsPRr0tn2l/zNjP6xuxcH431KEMXnTt4Q2gH2vCjtH2TkDbi1Yb4Z9NpZ+K5LobSQOdJ9ONFF2vG9QYIF5y136TXgnbhvN5qQX6Havu04npGaM6U8YoMnIWGd6wVQIBCqzlaS0fFNZIZVjDVGH4KEDRStSIBR2ZUZDlECc7YAq6+5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dArDUKptLHEMJ8xyBELAejYvx4u7gxc802rnKoQGV+bjsoqVz0qT94umtXQqVamyOIsUU4IxCrDWtqaorvlduYDGCjIq6oSE2QdWUEdXWsiw9BoUeTVFDSBrielvmancBKE155RHz4EVRDk7/OBPzc48lUrkKxhCtZXEeAGtM/fpmc2sO55/yrw/t4ydfbJBOeBJWdhuAqn74Mj/zu0hluMaKuxQ1ALQ+0uk+ll1No349pqJhk4RrFWHpizkLbLsprorfbvAnEgptcozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30cmrg+H//z9GWzv/zzlLK7sA/EQwcRg6pzGF340S9+ho6P6otUDLC3QF5xSrPGsjy5Jl/gX8X63Sv46Gif2/Ecm0+etWMkq2ki1dmr+Otra3guqfsU99wkZWxtpK37S8sRbVY8WNW9+VD7TLmIBI65iZoRCJ/K7UIx6ud2ozkvLcKjLBx1Iy5eOog0iBPhvow8H0YtdTra3VvJXG5RygxufTbaM+aCTy/WcNryUyEEzRaslCy759TaCI4dfirIWYgZUFzomHYpLXbpJogRHoh1Y6iAC/100phr2BXChl5U048iysDT+7PDEU2WHQOvYWtTS3RjD/64J7dR5rKHsUDHIUsXb0SETqEFSFvFreQPGXeIOX2tabOHLEbWwclfWqUkBPNVqEy211zB68aZA7axVerWXqLv1wH27RQkyD4dWla+zgUXfC1s2tpQw/q5nF3vgDq2RcNbqcU7EIWgzYpRzS/jxgJJMMWW1Br+vd0UzoHuni0NpgMStu+L5+HkLQ+s4Z+pXhVKHE9mGy5wvtnFFdN/RrOY3crgXqTw1ZW8e9eVvNi5meVj5Ey4mZU8XuSqNyhwU0gPOFLqzCNjOmzJ6DaxlOlq7GrnucG7hd4zGM+Ayr+gzqsjEbbokbXixtHFbWmhLT57cVOWpso2JUr6y4yvp7GJ3MZ4s4ssxf9neZVNcD23NVakcDvEHDghS0U8daLUYdgYc72MZtahj3F4h7cmcI375q8hQ3ZOAf7o7GvYJ4u+pp0oSLdcXt7OLD1XurmjSZs7E9Rp98YLpowRMNaU9vxgR3YkcxiPGutfogG1rgBTba2GcEEonyapzL9JplRHPDrnqI5gLi6IEjUUEqwXxqZFP/vdcAhpKqkS9vBcTmJiAf3r8mORfXPkL/7qqcni7bVOdHwTKwEHDA0ziAQfpOGGEEchiZj4Og+DSqO0QW8wHYSlZYK4YStpACrvZA7IbrQeyv2dkZX9DGdaaMciQ2YY7N/xgOwfG29BZxfX2pIz3xNs1xkkvaG7H2nutrAiOAsaS4VBwD5dvMUDt+RbTMK/D+RJl0HzRzV0mwNLjMcRdfqA/Y05vcAvulkKpYgshuXcT6W3BM8d9ZBsPes6ABRsTolMJ9aFjE0NLNaDjsceYVlLtivK5k+EJWsO/N6xUnFZCbQAqvjgDSzds0O8TcOec0s/Qk6mUg1lyYLWhKWDy45TDXlq8sd0Qf1tvq3A3s+6PeItYhPrD1KAQbI/z+GgouYnTnUnwAd4L0ullwgH2iqSFSZS5yIjheotvx+G48HOvgvA3XIh1s3bCoHeAXaU+F2bAY6hUmaJ6fhtC86/byl1BYIBgMYcS4AEGU9oJP+UsWH2xAo+B7z5104m7cqtIL7ygYKOwEhI65WTmL+lJrE+vejjJjvxuoA1bb6q0C4vS8sJ4xs2iG0mZXuZwmGn5P/O9JKjN2lXjm67+uRWzs2q5Dr7ESj5uio6w0rkiRq/n2avXRPD0+f95qfe3eCCq4I2vCjSZyLsKMmFdhZXydMBHGTWWJIVi3LzeK2QkL7kqRF02aNnSp1nZ3X5rhjdy912YuCC2+OIsoAi/Q6iCNW27O7Dn9vW4VvYKcnrsN1caS7IGoGYfd4bAg9Gu5UFgHc1MfyRWjmdfLnLD2hF7ffkRiEg+gJw4ssDfnumHVpykrMTs+TOrT1KCoBbXHXwow/06P3eRrJ5WSJds8LLRhKqPFWpQ5T8djxW7QzvWPn1+sPUezk/z880FR1MyE09w/tTHcPRgO15632Gg3tvsb81SZGVePDACEWLmmE6oV17amq/EGRgKugaQfIElhVF0kO0itzHeiC5E8kacPCBN2v3UULuj4aga37TJyfuGiIIW1VHZLQel0jh2fHegaJN7ir11pIJ/zLS1K1lZVKrVMwZ/H9YhpmQ8Cxobagl4jk64jdWWP8A3Thk/96ppeniUsC4GFMd3QmJDDxUbGSjPrjI4iyd2A1Q4fvNwVcUqFSz0UYHySMqcpu9U+ucUuqY/8Z9knxaLHQoEpNne3Xowylo03Jrvj4cbO1mh/Y//FZLixQ9Od/RdDur0/YXdbL54eJtxdMbkMi1f+8x0JFodYYrkVjQ/FXjq3k5DooMnY6kXNUEWXMGB/hchNHyJvx3YL9/v/CmpQu+pwTu2KvIZwwOG+we+Qz0Hwn6nINqWqF0saMVcDV9UkuKjHC5zy1N+6kDf1ndc/X52++R9fLVPX2QZWyPKU6ecJvuyST5zDrxWRD54SyFhnGWKztR5/HKOYBOfVfFDUPkYCfoZisv6auhgFF7KQYyl9P3SvE997e+ut1Bg8CGVhwQuFDuee4CNqjOLjyqysVVBd0QrxHuaLxX/40vXSBPZ8Q9XC0kZoBEZ+ZgqDJKGiDvs0o5UGTznUQZATJ1ua3NpyheAN8tkc7nhCge8bNoBrA8hHzwZ16zUro6ClSXxhxz6xtDJsQGY8y5gYQDAu/itFvhg4Djkgc8VNj5d6/Z9r/tm1AVnDp+/tePTU4+apx4156nFDnnrcPPW4+XP2uOlNLHmY7gB6EIwDyiCUDF9SXYB4TiS2xvtNZSGNgie/lHZTKwRO56IY3wV5eP36Dv4WyhrDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6NrKpZpgFhGWXQ9ePfvowFqaaRjOW5Me7rh4ewtfjazTLy3ijmFwFwahWxfD5rYOJTqjTRC9srMElHflrdc9ZkOthmC25BJYVFx5N862zhS/iQJuoOqpcy9EJn9nJZszWbBNmnsMhxXZ4S5xmM9FfS8RHytQObE66x2rbToggAErlrMbGnmU62aLvTGbUZJOWTJl7Vlk9A03HYjJPDj+4xq2y3IfQM0KG5ggbwqzDAj7ZIH34i5nFP7O5B1hSgHJoB80auaFga2J6cx3Q1Uy/f35ADDf4PmY4CBi9IZ7+Gdr09/XBoDfNRxhree2uXT+Lo++6cqq5Z4pXlgBhR2ST4/Js59Oj5/fecTXR8PhqMmIart11RC221n0tKttH9iv2t3tD2rh9gf2afsDm7HVGSqrS1k+tWPXvmvPUZAb10zDu7jaZ2Vrd297f7t5WgpesMsVFmB7c/rmBLMLvDT0OdEALRirzX5wimijGIXQq/HCRC6OSkNhkqhpEKeCJlJNN/EuHtKiNwuWcboBHur47+TTzBT5P08P3x7WImky4SmnOfqz/2fgRJyv5pdgUayeDEurF5Vgj4xdtcwwJib9hoyIaOk+/3RZQVWsjpLeWEKK0c4Fkak1JwJ10d4CO+vDvZ1hi4Q+U1PuUZSDhkshwB5MmuYxW2Hjh7ftFoWofISqVrVg91kwaI45pbCDMi+k24JUzsXKgjXRrW0nWAfPjoJk2Pvl05INFL+V6lXQlBH6MUb20aC1YUGP6lHKG7pSFim7D1PKN2/b46f+jU/9G29f7VP/xqf+jU/9G5/6Nz71b3xA/8YoMo7//sC42B4/jR3EHl8wNSJKfxf7sFAZgLpsLoCIa7JmP/aUfx/tbe/vNABFcXz5nSlXF6hEgHoFMUiLAkJkHlUH9NFKLBhQz5DaMq4gsMNB8rxDZSEKI8QkrbS1k1WswU/1AfxUqg6hj2rRPjtvObFQL1/GlfVpd/gyoTmcQsNvkFmt6hr5tYsrcBefJJrXRSo8Oz98+zxB+wgM5hC20HdVSyszw9B86MQU3SXBlo4r48KX6oJbrWL5x2/PSbxiQp5Bfrw7H/o5+odZQXlev9dF7F8SllNteJqkcuk7KsA917piKkE4lxUVn4N8F9AFjPbZ0VugGwsE3MZHKAzI7azWVZoE3xj5mU9n5FDrSlGRMnIOVVHJ0eHjkFAJs9TdyechAGYhz46eYx299vo+nD8G+KigBMu+hMw/jgd0+3X8mP06+uuH8wF591e/b6ciHZB3H/7aag41IEdv/3rH3oYj8ll7nMuU5p38iS++yX4az1deP++oQ5YMLEf4O2fzx6xEqikVLsB1xauJp9Lk2bvPOLSnIv3cxdL8shJ8VSph35ppTuyMdukfHrH2vi5oD1w/VB6+lOoS1NHVJTQGEQmVjiH7DOcLAvJiQM5BRTnrkPQRzflEKsHpg5YopLkE82+JNd3mYb3oVKKOtwYqfICWDMak0DyDjm0QvtLZrq3h1nBj+GJjtEeG2wej3YPtl/85HB4Mhw9eFXZlXeWyMElliSWNXm4M92FJo4Od4cHW7iOWhC2pLq/Z4pLmU0vrs2VyHh9Dh4d+/OA68KnuWFcB+2dds+5he3/+MLkQLSqt1M2qDhb0v7Tj44J8ke48tw+k7qd6WSQgGCMPgvCDLnUeN/4OpoMEwbUpd7dGj8UE+1RKUefKPcb2PHFDhA3MGDifW9sXgjOXWNXe7u72C4/1dhmaR6zyM61rSBy1trWzfKLd0yVN0ebmpquubw1dGeJlYdZMcZpfYnLqigjUFS/Eqeo8WF3V1Nov7aDCQEivTBdRCbBJXGYT9ricUZdoOmg2q0ZXng/gl2A65dAuR2R1uEwYuu6h2sHu7u6rH398efTi+OTHV8OX+8OXx6Oto6PDh3GFEHK4ck532uzp0ghkDnGPETf4hdX1ZvG+uPaFgIieQMEcLshPkrymYkqOIMaZ5HysqFpgjwTv15xyM6vG4NKcypyK6eZUbo5zOd6cylEy2tnUKt3EIOlNixj4J5nK/3i9vf1i4/X27nYH/xiysPFQPuyM8j/GEtXBFPVgtFelZ1SxLJnmckzzoM0JtvTVRGuRf4Sl+ZmGpgf+a1qandh+57rB4li3mJrnF3+tVdEBef3XcyrIK2tEcp3KyBQdWHMkAcPzy+7vN2NlNlb+qKX80WbmbQeysYWfvbJvwKZsLfRha/kz24fulnW16s/f66tcO6nTRzpUt3035CFCk+Fhc3mhP7mPd6SF/sRk3IkvpUotsKQoJjnROuAKQpItrFGblJBb0cz9BeV6ymR4Jc6eCl2LsTA0FsBg6QwUwbq6mYXs9MxrdVK5+1y1oauyzHnIlViqQR83i1XlGx15Rti9eZTCKEabRcgwl5qJleU/vW3kPbnJut1ipTIzcohttloAgvS+5Fr2NLX9MihzCsLp+bv+XrZHh70grWoHHTi9m3hEBW1lO3iqvgeUKZOXpYyjSGKGJsWUG+jvJjKSUwMfujcs/5es5VKsHZCNF9vJ3mhnf3s4IGs5NWsHZGc32R3uvhztk/9t3m59Ad1o/YM9aj5VvBVOQwMKBj7PBYsryAmZKiqqnKo4ZdHM2MKyFoZMJboLPopbIESX4Fy5As1QYQf7u5BJLqVyJuIgWHndqnQIXk7K2UJjIU7Q2gbABlBgNPMDokqJ4DXgwtqZsgAuF7Gx7o30WGojxUaWNvCv2NQKjhWeoPcww10HaONvR30wregIOXh6T9DfKjZm6Q99eQReToUvbpdUFzPmkgOiBpE9ZYzgGV0nbbeSZeJyRsu3KW506f/igU+NFjUhA8qEBUNVsIK5YmJxydZGjUVBXh8fnllJeYiVX+tsKoQ/7ttyW0OKL+3X6Wkdi4vCMvguz30zZOc/ho99rpQEgJIfehqUOPr82X++p4HpDHuNAHnWFFnXGoPfg08l9LPkqh0OBnV6gl9FeZeBfZ/5nkNvjncHkCDyHOi8VMxx64QcZpkHYxJKXWBImxtivICa1Cql2gfzNoFDZky9r8dV0YfagJqVVFEjlee4VDeq6jzTgl5j2ZQBwfqHM7p9uTvaev4Ale1rp/J8/SyePyaB52vm7oTzJHWjI/DP/vOd9WqgOEy7Xo0rIA0hcZXB5g3aUBEVzTs5Ood3k7/4Q3Br0e1ufReYFMr4upuv2L6JqvlKhYbLfS1oYa0upqcZGT+jKptTxQbkhitT0ZwUNJ1xAfE5Mr3GK0NDuQAFyB7F/6rGTAkGFU5kxh7UC/bWWPkvIv/ftao4N+brBsjv713u7fxREhZloZxEe+dJzYvZ22RsnWiLumcaq692kPV1fZv0DSNKRd4y8+Ppu/OGXIaZXnNRfeoZuwY6mimMCHLfFynvyd999/bi3fm7gJl7nB9TJpNvyGAGcL51oxmB/OYM5xisb8R4tiB98wa0BfLJiP5jjWi7B9+iIR3B9Uca003taglI7iTUn90YsYRp9Butu6KHSrdzX3L5ykNwBYaKPY+KmUoJ7a08kK9OvbnHAP0y9VCd9YlyPa7/cqgDvnwDJprP6UKTCl4ZQMlHVzE6OBEKRgUXUyhg7rr3MnHDlYTE6LhXR+gkgHE3CiNRXNuoqzGjBhjLVRsL5T1YCA80213C+sp2iHawoWi6AuT+7DbztllXdCoaSlyXPuH2wgW7A2VGVBlR4wfBP/mC8I4hQmuq3yqaQzJ0GDPSzUDdp8ha3XVIHZ1SaaYSV83dGskkYynPoEGTVS+BlGomLu3zrc2XOpnQguerurZ9d05wfPLMX64olkH53YyNORUDMlGMjXU2IHNUb7sJIPhkB+4qX6Y07beSeNMxU3B3m1nNIbsSEwBvUVVpavH6Rv6L3rA2VqLeMyvYzfYacLYANpjJis5d4f0O5DvJTjLcGI22NsCW5mkb+scpPt/ansYVBBxqbtvE/25jwHsjv9YO+vnc+bT6mtQDUo0rYaq7ziRVc945k6tNQu4AvyzdjYbJaCcZNaBdWTl013S1JSashX2UyyoLxrK34+umV05LwVQqaKx7ZbaSgmW8Kq6gucFN0epu1rDUg89mAJ7b2nXgk4rjq/Barwgj9ukXrWrg5ZJlQW4LID3H5uW1ZhaKPaMbvLlt21u7zemtvPujLkQgL3CV9yGwOsh7+0zbz5p+zQS6pDuRFZ+PjGT7w/itXdi6BrXJi88JoTeU53TcUwzjMB8zZcgJF9qwFrMCHODty5/3hi1a5Dd92RbB+bXv3VpArLLIhMMU8BG48YL2BgpDmhq8eQI6PzIcQaiQYlHw3yMDAVEYPn4IDa6uYBU8u7KUgh+8dYz2SSrFBPeqXVhaZK7PbxjWl7bqIaqVmM5dUnK7BVN2gXi45+EP41znM6l8qQUoxV171OvFNYo4jdvtveE5JfOV5YqHOvdAeDCT9w5CIa9mM7EWwOv/XLvmYyroJc0KLtYGZE2xUiqrrl3aAe+tEB98SsY0IjR+vrg4g8+339i98vfeITjQvhR6G0GbbHQXVSr3bVw0wx5uJqIZux0q9yt17R+Xj9XwL4xltkjiMncP7PAWv9oko7iuRQtMArO292V//8XtILqKbN+RBnDhvCa4wXeu/GeW55LMpXJd/zsYWMH+XEgs3n3HLj2zwAK3nTFqzYCubTXa2e7ftIKZmVyVIF9voBSnimTMmeIS+s2dHJ2TUbKXDF2xxzyXc2uTTSueQUGCOQ1dTLKDeoA12Lu6gxIpKg095aP+iUaG2BDse/NbxdTCmnRrDT+qnNRgoCstzA43CqViruEOS2nlDn/obembbTcKPMJ6fV163zEShG9BofW5YdAuNiHkXWMgX367oCJrNCHlAoDcSobJsHPx8NPJxYCcvTu3/36w/8jzi/49X3Etz/U33FX+8JQKBNpmgWFVF3V6G2xgT11+qrE3j7dJoR1Nl1cNIpZg/PNXR/jCxgVU5MEzkpAjWZRUeTdZEYNMw6BRHxwSz7a+rkk8rBvVm94zlpdut90uwzSK0bhdDyEF16A9TaHOcppzJkxPdwFe0CnbnPKlq1d5HEPnXrVUuP9d1t97N0zdNyo+2B1m49PixrmcNjpHtWDUpRSafXXRhtMuK9tiIL9/4XbX2m+Xbh4HX1u8OWgfJ98c0H80s3NgfDluF23hF2R3btQefoe/PIbhNbhbGBU6gaovw+UccrErS8+l+uf3P26eG9e7pvdufWfYjAFbreMa4LrtJmAEjum60rhhakJdNpszgU4bX94dqB4GiIPVfUECxVKpMsLFVDGNQcAM/2zOSxquAaiTh9Yc3j1S4ZvEqnZDXqJkBZV2c0nt4citUqaeh1HrY/IpHJMw1oyKLLfESENHvlQKERSvU/c66m9uTOr7aIZhahQgcH4szYSWyrURL6kgdkXP8UzHcCQOPz2o6AnnXN48pDmnqzLeA4ngLHjRWu9Y7YIb9ATL+N2rVVffYtolpsJ1gkUlh6orAyIr4/5QJCt+B49GCh4lD4agRd9VjHtxWa6xMrdlja/T4zayGuRdY+v87Zuzzjkh5PS4R8ItXWVmhf7O03gv2O0U0a1tbmb3wF+no01jPvXafbwjtvq4E/YcGjr7BnUFS2dUcF2QqGsdFL+10EeJnsz+WodaW0ZX79a94dad6dy4nldiPyvfCjTMH/nAmi567A0eJsJO6X5MiM6IW4j/5aqxEP9W3WKgp+d8a4VWjbCLYFk8/l9CP9lxZYii7uLP9539C3iGuXA3gtZARfQ9IKAbKqY+ru5pq1Zru9K7RSBU02z01i0YBLy3giXCAbyrFPxSJeDroxy3j59TLdbXDTTGxIB7GuAbkExiT3lHZXc26N28oWozl9PNSSWgkK5O/MFZgkPERaC/6E11cGPYVYX4T78N7Y7KDjfNDl2IKefs0Q5BbigFllFlDYbQaN+06jqB1BWuR9JUQqICkjEMgpfecA6iZv6wK3hQFvbtWrH2ffzLysSnJ5xdy2U8MASagqCC4Jq/+5+eR8s+hx7auJPIYq7mVImrAbliStn/4fBPrSPQvKf7P7TZbG6rPbnqnn296/RcNCNu3YBOQkODN+xlgrpT3RC0AuYRH6B4lDSn2sePccEN9565MAPIfN9UmaSVNrLoD1SSauqLtGK58GQspdFG0TL50f/VQAq66KCgfZJzsYxktAK5RmQHQ3YUX9opLtfr7sO8ieXIC4KucPHOWxg79FpHo7Xana1bl7JCIb/eJoMvtbrwfd3EzDT6wVn2F5JgfRvLmIljZCLccKYG36sn63/FjgvHP4iYnrMUSCf5F72hvUivRLrC4i0dlLvpXP/Hmcw6WL6HdrgvxNJcCF0J3/esoOETt7AVTEO4MFwF+1BrH6caPxG2Eas9El3m3GBGnCFVaZl46GxXUmXicP1TjJVV0B8Ipf6VG9bfzCHy4qhaKuzuQfmzDEaszb+acN0og5hOG8vwix10FpS4MN4wJvRWoLmV/QuirQzAjkWpM4go1gHBKC0mUglaiVREsDnwHKtsF/KGNUkeur5WZRvktsOpccag7B/LYFcymV66AHErijKu6ThnGdHSYj6lIBrHDK5N4oDisY9GBE+WY96KGcVZqINydYlsoufEnbOSjF6S4f7B1t7BaIjpGRC+9WZBalWmU6AwJH6CfF3iNGLP/tvOnBPTocVqrIQMfAfdoLyh2C+4iZncDadumISc5YxqRjRj5P2rI012d7Z27BZuj/Z2kh74kwlNec7NIlmF72o9WqGrF0j8hB29rB34FNZ3mKZSoYYso1VZ2rHLGsTVCWtfBhVejJIxM3PGBBmGIe27W9tdotjavhNHK5R5EaasirmBLtilkdVaBxDzi761lIpLtVxJs4dtdWub/Txdgn7kFrN6SK7JPvlLjZz/DFpu0uQ5ofylfV8hX2efSpa6iIrAih31BEKBmUcvRz09M7Z3+9AaAHj4Mbr3xATtfukT07D5nKIEZU2hcU3EMGIzp66r0J645jSApbZ39PT4/PkgtmisSdIB3p3MqbSId4a7//EquRN0ayCB2PAGkgVWGy5SE9lh1lCyUkCWaLFE/WVTWaJzqGUU9YLS2fJenhA2fNV68B9NDGHCZubNUkQADvFbKCAyiP/AzY+g6Oz7ibNvg1sTXe6xc/Bt9NU9xUy8w75ZgQFvDoqiEk4NQ9eRvIEu1lZlpHW5B4LKGI4TV1DQDb+be+JR9Rr86D7MzA1LtZYpr1+0uutNHUq/1EVBbbmv6rgcogUz5TdMYDW9eFbnwymVNDKVuXMfeKNfjblRVPGIcLBVq5XCGHQgphp14wI6RDF1w1OmB6CI0lxLmGyBBkD9sL5elJE7h6e/DazkYmMprwfEzK0upxww87j7qrU4NDeV087rnuY3TGRRCAd08wFY6lKAVgplofQflgQMNvNmxrQhp2fY3kcP4MpID+KwkDlXLNROjGTqZwQ7Qb1irL2QVuEaJoyt8UKMrJ36axrLnE6Oznv6VlFeNEirJyygY1U+JCRgHWMCMBYAO9QxpXBHxtKeG4hTt9vS5LNXiGCMU7gCJeLKItvay1yK8L1i5FrIuRiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld0tRe0EveNeQA6+Xxw5PcPLV0dNVJM5y3PH5MJ6/PGrk9qb/C+qJE+MlPkGnQqpjZV8hoqMKqAx35s5DDvJm936+9v/RWWyLYHkfDozmwF5GzzbsEKmR+k7mL37T/125+f/fPPT7pt/bO7PTtV/n/2W7vz6t9+Hf21sRSCNFXg51o794F76e3ZtFJ1MeJp8FO99UXGWkdqqPvgoyMeAnI/kL/66/KMg5C/uvhz/5mIsK5HhB1mZ6BN3bfbcS5/8p3hk8hdSCSDuj+KjwK7UtCztYQaJof21g5VqzsoppOBGQmiIu0UfxEP23EfULA1qt2gCdS0sVm44mw9cka3gHdDk45pf8Fo8tFTk45pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQj2th0+BT2LQ1t1q/bREiko+i9og2XnH+GivvYNYAEYEpoPMnFlPiGj2nMaTQLgIrYbS0HG9pmbmELdSgV7hQijBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXIogH9aN5B14ExEWdlRjlIEYxtfbb0/MzTaSKh/z72dsgmkOGZLLWdZQCLhtsZCLVnKqMZZefU8qg7lKHN4SR3zz6yblNSyU/dWPyRi+3klEySpoXAZwKutpCzqeHbw/JmRcWb9GQf3ZvS30vXjYQuO4X2Fz/eW1znDuxAupL7upi+7e023ya86lwAg0U4LfMvMrlHChfw18uUSOMm8upv3Pywdp9a+p2R2kiWizXev12J6MzURIYKQ4roFnmJHCGvXQt5Xt15Canwj0cO3vrswVRWYKpwtLZ318fvkUK+22Di43f8AtDMRiBa+JqNybkMLfqYZT0hfD4m207bcLRLwx/uytwgD2CqRU1YHWJWne1cGgmMhdiATwANi347/eHW8noN8JESktd5U7DthZDK66qZe7+ytj1gPzCFdMzqq6T5wHh94X82AUkbnUrOjGA827gTyMIrHO6l47piVawQo/HO2e+42JuC/G5dTkPDMRadV4mGqLjBZGQ5C8V0JizdHRdVcofuvZyfoIMgF/4hDfALml6zcwDDJ4+48YN8ijzxr3bY+DUv/SYOP7H2hZ2xk6/kbPVjGb1LHkFevX66xeeTdb2CXIe9ikB62FAcmDX/6KptdpD4FTwJnx7VnLIOQxx/h7qVaDw3J1Vv9mRhoAeEkhYp1mkvf4XzhMfQ+I14BrDOV1YyV9l5YCYtBwQXt7sbfC0KAeEmTR5/u1h3qQtxK+oLIcLHX53fkreyIzlaGDM4/IZnqxfWywmFnc7iMHII1Vqlg5IyQtA6LeHTgt0A5/fsxz9M0jQENDhRoGnnUf8XfzdXfWIo3jkdlFi8PTT3POSQehWjoXDOo7kjIGJVXcoNCw1Az8+xnZh4Ou9I2401XjnArByrmBG8VQ3e7KEUjUhaMyXIcZBIXsTCh+4pYLlGerDdJJTjCSqEssjgGg5MXa6xJfKa5dF9jc0ekDmbAxGHpjsXBhVQaGhkAW6WSpYL4zrS7p5fbj2cfzgT7BVkN2wMUjRjBDRkEsNBkBnaIvVw7M3IR/nh5rtBPqM7jAopqTecoXh5IbPB+ATQkVITwKs4zp1oAvtw6CRNnSt/N+Bb1iFGxUjoxRPE/LGRRn9VrEKByYnF6+hqjZ0z9TB3VkqmTL0pTjiCsOE+u+KodOlbgfr8aFdAu4D7l1YnPbxOBPSn+nE5dXMJNpsdQoJ3HREeRJorls0QEmbwPYt98ON/12KZn0QIwkGavLJwifweLcmIeeYDkNV0fC31fLEXXW0DbhWYoy/CsP8GGuX35If46L5DJtKxX8PvqSlu3rhApKAkuQpT+bB5lkHh3/6xJnOir/PTJrOgr5nhS1ewneut3UWZZnwqhwgjg0Dn5eTcJMUPHJ3rI4YGQ5UzIMhp6i+cKSKQbykExZ+ZNck5dRdYgzIifPs12Lo+M2vA/Lz+wF5zab2CWtHtjF6hg2mcZjl+4c+Vft/qvb/cJB6N/Sp2v9Ttf+nav/fRrX/xxZ2j1NqmsK7vlj5ggaaL4KwegvNz/T9mmhutCcbjXxOLYMOEv/0Rlp3yd+7leZX9D2baY01/GnsNL+qr2iocZHKIg6deJyhVld3oDhq00hLPLvqGGlgnIVR7zHSjt/8ujQqHxdHVcdJ1XXB+gX5arrDvDk8uh2AxvyrTEQ5qjPiu0gIm1VH7sKD4HV3IelxTH54sxGB7wt4RRF2tbib1LE74XohuPwpZrKyvC4Lhem1Uk2p4L+j4tyIZBAyTvKHKEfGMpY5LR/TbBGunE0MYUVpFj1xwZcQNHf+U2MjnvrPPPWfecBuPvWfeeo/8yfpP1MqmVXpMuVJH5si7Wa4RRK1QNRbw2EDPs0Up/lqA5e9Le4mc5Z2U1VYWZ+eWbMQaK2nzRh6syBmAdS7iZJFM2pNuRZ+Ue/zEBBdj7QomU76Sgj5kHV1VatvV15aQz2hTMP/lPA/IDnhD5nnDKoOoT/A/lWHBfTkZTas4brYZZQU9yWR+ncYeDmCO18UVJiWh6n3/H6ZLtF+UyKGWBdbqXUfeNfH57S/vydtNR7Hx2IwoXg6Q4KCIIxGz42QS5rKoqTCa0FWrQMnaIMYW4mlcR6rDtU+rWoIGb5UKSqmEFEz4blhzkUL7Q680gcFOyDoVsCDXnEMYNTreUh9uD+g10xTfSUPV/W/GZEe05BXv2oJ1yDPII7OQRzdQ6IXEP7o6cSXc+gnR9mSdMvXOP0utfknVb6jyn/Hevz3duK/sBL/HWvw37z6HqeV+DpojhufRV/dyYRrWX07DwbZrA3NsbgXxq36WT18p6YubwbnoN3RC4fyrw3CrRISWMQgNP89HhUKNIShHSA4pgshrcfCzlAqXDE/oBq2SmfcsNRUalW+OLcnjak6u/tpf+9yrxk0P654nl2ulhrXD10qYe+uQWsCC0W9TROXSOjIIvCZQBXhm6gsccinTGVRcEPOfz7EkACB8dsMkrL9ED3FEyY7kxds/2WW7Y3Gw5f7++PRFmPD4XD8cv/l3t7+3osXo2FaxyTc41hOZyy91tWqeNORG76DLL9C0BdvmAqV/Loppfvj7a2XGX25/3Kbbe8MX75MX2T7NNtNxy/TlztNGzmafEUrOm6GckDucZMLBMjflUyEmkVKThUtwHjNqZhWdu1GOpLScCW6qVjO6Thnm2wy4Smvg7VJHSrf1OsRnZc6lSvr0HEqMtgaMSUzOY8XDDX9wo66yLVKM7UB8SMDMs3lmOYdvODXfQthy9gpGTX9zVos44P82V74mpjLecqEXtmVw2sc3pUBx0TqNub8YW+2jSSU6NCa0OEUAoTciLGppWRBzs+O/5v46V5zbbDWTs2MpNZ8nLM6/VyX2SdIPXdD6s3nXT5zWNJ0xsLAW8nwMRrd54iIaIqacmRTsVqu4vnjoDCzqGqR3zfeIai4qnil1SaQ/uYRy3OqNqdyc5SMtpKX7d5NUJ4sXRUKf5aFBRl9DWEy8uH963Dt5DUYKFrBda2S8LqM6+0VGkNJGml5mSWmZeWNVWyWWPWDqjd6imm0QerKka2t7fsajn/B4nfOkdnVBeDa0IUJeX0zJjGstr8o2cD3CjAz2nykoILWFbaJy/b1OVQHRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n782wlL2Plv6n3n5CfobvSYzT/X9A4ImdSGUv65OQTSyv889nZyfNQ6/abUquPzj40piGGqikzwRkHxbs7avbeztJaYsMZupIwIejeiNM03NXY3MF3ryTUwFM8Z9C3oWuAQ3U7OTHkSKpSqmam5T3LXL32GJaaddXIB670jMbh0feszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5Sobhdfl48CIKaBKHNZ/OztxpfUPhYeCbGxASxd4jERwEfuLi8zw+b4TLqZMlYoLQ8ZcQE0qSK4kdGKYggZhFl1oi0rl2sSkMmMbcSMS4opheLNVY8V0maaVUlY7RyUU8+vTGdxEQIU5o2gwewF6rMt1bzm6+XyeTLhibIHdKce5nG5ik84NxbC9xObWcLSzORxtGkXTay6mGwXNrd6xgcjZsBNyMU1mpsi7AmmY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/Llu5058vMX8Ix+ALR/YHWP4dTnZ8dnr69SE7++2TZdaz2hjosqu+a+oGLWwt8+OOnwxMvVeHv9iXJ2t2rj9ae+vBpL+ijr+6+CFzKw+en6L/Gs8c2XOVBCw2oiueSn5vd+aDIrB+O8GwzIrmob1FodQA3QVd++pJnV0RODBNEG7rQvkcfTkW40SyfECrC7tpVlRzZiX0Q7Wtfqw+uGxDcOgVjOb1luqp48vXQ2d4jiaopFNrQA7toaFKPeLQLomMt88ow35mqZnkzRlhQ0CKW9Qa7RuM9K2KmVNJqRxC3zw2/aaQHdHnP+j/XwJ4bc7Gp9WxtQNY2cvsvtM4fkLXRMLH/N9rzffRjvF1C6tXDDJ2WB4GJqQkix9OGHRsukhf9HSpq4eKjEX1NE1f60a7YfhpX6TUzhAqaLzTXRAoyk/MwZGHVsLAnZG7t4HD4oUc/VfGRIW9AOoQXXNfuqH8Hd24kVAx0pUueclnpUKy5uwUPUE8zdqn5VFDwJ7NPXN9bYWosZc6o6MP9j/hT3BKHT6CrpZshLgrXoRujKrb+SMixQerKDt19/u2UKYOOWN+rtSc+NqIt37AvVYvSyKmi5Yyn2FlL16c3HvWG5jyLU9ugkV+ljZ/PKhs3jFSirpTh2oj4V+tXfNJmPX4Ydk41qQQ4t1lP/7eT9+/fvb/88Pbi/Yfzi5Pjy/fv3l08dssqSGxaVULYOQ7fkMVwewzVvdUXNX9aKwMkL+WRveMsrZ8bqZh2ZbHqje7ZPKuV8jjU+e92x6nx9+e3bTq+51mOVUug4InVeanImh3ukEs670tP6+gFlG32NVYtZ2L5Ai9J0G+GVNqVFp9z6oGyPxPN/TwLgpX4lGOT8Ih74Y2LVeSmlAttGhIVzJCFb53dNAS6Z5M29uKeg/dQPBUFFdnlko3nVhs/0NMo08GHLe2AZEAuuuZiTja2w0C8MhPmittt1soMEi/N81qqtpsgdsTtZ6g7sa5DNqDAuSJBxVl2wzBGboV13G+PN2sr76hUN1MNkXmgGHN9Xeu0IAzGg9s6rPmn4yjRWmBNyBxSQxrdDuCiABK0PSAYCAOH5MOH0+OBtXYKKbzRQn76cHqsB7EcpFGN+sIeM7vUfBHKxWOF8VCTCS6Nu6s+kkIbVWELeepsgXzhhosxB7kuloSlIKWyzC6FK8mCGz6NhenZ6TFRrNKsURa/rmPvi55NoHMSLg96gFjTcEAo1N9uhzISn2VrsSe16WGq6Va6s7ubvZy8fLn9YnfpK+36DP3hPGP5mKPDlokT03TDxLnj3LawwM0jWvp3Y2jtQKhyNG2RuoIAtjtg1rCI6oz1FhWNOpyNrfrshFQI3q4n8+caO8VgBePYB2D/A9y25/JytP1iWWKxRy4pst0VMaw3x7s4RXdSPaOjFc16/vPh6I5pt3b3Vjfx1u7eHVPvjrZWN/XuaKtn6u8s+HDdCwgMD21IfOhUTVIXQIMRJc4yUETzgud913ptzlBSZY/nk3vnYe6dZfyzNWafHEBf0wHkEP/9+oH6F/DkDvr23UG37NyfxyvUv8An59CqnEP9+H7yEd2HridX0XflKnL79uQxevIY/eEeI0+L347jaDW+oYeg4sl7tDy2vqoT6YFgfT0308MB+4qOqIcD9xVdVcsD9004s76Sv2p5rJQs+RMEWdeL+TcJt64X/OcNvK7X+GcPwa5X+hSM/RSMvQyd/GnCssOK/h0DtLt4mC5lzT8oxe+0NkLdeiF2ObpiYrphFo2ZHd8anQ9Vsco29Hc1J10iOTFEgXeLpmztbD0UuA50XyJ90g7tMbdOyn5QRw8EFcyrJWC9NZ17xrCWRbytzmnWvW3ZGo72Noa7G1vbF8P9g+HuwfZOsr+7/etD/YjAM7Pl6kg/CMsXMDA5Pf4SZOCg/AIs04HVW4sIZ9lYuoq1B46bb82DEowUgK3lW7C0Bd8P0I2GVksozkt1oD7Msz2iAguyjBnJ+ASyq81BGDJusk/JWMm5hnqKBlgqNw4I78eBvoZ0ygioBsLk0HBZRI7xZfFelRbyh9Ft0y5lqRRZk4+Gbo9V2a3Cs731UO1wLpXVPC6xSbNUy9g4X5FOLDk4EEkAsX0F30bD5kwWbJPmPGVLY+PPYbD++1iqf2oT9d/ANn0ySsmTUXo3gfxprNF/ezP0W7Q/A3Bf37oMU//RtmOoAfQNWYZBc/wD7b4WDF/TqgtTfxM22yOipL8/g87j548z1zwE354xtjwBfAFLra7GNuXauNW70hLv4+9ury3xCmtDYC0IUNZ8/Sg/gC/cLYVevmIU1JeCKmarUlffOWUHa6WRueLGMFe5Ykw129shTKQyg+K7YXNeSRUWqLoLrGvQnjPzd6sjnnyC0LT3bPq3iqmF+27QDLuE6hS6RFqWdWQV9H/FaKurvLy0310lIe5Y+lZm48p4faMec8yMV41vmKJjnnOzAFjqGJI6QtGe8PcnP13+ePr28P0/cOUs82puR+n89W8/VodHw8O//+3Hi8PDw0P4jP/567JKCmwxSo37ItTvbDN7hAGYWPfSbiNUU4ZxXbeLevvOwoKpJpbnQZZG35uAf7cXfqMT2H4NfTLDkO75QAwwJXlmkXn+6wCQevLfZ4dvjy/Pf32O+x5H8QQYuKktICmYr/uMU7LfKiZSbCDmJgRCtaO/+fD64hTmgrH9cHlOxjWUN1RBXVWSQ04FDisqaOYMa60p1455/Mu798dIuCc/Xf7NfmqAHlFZREQhwD1jKS9oThRzuQFomD1jyZRcrY3Wrnpijtb/uXZ08FEZ+lGx7NKY8uOYi4/FgpZlwj6xB+SgAGGtqEXLuaEioypr7jcKSMctfESwbq8QSWLZVcz4zSoWcDgeK3aDHTvAavGuMDtfR1z8/F+v3ywL8DVbfMYx/pnfsA0s0XPjwvzkxI7ZlWHn715d/HL4/uRjbTl5lvz24uMR6hx/Rx/Lx9PCKiKveKhjaAkRm0Dqj3MuLAItfS1tWnUKrj5omRAJbceIA50t6gd2rXDigOf2bcTHz154OLY9CPh4zMbVtK6peX8BzAjOL0mhcTd6mMPL5m73yKUgrpUc4FJNHaf+6s7yWSG5TDNjRW/BqDDgmaKpFazUMFLyG4kBxEpWIiOUlJyldikePqiZ6T5ATDo8oLG/Zp1+5Jxf2iqxkLghFqTMqX0SW+ScHJ27EFFyEYPghka3EvSIwrNdDLDFTi1t5ASC5WEKlPFO1nEVKSO1PYeL54JcOSwmV2Elh5bhpYqZEPhtMRT33fR+Ne/Vg4rQM6nNILRiGvgo8poijIuGHZA050yYAfGPQtdrbHua+K5V2SUvE3I6wT5DZclcPsDpmefDRtbQ8/JqgGXMsK6scEgDjFHX7fL0jBjFbzjN88WACEkKCipVXF2aG5iMgvdwvKhTDaOpDkYvt5JhspWMdq8eUHxshb7awzxHnk/1jGkkAyksQpQnLKcpYR6GJ39or1lzkUqj+QfZkDX+3KihXBwXRHNTOY8rVpReyGpdWVLQlWKQHFDbSQ4wQvOpVNzMCktPzzBXiSk2kfCGJSjLMkGIBQCeLx3rAPHzK8Svb0yva3+0/SpKJuhH/Em7d2r0PIoMRl797fitHpBMFpRjRyZ7xqS61qZu0qSheTh0K69rQT+4zW4vTvpb7dpVO759eta7uKb1r1fWw8/TN+Tl4CbcBs39YqNym+Flhv98h8Cwz/iqiaGnbZRzBo4Yl/2BSSliUbfoC23w6NTaNRYAl3Hn02MIzZkyEWUJifWZYWG1wePrYdspolQdNxpec3j1HS2dCHBHbAee1XqgsoJruL6yeq6SeWi2owf+UQsYEPvp8fnm6dl5/UPo/jsgczb2Q5aYkogt6sIDlcpdkpYeECYysIZJxgxLMU1XWDXcSirNyLOT4/fPXROdkCLETPqQao+VmbVbEH65Nt3QyyBuCQfHs9SsyqRYhPYgCAScXPjLMkxJUsWoifqrhL3ylBUoA5h1g75jC+vcULXxWqrsAeaUawy+qhvuw7rzOFIA6nxuKFygyzZz/QdR7HgUBJxY0VMTh89a60fFoTGsKK0NdBopXq8ZvV7ayFz5ZfgFGNKde3DYdrfdHg/9i/wxl+k1Uey3imkDCl5ZjXOekuO355hr9vPFxdk52SQXr88hBVKmMtdLS4pVJSwe4hpPj5FNce3z8ObczFwlWGj3gpwT2WSkStZuFM8eewnnQQQzGi4d/LfaviqxdZTf0mLlds4QUINZYdaSoRm7o82Fa4Lim58ssfwl724eeyLim1ZYJ3jkfM72cufi9buj/7o8fnt+aQ/B5cXr82XXtuquJevvG51KjLQ21N0VKuK9DrvbKw3CrxaNdniroKNMdX5O7MG7vq5JJtOqzgBuzgZWlj2Z6+s1PQlpaioaWJsgja6UKMm5uIb1YIiEbw0Ht0SIgrE3NWoh5xqIgLLTdRj6GAsmkjm/5iXLOIWmPvbT5qO212pabFVBA29blKuZGZBS5jxdDFAzQY0A75O91LXWE5zsB8l+TCktWN26OvafOR/m5Zlj+ZevUMtaFk9V9Y3wfnDHSBUiEQKOQCToWiagLRQJA870UuKgyTC7YmE0HOJ/l8XdakPMLqImq5tEsRuu26rDmNlVA+2As8NVP+ouLblnTSGWATAcm0jn9Td3GEmH7jm7yb5dOdXuwgX8T/Y3QWgwHlIphNueSVDU0eQhik2pAm+qZmCe6EH0PO7/mOM9KfLTSS7ncD2mstpieiUVuTg6c6MOkN4CmAhbyvhNHQXDBTec5uT8H2+hOxEzz/Rz96Mb1A5Yw4J3L0iLQelqz+QYZL7o4OOHmgt4vEBQG3WDg2PR2UGEpqb6/9h796VGcqxB/P/vKRTuiF/B/Exim3tt9E5QQE2zQ12moLq/b6YnQM6UbTVpyZVSQrk3NmJfY19vn2RD50hK5cVgAwaqio6aCWxnSuemo3Okc8FKBrblombZmLT8eC2jP2BXC4Z1UIgK4CoC+bI/Wy/RKm/munAWm4Ud0fY1pba4gqpMEeJhT0BOSxOg/wxY2BGDuirghP6RCxQKuH/Cw0L7dtNgBWmF1LUhB6CCDRsxcrDqUh/g8OsOhfIVF5560SQhio2p0DzG26CvsMdSQdhXDCtsl5Q6xx7pgzw1j11xgy7/kxUXwQZRlkHbhuIozR13Zn6OgXGc3ZgCVajbSPC80948Ks3TlDA8fcNaLNik0fjUwdkrEGzAg7aEdDLJ5CTjVLN0uohzjYfByzKcQOpx67OM8afPgINXMOM+H+YyV+kUpRne8Voerk2Vz9tOuYK+t8cf24S64zY4Ic4F/0qUNHISEfJfBWVpek2nCs/by1s2vXYwObm/iOwXF0iyso0mjBVV3BQnuavbBCfZEZ9cGFAuIgTrok0SNmFwaE+ktRmIFMFBotlOKxE4VEUiN0bCHHyZFYRjy8vgOISm0HW3aMVBcy2FHMtcub7tQPfiaw+gazWNA63sn75frRV0gcBfGo+KkyYkJUZksoYdequ7vVfFudSZ/1kUFJg/7KexGX8J5b9JOUwZOTk5KOHdEE0zT+Rl+Fq5NiDEzUAREujoEuh1y3pUxXWW7JY7G6MA3wLZTZeqVsfjOOVD5iGTUcz1dFll6A64njZz4Z0UOmOVJq8AjhSaCyaWVhrvfakknp2sBt97mekR2YcIENoAZC50Nj3nSjYUwXkY0uEU5Pj0A0Tq1yA82J8J1rK4aUFqZOgBFTSpU8o1Gb8FnCGT5+BsN817IsWQ6zzB/TelGj7UD3D/J2mlUrRek7WdjWi7u7m70WmTVkp16zXZ3Iq2Olt73V3yv17VgHyAgNpXnxXL1tw+WjmYpL7XeptQPCpA60kOyDCjIk9pFha51CM2JTHU/jLmYqkUl93vdPmwh2doCcVM4IUAhNqnEsOY+iwryik5k7TYWRC8lExGU8XNH3gg2CaxW75hkNh7qQ09zINoOYOhaTasMWxsQyZ9Z/naqURfKi3FWhLXeJCxIZdimSvqE8xw04Ja+8fBLLiWtKQsTI0r6h8567MyoarXjzUYmq8ei2gD394X94SV449Xm8ZOOv54tb1a3hvGNF4Cwu/2D5phqdbk1tE97lpfnRmfz3pBkIQRWu196KD/fv/MO8O2ABi3ZlKxECWZZPyKakYO3/1zNTBAywsAXKtU0oT0aUpFDEswuKuTGclkblZmxcI0eE7kXMkOCyUVhASAFLLnSwJ0JxcwvWqdgJm+m6FVyX6pseGemTeW7LNEHEMkWcaS8yYTb/Ed6AzCFIcjpnQwuKMFztEGgCcTlnjQ8r6zDD1r3xYJDe0gxBeGs27eQGakNZAyss9FsRy3jKfeCr+oloPGy0sb6JQwLOoHpb9YzJVxZGxrRHAtU35pU3jwYk7lgwH/6keEZ6Bp/ev1dXwEnzAOzGpEzjDUSEv0yr/ysT8F7k+J4uNJOiWaXhb8Q1c0pUoTfS1JSvssVej1CqkhhASLVRrsz04OlY8KbsUyyi9b9Q0voEaJ+57sy3L5z0LegnB7Y2SQm1X7JacpVisNAmVcWENgHBRhKxgqwr7GbIJGDAQxwGt4x1YWFSvWESHHglAyoZnmwTkVqUEASsIWHDb/s7/b0AdvMYFpk6c2bTKmojioImW5agcUsH09VR2hPkvldbOYN6+J8roJadu6vr6OGFU6Gk/tCCgYuDKo0q3Ij3hsSyvjKCNa1DNFXDGc3U1TRKC3VN7vRSrvd0uLr10S4gK8UmVM1920GKPVxjUnJNEZ5alZMhOWcdlQeNkg4IXtlpN8LSfngMb82u3Ocs4GAwbVts2sVlAs9ivs7ORwtY13bZdCXgt3yFoCi1jl0nbn2KAEjMg6WQkWSVRXkNV5/bBBbpjhEsjBt60ZQSvOUooFJ+ZTj/B9SW5yxbJouSITngAUqWE+Ii64HCRyMGtbpIKcHO5/NCprHzE+9EOFsvKqjh0bU57ec7c37iaBgZw5XQ8fjIyWvGOi+pMd4BnEXqlCwYPjekMERtpnmSZHXCjNrMiUaADn7k8mUHj1unSJQiSXdu08u0S6vVq2N89wQr3uAh4bBBLhXGIMTMgJnKwOxDKrfFhKgR6BKG0tg17gYYwKhtKjwhGECimmY/5nEMSIJPQfP2MbFT4gF4AF9ADP7AeD3YXf3GMpBsiralyMSBrsJeO+NQnVrYUIHkaULLdgyjoQc5y7PBfNdToyHp+w1YtTOeSijlyguiiorjrKmUyXltfr+26B4MFM7kQSCiZYeGdGyF7yPhX0nCZjLlpt0soYWL9ieA5tsW4Lmw2DIlw1rCAqwn11c69+93btjl2Hv2GUMJwIFKF/CdXUQnhNFYllmrIYikLYb0sd/X03/wEXCS4ev5RTOVR2DftGBW5uSFPDMJMFroDZZMTGLKPpEntdHLk5aguQKw/+Ch9Aii12x1qttXRKYJnAyQ/e1ivXjyFjUGRDYbOLCzsgqKpEMmXsxboJuEs3B1udzqBEjKXonoZWHz70RwgMjkGInW/mSMIVVKnJuAoUtBxg8pmQCbMn7iWUi8tpX1kCBAYM54TVe2V5L63WpyMExma4j+klU4RrMpFK8T6Wl/DyWbgCRk6NQI6ZzniMMgsJ1BWpLadwmQUDDnucpzQDeP2QbMy160tTDZ58L7WNmOCYayaYbQfHWPGCwnVZAgPOEmSJ7IVHG8RmYMoDmhxUkwvznt3/zHYIHw31wSCkDU5ssrHDtlh/wDqUbcebezu9pM/2Bp3uzibtbm/s9Pu7vc2dwXZJHpd0/F+yHJ2wYUhLoJ2AWpUIVdHwIvS4sCsT9Dsk6ll5oWkqr5H9CVc64/08TJmwY9jclyyHbCB/HgHZYGVbBs9LXKCR0hQS8OFcuVghwh+zBOAf47cxVYDBkfEqeWwz5EqryJk14ckFHujmSvuoDBI45W8Y1appEHRt7bYETWomvhqIf9Qw8qIwwDCrc2AWBp6NBS1+Gg5HQjzW7HIrC5FM2DKNXy9N1IsETFnRM4Ek6GuJusiLkhnBvey0ojPvzW+wTINY6rAiDqTNQ/wKpiG2AyY41L1aLK4Q+64xkR/UbiceMpdy6kabT5YqKjkAoS5RFQDMs8jzILC2LKhWBiMDgpnepW6WVrJkSrx6VdiXUE/PBh7AKSog52drV05VZeaAtIl6YeW/wo6VsKK5GOZcjTzXikUJS9rsFySflLZ6u89JZUAloVtg66VYugim3P2QVwnF8BUtVJaaQsE46Vkla6gVPI0tUmMqMBpTsQYzwc231rH/dcsaWgUp3g8a9IB1A3D8Cq5lf2VJNTXA5HXB/gvvE/BipV4kOu0N9mzJTvA7dGCYO0yCSY4cg44HOIjM/Bg0YxXoqit0huq9dpbTRUmrXtyidUvsaAwlfxiO/FquUOoY4uNRS75FnSuFDtaSpFJeGheM2hRUprGzZMW3CIqieu1ep8ZG1Is2Qz8LwlZLblbxzQ1eFj7l/CCXl1uLYSaKwb0PajEXpmxjeNfxYjdq8qyMYARBxUYwaDnOuW3vhcPMBIhftQoxvHRFqEpAhDHfRU2JEKkgcPqWkOnw3tzGTRc4zYoMDmaJpVA8wV6KIwYmEjR5DIpNYVjsf/gtFWOK4eRTlPFWsyZ0ZCgT08l6GAJ/HPj4eC/ix3aeUUzDnEobMw7wFrkLBI8PsOhB83OOCh5LzHfy5H6eAdKWvi8B0i8B0i8B0o8cII1rzxX5K9TbI0RJ49QvUdIvUdIPA9JLlHQdxpco6Zco6W8pShr3hOcRJQ2wLDlK2iJ8S3QwTa2pXyxF6QOHGyOEgyxZ44uAMyuGzz5ieiY5onvS4xlGTM9veT1i2HSDzD9a2HRoD76ETb+ETb+ETb+ETb+ETb+ETb+ETb+ETc+c7CVs+kEE6iVs+iVs+iVs+iVs+iVsuhQ2ja0x4Vl7nX9WfDP7Or9lu1CZRZVSpfhg6uIwKfQBgGrZNI4lloiDQpQ4F9H0qxRyPP3dQvi7N04Mwu+Ozz4dkf2zs//v4O/Qk3GQ0TGDzgO/i9qNv1m7Bt8SJMXAFg68wPbeBs98WW48czk+PG2T9397+1sbClivuhAtSmI5HhudakGOiqEhEgYQijSNNY+jvwBEvlFFWHp8xIcja5X6MpPSuVdmjGJchOj3Fh9PaKx/b61GpalYPIJ1G/0lJENtUrhrLQa95AKOGcDIpPEIyjz6Os9wNq0xsgTnaQPD4liOJylXGEI5lDRF6Ipxf28FVcKFUXLGUcJQEgM69s+c5zLec/kRtiMrh37KouttnmEbW1cfGy8+nFyVLHBkOvzumeJjv2EtempG5K2fyo7FS5czxLkbvocpBJZCZUwx9DXWCTO+CTbT0oSLIVMalAUe7DGdSTVBoz/w7TUdDhE9V1ivokzCFVd2HFGul2bMtIxgczz/QmqWZNIR779s15BcMUJr+uF3j+jvdpR2ydUjK+xr5EvXUq1pfBmNuc4YlK7FV9T62X6n0+mtk9VWlTz4SxNhlmg9tUry6iL15iVSSJOaPr0/keo0Kvc7qpBp2TWcQYz8JNDE4BkRKxy+Trh5RynT1W8Cj7I0vXa77+p0Ay1GTveWWj/rdrb2GqQPvp9BoYddo09m0bZKCRoLcyRkQyjdy+LIgRyPqU1wO0UsxBAjoiYZc3kWdW49kaqYm54hHevCvjx6zv/uDMKqvP9YWgPOi1B1hLPeVxOHY92PvJ1Od5YSiTrzd52YQdxnrXBm65QFWXWjWlk2qz7Ka5adjlia3pNXT6Nu5iZ1SN7m7XXppF7s/TmPHGzFbHfeYNtFLNLxmkIDnbDCe+lkYCDjXLmz0KIdhav9TrhWLB3A7sShcyzUp0+nhF5JDo241hI20SNfq79w7BCEr9FWZ8+OGrPMxrdDkD1boOd2zCejpbVkO8WuxVwk4Gzaxgs4JYpdkmf+a5uSFJC0piBPTs+PDg5/OTr/dLp//tvx2S/n+0en593e7vnBm4Pz01/2e1vb8y5IWz8voN2SqPDx6N2a662tNBXJGk2lYCWuSUg29E2vLGxwG+hXIByYYGrHOMcS/2vsa5zmil+BAr2oo3QejygXF0RxEdtLvbCFK8GrUMyJ99XjU67q533vjo+jaO6OgrMgWfZJZkjrYPJatmCJ+sURyAhSGWbz4k48KBLAHBeotle85WT6Ac+ULomFywwe+ejt8gksMqXVJu6vBTq8IZwjqkbRONlaEmMOSppJDI3xzYUO2rC8O9wiCYdzJDkgh0efPP/KqW5QmWCOJfMW00sVV5qJ2N6U21acVI1s59swPsJfuBfcwFuSomV8PpmwDNJxgV5VTnTe7mwf7LztHWxtvXl7uHO4e7T7Zvft5pu3b952DvaODu7CEzWi3Sdjyukv+91vnit7Rxt7G4d7G92N3d3d3cPe7m5ve/ugd7jX3ep1Nw+7h92Dg6M3vf07cqfYap6EP72t7WYOeRoGyZX351AxKnLqYdbN9u7O2+3t7f3O1ubR2+7Ofmf3qPe2193uHe2/2Tx4c9A57G1vHXUPd3Z3tt4c7Wy+ebtxsNPtHezv9Q73387dns7iyJXK57J1boq1OCyS0l03fTSo/2Cxjw/CmdwnMNUaNxzbRqbGjdphxvufbUYy+SSlJgf7bfLh88/HYpBRpbM8hhuXM0bHbXJ48LOPIjg8+NnFGs5Ppj/oxrK2aXsNDpVUitQ1nNeW2TA28whD8KZkwjIjUkaUTk9P1gs7mpARFYka0ct6FEiyybb63d1ku7+1Fe90ezu93b2NXq8b7233aW9zUakRUp/TgZ5LcJKCuWWhoZqtn3EIqfS28PWICZddWtr0FRESwotZFqTZhiuQJ3VroNfpddc65t9Zp/Ma/kWdTuefi1oEBt8+VLp4RISt6TM3st29nc5DIIsZvfOGRd2tLbWSJKaQ+WzE+P2x1Z2apWmpMRYmp7oW4sbHrPcAtNTjilDsZmtvtq3TRLSMyG+YuezVs3m41KUR9bUfd8gM5Sfc5tCGUfI2i7ZGf4hsxRoFUSwXpTnqysfQwzXNW2hcj/6tmnc8xd9A5R6WmmQ+kMZV+QRva8/RN156wIedptkWKDnl+M2IpalsckBmeOS9re3zvx28Mx75xu6m8U+KB48ODm961POldSd/5utWZy+iKSSwaH7FYGkvi54nHK0vJ3XBvDacfOV0//1qhFf/Zh6zJrOpoXeTOYDdv7me4p1/ILZw/9rPtY0GweQjiO8q8ruMVXb4/pSEGBOyYoZyC0mttmHoUqwoq9/Hv/pLsLzvxAK0gCIEd5n61fHAhsmAIlg5eA/dGA0QRpJDSnoa15B2FpYxrskvfDgi+0rlGTU+u+02dbCos1CmBaTQLp0OmKi7crAKqY6qiubnuVvjNuCQhFr3jtHEt6nxlcO7cO/g58+nbfLB28nHIgaFDVtVEXPfDm3pBk77dfMQHIfU2iK5d1ksd9M4nXOyWju8M0JhtMWvnF3fA6GwRMSSkQqnUmTlwz0W9LGIHwhnmp7ngi+rWXQT6jQlZkZDgc93IEFF+u9BBqgUdi6zcwgQW96Fld9TsTJZRtx8fkc9a5NTCDf7WJPzA5rygcwEp3fB9CE8PfB5qA6q887h2s3wcnqdXmets7PW3Sadjdfdrdcbe/8/uDp3Re7ebt2t2FX9uJmYdffWOruAWff1Zud1b+vumGFO0/klm57TdGjWwWi8NGfOjt/Uh90nYF2y+kL8dHqnjSTALc6zq2UtujO8f7sKL4MZYWlqHojtTwV2xNO5fkXlf/JV3mq0EFzpyVZv7jCHGQRhXydSFPnpd6nSdGSH8OxMWMavasz0dz9zILe9tbWx44gvEva1Gv5wN2QV/3Me5s9CFBKA+Z8+njPgpZrQGG6a+rwhMrfX2dy9C+iKZZym53PX0bpH+ghO5SpkwXZVeLSNu2T1sLtwOl2hlOLkJJ2MqMihFlC7XHusOOy+5nokwTlLjbFiPCx/8u2Hjkc0ozEUPqgSeWvr7Zs3ewc7h0dv3nb2djt7h93ewcH+nTSG4kNBdW6ot2RleFzOAAtJ7YEINcVv0EdfjsfM0EeF+aS4tQ9kDuEQ5G+SnFAxJAfZdKIlSXk/o9k0IqeM+XCQIdejvG+MmvWhTKkYrg/lej+V/fWh7EbdzXWVxesxDLBuCAP/Fw3lTycbGztrJxtbGzU24K3K2h1VtT0EeBqXV3mf14FRRU6NaMaSaJjKPk29TVj0RLwjrk/h0j6MR+tweEyXtqqS3MERFl2a4dOenv1c2LVtcvLzKRXkrfFWuYpl4PO2jacTgYe7FG4/G3e2RID7YPTU/uysxVpi6EMh+Ayc1wq+d0LpB3BE7c39cq2noNyzmdSaMzVR3JgbgSX6JzMCCQuPxaegQ0V9vN5o44UjnUCJ2KZ6AYrFk97Wdja3J8KUpv0UFPscmPalTBkVTQi9wZ/IIKUltGzBm7OTUyLYUGqO90zXFMpnxEypQZ4aA9ObTlAEmZunbFyqIEyA3WM+50KwdO7lJthXfe5CVB+VlT4uts/gK4CbJRH5aCsJYdgJCYqpQIHb/ff7tlCPsQ+cbXh9fR1xKiiECVNlrNExE1qt61StASZG8g0OazjuzB+iryM9Tn+i6USsORjXeKJWK6FKWPkrcA5SeQ1ZnKoudQbK9W40t9BlTOXjpQocV5VgZhA4Oy+kLntsjXh9RQOnKqVzi5ntG/0sI28tbItG3tZReqrI21mQLInEy4y8DXlxJx48z8hbC+d3E3nr2PQtR96GPPk+Im+fkisPHXlb4c53Enk7J4eKUb/ByFuL44NE3p4uFGNbi60t9gKEqeayPUqMrZ38D7qxtCCv5iBbnPjBgmw39jY3N7u0v721s7XJer3OTr/Luv3NrZ3+xvZmN1mQHg919ao0HU9qMac2wPI5BNkG+D7IbewiCD96kK1F9mECPk/nDu2sKNiGhV4LClraQn+JR3y6eMSQBT96PGIjLb6xeMQGHF7iEReh1rO5wLlTPGIDQk99f7P0eMRbcH4GVzqPEo/YQIbv9BooxPS7i0esIvf9xCOGmH1v8YgzcPtx4xFnEOT7jEecgey3EI8Ygv4Sj/iI8Yglwr/EIz5ePGKJ8N95PGIzrt9WPGITDi/xiPNS6tm4s3eKR2zC6Kn92QeNR7wNwWfgvC4aj9iE0g/giH6T8Yjl6/IHL+aPJlipK5i79p3QTNm4KfheZnzIjfBhlFjDRUvUm/tQ2/FiyWF67w31U/4nSzCUDa6SfZQebCIhmreh6ApuzkTQi92EClcduAmnOkYz8GlsxVPvNGPmc7024HMssdK9URM6ozHzbXf28eGM2YsmuGeXE+NuQ8ica9gBEZkU4uiKPn2UZOxLDt0SJKECrvftuLZZBaxcCq2c+4bYX3KWTW0rnkL6B4M9uru32+3vxHGyRf9jDpIiFo9I0yrZ4DPWIQ3aGtpeLdi9riCZDRjrM+M6Ei2HzJCq3GXPjmw7JjnCjqhIUnS1/CTQr3bNBjayxNFaVem62R/s9QYbWzs7/Y3NhG7TjZjt9faSDuuwzZ2N7TI5HayPTFQ37dzyGr5jWxm6nrC+gSa0BBkzqvLMeo4gxF4orQB7kodi7DaJCjE7nUFne4fSTp/udXr9nYB4eYYKyxbe/fzpBD7OLrz7+dOJK6lrO5MQWy0HnTxpprT7IfYUNa8ovFa0TzrgDf79jEErQ5LIa2HEQxIVj9iYtX3f0QnVI/u+JC6sdZ5aug/TufcQu7u5ZlFZGjT7LNddCvtGHguiJHRAVcxoG0O3MZ1i6WcbF3780WC1bkhl6IfN6dJp258X0GrDSgENLo9tOSkzNna4DJqKX8Pxw1C6JssXtmYUUqje5LGhdJSPrncB2Eva06A9KHZA9Q1gMfrTqCM3ecO+bWXekwWYAsGniYsLSxlNUKx0qZtnbXSuCNyXK6YJN8vWxgC3DYOF1EYvZlMo1D2CfaP8fmVwNy02aSXjXGkYpO+b9yYNDUrxNAke7jPSmohhUHfJvN6KzHflxv82fPYaq4tZvMAQKHWr9ZAqsuL8PE2zaPjnahsw92P6JqJShJFstn9UQlZawz9bbYQHR2it1uVpYo9tgi5Ow/F8p7B3kqGPRYNfuz4J3NGg8P90EaxWLSetCr8ufrrAS5dyP1kHdKXz3iBP79Aa9Mk6hBwPsPOCUcDQE4yPjaKxfcGmMoei34UamQZcV1qGEUlckIs8S6Fp6QUk8kA8JKghXMFcwemdwIgdlqBHBIaZC94GC8MPGbZdbygvX9ZLrzc3N9YVo1k8+uuXn+33+PknLSclLjk18Q1x6tVnMZYJttv2Wg5EWRHFmChR0FOuQRtwQQTTaENIwbU01j8qGdkH6yDxW1Gf2Xbj5hvgacaoCllOIcOJpHKocAzzKpS+10yQP3LoZV+EeYF6NLt1tX+ylxDflM6/5oelyujea6o8oO2SNSGkriubOwmLGW3GzyU5mlClAn304MkwdviikQBsalEFBj1PO9SbDJiPVI8qcwQ60RKiVZlWZgtem+HpwGvrbzbCIQv9WoNjc7N+3L65uVECChywZZoiMIEVVvy1z5Rtdm9+sUllTTh4eTc0rQhVbc/5K+w5aK+E5xLhLJHR3mg2ettISPMurMSs0DEYMxDAHtnm9RleUMF8/Vz7p9rBZIgsWjx+RGxmLggbT3QBD4COT17Yt22LQn85yiGgXmhONSN9pq8ZK+cH6muJFnFlYy16+8/fkP5Go/0scK2KwUGl+o79OuOTCfPrzzfln9UCGpnux3Id/GVGWgMpS+3+oZN8+MW321HesAy6yqtZbeXnayZfjTLyB0zg7S1rWZ/C6LPVH2wgVcMar8MvXjeahgjvjK2ojJkTqGXqLD8J6GxrCOO2PiVfcpqiURG0KHeOSLHeiza49uiafY3ZBLfmkVS2bXIuEmtV11ZrBP4udR5/4FNUIYBDNe56rjL3O7Y+LQ5BtGsaBjPXu2IXK6YdUMAryhpCfZZidkV9ATev9rJGCGmLPj9VOhpP7Qgo8rjmqdKtqDgFsG3ncZSSXwa4Knvp4XWSk0uV93uRyvvdklppl5ZnAR5qcWu8u8DvYowWniiYDUBnlKeFg9qwTKma+w5Qy8k5oDG/0r6znLPBANvYmlmtoFjsV9jZyeFqGxN4L4W8Fq5xdOX0BJVi2x29gXoLl3bYx7+u+qvz+mHDFluxHIMcfNs6H/T9LHVfcGI+xQ/fl+QmVyxbYvjDZzt8g2EdQlA693SfZx98ghTC+bY9/nQWYrmJf1/mqDjhUfTJoE8Zu6Le+bVHc7aRu/3StjQz8jGiVwxOYRjENcgsOM4ROuNMWfMQJgG1IqGtOBXwGk+cpnBntFQQCpnh1kvEHSBQlGPLuLl6lI2oGDIVLXfVh+2O8WhUZtOCtGDajhnEdMnBLJuNCnJyuP/RkHAfhfbQDxUu9/lralvcIUPmnlaqkbpyqs38hXgsGGaTvGNMyjL7SBrMXqliC2+bPd83Pah5evtpn2WaHHGhNONiUSKAtD6ZNMLsTy2OSIKldXGt34L5Aj+Ave2riF3p1ycp1UYlLizNiMUSt4aQizjZoiAGGeAPLmOfff9PWwsAGolk2GGytM0M4Goa9aAgVEgxHfM/g/NaJL//+FmxQZ6aRXhhXop4cmFkED8YBC+82RhLMUA+07S8tYmkwRI3vv/i4loV1LhIO3hIIXV3AqrIOp0bxLoU1oB8RIV6OpKZ9cNkRlI5DG4kVUNOLQWNuijOmUyXlgvrC9NgjICZiVA0lTQvVqW1iSrovPpX65L3qaDnNBlz0WqTVsbAKRPDczPgAuVevjurxV/XOsP8hzTMCuyf2DQrAPmhjbOCDD+weVYlwrdqoFXxeJYmWgHki5F2HyOtoOMzNtMKIH8kQ63A+ocw1Za5k4cxPc9jk54/XOQBdnAH5/e6OZfxe5b7bhnEx99S3fwvu+XM3dKR6Kk2Ql8I+qn3uPl10z02QB8N8iPsbZpmQ6Z/SFfdov7EfrqF4vns/0/gpFsafK9GwKIUeJZmwqJIPEvf3EL4YmrcxzG3RHzGXrmF8MnNlUd0yS3K37HNEgbNnNOhy+EIQmdI8e0cATQ4hgujEZDYDAVLxwxjoSnpZ/I6SCX1a/FsxKY2+0CN5DUx+4Yg16zv8iMhV8EMxcWwCKy2mdG5B9UFNc8f85IwM/xjKVc7W5WX/ONICnaLZ7AUgArS1avi0AHNeAmoZ5OBU1FxgRycl+SgitM7+SdPU7q+FXXIClL9v5GDj58tB8iHU9LtnXcxSO8djc0X/7lK9ieTlP3G+n/nen27sxV1o+6WB2/l77+cvTtp4zt/Y/GlXHU1Fta7vahD3sk+T9l6d+uou7lrybq+3dm0nWk8cVU0oGOeLisV4sMpwfHJiovty1gyorpNEtbnVLTJIGOsr5I2ueYikddqtUZAfLIG97eVP/cBawmIoTXMnCEuwkRT31sgg9pDaH7W5AlF5J38g16xKlUuWSbYsupG1HDA2TzYWAqBXs9aCZvRZtRZ63Z7a1DJkMdV6J+F63RvnrqM64Cjs5j4n1UKOHP9sTjo5rPrM2ZCS9UmeT8XOr9pTdLsmtfW5HLLstSAn1fuup2oW9V8ywU1qHdzy45ntHVgF12lVtNZi+jXk/3389hC5jlnBdGsSKOyNviU7HZ6UfcL0XS4olYxr2NC40umfcENhWHZVBEuhpD+D9Xb8U8YnyolY26rSpkhhMuvBOcHvCODtXZ1sqgvXWknQ83mOpF5U+w9pplGBvsmLDIWyywxw3ExTC22mg4hAwTyUXPI0ob2Z455I8xGNoB+WeNi7QthIqYTlSOUqm19tybISCl1VE8nPA5SUWwgNFQjoT5HVjGhZEZWWDSMyD8Zu2yT33jG1Ihml6uQAMqvWDol3mIGTz2jA6jsWaEEF4JlM7mKQxB8yCJXMFiRFRfibUe1v5XxX52B5M3oIX523EWxvAE9TDix40IRBZcMaNzqJOFWshw8JVkxgo5dMpgjh6bDIegCO+SHvmtXEwi3k94olHLbjbBB/tzjdkgv26FvDiUU/KqwdXCcR59wFWcMThCqK8yOCRAE483iy4Bn7JqmqWqTDIRftdEhpQnp05SKmGVqAZdkaadVgNDxIVp+RiSKeqme+nV9Pa/DvESP5cPEVpUDDMDjXwQHmWvFk1sq8Xqtn6eCZbTPfcVDp/5rP8zeB8w2UBpojuQS2jA1qWWauNajxZnAXJkdVLOhXG6WNbQqkQNnEBh9nsUjrhn2eQFEdI0uFCIfVJFadzZiirk6Bs4kWvPre2UQHhsfgjti5jr9fHq0av7AwtwpPOgHLV5wVb9kRt7adbtaSgorupt+yWk6VcOcZkmEf0PV2S/XrD9i6WR9IM+h7Ea6finkdcqSITNDr5cQPLek50xFIz3+1z9gIA9YmRjFs/9ebSy14ErJuLSfelbWq3+1HF4LXFrFqdksXL7mkqQEio2XJvIF/UpUULHMCsuyxJzC6Q4rREDxeehBG18ptV4vyvjr6dyVYgOIH44Myzz9OINjJf9FM0lh8dk9S/ktnKawG4azNb09Y3nEVywac50x7P5rdNj6gH4BMU9/iq/YOWS5nQfAqfM4Y1Sz5F8HUMLYTxvqVs5wLz76OpHKaI6DX49CDP9d4++xIGMafzgl2OeA9KJuL9puh7USyuSwVVc+fTxYoOErg2rgy14gTosGB/ZB422ubmBNfXE0sahhdRzNS4KlWSYGc4exVQ0rx4erLqPXlngvZcI3bZYEEysjchzmQpK8fAdiJ7CDugu7Ol2ru8e8on89ovqcq3OzBHiyamW9KuN+9JqsHx/+u4FHa9g7o9PpLNDQGsp2LK1S7j7JGNYsmq1gSvaz1TZY9G/MNR+i++Np4ZjhpT+p8KVKmGaOxEO+1ufCfAvHdvGQ/9X88bOn43a3uwAZjeCdL1X4rRcpM6JiKppFtbGbSrfT3Y0WEQozvmBZdMVEIpdVY/jMVmiYtcEDCARBqKF1xgTtp/M3zohlxqJ+0XLhJmQGqaS60YQ9NcNgmnZGxdBeWXWijrG4u52oY4stmD9d9/wRI2OpNFHsimVh4a43xsRUdkRpvE9jsSnFlBrDHRlo7UkquXZEGTOd8ViRFao1jS/JFUQ/FJUhsGbWV66nbTLJ+BVP2ZDZ+pv2yluzDIuQrrYJH09orItRwwtsM4Yf17w2zGBYM5QNRQGYbNNAKH06wwhoML+cqQ6iu5bIODcor9Ys1a1oazEWM3HFMynMaHNdQT0Sr49CsG5jOhVT4ivCgZRYDrXJXTgEF6k8Y2Z89QxYpNl4IrPnxJ0zC9FtjIE7njHVORLakDThQfWadmm/dryKH25dzEnh5Z6VgyP/3tXwL514FK7zyvtfD1eLzR5K/WhofuppBGwA+aTikoshHFG3TuQ1NPJnCc/HLZTm1i98OGoBC4ybRq56hqleffoRQRJU9QASgquKuTRMVYy1EXVsyZgpnCEmbMBFufqlGaF4uMSjQIrgCa6IvBYsQeuFCjrEs6e3x59Oz6IP2RDbNpAV+MIoT/L5dA37QAsp1iaZHPDA1QoaJrTJ9UgaZcCVK16rJRmxdAJ6H07UFYtBOI1lC3rCWF8TKYLLMs3oWBEaZ1Kh4XwtszSZIaLiKokEVzoayis4s1izqgjEta4M8HJkPlG1LFmideG53mhhQLEVQz1QFG4TpNBlCFr1pp5mk4zLjGvLCJKxIc3gEjhQAXejYM2IN9PEfupbziG/bnX2wuNH6NVwUGkefONNFFfGCkhxc8A7GPREzMJyB5JmsXytdHhWpe5u4Uklxzry6ZSkcji0dczJ2ckpMcoUb3ISPuSwE7peUEWDJ08RFufa2HikzwXNuLFjTtffHb87Ks8mbAhwXybwDGygNJ0qqFUKlZEdlBJO9C/9mv3NlU8O2+5gzKDCmurm7TYUytUjTw6qyYX5AfpxXEQwjB1xRNWIKSdvh0ef1pgwu0a5YbNRMz6cFwtMXZg3L6DhAFSjLl2v9BmZyElu4Er8vR/eWyEg5uVIjWhva/ti1aN3dGWZSnURoxi2ZKwdL7u7o+JiTbXLoDhSYFcQpEdYHM4eQBtu26MscqFTFQUdTC5s4XM7Ivwcp5wJbQk6/y3ISy/vJ+nl/aP37/5We3a/9Omek0LPppnZnXpz/yj9uH/gHtzfd9/t767X9vfVX/t766n90ke7TITvs3f2t9cv+6VH9qP1yH7pi/2IfbG/917Y32r/65ee13NQ59m4hnfrc/1d9rb+TvpZf989rL+ZvtVrZubXpM/g6pmKeCQz/LgWu4hEe9/yBp8pgfDfYewD147E7j3mdX9/4I7+4aYyTW1nNzg2NqA2nnRDMtJIKh0oZKQTTbnv3DaheuQeDh5sAND8d8gmGYvhVmENTvaLF+EaBT7xcl4SFS4xqgSfwS/SfMz+dEnKs8HDuPTKw2M+xLjJ10RnOSuPjhQpDSthsdiv8MN5k9zMQN3zB8Ji4Kp+mGfAFJysCb85SG84FD53I1ow6F15euPIhrjGrGcq4kLp4FD0VhrBMQO+S9y7hCduWcSpzJNiBRyYj+6ePyNjpmlCNW1eFO/srxisEZdehYDAwu+gSXIOD5y7Ic2TMVMKg8HCNVLCHF6K+JgOgxKWRXmHMV+j/Tjp9jYa9UchIMdmBHJ86MMNEVxHESseP5F9wyl4SKZJKKgOIAN/hFA5XG9hdePDN7I7mMMBWIQi3jyNR8g/v/BMc0hvZa55xTiYbUzjERcM1vhck9kXouCFeecKo6fO51BoN78176yTTIIWm5Nx9vHF+ZaxYWH13TxH6dHG8Z1aSGR8CbJq9cKh+9ywvPA3sDvM/pim2A4elAL+Zla4GslMn6NmLuwJtx3jfGteJ8zYNj1YpOFGufxKSYng7gDlfvyPTcQKCNb8SiPRZkxlNM7is4GmCxbUgrNW3pxv0rtPZ7sJkp/I2YfDD6/JL/LamBdjOjFKVrG/1mApbfTk5s2ezNbnxOt0BCFykmv230Juf8FPDYMci4EMpdVuC9Ajz+maQEDN943iafeNo4PTMFPYNXJTEYtVNB2nkX0OU91ohmenQoq14s1KKU/pu7fNlvTZrCkVwXJD9KVMGRVzkndQUAQSagq21+eVKurnPK1PWeeo371b3d3DbmevNR84H04JzBDGuTQDEsuENa6Dm2BROmM6Hs0PjJsFq/mJqZfAy7zPMsE0XO1bOfx7+F3DuMXv3uYqG1DFoCSUwpu1avHSrZq1BPTNMlel+EQmzWpnocUcUGAi8VipzlwzVd6gw+8600eZkM/Hh/WJwGWe0PjhkCpGrE8mk5rKv+dkrnrNjMkqTsr9J3QDNuVomxn/7//+P8qWq6mDZDX4X+69VwQ/n4/pZMLF0D7b+sucCzvAye5tYzqpgwzV//AM7NnBHcDWDHzGJimPqSpX97u/EBTjzpC9hE1SOR1XPN/7T1yMO2NiOBMb5OmDoxwMPGPqW0yzu07sh7112mY79P7z4rh2z7PbS7HhffRfNIxrfyy2Ou9nN21NxdhkoX2JfZ3XErYzREWQ8g3WsMX4D5nKS07XaK5lwhXkmBTo/w/8lRzaX6YkfI4EhwG3nqs0DBUaBhYOP+SsE0f7XIQHT+WUkgUO2tyJrL1dlgMPQFBfqXlOftN58Izpjmg8smUeR7SU12vjZmwLXsb1qKBrQpIcywlomul84q6mcCBs9D7GlGJ/VAhh0xOa0THTBrHMphkB35gGLwE7tcIX5mPb5q0CaJCcQFNoQqwwqOD4Iz5hxYvwpA0R5ZB3VAIJshS0Aso0k9AGXE8ymeSxXpyQEK3i164dxliuHrebpr2zuJSmfaV8ybCVYObVW6YOclYXnBnf9ReTHv1AFhTJciEMo7lohiPP0rvN/vnTCRlBq3LjPcF0VloBkpuIHudZ5fak7LnNmPW3EYNlUOB3TZUXcevl0lyPmNC+HEdGhNTeebnKU2WvSqwqC74Jp52hZjKm8lQrUgJeMGXsQfudzV9MrD79fwEAAP//vc/jJg==" 36 | } 37 | -------------------------------------------------------------------------------- /vulsbeat.reference.yml: -------------------------------------------------------------------------------- 1 | ################### {Beat} Configuration Example ######################### 2 | 3 | ############################# {Beat} ###################################### 4 | 5 | vulsbeat: 6 | # Defines how often an event is sent to the output 7 | period: 1s 8 | 9 | # ================================== General =================================== 10 | 11 | # The name of the shipper that publishes the network data. It can be used to group 12 | # all the transactions sent by a single shipper in the web interface. 13 | # If this options is not defined, the hostname is used. 14 | #name: 15 | 16 | # The tags of the shipper are included in their own field with each 17 | # transaction published. Tags make it easy to group servers by different 18 | # logical properties. 19 | #tags: ["service-X", "web-tier"] 20 | 21 | # Optional fields that you can specify to add additional information to the 22 | # output. Fields can be scalar values, arrays, dictionaries, or any nested 23 | # combination of these. 24 | #fields: 25 | # env: staging 26 | 27 | # If this option is set to true, the custom fields are stored as top-level 28 | # fields in the output document instead of being grouped under a fields 29 | # sub-dictionary. Default is false. 30 | #fields_under_root: false 31 | 32 | # Internal queue configuration for buffering events to be published. 33 | #queue: 34 | # Queue type by name (default 'mem') 35 | # The memory queue will present all available events (up to the outputs 36 | # bulk_max_size) to the output, the moment the output is ready to server 37 | # another batch of events. 38 | #mem: 39 | # Max number of events the queue can buffer. 40 | #events: 4096 41 | 42 | # Hints the minimum number of events stored in the queue, 43 | # before providing a batch of events to the outputs. 44 | # The default value is set to 2048. 45 | # A value of 0 ensures events are immediately available 46 | # to be sent to the outputs. 47 | #flush.min_events: 2048 48 | 49 | # Maximum duration after which events are available to the outputs, 50 | # if the number of events stored in the queue is < `flush.min_events`. 51 | #flush.timeout: 1s 52 | 53 | # The disk queue stores incoming events on disk until the output is 54 | # ready for them. This allows a higher event limit than the memory-only 55 | # queue and lets pending events persist through a restart. 56 | #disk: 57 | # The directory path to store the queue's data. 58 | #path: "${path.data}/diskqueue" 59 | 60 | # The maximum space the queue should occupy on disk. Depending on 61 | # input settings, events that exceed this limit are delayed or discarded. 62 | #max_size: 10GB 63 | 64 | # The maximum size of a single queue data file. Data in the queue is 65 | # stored in smaller segments that are deleted after all their events 66 | # have been processed. 67 | #segment_size: 1GB 68 | 69 | # The number of events to read from disk to memory while waiting for 70 | # the output to request them. 71 | #read_ahead: 512 72 | 73 | # The number of events to accept from inputs while waiting for them 74 | # to be written to disk. If event data arrives faster than it 75 | # can be written to disk, this setting prevents it from overflowing 76 | # main memory. 77 | #write_ahead: 2048 78 | 79 | # The duration to wait before retrying when the queue encounters a disk 80 | # write error. 81 | #retry_interval: 1s 82 | 83 | # The maximum length of time to wait before retrying on a disk write 84 | # error. If the queue encounters repeated errors, it will double the 85 | # length of its retry interval each time, up to this maximum. 86 | #max_retry_interval: 30s 87 | 88 | # The spool queue will store events in a local spool file, before 89 | # forwarding the events to the outputs. 90 | # 91 | # Beta: spooling to disk is currently a beta feature. Use with care. 92 | # 93 | # The spool file is a circular buffer, which blocks once the file/buffer is full. 94 | # Events are put into a write buffer and flushed once the write buffer 95 | # is full or the flush_timeout is triggered. 96 | # Once ACKed by the output, events are removed immediately from the queue, 97 | # making space for new events to be persisted. 98 | #spool: 99 | # The file namespace configures the file path and the file creation settings. 100 | # Once the file exists, the `size`, `page_size` and `prealloc` settings 101 | # will have no more effect. 102 | #file: 103 | # Location of spool file. The default value is ${path.data}/spool.dat. 104 | #path: "${path.data}/spool.dat" 105 | 106 | # Configure file permissions if file is created. The default value is 0600. 107 | #permissions: 0600 108 | 109 | # File size hint. The spool blocks, once this limit is reached. The default value is 100 MiB. 110 | #size: 100MiB 111 | 112 | # The files page size. A file is split into multiple pages of the same size. The default value is 4KiB. 113 | #page_size: 4KiB 114 | 115 | # If prealloc is set, the required space for the file is reserved using 116 | # truncate. The default value is true. 117 | #prealloc: true 118 | 119 | # Spool writer settings 120 | # Events are serialized into a write buffer. The write buffer is flushed if: 121 | # - The buffer limit has been reached. 122 | # - The configured limit of buffered events is reached. 123 | # - The flush timeout is triggered. 124 | #write: 125 | # Sets the write buffer size. 126 | #buffer_size: 1MiB 127 | 128 | # Maximum duration after which events are flushed if the write buffer 129 | # is not full yet. The default value is 1s. 130 | #flush.timeout: 1s 131 | 132 | # Number of maximum buffered events. The write buffer is flushed once the 133 | # limit is reached. 134 | #flush.events: 16384 135 | 136 | # Configure the on-disk event encoding. The encoding can be changed 137 | # between restarts. 138 | # Valid encodings are: json, ubjson, and cbor. 139 | #codec: cbor 140 | #read: 141 | # Reader flush timeout, waiting for more events to become available, so 142 | # to fill a complete batch as required by the outputs. 143 | # If flush_timeout is 0, all available events are forwarded to the 144 | # outputs immediately. 145 | # The default value is 0s. 146 | #flush.timeout: 0s 147 | 148 | # Sets the maximum number of CPUs that can be executing simultaneously. The 149 | # default is the number of logical CPUs available in the system. 150 | #max_procs: 151 | 152 | # ================================= Processors ================================= 153 | 154 | # Processors are used to reduce the number of fields in the exported event or to 155 | # enhance the event with external metadata. This section defines a list of 156 | # processors that are applied one by one and the first one receives the initial 157 | # event: 158 | # 159 | # event -> filter1 -> event1 -> filter2 ->event2 ... 160 | # 161 | # The supported processors are drop_fields, drop_event, include_fields, 162 | # decode_json_fields, and add_cloud_metadata. 163 | # 164 | # For example, you can use the following processors to keep the fields that 165 | # contain CPU load percentages, but remove the fields that contain CPU ticks 166 | # values: 167 | # 168 | #processors: 169 | # - include_fields: 170 | # fields: ["cpu"] 171 | # - drop_fields: 172 | # fields: ["cpu.user", "cpu.system"] 173 | # 174 | # The following example drops the events that have the HTTP response code 200: 175 | # 176 | #processors: 177 | # - drop_event: 178 | # when: 179 | # equals: 180 | # http.code: 200 181 | # 182 | # The following example renames the field a to b: 183 | # 184 | #processors: 185 | # - rename: 186 | # fields: 187 | # - from: "a" 188 | # to: "b" 189 | # 190 | # The following example tokenizes the string into fields: 191 | # 192 | #processors: 193 | # - dissect: 194 | # tokenizer: "%{key1} - %{key2}" 195 | # field: "message" 196 | # target_prefix: "dissect" 197 | # 198 | # The following example enriches each event with metadata from the cloud 199 | # provider about the host machine. It works on EC2, GCE, DigitalOcean, 200 | # Tencent Cloud, and Alibaba Cloud. 201 | # 202 | #processors: 203 | # - add_cloud_metadata: ~ 204 | # 205 | # The following example enriches each event with the machine's local time zone 206 | # offset from UTC. 207 | # 208 | #processors: 209 | # - add_locale: 210 | # format: offset 211 | # 212 | # The following example enriches each event with docker metadata, it matches 213 | # given fields to an existing container id and adds info from that container: 214 | # 215 | #processors: 216 | # - add_docker_metadata: 217 | # host: "unix:///var/run/docker.sock" 218 | # match_fields: ["system.process.cgroup.id"] 219 | # match_pids: ["process.pid", "process.ppid"] 220 | # match_source: true 221 | # match_source_index: 4 222 | # match_short_id: false 223 | # cleanup_timeout: 60 224 | # labels.dedot: false 225 | # # To connect to Docker over TLS you must specify a client and CA certificate. 226 | # #ssl: 227 | # # certificate_authority: "/etc/pki/root/ca.pem" 228 | # # certificate: "/etc/pki/client/cert.pem" 229 | # # key: "/etc/pki/client/cert.key" 230 | # 231 | # The following example enriches each event with docker metadata, it matches 232 | # container id from log path available in `source` field (by default it expects 233 | # it to be /var/lib/docker/containers/*/*.log). 234 | # 235 | #processors: 236 | # - add_docker_metadata: ~ 237 | # 238 | # The following example enriches each event with host metadata. 239 | # 240 | #processors: 241 | # - add_host_metadata: ~ 242 | # 243 | # The following example enriches each event with process metadata using 244 | # process IDs included in the event. 245 | # 246 | #processors: 247 | # - add_process_metadata: 248 | # match_pids: ["system.process.ppid"] 249 | # target: system.process.parent 250 | # 251 | # The following example decodes fields containing JSON strings 252 | # and replaces the strings with valid JSON objects. 253 | # 254 | #processors: 255 | # - decode_json_fields: 256 | # fields: ["field1", "field2", ...] 257 | # process_array: false 258 | # max_depth: 1 259 | # target: "" 260 | # overwrite_keys: false 261 | # 262 | #processors: 263 | # - decompress_gzip_field: 264 | # from: "field1" 265 | # to: "field2" 266 | # ignore_missing: false 267 | # fail_on_error: true 268 | # 269 | # The following example copies the value of message to message_copied 270 | # 271 | #processors: 272 | # - copy_fields: 273 | # fields: 274 | # - from: message 275 | # to: message_copied 276 | # fail_on_error: true 277 | # ignore_missing: false 278 | # 279 | # The following example truncates the value of message to 1024 bytes 280 | # 281 | #processors: 282 | # - truncate_fields: 283 | # fields: 284 | # - message 285 | # max_bytes: 1024 286 | # fail_on_error: false 287 | # ignore_missing: true 288 | # 289 | # The following example preserves the raw message under event.original 290 | # 291 | #processors: 292 | # - copy_fields: 293 | # fields: 294 | # - from: message 295 | # to: event.original 296 | # fail_on_error: false 297 | # ignore_missing: true 298 | # - truncate_fields: 299 | # fields: 300 | # - event.original 301 | # max_bytes: 1024 302 | # fail_on_error: false 303 | # ignore_missing: true 304 | # 305 | # The following example URL-decodes the value of field1 to field2 306 | # 307 | #processors: 308 | # - urldecode: 309 | # fields: 310 | # - from: "field1" 311 | # to: "field2" 312 | # ignore_missing: false 313 | # fail_on_error: true 314 | 315 | # =============================== Elastic Cloud ================================ 316 | 317 | # These settings simplify using Vulsbeat with the Elastic Cloud (https://cloud.elastic.co/). 318 | 319 | # The cloud.id setting overwrites the `output.elasticsearch.hosts` and 320 | # `setup.kibana.host` options. 321 | # You can find the `cloud.id` in the Elastic Cloud web UI. 322 | #cloud.id: 323 | 324 | # The cloud.auth setting overwrites the `output.elasticsearch.username` and 325 | # `output.elasticsearch.password` settings. The format is `:`. 326 | #cloud.auth: 327 | 328 | # ================================== Outputs =================================== 329 | 330 | # Configure what output to use when sending the data collected by the beat. 331 | 332 | # ---------------------------- Elasticsearch Output ---------------------------- 333 | output.elasticsearch: 334 | # Boolean flag to enable or disable the output module. 335 | #enabled: true 336 | 337 | # Array of hosts to connect to. 338 | # Scheme and port can be left out and will be set to the default (http and 9200) 339 | # In case you specify and additional path, the scheme is required: http://localhost:9200/path 340 | # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200 341 | hosts: ["localhost:9200"] 342 | 343 | # Set gzip compression level. 344 | #compression_level: 0 345 | 346 | # Configure escaping HTML symbols in strings. 347 | #escape_html: false 348 | 349 | # Protocol - either `http` (default) or `https`. 350 | #protocol: "https" 351 | 352 | # Authentication credentials - either API key or username/password. 353 | #api_key: "id:api_key" 354 | #username: "elastic" 355 | #password: "changeme" 356 | 357 | # Dictionary of HTTP parameters to pass within the URL with index operations. 358 | #parameters: 359 | #param1: value1 360 | #param2: value2 361 | 362 | # Number of workers per Elasticsearch host. 363 | #worker: 1 364 | 365 | # Optional index name. The default is "vulsbeat" plus date 366 | # and generates [vulsbeat-]YYYY.MM.DD keys. 367 | # In case you modify this pattern you must update setup.template.name and setup.template.pattern accordingly. 368 | #index: "vulsbeat-%{[agent.version]}-%{+yyyy.MM.dd}" 369 | 370 | # Optional ingest node pipeline. By default no pipeline will be used. 371 | #pipeline: "" 372 | 373 | # Optional HTTP path 374 | #path: "/elasticsearch" 375 | 376 | # Custom HTTP headers to add to each request 377 | #headers: 378 | # X-My-Header: Contents of the header 379 | 380 | # Proxy server URL 381 | #proxy_url: http://proxy:3128 382 | 383 | # Whether to disable proxy settings for outgoing connections. If true, this 384 | # takes precedence over both the proxy_url field and any environment settings 385 | # (HTTP_PROXY, HTTPS_PROXY). The default is false. 386 | #proxy_disable: false 387 | 388 | # The number of times a particular Elasticsearch index operation is attempted. If 389 | # the indexing operation doesn't succeed after this many retries, the events are 390 | # dropped. The default is 3. 391 | #max_retries: 3 392 | 393 | # The maximum number of events to bulk in a single Elasticsearch bulk API index request. 394 | # The default is 50. 395 | #bulk_max_size: 50 396 | 397 | # The number of seconds to wait before trying to reconnect to Elasticsearch 398 | # after a network error. After waiting backoff.init seconds, the Beat 399 | # tries to reconnect. If the attempt fails, the backoff timer is increased 400 | # exponentially up to backoff.max. After a successful connection, the backoff 401 | # timer is reset. The default is 1s. 402 | #backoff.init: 1s 403 | 404 | # The maximum number of seconds to wait before attempting to connect to 405 | # Elasticsearch after a network error. The default is 60s. 406 | #backoff.max: 60s 407 | 408 | # Configure HTTP request timeout before failing a request to Elasticsearch. 409 | #timeout: 90 410 | 411 | # Use SSL settings for HTTPS. 412 | #ssl.enabled: true 413 | 414 | # Controls the verification of certificates. Valid values are: 415 | # * full, which verifies that the provided certificate is signed by a trusted 416 | # authority (CA) and also verifies that the server's hostname (or IP address) 417 | # matches the names identified within the certificate. 418 | # * certificate, which verifies that the provided certificate is signed by a 419 | # trusted authority (CA), but does not perform any hostname verification. 420 | # * none, which performs no verification of the server's certificate. This 421 | # mode disables many of the security benefits of SSL/TLS and should only be used 422 | # after very careful consideration. It is primarily intended as a temporary 423 | # diagnostic mechanism when attempting to resolve TLS errors; its use in 424 | # production environments is strongly discouraged. 425 | # The default value is full. 426 | #ssl.verification_mode: full 427 | 428 | # List of supported/valid TLS versions. By default all TLS versions from 1.1 429 | # up to 1.3 are enabled. 430 | #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] 431 | 432 | # List of root certificates for HTTPS server verifications 433 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 434 | 435 | # Certificate for SSL client authentication 436 | #ssl.certificate: "/etc/pki/client/cert.pem" 437 | 438 | # Client certificate key 439 | #ssl.key: "/etc/pki/client/cert.key" 440 | 441 | # Optional passphrase for decrypting the certificate key. 442 | #ssl.key_passphrase: '' 443 | 444 | # Configure cipher suites to be used for SSL connections 445 | #ssl.cipher_suites: [] 446 | 447 | # Configure curve types for ECDHE-based cipher suites 448 | #ssl.curve_types: [] 449 | 450 | # Configure what types of renegotiation are supported. Valid options are 451 | # never, once, and freely. Default is never. 452 | #ssl.renegotiation: never 453 | 454 | # Configure a pin that can be used to do extra validation of the verified certificate chain, 455 | # this allow you to ensure that a specific certificate is used to validate the chain of trust. 456 | # 457 | # The pin is a base64 encoded string of the SHA-256 fingerprint. 458 | #ssl.ca_sha256: "" 459 | 460 | # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. 461 | #kerberos.enabled: true 462 | 463 | # Authentication type to use with Kerberos. Available options: keytab, password. 464 | #kerberos.auth_type: password 465 | 466 | # Path to the keytab file. It is used when auth_type is set to keytab. 467 | #kerberos.keytab: /etc/elastic.keytab 468 | 469 | # Path to the Kerberos configuration. 470 | #kerberos.config_path: /etc/krb5.conf 471 | 472 | # Name of the Kerberos user. 473 | #kerberos.username: elastic 474 | 475 | # Password of the Kerberos user. It is used when auth_type is set to password. 476 | #kerberos.password: changeme 477 | 478 | # Kerberos realm. 479 | #kerberos.realm: ELASTIC 480 | 481 | # ------------------------------ Logstash Output ------------------------------- 482 | #output.logstash: 483 | # Boolean flag to enable or disable the output module. 484 | #enabled: true 485 | 486 | # The Logstash hosts 487 | #hosts: ["localhost:5044"] 488 | 489 | # Number of workers per Logstash host. 490 | #worker: 1 491 | 492 | # Set gzip compression level. 493 | #compression_level: 3 494 | 495 | # Configure escaping HTML symbols in strings. 496 | #escape_html: false 497 | 498 | # Optional maximum time to live for a connection to Logstash, after which the 499 | # connection will be re-established. A value of `0s` (the default) will 500 | # disable this feature. 501 | # 502 | # Not yet supported for async connections (i.e. with the "pipelining" option set) 503 | #ttl: 30s 504 | 505 | # Optionally load-balance events between Logstash hosts. Default is false. 506 | #loadbalance: false 507 | 508 | # Number of batches to be sent asynchronously to Logstash while processing 509 | # new batches. 510 | #pipelining: 2 511 | 512 | # If enabled only a subset of events in a batch of events is transferred per 513 | # transaction. The number of events to be sent increases up to `bulk_max_size` 514 | # if no error is encountered. 515 | #slow_start: false 516 | 517 | # The number of seconds to wait before trying to reconnect to Logstash 518 | # after a network error. After waiting backoff.init seconds, the Beat 519 | # tries to reconnect. If the attempt fails, the backoff timer is increased 520 | # exponentially up to backoff.max. After a successful connection, the backoff 521 | # timer is reset. The default is 1s. 522 | #backoff.init: 1s 523 | 524 | # The maximum number of seconds to wait before attempting to connect to 525 | # Logstash after a network error. The default is 60s. 526 | #backoff.max: 60s 527 | 528 | # Optional index name. The default index name is set to vulsbeat 529 | # in all lowercase. 530 | #index: 'vulsbeat' 531 | 532 | # SOCKS5 proxy server URL 533 | #proxy_url: socks5://user:password@socks5-server:2233 534 | 535 | # Resolve names locally when using a proxy server. Defaults to false. 536 | #proxy_use_local_resolver: false 537 | 538 | # Use SSL settings for HTTPS. 539 | #ssl.enabled: true 540 | 541 | # Controls the verification of certificates. Valid values are: 542 | # * full, which verifies that the provided certificate is signed by a trusted 543 | # authority (CA) and also verifies that the server's hostname (or IP address) 544 | # matches the names identified within the certificate. 545 | # * certificate, which verifies that the provided certificate is signed by a 546 | # trusted authority (CA), but does not perform any hostname verification. 547 | # * none, which performs no verification of the server's certificate. This 548 | # mode disables many of the security benefits of SSL/TLS and should only be used 549 | # after very careful consideration. It is primarily intended as a temporary 550 | # diagnostic mechanism when attempting to resolve TLS errors; its use in 551 | # production environments is strongly discouraged. 552 | # The default value is full. 553 | #ssl.verification_mode: full 554 | 555 | # List of supported/valid TLS versions. By default all TLS versions from 1.1 556 | # up to 1.3 are enabled. 557 | #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] 558 | 559 | # List of root certificates for HTTPS server verifications 560 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 561 | 562 | # Certificate for SSL client authentication 563 | #ssl.certificate: "/etc/pki/client/cert.pem" 564 | 565 | # Client certificate key 566 | #ssl.key: "/etc/pki/client/cert.key" 567 | 568 | # Optional passphrase for decrypting the certificate key. 569 | #ssl.key_passphrase: '' 570 | 571 | # Configure cipher suites to be used for SSL connections 572 | #ssl.cipher_suites: [] 573 | 574 | # Configure curve types for ECDHE-based cipher suites 575 | #ssl.curve_types: [] 576 | 577 | # Configure what types of renegotiation are supported. Valid options are 578 | # never, once, and freely. Default is never. 579 | #ssl.renegotiation: never 580 | 581 | # Configure a pin that can be used to do extra validation of the verified certificate chain, 582 | # this allow you to ensure that a specific certificate is used to validate the chain of trust. 583 | # 584 | # The pin is a base64 encoded string of the SHA-256 fingerprint. 585 | #ssl.ca_sha256: "" 586 | 587 | # The number of times to retry publishing an event after a publishing failure. 588 | # After the specified number of retries, the events are typically dropped. 589 | # Some Beats, such as Filebeat and Winlogbeat, ignore the max_retries setting 590 | # and retry until all events are published. Set max_retries to a value less 591 | # than 0 to retry until all events are published. The default is 3. 592 | #max_retries: 3 593 | 594 | # The maximum number of events to bulk in a single Logstash request. The 595 | # default is 2048. 596 | #bulk_max_size: 2048 597 | 598 | # The number of seconds to wait for responses from the Logstash server before 599 | # timing out. The default is 30s. 600 | #timeout: 30s 601 | 602 | # -------------------------------- Kafka Output -------------------------------- 603 | #output.kafka: 604 | # Boolean flag to enable or disable the output module. 605 | #enabled: true 606 | 607 | # The list of Kafka broker addresses from which to fetch the cluster metadata. 608 | # The cluster metadata contain the actual Kafka brokers events are published 609 | # to. 610 | #hosts: ["localhost:9092"] 611 | 612 | # The Kafka topic used for produced events. The setting can be a format string 613 | # using any event field. To set the topic from document type use `%{[type]}`. 614 | #topic: beats 615 | 616 | # The Kafka event key setting. Use format string to create a unique event key. 617 | # By default no event key will be generated. 618 | #key: '' 619 | 620 | # The Kafka event partitioning strategy. Default hashing strategy is `hash` 621 | # using the `output.kafka.key` setting or randomly distributes events if 622 | # `output.kafka.key` is not configured. 623 | #partition.hash: 624 | # If enabled, events will only be published to partitions with reachable 625 | # leaders. Default is false. 626 | #reachable_only: false 627 | 628 | # Configure alternative event field names used to compute the hash value. 629 | # If empty `output.kafka.key` setting will be used. 630 | # Default value is empty list. 631 | #hash: [] 632 | 633 | # Authentication details. Password is required if username is set. 634 | #username: '' 635 | #password: '' 636 | 637 | # Kafka version Vulsbeat is assumed to run against. Defaults to the "1.0.0". 638 | #version: '1.0.0' 639 | 640 | # Configure JSON encoding 641 | #codec.json: 642 | # Pretty-print JSON event 643 | #pretty: false 644 | 645 | # Configure escaping HTML symbols in strings. 646 | #escape_html: false 647 | 648 | # Metadata update configuration. Metadata contains leader information 649 | # used to decide which broker to use when publishing. 650 | #metadata: 651 | # Max metadata request retry attempts when cluster is in middle of leader 652 | # election. Defaults to 3 retries. 653 | #retry.max: 3 654 | 655 | # Wait time between retries during leader elections. Default is 250ms. 656 | #retry.backoff: 250ms 657 | 658 | # Refresh metadata interval. Defaults to every 10 minutes. 659 | #refresh_frequency: 10m 660 | 661 | # Strategy for fetching the topics metadata from the broker. Default is false. 662 | #full: false 663 | 664 | # The number of concurrent load-balanced Kafka output workers. 665 | #worker: 1 666 | 667 | # The number of times to retry publishing an event after a publishing failure. 668 | # After the specified number of retries, events are typically dropped. 669 | # Some Beats, such as Filebeat, ignore the max_retries setting and retry until 670 | # all events are published. Set max_retries to a value less than 0 to retry 671 | # until all events are published. The default is 3. 672 | #max_retries: 3 673 | 674 | # The number of seconds to wait before trying to republish to Kafka 675 | # after a network error. After waiting backoff.init seconds, the Beat 676 | # tries to republish. If the attempt fails, the backoff timer is increased 677 | # exponentially up to backoff.max. After a successful publish, the backoff 678 | # timer is reset. The default is 1s. 679 | #backoff.init: 1s 680 | 681 | # The maximum number of seconds to wait before attempting to republish to 682 | # Kafka after a network error. The default is 60s. 683 | #backoff.max: 60s 684 | 685 | # The maximum number of events to bulk in a single Kafka request. The default 686 | # is 2048. 687 | #bulk_max_size: 2048 688 | 689 | # Duration to wait before sending bulk Kafka request. 0 is no delay. The default 690 | # is 0. 691 | #bulk_flush_frequency: 0s 692 | 693 | # The number of seconds to wait for responses from the Kafka brokers before 694 | # timing out. The default is 30s. 695 | #timeout: 30s 696 | 697 | # The maximum duration a broker will wait for number of required ACKs. The 698 | # default is 10s. 699 | #broker_timeout: 10s 700 | 701 | # The number of messages buffered for each Kafka broker. The default is 256. 702 | #channel_buffer_size: 256 703 | 704 | # The keep-alive period for an active network connection. If 0s, keep-alives 705 | # are disabled. The default is 0 seconds. 706 | #keep_alive: 0 707 | 708 | # Sets the output compression codec. Must be one of none, snappy and gzip. The 709 | # default is gzip. 710 | #compression: gzip 711 | 712 | # Set the compression level. Currently only gzip provides a compression level 713 | # between 0 and 9. The default value is chosen by the compression algorithm. 714 | #compression_level: 4 715 | 716 | # The maximum permitted size of JSON-encoded messages. Bigger messages will be 717 | # dropped. The default value is 1000000 (bytes). This value should be equal to 718 | # or less than the broker's message.max.bytes. 719 | #max_message_bytes: 1000000 720 | 721 | # The ACK reliability level required from broker. 0=no response, 1=wait for 722 | # local commit, -1=wait for all replicas to commit. The default is 1. Note: 723 | # If set to 0, no ACKs are returned by Kafka. Messages might be lost silently 724 | # on error. 725 | #required_acks: 1 726 | 727 | # The configurable ClientID used for logging, debugging, and auditing 728 | # purposes. The default is "beats". 729 | #client_id: beats 730 | 731 | # Use SSL settings for HTTPS. 732 | #ssl.enabled: true 733 | 734 | # Controls the verification of certificates. Valid values are: 735 | # * full, which verifies that the provided certificate is signed by a trusted 736 | # authority (CA) and also verifies that the server's hostname (or IP address) 737 | # matches the names identified within the certificate. 738 | # * certificate, which verifies that the provided certificate is signed by a 739 | # trusted authority (CA), but does not perform any hostname verification. 740 | # * none, which performs no verification of the server's certificate. This 741 | # mode disables many of the security benefits of SSL/TLS and should only be used 742 | # after very careful consideration. It is primarily intended as a temporary 743 | # diagnostic mechanism when attempting to resolve TLS errors; its use in 744 | # production environments is strongly discouraged. 745 | # The default value is full. 746 | #ssl.verification_mode: full 747 | 748 | # List of supported/valid TLS versions. By default all TLS versions from 1.1 749 | # up to 1.3 are enabled. 750 | #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] 751 | 752 | # List of root certificates for HTTPS server verifications 753 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 754 | 755 | # Certificate for SSL client authentication 756 | #ssl.certificate: "/etc/pki/client/cert.pem" 757 | 758 | # Client certificate key 759 | #ssl.key: "/etc/pki/client/cert.key" 760 | 761 | # Optional passphrase for decrypting the certificate key. 762 | #ssl.key_passphrase: '' 763 | 764 | # Configure cipher suites to be used for SSL connections 765 | #ssl.cipher_suites: [] 766 | 767 | # Configure curve types for ECDHE-based cipher suites 768 | #ssl.curve_types: [] 769 | 770 | # Configure what types of renegotiation are supported. Valid options are 771 | # never, once, and freely. Default is never. 772 | #ssl.renegotiation: never 773 | 774 | # Configure a pin that can be used to do extra validation of the verified certificate chain, 775 | # this allow you to ensure that a specific certificate is used to validate the chain of trust. 776 | # 777 | # The pin is a base64 encoded string of the SHA-256 fingerprint. 778 | #ssl.ca_sha256: "" 779 | 780 | # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. 781 | #kerberos.enabled: true 782 | 783 | # Authentication type to use with Kerberos. Available options: keytab, password. 784 | #kerberos.auth_type: password 785 | 786 | # Path to the keytab file. It is used when auth_type is set to keytab. 787 | #kerberos.keytab: /etc/security/keytabs/kafka.keytab 788 | 789 | # Path to the Kerberos configuration. 790 | #kerberos.config_path: /etc/krb5.conf 791 | 792 | # The service name. Service principal name is contructed from 793 | # service_name/hostname@realm. 794 | #kerberos.service_name: kafka 795 | 796 | # Name of the Kerberos user. 797 | #kerberos.username: elastic 798 | 799 | # Password of the Kerberos user. It is used when auth_type is set to password. 800 | #kerberos.password: changeme 801 | 802 | # Kerberos realm. 803 | #kerberos.realm: ELASTIC 804 | 805 | # -------------------------------- Redis Output -------------------------------- 806 | #output.redis: 807 | # Boolean flag to enable or disable the output module. 808 | #enabled: true 809 | 810 | # Configure JSON encoding 811 | #codec.json: 812 | # Pretty print json event 813 | #pretty: false 814 | 815 | # Configure escaping HTML symbols in strings. 816 | #escape_html: false 817 | 818 | # The list of Redis servers to connect to. If load-balancing is enabled, the 819 | # events are distributed to the servers in the list. If one server becomes 820 | # unreachable, the events are distributed to the reachable servers only. 821 | # The hosts setting supports redis and rediss urls with custom password like 822 | # redis://:password@localhost:6379. 823 | #hosts: ["localhost:6379"] 824 | 825 | # The name of the Redis list or channel the events are published to. The 826 | # default is vulsbeat. 827 | #key: vulsbeat 828 | 829 | # The password to authenticate to Redis with. The default is no authentication. 830 | #password: 831 | 832 | # The Redis database number where the events are published. The default is 0. 833 | #db: 0 834 | 835 | # The Redis data type to use for publishing events. If the data type is list, 836 | # the Redis RPUSH command is used. If the data type is channel, the Redis 837 | # PUBLISH command is used. The default value is list. 838 | #datatype: list 839 | 840 | # The number of workers to use for each host configured to publish events to 841 | # Redis. Use this setting along with the loadbalance option. For example, if 842 | # you have 2 hosts and 3 workers, in total 6 workers are started (3 for each 843 | # host). 844 | #worker: 1 845 | 846 | # If set to true and multiple hosts or workers are configured, the output 847 | # plugin load balances published events onto all Redis hosts. If set to false, 848 | # the output plugin sends all events to only one host (determined at random) 849 | # and will switch to another host if the currently selected one becomes 850 | # unreachable. The default value is true. 851 | #loadbalance: true 852 | 853 | # The Redis connection timeout in seconds. The default is 5 seconds. 854 | #timeout: 5s 855 | 856 | # The number of times to retry publishing an event after a publishing failure. 857 | # After the specified number of retries, the events are typically dropped. 858 | # Some Beats, such as Filebeat, ignore the max_retries setting and retry until 859 | # all events are published. Set max_retries to a value less than 0 to retry 860 | # until all events are published. The default is 3. 861 | #max_retries: 3 862 | 863 | # The number of seconds to wait before trying to reconnect to Redis 864 | # after a network error. After waiting backoff.init seconds, the Beat 865 | # tries to reconnect. If the attempt fails, the backoff timer is increased 866 | # exponentially up to backoff.max. After a successful connection, the backoff 867 | # timer is reset. The default is 1s. 868 | #backoff.init: 1s 869 | 870 | # The maximum number of seconds to wait before attempting to connect to 871 | # Redis after a network error. The default is 60s. 872 | #backoff.max: 60s 873 | 874 | # The maximum number of events to bulk in a single Redis request or pipeline. 875 | # The default is 2048. 876 | #bulk_max_size: 2048 877 | 878 | # The URL of the SOCKS5 proxy to use when connecting to the Redis servers. The 879 | # value must be a URL with a scheme of socks5://. 880 | #proxy_url: 881 | 882 | # This option determines whether Redis hostnames are resolved locally when 883 | # using a proxy. The default value is false, which means that name resolution 884 | # occurs on the proxy server. 885 | #proxy_use_local_resolver: false 886 | 887 | # Use SSL settings for HTTPS. 888 | #ssl.enabled: true 889 | 890 | # Controls the verification of certificates. Valid values are: 891 | # * full, which verifies that the provided certificate is signed by a trusted 892 | # authority (CA) and also verifies that the server's hostname (or IP address) 893 | # matches the names identified within the certificate. 894 | # * certificate, which verifies that the provided certificate is signed by a 895 | # trusted authority (CA), but does not perform any hostname verification. 896 | # * none, which performs no verification of the server's certificate. This 897 | # mode disables many of the security benefits of SSL/TLS and should only be used 898 | # after very careful consideration. It is primarily intended as a temporary 899 | # diagnostic mechanism when attempting to resolve TLS errors; its use in 900 | # production environments is strongly discouraged. 901 | # The default value is full. 902 | #ssl.verification_mode: full 903 | 904 | # List of supported/valid TLS versions. By default all TLS versions from 1.1 905 | # up to 1.3 are enabled. 906 | #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] 907 | 908 | # List of root certificates for HTTPS server verifications 909 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 910 | 911 | # Certificate for SSL client authentication 912 | #ssl.certificate: "/etc/pki/client/cert.pem" 913 | 914 | # Client certificate key 915 | #ssl.key: "/etc/pki/client/cert.key" 916 | 917 | # Optional passphrase for decrypting the certificate key. 918 | #ssl.key_passphrase: '' 919 | 920 | # Configure cipher suites to be used for SSL connections 921 | #ssl.cipher_suites: [] 922 | 923 | # Configure curve types for ECDHE-based cipher suites 924 | #ssl.curve_types: [] 925 | 926 | # Configure what types of renegotiation are supported. Valid options are 927 | # never, once, and freely. Default is never. 928 | #ssl.renegotiation: never 929 | 930 | # Configure a pin that can be used to do extra validation of the verified certificate chain, 931 | # this allow you to ensure that a specific certificate is used to validate the chain of trust. 932 | # 933 | # The pin is a base64 encoded string of the SHA-256 fingerprint. 934 | #ssl.ca_sha256: "" 935 | 936 | 937 | # -------------------------------- File Output --------------------------------- 938 | #output.file: 939 | # Boolean flag to enable or disable the output module. 940 | #enabled: true 941 | 942 | # Configure JSON encoding 943 | #codec.json: 944 | # Pretty-print JSON event 945 | #pretty: false 946 | 947 | # Configure escaping HTML symbols in strings. 948 | #escape_html: false 949 | 950 | # Path to the directory where to save the generated files. The option is 951 | # mandatory. 952 | #path: "/tmp/vulsbeat" 953 | 954 | # Name of the generated files. The default is `vulsbeat` and it generates 955 | # files: `vulsbeat`, `vulsbeat.1`, `vulsbeat.2`, etc. 956 | #filename: vulsbeat 957 | 958 | # Maximum size in kilobytes of each file. When this size is reached, and on 959 | # every Vulsbeat restart, the files are rotated. The default value is 10240 960 | # kB. 961 | #rotate_every_kb: 10000 962 | 963 | # Maximum number of files under path. When this number of files is reached, 964 | # the oldest file is deleted and the rest are shifted from last to first. The 965 | # default is 7 files. 966 | #number_of_files: 7 967 | 968 | # Permissions to use for file creation. The default is 0600. 969 | #permissions: 0600 970 | 971 | # ------------------------------- Console Output ------------------------------- 972 | #output.console: 973 | # Boolean flag to enable or disable the output module. 974 | #enabled: true 975 | 976 | # Configure JSON encoding 977 | #codec.json: 978 | # Pretty-print JSON event 979 | #pretty: false 980 | 981 | # Configure escaping HTML symbols in strings. 982 | #escape_html: false 983 | 984 | # =================================== Paths ==================================== 985 | 986 | # The home path for the Vulsbeat installation. This is the default base path 987 | # for all other path settings and for miscellaneous files that come with the 988 | # distribution (for example, the sample dashboards). 989 | # If not set by a CLI flag or in the configuration file, the default for the 990 | # home path is the location of the binary. 991 | #path.home: 992 | 993 | # The configuration path for the Vulsbeat installation. This is the default 994 | # base path for configuration files, including the main YAML configuration file 995 | # and the Elasticsearch template file. If not set by a CLI flag or in the 996 | # configuration file, the default for the configuration path is the home path. 997 | #path.config: ${path.home} 998 | 999 | # The data path for the Vulsbeat installation. This is the default base path 1000 | # for all the files in which Vulsbeat needs to store its data. If not set by a 1001 | # CLI flag or in the configuration file, the default for the data path is a data 1002 | # subdirectory inside the home path. 1003 | #path.data: ${path.home}/data 1004 | 1005 | # The logs path for a Vulsbeat installation. This is the default location for 1006 | # the Beat's log files. If not set by a CLI flag or in the configuration file, 1007 | # the default for the logs path is a logs subdirectory inside the home path. 1008 | #path.logs: ${path.home}/logs 1009 | 1010 | # ================================== Keystore ================================== 1011 | 1012 | # Location of the Keystore containing the keys and their sensitive values. 1013 | #keystore.path: "${path.config}/beats.keystore" 1014 | 1015 | # ================================= Dashboards ================================= 1016 | 1017 | # These settings control loading the sample dashboards to the Kibana index. Loading 1018 | # the dashboards are disabled by default and can be enabled either by setting the 1019 | # options here, or by using the `-setup` CLI flag or the `setup` command. 1020 | #setup.dashboards.enabled: false 1021 | 1022 | # The directory from where to read the dashboards. The default is the `kibana` 1023 | # folder in the home path. 1024 | #setup.dashboards.directory: ${path.home}/kibana 1025 | 1026 | # The URL from where to download the dashboards archive. It is used instead of 1027 | # the directory if it has a value. 1028 | #setup.dashboards.url: 1029 | 1030 | # The file archive (zip file) from where to read the dashboards. It is used instead 1031 | # of the directory when it has a value. 1032 | #setup.dashboards.file: 1033 | 1034 | # In case the archive contains the dashboards from multiple Beats, this lets you 1035 | # select which one to load. You can load all the dashboards in the archive by 1036 | # setting this to the empty string. 1037 | #setup.dashboards.beat: vulsbeat 1038 | 1039 | # The name of the Kibana index to use for setting the configuration. Default is ".kibana" 1040 | #setup.dashboards.kibana_index: .kibana 1041 | 1042 | # The Elasticsearch index name. This overwrites the index name defined in the 1043 | # dashboards and index pattern. Example: testbeat-* 1044 | #setup.dashboards.index: 1045 | 1046 | # Always use the Kibana API for loading the dashboards instead of autodetecting 1047 | # how to install the dashboards by first querying Elasticsearch. 1048 | #setup.dashboards.always_kibana: false 1049 | 1050 | # If true and Kibana is not reachable at the time when dashboards are loaded, 1051 | # it will retry to reconnect to Kibana instead of exiting with an error. 1052 | #setup.dashboards.retry.enabled: false 1053 | 1054 | # Duration interval between Kibana connection retries. 1055 | #setup.dashboards.retry.interval: 1s 1056 | 1057 | # Maximum number of retries before exiting with an error, 0 for unlimited retrying. 1058 | #setup.dashboards.retry.maximum: 0 1059 | 1060 | # ================================== Template ================================== 1061 | 1062 | # A template is used to set the mapping in Elasticsearch 1063 | # By default template loading is enabled and the template is loaded. 1064 | # These settings can be adjusted to load your own template or overwrite existing ones. 1065 | 1066 | # Set to false to disable template loading. 1067 | #setup.template.enabled: true 1068 | 1069 | # Select the kind of index template. From Elasticsearch 7.8, it is possible to 1070 | # use component templates. Available options: legacy, component, index. 1071 | # By default vulsbeat uses the legacy index templates. 1072 | #setup.template.type: legacy 1073 | 1074 | # Template name. By default the template name is "vulsbeat-%{[agent.version]}" 1075 | # The template name and pattern has to be set in case the Elasticsearch index pattern is modified. 1076 | #setup.template.name: "vulsbeat-%{[agent.version]}" 1077 | 1078 | # Template pattern. By default the template pattern is "-%{[agent.version]}-*" to apply to the default index settings. 1079 | # The first part is the version of the beat and then -* is used to match all daily indices. 1080 | # The template name and pattern has to be set in case the Elasticsearch index pattern is modified. 1081 | #setup.template.pattern: "vulsbeat-%{[agent.version]}-*" 1082 | 1083 | # Path to fields.yml file to generate the template 1084 | #setup.template.fields: "${path.config}/fields.yml" 1085 | 1086 | # A list of fields to be added to the template and Kibana index pattern. Also 1087 | # specify setup.template.overwrite: true to overwrite the existing template. 1088 | #setup.template.append_fields: 1089 | #- name: field_name 1090 | # type: field_type 1091 | 1092 | # Enable JSON template loading. If this is enabled, the fields.yml is ignored. 1093 | #setup.template.json.enabled: false 1094 | 1095 | # Path to the JSON template file 1096 | #setup.template.json.path: "${path.config}/template.json" 1097 | 1098 | # Name under which the template is stored in Elasticsearch 1099 | #setup.template.json.name: "" 1100 | 1101 | # Overwrite existing template 1102 | # Do not enable this option for more than one instance of vulsbeat as it might 1103 | # overload your Elasticsearch with too many update requests. 1104 | #setup.template.overwrite: false 1105 | 1106 | # Elasticsearch template settings 1107 | setup.template.settings: 1108 | 1109 | # A dictionary of settings to place into the settings.index dictionary 1110 | # of the Elasticsearch template. For more details, please check 1111 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html 1112 | #index: 1113 | #number_of_shards: 1 1114 | #codec: best_compression 1115 | 1116 | # A dictionary of settings for the _source field. For more details, please check 1117 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-source-field.html 1118 | #_source: 1119 | #enabled: false 1120 | 1121 | # ====================== Index Lifecycle Management (ILM) ====================== 1122 | 1123 | # Configure index lifecycle management (ILM). These settings create a write 1124 | # alias and add additional settings to the index template. When ILM is enabled, 1125 | # output.elasticsearch.index is ignored, and the write alias is used to set the 1126 | # index name. 1127 | 1128 | # Enable ILM support. Valid values are true, false, and auto. When set to auto 1129 | # (the default), the Beat uses index lifecycle management when it connects to a 1130 | # cluster that supports ILM; otherwise, it creates daily indices. 1131 | #setup.ilm.enabled: auto 1132 | 1133 | # Set the prefix used in the index lifecycle write alias name. The default alias 1134 | # name is 'vulsbeat-%{[agent.version]}'. 1135 | #setup.ilm.rollover_alias: 'vulsbeat' 1136 | 1137 | # Set the rollover index pattern. The default is "%{now/d}-000001". 1138 | #setup.ilm.pattern: "{now/d}-000001" 1139 | 1140 | # Set the lifecycle policy name. The default policy name is 1141 | # 'beatname'. 1142 | #setup.ilm.policy_name: "mypolicy" 1143 | 1144 | # The path to a JSON file that contains a lifecycle policy configuration. Used 1145 | # to load your own lifecycle policy. 1146 | #setup.ilm.policy_file: 1147 | 1148 | # Disable the check for an existing lifecycle policy. The default is true. If 1149 | # you disable this check, set setup.ilm.overwrite: true so the lifecycle policy 1150 | # can be installed. 1151 | #setup.ilm.check_exists: true 1152 | 1153 | # Overwrite the lifecycle policy at startup. The default is false. 1154 | #setup.ilm.overwrite: false 1155 | 1156 | # =================================== Kibana =================================== 1157 | 1158 | # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. 1159 | # This requires a Kibana endpoint configuration. 1160 | setup.kibana: 1161 | 1162 | # Kibana Host 1163 | # Scheme and port can be left out and will be set to the default (http and 5601) 1164 | # In case you specify and additional path, the scheme is required: http://localhost:5601/path 1165 | # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 1166 | #host: "localhost:5601" 1167 | 1168 | # Optional protocol and basic auth credentials. 1169 | #protocol: "https" 1170 | #username: "elastic" 1171 | #password: "changeme" 1172 | 1173 | # Optional HTTP path 1174 | #path: "" 1175 | 1176 | # Optional Kibana space ID. 1177 | #space.id: "" 1178 | 1179 | # Custom HTTP headers to add to each request 1180 | #headers: 1181 | # X-My-Header: Contents of the header 1182 | 1183 | # Use SSL settings for HTTPS. 1184 | #ssl.enabled: true 1185 | 1186 | # Controls the verification of certificates. Valid values are: 1187 | # * full, which verifies that the provided certificate is signed by a trusted 1188 | # authority (CA) and also verifies that the server's hostname (or IP address) 1189 | # matches the names identified within the certificate. 1190 | # * certificate, which verifies that the provided certificate is signed by a 1191 | # trusted authority (CA), but does not perform any hostname verification. 1192 | # * none, which performs no verification of the server's certificate. This 1193 | # mode disables many of the security benefits of SSL/TLS and should only be used 1194 | # after very careful consideration. It is primarily intended as a temporary 1195 | # diagnostic mechanism when attempting to resolve TLS errors; its use in 1196 | # production environments is strongly discouraged. 1197 | # The default value is full. 1198 | #ssl.verification_mode: full 1199 | 1200 | # List of supported/valid TLS versions. By default all TLS versions from 1.1 1201 | # up to 1.3 are enabled. 1202 | #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] 1203 | 1204 | # List of root certificates for HTTPS server verifications 1205 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 1206 | 1207 | # Certificate for SSL client authentication 1208 | #ssl.certificate: "/etc/pki/client/cert.pem" 1209 | 1210 | # Client certificate key 1211 | #ssl.key: "/etc/pki/client/cert.key" 1212 | 1213 | # Optional passphrase for decrypting the certificate key. 1214 | #ssl.key_passphrase: '' 1215 | 1216 | # Configure cipher suites to be used for SSL connections 1217 | #ssl.cipher_suites: [] 1218 | 1219 | # Configure curve types for ECDHE-based cipher suites 1220 | #ssl.curve_types: [] 1221 | 1222 | # Configure what types of renegotiation are supported. Valid options are 1223 | # never, once, and freely. Default is never. 1224 | #ssl.renegotiation: never 1225 | 1226 | # Configure a pin that can be used to do extra validation of the verified certificate chain, 1227 | # this allow you to ensure that a specific certificate is used to validate the chain of trust. 1228 | # 1229 | # The pin is a base64 encoded string of the SHA-256 fingerprint. 1230 | #ssl.ca_sha256: "" 1231 | 1232 | 1233 | # ================================== Logging =================================== 1234 | 1235 | # There are four options for the log output: file, stderr, syslog, eventlog 1236 | # The file output is the default. 1237 | 1238 | # Sets log level. The default log level is info. 1239 | # Available log levels are: error, warning, info, debug 1240 | #logging.level: info 1241 | 1242 | # Enable debug output for selected components. To enable all selectors use ["*"] 1243 | # Other available selectors are "beat", "publisher", "service" 1244 | # Multiple selectors can be chained. 1245 | #logging.selectors: [ ] 1246 | 1247 | # Send all logging output to stderr. The default is false. 1248 | #logging.to_stderr: false 1249 | 1250 | # Send all logging output to syslog. The default is false. 1251 | #logging.to_syslog: false 1252 | 1253 | # Send all logging output to Windows Event Logs. The default is false. 1254 | #logging.to_eventlog: false 1255 | 1256 | # If enabled, Vulsbeat periodically logs its internal metrics that have changed 1257 | # in the last period. For each metric that changed, the delta from the value at 1258 | # the beginning of the period is logged. Also, the total values for 1259 | # all non-zero internal metrics are logged on shutdown. The default is true. 1260 | #logging.metrics.enabled: true 1261 | 1262 | # The period after which to log the internal metrics. The default is 30s. 1263 | #logging.metrics.period: 30s 1264 | 1265 | # Logging to rotating files. Set logging.to_files to false to disable logging to 1266 | # files. 1267 | logging.to_files: true 1268 | logging.files: 1269 | # Configure the path where the logs are written. The default is the logs directory 1270 | # under the home path (the binary location). 1271 | #path: /var/log/vulsbeat 1272 | 1273 | # The name of the files where the logs are written to. 1274 | #name: vulsbeat 1275 | 1276 | # Configure log file size limit. If limit is reached, log file will be 1277 | # automatically rotated 1278 | #rotateeverybytes: 10485760 # = 10MB 1279 | 1280 | # Number of rotated log files to keep. Oldest files will be deleted first. 1281 | #keepfiles: 7 1282 | 1283 | # The permissions mask to apply when rotating log files. The default value is 0600. 1284 | # Must be a valid Unix-style file permissions mask expressed in octal notation. 1285 | #permissions: 0600 1286 | 1287 | # Enable log file rotation on time intervals in addition to size-based rotation. 1288 | # Intervals must be at least 1s. Values of 1m, 1h, 24h, 7*24h, 30*24h, and 365*24h 1289 | # are boundary-aligned with minutes, hours, days, weeks, months, and years as 1290 | # reported by the local system clock. All other intervals are calculated from the 1291 | # Unix epoch. Defaults to disabled. 1292 | #interval: 0 1293 | 1294 | # Rotate existing logs on startup rather than appending to the existing 1295 | # file. Defaults to true. 1296 | # rotateonstartup: true 1297 | 1298 | # Set to true to log messages in JSON format. 1299 | #logging.json: false 1300 | 1301 | # Set to true, to log messages with minimal required Elastic Common Schema (ECS) 1302 | # information. Recommended to use in combination with `logging.json=true` 1303 | # Defaults to false. 1304 | #logging.ecs: false 1305 | 1306 | # ============================= X-Pack Monitoring ============================== 1307 | # Vulsbeat can export internal metrics to a central Elasticsearch monitoring 1308 | # cluster. This requires xpack monitoring to be enabled in Elasticsearch. The 1309 | # reporting is disabled by default. 1310 | 1311 | # Set to true to enable the monitoring reporter. 1312 | #monitoring.enabled: false 1313 | 1314 | # Sets the UUID of the Elasticsearch cluster under which monitoring data for this 1315 | # Vulsbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch 1316 | # is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch. 1317 | #monitoring.cluster_uuid: 1318 | 1319 | # Uncomment to send the metrics to Elasticsearch. Most settings from the 1320 | # Elasticsearch output are accepted here as well. 1321 | # Note that the settings should point to your Elasticsearch *monitoring* cluster. 1322 | # Any setting that is not set is automatically inherited from the Elasticsearch 1323 | # output configuration, so if you have the Elasticsearch output configured such 1324 | # that it is pointing to your Elasticsearch monitoring cluster, you can simply 1325 | # uncomment the following line. 1326 | #monitoring.elasticsearch: 1327 | 1328 | # Array of hosts to connect to. 1329 | # Scheme and port can be left out and will be set to the default (http and 9200) 1330 | # In case you specify and additional path, the scheme is required: http://localhost:9200/path 1331 | # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200 1332 | #hosts: ["localhost:9200"] 1333 | 1334 | # Set gzip compression level. 1335 | #compression_level: 0 1336 | 1337 | # Protocol - either `http` (default) or `https`. 1338 | #protocol: "https" 1339 | 1340 | # Authentication credentials - either API key or username/password. 1341 | #api_key: "id:api_key" 1342 | #username: "beats_system" 1343 | #password: "changeme" 1344 | 1345 | # Dictionary of HTTP parameters to pass within the URL with index operations. 1346 | #parameters: 1347 | #param1: value1 1348 | #param2: value2 1349 | 1350 | # Custom HTTP headers to add to each request 1351 | #headers: 1352 | # X-My-Header: Contents of the header 1353 | 1354 | # Proxy server url 1355 | #proxy_url: http://proxy:3128 1356 | 1357 | # The number of times a particular Elasticsearch index operation is attempted. If 1358 | # the indexing operation doesn't succeed after this many retries, the events are 1359 | # dropped. The default is 3. 1360 | #max_retries: 3 1361 | 1362 | # The maximum number of events to bulk in a single Elasticsearch bulk API index request. 1363 | # The default is 50. 1364 | #bulk_max_size: 50 1365 | 1366 | # The number of seconds to wait before trying to reconnect to Elasticsearch 1367 | # after a network error. After waiting backoff.init seconds, the Beat 1368 | # tries to reconnect. If the attempt fails, the backoff timer is increased 1369 | # exponentially up to backoff.max. After a successful connection, the backoff 1370 | # timer is reset. The default is 1s. 1371 | #backoff.init: 1s 1372 | 1373 | # The maximum number of seconds to wait before attempting to connect to 1374 | # Elasticsearch after a network error. The default is 60s. 1375 | #backoff.max: 60s 1376 | 1377 | # Configure HTTP request timeout before failing an request to Elasticsearch. 1378 | #timeout: 90 1379 | 1380 | # Use SSL settings for HTTPS. 1381 | #ssl.enabled: true 1382 | 1383 | # Controls the verification of certificates. Valid values are: 1384 | # * full, which verifies that the provided certificate is signed by a trusted 1385 | # authority (CA) and also verifies that the server's hostname (or IP address) 1386 | # matches the names identified within the certificate. 1387 | # * certificate, which verifies that the provided certificate is signed by a 1388 | # trusted authority (CA), but does not perform any hostname verification. 1389 | # * none, which performs no verification of the server's certificate. This 1390 | # mode disables many of the security benefits of SSL/TLS and should only be used 1391 | # after very careful consideration. It is primarily intended as a temporary 1392 | # diagnostic mechanism when attempting to resolve TLS errors; its use in 1393 | # production environments is strongly discouraged. 1394 | # The default value is full. 1395 | #ssl.verification_mode: full 1396 | 1397 | # List of supported/valid TLS versions. By default all TLS versions from 1.1 1398 | # up to 1.3 are enabled. 1399 | #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] 1400 | 1401 | # List of root certificates for HTTPS server verifications 1402 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 1403 | 1404 | # Certificate for SSL client authentication 1405 | #ssl.certificate: "/etc/pki/client/cert.pem" 1406 | 1407 | # Client certificate key 1408 | #ssl.key: "/etc/pki/client/cert.key" 1409 | 1410 | # Optional passphrase for decrypting the certificate key. 1411 | #ssl.key_passphrase: '' 1412 | 1413 | # Configure cipher suites to be used for SSL connections 1414 | #ssl.cipher_suites: [] 1415 | 1416 | # Configure curve types for ECDHE-based cipher suites 1417 | #ssl.curve_types: [] 1418 | 1419 | # Configure what types of renegotiation are supported. Valid options are 1420 | # never, once, and freely. Default is never. 1421 | #ssl.renegotiation: never 1422 | 1423 | # Configure a pin that can be used to do extra validation of the verified certificate chain, 1424 | # this allow you to ensure that a specific certificate is used to validate the chain of trust. 1425 | # 1426 | # The pin is a base64 encoded string of the SHA-256 fingerprint. 1427 | #ssl.ca_sha256: "" 1428 | 1429 | # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. 1430 | #kerberos.enabled: true 1431 | 1432 | # Authentication type to use with Kerberos. Available options: keytab, password. 1433 | #kerberos.auth_type: password 1434 | 1435 | # Path to the keytab file. It is used when auth_type is set to keytab. 1436 | #kerberos.keytab: /etc/elastic.keytab 1437 | 1438 | # Path to the Kerberos configuration. 1439 | #kerberos.config_path: /etc/krb5.conf 1440 | 1441 | # Name of the Kerberos user. 1442 | #kerberos.username: elastic 1443 | 1444 | # Password of the Kerberos user. It is used when auth_type is set to password. 1445 | #kerberos.password: changeme 1446 | 1447 | # Kerberos realm. 1448 | #kerberos.realm: ELASTIC 1449 | 1450 | #metrics.period: 10s 1451 | #state.period: 1m 1452 | 1453 | # The `monitoring.cloud.id` setting overwrites the `monitoring.elasticsearch.hosts` 1454 | # setting. You can find the value for this setting in the Elastic Cloud web UI. 1455 | #monitoring.cloud.id: 1456 | 1457 | # The `monitoring.cloud.auth` setting overwrites the `monitoring.elasticsearch.username` 1458 | # and `monitoring.elasticsearch.password` settings. The format is `:`. 1459 | #monitoring.cloud.auth: 1460 | 1461 | # =============================== HTTP Endpoint ================================ 1462 | 1463 | # Each beat can expose internal metrics through a HTTP endpoint. For security 1464 | # reasons the endpoint is disabled by default. This feature is currently experimental. 1465 | # Stats can be access through http://localhost:5066/stats . For pretty JSON output 1466 | # append ?pretty to the URL. 1467 | 1468 | # Defines if the HTTP endpoint is enabled. 1469 | #http.enabled: false 1470 | 1471 | # The HTTP endpoint will bind to this hostname, IP address, unix socket or named pipe. 1472 | # When using IP addresses, it is recommended to only use localhost. 1473 | #http.host: localhost 1474 | 1475 | # Port on which the HTTP endpoint will bind. Default is 5066. 1476 | #http.port: 5066 1477 | 1478 | # Define which user should be owning the named pipe. 1479 | #http.named_pipe.user: 1480 | 1481 | # Define which the permissions that should be applied to the named pipe, use the Security 1482 | # Descriptor Definition Language (SDDL) to define the permission. This option cannot be used with 1483 | # `http.user`. 1484 | #http.named_pipe.security_descriptor: 1485 | 1486 | # ============================== Process Security ============================== 1487 | 1488 | # Enable or disable seccomp system call filtering on Linux. Default is enabled. 1489 | #seccomp.enabled: true 1490 | 1491 | # ============================== Instrumentation =============================== 1492 | 1493 | # Instrumentation support for the vulsbeat. 1494 | #instrumentation: 1495 | # Set to true to enable instrumentation of vulsbeat. 1496 | #enabled: false 1497 | 1498 | # Environment in which vulsbeat is running on (eg: staging, production, etc.) 1499 | #environment: "" 1500 | 1501 | # APM Server hosts to report instrumentation results to. 1502 | #hosts: 1503 | # - http://localhost:8200 1504 | 1505 | # API Key for the APM Server(s). 1506 | # If api_key is set then secret_token will be ignored. 1507 | #api_key: 1508 | 1509 | # Secret token for the APM Server(s). 1510 | #secret_token: 1511 | 1512 | # Enable profiling of the server, recording profile samples as events. 1513 | # 1514 | # This feature is experimental. 1515 | #profiling: 1516 | #cpu: 1517 | # Set to true to enable CPU profiling. 1518 | #enabled: false 1519 | #interval: 60s 1520 | #duration: 10s 1521 | #heap: 1522 | # Set to true to enable heap profiling. 1523 | #enabled: false 1524 | #interval: 60s 1525 | 1526 | # ================================= Migration ================================== 1527 | 1528 | # This allows to enable 6.7 migration aliases 1529 | #migration.6_to_7.enabled: false 1530 | 1531 | --------------------------------------------------------------------------------