{
  "version": 3,
  "sources": ["ssg:https://framerusercontent.com/modules/o9KXpzigBQUT1GLJkGJK/CM0WOsQJB9UJ1mVgiLcd/YHdMp3byK-10.js"],
  "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{ComponentPresetsConsumer as n,Link as o}from\"framer\";import{motion as a}from\"framer-motion\";import*as r from\"react\";import i from\"https://framerusercontent.com/modules/pVk4QsoHxASnVtUBp6jr/QVzZltTawVJTjmjAWG3C/CodeBlock.js\";import s from\"https://framerusercontent.com/modules/pVk4QsoHxASnVtUBp6jr/TbhpORLndv1iOkZzyo83/CodeBlock.js\";export const richText=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Security Information and Event Management (SIEM) platforms have been around for more than a decade, and in that time, they have become an essential part of the security landscape. However, as our State of SIEM report shows, there are many challenges facing SIEM users today. In this article, we will explore five of the most pressing challenges faced by security teams today and how SIEM can help address them.\"}),/*#__PURE__*/e(\"h3\",{children:\"Takeaway 1: SIEM alerts are a significant challenge\"}),/*#__PURE__*/e(\"p\",{children:\"According to the security practitioners we surveyed, alert quality is one of the biggest concerns for security teams today. Poor quality alerts can clog up the security team's inbox with signals that are not actually threats and lead to wasted time and resources as the team investigates false alerts. In addition, false positives can cause a loss of trust in the SIEM's capability to do its job accurately. All of these factors can significantly impact the security team's effectiveness.\"}),/*#__PURE__*/e(\"p\",{children:\"A modern SIEM platform should reduce the volume of low-quality alerts and provide context and risk-based prioritization by allowing you to write flexible, robust detections. By using Python and standard CI/CD workflows, you can refine your alerts to those you need while reducing the noise created by false positives. With context and automatic prioritization based on risk, security teams can focus on the most critical signals and reduce the risk of being overwhelmed by false positives.\"}),/*#__PURE__*/e(\"h3\",{children:\"Takeaway 2: Most SIEMs provide limited coverage\"}),/*#__PURE__*/e(\"p\",{children:\"Many security professionals feel that their current SIEM solution only covers a limited amount of their critical data. Nearly half said their legacy solution protects only 50% of their essential security data.\"}),/*#__PURE__*/e(\"p\",{children:\"One of the biggest challenges for security teams is that their data comes from various sources. It's essential for security teams to have a way to collect, normalize, and store all this data in a single place so they can analyze it effectively.\"}),/*#__PURE__*/e(\"p\",{children:\"A data lake is a perfect solution for this challenge. It can also handle large volumes of data at a low cost. Security teams can use this data to investigate suspicious activities quickly. \"}),/*#__PURE__*/e(\"h3\",{children:\"Takeaway 3: It takes too long to deploy SIEMs\"}),/*#__PURE__*/e(\"p\",{children:\"Traditional SIEMs are complicated and bulky tools that require a lot of heavy lifting at every stage, including configuration and deployment, integration with data sources, and writing detections. Most respondents said receiving high-value alerts takes longer than a month. This doesn't have to be the case, as there are ways to speed up the process. \"}),/*#__PURE__*/e(\"p\",{children:\"One reason it can take so long to deploy a SIEM is to agree on a critical data source, integrate with that source,  and define schemas to ingest the data. Additionally, SIEMs may also require additional infrastructure to be stood up and maintained.  \"}),/*#__PURE__*/e(\"h3\",{children:\"Takeaway 4: SIEM costs are skyrocketing\"}),/*#__PURE__*/e(\"p\",{children:\"The cost of current SIEM solutions is a significant concern for many users. Organizations can easily spend hundreds of thousands of dollars for a SIEM solution. The cost often increases as the number of sensors and data sources grows. In addition, many users feel that the functionality of current SIEM solutions is limited, and there needs to be more innovation in this area.\"}),/*#__PURE__*/e(\"p\",{children:\"These factors can lead users to look for a new SIEM platform. Fortunately, options today offer more features at a lower cost than legacy  SIEM platforms. In addition, innovative new platforms provide features not found in legacy SIEM solutions. Security teams should evaluate these new platforms to see if they offer a better fit for their needs.\"}),/*#__PURE__*/e(\"h3\",{children:\"Takeaway 5: SIEMs are complex to deploy and maintain\"}),/*#__PURE__*/e(\"p\",{children:\"One of the main reasons security teams say they don't use a SIEM platform is that they find them too complex to implement. In addition, many users feel that the complexity of current SIEM platforms makes it difficult to get value from them.\"}),/*#__PURE__*/e(\"p\",{children:\"A modern SIEM platform should be easy to install and use. It should provide an intuitive user interface that makes it easy for security teams to collect and analyze data effectively. It should also automate common tasks like data collection and analysis so security teams can focus on investigating threats and incidents.\"}),/*#__PURE__*/e(\"h3\",{children:\"Choosing the Right SIEM\"}),/*#__PURE__*/e(\"p\",{children:\"When it comes to detecting and preventing cybersecurity threats, a modern SIEM platform must react quickly and accurately. Using a universally accessible and well-understood language makes it easier for a broader range of experts to create custom detections and improves the platform's overall effectiveness. \"}),/*#__PURE__*/e(\"p\",{children:\"One solution to reduce your security operations' complexity is choosing a cloud-native SIEM provider. Not only will you save time and relieve your team of unnecessary burdens, but outsourcing to a cloud-native SIEM can streamline your security operations and give you peace of mind.\"}),/*#__PURE__*/e(\"p\",{children:\"When purchasing security software, focusing solely on initial costs can be tempting. However, this narrow focus can lead to overlooking the vital factor of the total cost of ownership. In addition to initial licensing fees, factors such as the time and resources required for onboarding new log sources, writing and editing detections, and searching for Indicators of Compromise (IoCs) can all add up in the long run. Considering these additional costs is crucial before making a final decision on a security platform. \"}),/*#__PURE__*/e(\"p\",{children:\"Taking the time to assess the total cost of ownership thoroughly can save money and valuable resources in the long run. It's a critical aspect that organizational leaders should pay attention to during the purchasing process.\"}),/*#__PURE__*/e(\"p\",{children:\"Ultimately, choosing the right SIEM means choosing one that can help solve the challenges listed above, placing you in a better position to defend your organization more effectively and efficiently.\"})]});export const richText1=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Amazon Web Services (AWS) is the worlds most comprehensive and broadly adopted cloud platform with many companies continuing to trust AWS for their critical infrastructure and business-specific data. With this shift to the cloud, the landscape of an organizations attack surface has become increasingly unpredictable making it more difficult to protect. \"}),/*#__PURE__*/e(\"p\",{children:\"Commonly, security teams would leverage a legacy SIEM tool to provide coverage for business-specific infrastructure and services. However, legacy SIEM tools lack the ability to match the scale and customizability that AWS provides. Leaving security professionals with much to be desired. \"}),/*#__PURE__*/e(\"p\",{children:\"In comes Panther, a modern SIEM tool that can make security operations painless. Panthers product can efficiently ingest, normalize, and structure AWS logs so that security teams can effectively implement the right detections for their specific AWS environment. Panther also enables a Detection-as-Code practice empowering security teams to scale their security engineering operations resiliently alongside their AWS environment as it changes and grows. \"}),/*#__PURE__*/e(\"p\",{children:\"By the end of this blog, well overview onboarding different AWS log sources into Panther, and how its ingestion and enrichment process empowers security teams to deliver the best coverage to their cloud environment. \"}),/*#__PURE__*/e(\"h3\",{children:\"What is Ingestion?\"}),/*#__PURE__*/t(\"p\",{children:[\"The majority of SIEM journeys begin at a similar point, ingestion. \",/*#__PURE__*/e(o,{href:\"https://docs.mezmo.com/docs/ingestion\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Ingestion\"})}),\" refers to the process of formatting and uploading log data from external sources like hosts, applications, and cloud-based services. On the surface, this process seems simple. But it comes with a myriad of hidden roadblocks. \"]}),/*#__PURE__*/t(\"p\",{children:[\"As most SIEM tools require heavy security operations to scale log ingest, security teams are handcuffed to get the most up-to-date data. Ingestion in legacy SIEM tools requires teams to plan operations, scale infrastructure, and then ingest the data. Even after that, formatting the data once its inside a SIEM tool can be extremely cumbersome. Legacy SIEMs require the need to create \",/*#__PURE__*/e(o,{href:\"https://help.sumologic.com/docs/cse/schema/parsing-language-reference-guide/#:~:text=Parsing%20is%20the%20first%20step,The%20raw%20message%20is%20retained.\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"parsers\"})}),\" for every log source. These need to be updated when log formats change making them need consistent care and attention. \"]}),/*#__PURE__*/e(\"p\",{children:\"With a modern SIEM tool like Panther, security teams are able to conquer ingestion roadblocks with ease. First off, Panther is built on a serverless architecture, ingesting logs has never been easier. Not only are security operations almost obsolete, but planning ingestion goes out the window. When logs are ingested, Panther automatically scales to the needs of the situation. Creating zero planning or preparation necessary by the security team. \"}),/*#__PURE__*/t(\"p\",{children:[\"Second, formatting logs doesnt require parsers to be built for each log source. Instead, a common parsing engine already exists, and security teams only need to specify a \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/data-onboarding/custom-log-types/reference\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"schema\"})}),\". All \",/*#__PURE__*/e(o,{href:\"https://panther.com/integrations/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pre-built\"})}),\" log sources already have schema built-in and can immediately ingest logs without any configuration. When a security team needs to onboard a log source Panther doesnt currently support, building a custom schema is extremely easy and efficient. Users can onboard data into an S3 bucket, and Panther generates a schema from live data. \"]}),/*#__PURE__*/e(\"p\",{children:\"With clear advantages to getting started with pre-built log sources and custom log sources, ingestion becomes a seamless process with Panther. Lets look at an example in more detail. \"}),/*#__PURE__*/e(\"h3\",{children:\"Ingesting S3_Server_Access Logs\"}),/*#__PURE__*/e(\"p\",{children:\"Server access logging provides detailed information for requests that are made to an AWS S3 bucket. Once these logs are set up in AWS to log and store in a respective S3 bucket, they can easily be onboarded into Panther. \"}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[\"Login to the Panther Console and go to \",/*#__PURE__*/e(\"em\",{children:\"Configure > Log Sources > Create New\"})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Search for S3 Server Access Logs\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Then select S3 Bucket as the transport method\"})})]}),/*#__PURE__*/e(\"img\",{alt:\"Panther console showing a search for s3 in log sources with AWS S3 bucket selected as a transport method\",className:\"framer-image\",height:\"557\",src:\"https://framerusercontent.com/images/lm2egMU1Q8icfJWvMI4S6ZmOnc.png\",srcSet:\"https://framerusercontent.com/images/lm2egMU1Q8icfJWvMI4S6ZmOnc.png?scale-down-to=512 512w,https://framerusercontent.com/images/lm2egMU1Q8icfJWvMI4S6ZmOnc.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/lm2egMU1Q8icfJWvMI4S6ZmOnc.png 1999w\",style:{aspectRatio:\"1999 / 1115\"},width:\"999\"}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Provide your AWS Account ID, the name of the S3 bucket, and KMS encryption (if used)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Youll notice that the schema for S3_Server_Access logs is pre-built and already applied\"})})]}),/*#__PURE__*/e(\"img\",{alt:\"Screenshot of the schemas field prepopulated with AWS.S3ServerAccess schema\",className:\"framer-image\",height:\"183\",src:\"https://framerusercontent.com/images/N6Y1kf9zSiQcrLmBERU5PJWYr6A.png\",srcSet:\"https://framerusercontent.com/images/N6Y1kf9zSiQcrLmBERU5PJWYr6A.png?scale-down-to=512 512w,https://framerusercontent.com/images/N6Y1kf9zSiQcrLmBERU5PJWYr6A.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/N6Y1kf9zSiQcrLmBERU5PJWYr6A.png 1332w\",style:{aspectRatio:\"1332 / 366\"},width:\"666\"}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"On the next screen, use the CloudFormation template either through the AWS console or CLI to create an IAM role, adding permissions for logs to be sent to Panther\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Youre done!\"})})]}),/*#__PURE__*/e(\"p\",{children:\"After this point, logs are streaming into Panther and already being formatted with the schema that exists. No security operations planning was required and no additional parser or setup work was needed. Making this process takes as little as 10 minutes. Of course, ingesting logs is only half the battle, as security teams also need to analyze the incoming data properly. This is where detections commonly come in handy to analyze and alert on potentially malicious log events. \"}),/*#__PURE__*/e(\"h3\",{children:\"Real-Time Detections with Streaming Log Events\"}),/*#__PURE__*/e(\"p\",{children:\"Detections (or rules) can be applied to ingested log events to analyze data and provide alerts on potentially malicious activity. Many legacy SIEMs require security teams to create detections in proprietary languages, made specifically for their tools. This makes detection development a specialized assignment that only certain programmers can execute. Making detection time take weeks or even months to develop or extremely high-cost for support from a managed service. \"}),/*#__PURE__*/e(\"p\",{children:\"Panther provides three benefits to onboarded with detections: \"}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Detection-as-Code principles to manage detection development workflows\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Python-Based detections that allow for simple code reuse\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Pre-Built Detection packs to get you started in minutes\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Lets see how these three benefits can be directly applied to AWS S3_Server_Access logs that we onboarded in the previous example. \"}),/*#__PURE__*/e(\"h3\",{children:\"Detection-as-Code Workflows & Custom Python Rules\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://panther.com/cyber-explained/detections-as-code/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Detection-as-Code\"})}),\" is a term used to describe applying software development workflows to the creation, testing, and deployment of detections. With Panther, security teams can easily integrate developer tools such as \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/panther-developer-workflows/ci-cd-onboarding-guide\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CI/CD workflows\"})}),\", custom Python libraries, and version control/pull requests to manage changes in respective detections. With these methods, we can easily create an accurate detection for S3_Server_Access. \"]}),/*#__PURE__*/e(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Lets look at the S3_Server_Access log \"})})}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Lets create a detection that signals when a user with a global administrator role makes a GET request. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Once we write our detection, it should look something like below\"})})]}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Now we can utilize a unit test within the product or locally to test whether this detection runs properly. Based on the sample event were comparing to our detection, it fires properly. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Then to be more specific, we can sample the detection against 30 days worth of live data using data replay. This will give us the results of our detection below. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Once these tests are completed, if integrated with CI/CD, I can submit a pull request and have it checked by an approver\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Within the span of a few hours, I am able to create a brand new detection, run specific tests to ensure its accuracy, and then have a reviewer check it for visibility. Therefore, detection-as-code gives security teams full visibility into who modified a detection, when did it change, and if its still working the way its supposed to. \"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Pre-Built Detection Packs\"})}),/*#__PURE__*/t(\"p\",{children:[\"Alternatively to writing your own detections, Panther provides out-of-the-box detection that can be modified depending on your organizations needs. These detections are provided in what we call \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/detection-packs\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"packs\"})}),\" and can be accessed within the Panther console UI. Packs are based on log sources and consist of generalized detections that can be applied instantly to newly ingested log sources. To begin enabling packs specific to AWS: \"]}),/*#__PURE__*/t(\"ol\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\",\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[\"Login to the Panther Console and select \",/*#__PURE__*/e(\"em\",{children:\"Build > Packs \"})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Search for AWS and enable the Panther Core AWS Pack\"})})]}),/*#__PURE__*/e(\"img\",{alt:\"Screenshot of Panther Core AWS Pack being enabled with 9 rules, 34 policies, 4 helpers, and 4 data models\",className:\"framer-image\",height:\"125\",src:\"https://framerusercontent.com/images/UqQ5IYQH7GMrSuT9bGIkOeN4.png\",srcSet:\"https://framerusercontent.com/images/UqQ5IYQH7GMrSuT9bGIkOeN4.png?scale-down-to=512 512w,https://framerusercontent.com/images/UqQ5IYQH7GMrSuT9bGIkOeN4.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/UqQ5IYQH7GMrSuT9bGIkOeN4.png 1999w\",style:{aspectRatio:\"1999 / 250\"},width:\"999\"}),/*#__PURE__*/e(\"p\",{children:\"The detections within this pack will now be applied to incoming logs within a few minutes. This is the fastest way to get started with detection in Panther. \"}),/*#__PURE__*/e(\"h3\",{children:\"Get Started! Try Panther\"}),/*#__PURE__*/e(\"p\",{children:\"With the ability to ingest numerous AWS log sources as well as apply out-of-the-box and custom detections with Panther in under an hour, security teams have immediate access to AWS to protect their AWS environment. \"}),/*#__PURE__*/t(\"p\",{children:[\"Learn more about how to write custom detections at one of our detection-as-code \",/*#__PURE__*/e(o,{href:\"https://panther.com/workshops/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"workshops\"})}),\". \"]})]});export const richText2=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"With the massive expansion of SaaS adoption over the last decade, there has been an explosion of data for security teams to manage. One of the primary providers enabling this widespread cloud adoption is Microsoft Azure.\"}),/*#__PURE__*/t(\"p\",{children:[\"Being one of the established\",/*#__PURE__*/e(o,{href:\"https://www.bmc.com/blogs/aws-vs-azure-vs-google-cloud-platforms/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(a.a,{children:[\" \",/*#__PURE__*/e(\"em\",{children:\"Big 3\"}),\" \"]})}),\"cloud providers, Azure accounts for a \",/*#__PURE__*/e(o,{href:\"https://www.ciodive.com/news/aws-microsoft-google-cloud-market-share/623004/#:~:text=Microsoft%20Azure%20commands%2022%25%20of,is%20nearing%201%25%20annual%20growth.\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"22% market share\"})}),\" and has a growing adoption of roughly 40% annually. In order to accommodate the security teams implementing any of the many Microsoft or Azure services, Panther has added support for the Microsoft Graph API. \"]}),/*#__PURE__*/e(\"p\",{children:\"In this blog, well discuss the different Azure and Microsoft services that Panther can integrate with through the Graph API. \"}),/*#__PURE__*/e(\"h3\",{children:\"Supported Microsoft & Azure Services\"}),/*#__PURE__*/e(\"p\",{children:\"Panther can now integrate with the Microsoft Graph API which can be used to obtain security alerts from the following Microsoft & Azure security products below: \"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Azure Active Directory Identity Protection\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Azure Information Protection\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Microsoft 365 (Default, Cloud App Security, Custom Alerts)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Microsoft Defender for Cloud Apps\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Microsoft Defender for Endpoint\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Microsoft Defender for Identity\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Microsoft Sentinel \"})})]}),/*#__PURE__*/e(\"p\",{children:\"The following data sources have pre-built schema created in the Panther product. Once the API is integrated, logs can be automatically parsed, normalized, and enriched as theyre streamed into Panther. Users can then create detections to apply to logs in real time and get alerts within minutes. \"}),/*#__PURE__*/e(\"p\",{children:\"Sample alerts from these services include \"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Anonymous IP access (Azure AD)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Compromised Account (Cloud App Security) \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Compromised Credential Alerts (Defender)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Suspected Identity Theft (pass-the-hash)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Honeytoken Activity\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Data Exfiltration over SMB\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Lets take a look at how we can take one of these alerts and create an additional context to it in Panther. \"}),/*#__PURE__*/e(\"h3\",{children:\"Use Cases with Graph API and Panther\"}),/*#__PURE__*/e(\"p\",{children:\"Lets take a specific example of an alert from Microsoft Defender for Identity, that signals when a suspected identity theft (pass-the-hash) is being attempted. The alert is generated in Microsoft and pulled into Panther. Panther parses, normalizes, and enriches the data to include the addition of p_fields. These fields standardize all log sources so that theyre searchable all at once. \"}),/*#__PURE__*/e(\"p\",{children:\"Once the alert is generated, you can use indicator search to run an IoC-based investigation, searching to see if the IP address associated with the Microsoft Defender alert had been involved in other services across the organizations environment. \"}),/*#__PURE__*/e(\"img\",{alt:\"Indicator search results showing hits against rules in AWS CloudTrail, Okta System Log, and Panther Audit tables.\",className:\"framer-image\",height:\"695\",src:\"https://framerusercontent.com/images/lXEWje5VWnUK9YGSmK5hQCi444o.png\",srcSet:\"https://framerusercontent.com/images/lXEWje5VWnUK9YGSmK5hQCi444o.png?scale-down-to=512 512w,https://framerusercontent.com/images/lXEWje5VWnUK9YGSmK5hQCi444o.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/lXEWje5VWnUK9YGSmK5hQCi444o.png 1790w\",style:{aspectRatio:\"1790 / 1390\"},width:\"895\"}),/*#__PURE__*/e(\"p\",{children:\"With the search, you can now see the rule matches and log hits, where the IP has been detected, in other services outside of Microsoft. Seeing that there are a large number of rule matches in our Okta system logs, you can further pivot your investigation by digging into the individual event logs in the data explorer. By simply selecting one of the boxes above, a SQL query will be generated.\"}),/*#__PURE__*/e(\"img\",{alt:\"Expanded search results with ability to view event JSON for different rule matches.\",className:\"framer-image\",height:\"234\",src:\"https://framerusercontent.com/images/1IwfV1sVEXgNCuqtdDaj74pjMg.png\",srcSet:\"https://framerusercontent.com/images/1IwfV1sVEXgNCuqtdDaj74pjMg.png?scale-down-to=512 512w,https://framerusercontent.com/images/1IwfV1sVEXgNCuqtdDaj74pjMg.png 744w\",style:{aspectRatio:\"744 / 468\"},width:\"372\"}),/*#__PURE__*/e(\"p\",{children:\"Once the data is queried, you can filter to see the respective alerts that have been triggered by the suspected IP address. Seeing that an API key has been created by the IP, you can assume that credentials have been compromised and begin locking down the respective accounts. \"}),/*#__PURE__*/e(\"p\",{children:\"In a matter of minutes, youre able to receive the initial alert, correlate it with the rest of your data, and then analyze the suspected intruder within other applications and services in your environment. This gives you a complete understanding of the potential threats in minutes. \"}),/*#__PURE__*/e(\"h3\",{children:\"Integrating the Graph API into Panther\"}),/*#__PURE__*/t(\"p\",{children:[\"In order to get started with integrating the Microsoft Graph API with Panther, login to your Panther console and navigate to \",/*#__PURE__*/e(\"em\",{children:\"Configure > Log Sources > Create New. \"}),\"Under Services List with built-in support find the Microsoft Graph logo. \"]}),/*#__PURE__*/e(\"img\",{alt:\"Screenshot of the built-in source add screen showing 40 built-in integrations including Microsoft Graph\",className:\"framer-image\",height:\"332\",src:\"https://framerusercontent.com/images/VCVhcf3tgdS2KQnFharCmCoAI.png\",srcSet:\"https://framerusercontent.com/images/VCVhcf3tgdS2KQnFharCmCoAI.png?scale-down-to=512 512w,https://framerusercontent.com/images/VCVhcf3tgdS2KQnFharCmCoAI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/VCVhcf3tgdS2KQnFharCmCoAI.png 1137w\",style:{aspectRatio:\"1137 / 665\"},width:\"568\"}),/*#__PURE__*/e(\"p\",{children:\"Once found, select Start Source Setup\"}),/*#__PURE__*/e(\"img\",{alt:\"Brief description of the Microsoft Graph source with a \",className:\"framer-image\",height:\"129\",src:\"https://framerusercontent.com/images/goETX2JCdVIyBWY0NdQDmyHxo3w.png\",style:{aspectRatio:\"430 / 258\"},width:\"215\"}),/*#__PURE__*/t(\"p\",{children:[\"Enter in a unique name for the integration along with your Microsoft Tenant ID (this can be generated from \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/data-onboarding/supported-logs/microsoftgraph#step-1-create-an-azure-ad-application\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Azure AD\"})}),\")\"]}),/*#__PURE__*/e(\"img\",{alt:\"We need to know where to get your logs from. Form shows a name and Microsoft Tenant ID field\",className:\"framer-image\",height:\"240\",src:\"https://framerusercontent.com/images/h7Nw97EGVzmizKQzuyl0Tk14.png\",srcSet:\"https://framerusercontent.com/images/h7Nw97EGVzmizKQzuyl0Tk14.png?scale-down-to=512 512w,https://framerusercontent.com/images/h7Nw97EGVzmizKQzuyl0Tk14.png 572w\",style:{aspectRatio:\"572 / 480\"},width:\"286\"}),/*#__PURE__*/e(\"p\",{children:\"The next screen will provide you a redirect link that should be shared in Azure AD. Then lastly provide your Client ID and Client Secret from Azure AD.\"}),/*#__PURE__*/e(\"img\",{alt:\"We suggest you create a new application for application purposes. 1. Use the link below as the redirect URL in your App settings (followed by example link). 2. Fill in the credentials below (Client ID and Client Secret)\",className:\"framer-image\",height:\"203\",src:\"https://framerusercontent.com/images/pjCWiE1NIUlU0mO92xsFyPIpKRY.png\",srcSet:\"https://framerusercontent.com/images/pjCWiE1NIUlU0mO92xsFyPIpKRY.png?scale-down-to=512 512w,https://framerusercontent.com/images/pjCWiE1NIUlU0mO92xsFyPIpKRY.png 520w\",style:{aspectRatio:\"520 / 407\"},width:\"260\"}),/*#__PURE__*/e(\"p\",{children:\"Once done, the integration is completed. You should start seeing events streamed into Panther in a few minutes. Now that logs are streamed into Panther, lets look at examples of what we can do with the incoming data. \"}),/*#__PURE__*/e(\"h3\",{children:\"Get Started\"}),/*#__PURE__*/e(\"p\",{children:\"With the ability to set up Panther in under an hour, security teams have immediate access to add coverage of their Azure and Microsoft tools in minutes. Our platform provides teams with more detection coverage, development efficiency, and accuracy with alerts, and can also lead to significant reductions in the total cost of ownership. \"})]});export const richText3=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.linkedin.com/in/mikesaxton/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Mike Saxton\"})})}),/*#__PURE__*/e(\"em\",{children:\" is Technical Director of Defensive Cyber Operations at Booz Allen Hamilton. His primary focus is on implementing technical solutions to protect against vulnerabilities, exploit software or hardware, data threats and other emerging risks that may threaten critical system operations. \"})]}),/*#__PURE__*/e(\"h3\",{children:\"Background\"}),/*#__PURE__*/e(\"p\",{children:\"As a Federal System Integrator, we are often required to work on the systems our clients have in place. Where a traditional commercial organization has set Vendor products in place, across the Federal government there might be a series of systems from multiple vendors, and as every Security practitioner is keenly aware, they each come with their own data format. In our support of the Federal government at the multi-million endpoint scale, we've had to rethink the process for delivering detection at scale efficiently and effectively to meet the needs of our teams deployed at dozens of locations. Detection-as-Code has enabled us to rapidly build, test, share, and deploy detections across some of the US' most critical governmental organizations. \"}),/*#__PURE__*/e(\"p\",{children:\"A while back, I sat with our security teams and did a monthly retrospective, during which I noticed across our 5 teams, they had reviewed nearly 200 intel reports a day resulting in the deployment of over 17,000 detections that month. The teams were tired, our processes weren't working, and we needed a new way to accomplish a Herculean task that was sustainable over the long run. One of our Analysts pitched the start of our detection-as-code process and we've spent nearly 7 years refining this process to deliver in environments of nearly 6 million endpoints.  \"}),/*#__PURE__*/e(\"h3\",{children:\"What is Detection-as-Code to Us?\"}),/*#__PURE__*/e(\"p\",{children:\"Before going into our journey, it's good to give an overview of how we view detection-as-code. To us, detection-as-code is the abstraction of a vendor product from the Detection. As mentioned earlier, a theoretical traditional environment across our delivery teams may consist of 3 different Firewall vendors, 3 different EDRs, 2 IDS/IPS', etc. spread across 12 different sites. This type of work is typically handled by dozens of people at multiple consolidated locations. To ensure we're operating efficiently and effectively we must be able to ingest threat intelligence and deliver detection that works at any site, at any time, and without the need to manually convert queries and signatures. Detection-as-Code allows us \\\"write once and deploy everywhere.\\\"\"}),/*#__PURE__*/e(\"h3\",{children:\"Early Days - Sigma Rules\"}),/*#__PURE__*/e(\"p\",{children:\"When we first started our detection-as-code journey, we started with Sigma rules that were focused on building detection based on the TTPs we were looking for. Sigma provided us our introduction to version authoring and context-driven signature development which allowed us to recall threat intelligence, author, and other aspects like why the detection was built, while also building in ATT&CK matrix alignment for coverage mapping in both detection authoring and firing. This early process was still manual, but it was our first step into moving toward a better system which showed near immediate results. \"}),/*#__PURE__*/e(\"h3\",{children:\"More Recent - Transitioning to Python and Content as Code\"}),/*#__PURE__*/e(\"p\",{children:\"Following our adoption of Sigma, our internal Threat Hunt team built a Python library called PyHAL, (Python Hunt Analytic Library), which allowed for the transportability of detection code like Sigma but also provided the ability for computational detections we found weren't available with traditional query languages or Sigma. While we were quickly transforming our detections, we found our processes weren't keeping up. Having to scroll through numerous Excel spreadsheets where we stored our detections, we finally moved to git repos for storing code. Soon, our teams were leveraging a single code repo of detection logic, and able to edit, branch, merge, clone, and push changes for others. \"}),/*#__PURE__*/e(\"p\",{children:\"Once we begin transitioning to code repos, we realized we could do much more than just share detection code. We soon developed our Content Development Working Group where we would store detection code, dashboards, report scripts, and everything our security teams needed to perform to the best of their ability, without needing to rebuild everything. \"}),/*#__PURE__*/e(\"h3\",{children:\"Current Deployments - Near Real-Time Detection-as-Code at Scale \"}),/*#__PURE__*/e(\"p\",{children:\"Starting with Sigma, adopting our PyHALs, and moving our detection code to a git repo drastically changed the way our teams operate, but it didn't stop there. The challenge of the multi-vendor environment has only increased due to broader cloud adoption across the federal government. The scaling of data to the petabyte scale has required us to rethink our approach resulting in a federated data model where we bring Detection to the Data.' \"}),/*#__PURE__*/e(\"p\",{children:\"To meet this demand, we build, test, and deploy our code repos as before. However, in the new federated model, we rely on a series of Sensors' to pull the data from our repos, meaning those 17,000 detections discussed above have been greatly reduced, centrally stored, and shareable across an entire enterprise in a matter of seconds. Runners and workflows allow for the translation of data to match receiving data models and have helped solve one of our greatest challenges.\"}),/*#__PURE__*/e(\"h3\",{children:\"Next Steps - Automating the Entire Process\"}),/*#__PURE__*/e(\"p\",{children:\"While our detection push process is rapid and automated, we still manually develop and test signatures in some cases to reduce false positives and tune or refine the results. To fix this, we are nearly complete with our automated detection-as-code pipeline. This process allows us to build logic and ingest threat intelligence, automatically construct detections, test, flag, and deploy. In December, we spun out a detection engineering company called SnapAttack which is central to this process. With a rapidly changing environment, we are consistently looking for new ways to develop innovative approaches to detection and without a doubt, detection-as-code has been the most transformational aspect of our business to date. \"}),/*#__PURE__*/e(\"h3\",{children:\"Tips for Getting Started\"}),/*#__PURE__*/t(\"p\",{children:[\"Organizations don't need to operate at the multi-million endpoint scale or have mature security teams to adopt detection-as-code.  Panther provides a detection-as-code approach that allows organizations to store their detection in a git repository  that enables  security  teams to understand all of their detections, who wrote them and when, and edit without losing contextual metadata and version control. Furthermore, with Panther organizations can write and customize their detections in Python. Learn more about the advantages of \",/*#__PURE__*/e(o,{href:\"https://panther.com/blog/using-python-to-write-siem-detections/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"using Python for SIEM.\"})}),\" \"]}),/*#__PURE__*/t(\"p\",{children:[\"Panther can analyze log data from hundreds of systems including AWS, GCP, Microsoft 365, Google Workspaces, Crowdstrike, OSquery, and more. Contact us for a \",/*#__PURE__*/e(o,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"personalized demo\"})}),\".\"]})]});export const richText4=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"Written by Francis Geronimo (Senior IT Engineer) and Zeeshan Khadim (Head of Security)\"})}),/*#__PURE__*/e(\"p\",{children:\"In this blog, we will cover how Panther deployed phishless FIDO2 (WebAuthn) security keys, including details on the hardware, software, and steps taken. The aim of this blog is to help other organizations understand, prioritize and deploy this effective security control.\"}),/*#__PURE__*/e(\"h2\",{children:\"Background\"}),/*#__PURE__*/t(\"p\",{children:[\"Phishing is one of the most prevalent social engineering attacks. According to \",/*#__PURE__*/e(o,{href:\"https://www.verizon.com/business/resources/reports/dbir/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Verizon\u2019s 2022 DBIR\"})}),\", 82% of breaches involved a human element and 20% of breaches involved phishing, with another 40% involving stolen credentials.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Recent targeted phishing attacks against \",/*#__PURE__*/e(o,{href:\"https://www.twilio.com/blog/august-2022-social-engineering-attack\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Twilio\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://blog.cloudflare.com/2022-07-sms-phishing-attacks/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cloudflare\"})}),\" and other companies reinforce the need for companies to adapt phishless forms of Multi-factor Authentication (MFA). In these targeted attacks, the phishing kit would immediately relay any captured username and passwords to the attacker, in addition to any provided Time-based One-Time Password (TOTP) MFA codes. The attacker would then quickly leverage the stolen credentials and TOTP codes before they expired. In Cloudflare\u2019s case, they used FIDO2 (WebAuthn) security keys, instead of TOTP codes, thwarting the attackers.\"]}),/*#__PURE__*/t(\"p\",{children:[\"FIDO2 (WebAuthn) security keys cannot be phished due to \",/*#__PURE__*/e(o,{href:\"https://www.yubico.com/blog/creating-unphishable-security-key/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"origin binding\"})}),\", whereas TOTP codes from an SMS text, authenticator app, or YubiKey can be captured and replayed, and push-based MFA can be bypassed through social engineering techniques like a \u201C\",/*#__PURE__*/e(o,{href:\"https://sec.okta.com/everythingisyes\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"fatigue attack\"})}),\"\u201D.\"]}),/*#__PURE__*/e(\"h2\",{children:\"MFA Policy and Hardware\"}),/*#__PURE__*/e(\"p\",{children:\"At Panther, we utilize Okta as our IdP and we use FIDO2 (WebAuthn) security keys from YubiKey in conjunction with Okta\u2019s Adaptive MFA product. Our Okta policy is configured to only allow WebAuthn MFA, disallowing SMS, TOTP or push-based MFA mechanisms to defend against similar social engineering attacks. This policy is applied to all of our full time employees and contractors across the globe.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"p\",{children:\"Each colleague receives two security keys, a Yubikey 5ci and a Yubikey 5c Nano. The Yubikey 5ci can be used by both laptops and mobile devices, but is largely intended for enrolling and supporting the mobile device. The Yubikey 5c Nano is for laptops and is intended to stay plugged in, given its small, flush-like form-factor.\"}),/*#__PURE__*/e(\"p\",{children:\"To limit frustration and friction, employees also register a biometric factor, using TouchID/FaceID for macOS and iOS, and Fingerprint Auth for Android. This limits the frequency the 5ci is needed for mobile, supports employees who prefer TouchID over a always-used USB port, and it helps employees get \u201Cunstuck\u201D, in the event a security key is lost, damaged or forgotten at home.\"}),/*#__PURE__*/e(\"h2\",{children:\"Migration Strategy\"}),/*#__PURE__*/e(\"p\",{children:\"Prior to the deployment of security keys, Panther used a mix of TOTP and push-based MFA. To determine the viability of migration, we did an audit of employee\u2019s devices to determine what percentage of devices supported USB-C, Lightning and/or Biometric authentication.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"We leveraged Google Workspace and Okta logs to perform this audit. With these datasets already flowing into our internal Panther deployment, we ran a query similar to the following to identify the types of mobile devices being used:\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/QVzZltTawVJTjmjAWG3C/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(i,{...t,code:\"SELECT\\n  client:userAgent:os,\\n  client:userAgent:rawUserAgent,\\n  COUNT(DISTINCT (actor:alternateId)) as userCount\\nFROM\\n  panther_logs.public.okta_systemlog\\nWHERE\\n  p_occurs_since('7 days')\\nGROUP BY\\n  client:userAgent:os, client:userAgent:rawUserAgent\\nORDER BY\\n  userCount DESCCode language: SQL (Structured Query Language) (sql)\",language:\"Markdown\"})})}),/*#__PURE__*/e(\"p\",{children:\"We determined nearly all of our colleague\u2019s devices were compatible. In the cases where they weren\u2019t, we simply paid the employee to get a newer phone. While this cost could be seen as excessive (especially with larger organizations), it\u2019s worth considering the cost of the mitigating control you would otherwise have to deploy and maintain, in addition to the risk absorbed by the business.\"}),/*#__PURE__*/e(\"p\",{children:\"Our next step was to find a provider that would streamline and automate YubiKey deployment. We ended up using Yubico\u2019s YubiEnterprise Delivery platform to handle the logistics of delivering YubiKeys to our colleagues across the globe.\"}),/*#__PURE__*/e(\"p\",{children:\"Next, we developed\\xa0 documentation to help the company with initial enrollment and setup of their YubiKeys with detailed instructions and screenshots to make the transition as seamless as possible.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Lastly, we gradually rolled out the new policy that only allowed WebAuthn MFA, and disallowed SMS, TOTP and push-based MFA via Okta Verify and otherwise. Utilizing Okta Groups and their native authentication policies, we were able to stage the rollout of this policy in phases, identifying any pain points early on.\"}),/*#__PURE__*/e(\"h2\",{children:\"Constraints & Challenges\"}),/*#__PURE__*/t(\"p\",{children:[\"SSO Tax: The value of a security key deployment is partly dependent on how many applications are protected and behind your IdP. This is largely due to the fact that very few applications support FIDO2 (WebAuthn) security keys natively. To have the greatest protection possible, Panther has a policy of paying the \",/*#__PURE__*/e(o,{href:\"https://sso.tax/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"\u201CSSO tax\u201D\"})}),\", to ensure all of our business applications are protected by phishless MFA, in addition to achieving consistent logging, role-based access, and automated provisioning and deprovisioning. While we disagree with the \u201CSSO tax\u201D in principle, the alternative of building and relying on manual IT processes, the deployment of additional compensating or alternative controls, and the risk of a successful phishing attack, is seen as more expensive, both operationally and from a business perspective.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.yubico.com/resources/glossary/ctap/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CTAP\"})}),\": Some popular applications don\u2019t support FIDO2 (WebAuthn) security keys. For example, the \u201Cdesktop\u201D version of Office365 for macOS. For these users, you will need to create an MFA exception in your IdP. Using Okta Identity Engine, we are able to limit the scope of the exception to specific applications such as Office365. Additionally, Okta Workflows can be used to time bound the exceptions by automatically removing users from Okta groups bound to the authentication policy exception.\"]}),/*#__PURE__*/e(\"p\",{children:\"Mobile Apps Biometrics: iOS apps leveraging an embedded browser for their WebAuthn flow (WKWebView) will not recognize TouchID/FaceID. As a result, your users will need to leverage their FIDO2 (WebAuthn) security key. An example is the Asana iOS application.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Logistical Delays: As a remote-first company, we found that logistical delays and supply chain shortages were hampering new employees from being effective on day 1. Our process at the time was to order Yubikeys as needed. We solved this by working with an IT storage and logistics provider, allowing us to have security keys on hand to deploy at a moment\u2019s notice in case of emergencies or for employee onboarding.\"}),/*#__PURE__*/e(\"h2\",{children:\"How Panther Can Help\"}),/*#__PURE__*/e(\"p\",{children:\"In addition to deploying and enforcing the use of FIDO2 (WebAuthn) security keys for your IdP, it\u2019s important to validate that the broader control is working as expected on an ongoing basis.\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther\u2019s detection team has released detection rules that can be used to assess the state of MFA across different applications. For example, this \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/standard_rules/mfa_disabled.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"standard detection rule\"})}),\" can detect and alert on MFA getting disabled across a number of different systems such as Okta or \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/onelogin_rules/onelogin_remove_authentication_factor.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"this detection rule\"})}),\" can detect the same for OneLogin.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Continuing with Okta as the example, Panther can also be used to investigate password and MFA reset events using this \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/queries/okta_queries/okta_mfa_password_reset_audit.yml\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"query\"})}),\":\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/QVzZltTawVJTjmjAWG3C/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(i,{...t,code:\"SELECT\\n  p_event_time,\\n  actor:alternateId as actor_user,\\n  target[0]:alternateId as target_user,\\n  eventType,\\n  client:ipAddress as ip_address\\nFROM\\n  panther_logs.public.okta_systemlog\\nWHERE\\n  eventType IN\\n    ( 'user.mfa.factor.reset_all',\\n      'user.mfa.factor.deactivate',\\n      'user.mfa.factor.suspend',\\n      'user.account.reset_password',\\n      'user.account.update_password',\\n      'User.mfa.factor.update'\\n    )\\n  AND\\n    p_occurs_since('7 days')\\n    -- If you wish to investigate a single user, uncomment and add their email here\\n    -- and actor:alternateId = '<EMAIL_GOES_HERE>'\\nORDER BY\\n  p_event_time DESCCode language: SQL (Structured Query Language) (sql)\",language:\"Markdown\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Panther\u2019s Detection team has also just released a \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/standard_rules/malicious_sso_dns_lookup.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"new detection\"})}),\" that attempts to look for the domain name patterns the attackers used in recent phishing attacks as covered in \",/*#__PURE__*/e(o,{href:\"https://blog.group-ib.com/0ktapus\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"this report\"})}),\" by Group-IB.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Get Started\"}),/*#__PURE__*/t(\"p\",{children:[\"In addition to MFA, Panther can analyze log data from hundreds of systems including AWS, GCP, Microsoft 365, G Workspaces, Crowdstrike, OSquery, and more. Check out a list of all our \",/*#__PURE__*/e(o,{href:\"https://old.panther.com/integrations/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"supported integrations\"})}),\". \",/*#__PURE__*/e(o,{href:\"https://old.panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Contact us\"})}),\" for a demo to get started.\"]})]});export const richText5=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"We recently held an ask-me-anything (AMA) session with Panther Founder and CEO Jack Naglieri in the \",/*#__PURE__*/e(o,{href:\"https://panther.com/community-sign-up/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Panther Slack Community\"})}),\". Here are Jacks answers to 13 questions from the event, ranging from general security topics to Panther product-specific questions to the experience of becoming an entrepreneur and more.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Check them out, and dont forget to \",/*#__PURE__*/e(o,{href:\"https://panther.com/community-sign-up/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"sign up for the Panther Community\"})}),\"! Well be holding more events there soon.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"What made you realize you wanted to start your own company?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Ive wanted to start a company ever since I was younger, and working on StreamAlert at Airbnb showed me the potential to create a SaaS version of that product where multiple teams could get the same benefits but way easier.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"How did you decide on the name Panther?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Naming a company is so hard! But Panther perfectly captured the mantra of the product I wanted to create  sleek, fast, and protective.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Were there any alternatives considered when choosing Python as the detection language?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Never! Python was the most approachable/familiar language for security folks. It was also the first language I hacked on when I would write scripts, and I see Panther as modernizing that older style into a repeatable architecture.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"What are some useful Security KPIs youve seen developed out of logs?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack: \"}),\"On the SecOps Ops front, weve seen these baseline KPIs when gauging the usefulness of our monitoring program:\"]}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Coverage\"}),\" across your threat model\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Efficacy\"}),\"  How many of your alerts are true positive?\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"MTTR\"}),\"  How quickly can you resolve alerts, either through automation or otherwise?\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Cost\"}),\"  How expensive is our detection program?\"]})})]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Do you get to do any hands-on Security Engineer work still, or do your founder and CEO responsibilities take up all your time?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Being a CEO is multiple full-time jobs, but I have my own Panther instance that I play around with to stay close to SecEng work! Ive been aspiring to get back into open-sourcing detections on our \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Github\"})}),\".\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Is Panther keen on improving the \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"pattern_match\"})}),/*#__PURE__*/e(\"strong\",{children:\" function? This function is underrated and can make detection engineering a smooth process across various log sources.\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Oh yeah, we are going to launch something soon that I think youll like. Ideally, we can cover all patterns common to detection writing into these functions to streamline the process.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"What do you think makes \"}),/*#__PURE__*/e(o,{href:\"https://panther.com/events/registration/detection-as-code-workshop/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"detection-as-code\"})})}),/*#__PURE__*/e(\"strong\",{children:\" (DaC) the future of threat detection?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": I feel like DaC is evidence of a movement towards bringing automation and engineering to security, which is the future. Specifically, DaC brings structure, power, and reliability to security, and I love that. It removes the previous boundaries with DSLs like in Splunk, Elastic, etc.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"What is the biggest obstacle to getting security teams to come around on detection as code?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Teaching the basics and showing people that its not scary to write basic code. Anyone can learn! The system just needs to make it easy to do the right thing.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"What is the biggest challenge facing the security industry right now?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": I think every CISO would say, not enough people to do the job. Its also a nuanced and nebulous practice, which doesnt make it easier. And with the move to the cloud, detection teams also need to be developers, infra people, etc. It makes it even harder.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Whats one piece of advice that you would give to security engineers who are just starting in their careers?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Take the time to learn about your companys production environment, core business model, frameworks like CIS/MITRE ATT&CK, and writing code! Also  study TTPs, keep a pulse on recent breaches, and test how you would have detected or responded to them.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Wheres your happy place?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": The beach  100%. I love warm weather and gladly claim California as my home. Close seconds  mountains, exploring new cities, the gym, and farmers markets.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Whats the hardest thing about founding a security company?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Getting your first customer. Security relies heavily on mutual trust, and its tough to convince someone to rely on you for a critical function early in the journey.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"How do you stay current on the latest attacker trends and TTPs (tactics, techniques, and procedures)? If Twitter, are there any accounts you would recommend following?\"}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"strong\",{children:\"Jack\"}),\": Definitely Twitter! But also blogs from GROUP-IB, CISA, Threatpost, et cetera.\"]})]});export const richText6=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"The security industry's average time to detect a breach is \",/*#__PURE__*/e(o,{href:\"https://www.upguard.com/blog/cost-of-data-breach#:~:text=In%202022%2C%20the%20average%20time,the%20lower%20the%20damage%20costs.\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"207 days\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"This is primarily attributed to security teams using outdated threat detection methods and clunky legacy SIEM tools. How can any organization expect to stay ahead of the ever-changing threat landscape when they're behind a potential intruder by Oi of a year? The bottom line is traditional threat detection practices are no longer viable. They only provide an incomplete answer due to the heavy lead time required to operate legacy SIEM tools, making it difficult for security teams to address critical security questions efficiently and effectively. \"}),/*#__PURE__*/e(\"p\",{children:\"This is why real-time threat detection is empowering security teams to flip the script on potential intruders. Real-time threat detection is the evolution of traditional threat detection that utilizes best-in-class modern security tools to analyze potential threats instantly. In the case of modern SIEM tools, teams can automate analysis to occur directly as event logs are ingested. \"}),/*#__PURE__*/t(\"p\",{children:[\"You may be thinking:\",/*#__PURE__*/e(\"em\",{children:\" it must take years to develop an appropriate real-time threat detection strategy and months to deploy a modern SIEM tool\"}),\". In this blog, we'll address how to adopt a real-time threat detection strategy with modern SIEM in under an hour. \"]}),/*#__PURE__*/e(\"p\",{children:\"We'll also address the following questions: \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"What is real-time threat detection? \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"What can modern SIEM with real-time threat detection provide a security team? \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"How to leverage real-time threat detection in Panther\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"What is Real-Time Threat Detection? \"}),/*#__PURE__*/e(\"p\",{children:\"Real-time threat detection is the practice of analyzing event data for malicious activity the instant it's generated by the event source. Traditionally, this has been done using a SIEM tool that can aggregate logs to a single place, and enable security engineers to write detections that signal alerts when a vulnerability or threat occurs. \"}),/*#__PURE__*/t(\"p\",{children:[\"SOC's can trigger alerts about potential intruders in minutes rather than days and weeks and lowers security teams' mean time to detect (\",/*#__PURE__*/e(o,{href:\"https://www.techtarget.com/searchitoperations/definition/mean-time-to-detect-MTTD#:~:text=Mean%20time%20to%20detect%20or,KPI)%20for%20IT%20incident%20management.\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"MTTD\"})}),\") and mean time to respond (MTTR). This is accomplished by running threat analysis at the point of ingesting rather than in batches or by indexing data, creating far less lead time to receiving an alert. However, real-time threat detection practices are still not commonly adopted due to the continued usage of legacy SIEM tools. \"]}),/*#__PURE__*/e(\"h3\",{children:\"Why do legacy SIEM tools lead to slow MTTD?\"}),/*#__PURE__*/t(\"p\",{children:[\"Traditionally, threat detection has been a static approach where business data is converted to security data and analyzed by a legacy SIEM tool. This is commonly executed in batches of data that need to be \",/*#__PURE__*/e(o,{href:\"https://www.ibm.com/docs/en/qsip/7.5?topic=tasks-index-management\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"indexed\"})}),\" before analysis, preventing data from being analyzed as soon as it's generated by an application, infrastructure, or network source. \"]}),/*#__PURE__*/t(\"p\",{children:[\"When data is ingested from a specified log source, the data needs to be parsed and normalized to be analyzed within a SIEM tool. These parsers can take weeks to create and must be made for every respective log source. Once completed, detections must be written to analyze the incoming logs. However, detection creation is no easy process in legacy SIEMs that leverage \",/*#__PURE__*/e(o,{href:\"https://panther.com/blog/using-python-to-write-siem-detections/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"proprietary languages\"})}),\" and lack \",/*#__PURE__*/e(o,{href:\"https://panther.com/cyber-explained/detections-as-code/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"detection-as-code\"})}),\" workflows. Sometimes detections can take weeks or even months to develop, and may not necessarily trigger properly from the start. \"]}),/*#__PURE__*/e(\"p\",{children:\"Once this is completed, a team can finally begin to index data and run it through their detection pipeline to alert on potential threats. This process means that MTTD can be as much as weeks or even months. This hampers security teams from fully protecting their organization, but a modern SIEM with real-time threat detection can flip the script for a SOC. \"}),/*#__PURE__*/e(\"h3\",{children:\"Real-Time Threat Detection in Panther\"}),/*#__PURE__*/t(\"p\",{children:[\"With a modern SIEM tool like Panther, real-time threat detection becomes available to all security teams right from the start. The tool was created to analyze logs at the point of ingestion in order to provide instant analysis. Security engineers can create \",/*#__PURE__*/e(o,{href:\"https://panther.com/blog/using-python-to-write-siem-detections/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Python-based detections\"})}),\" in minutes to run on incoming data and alert on potential threats. \"]}),/*#__PURE__*/e(\"p\",{children:\"The process begins by setting up log ingestion from a supported log or through a data transport within Panther. Once logging begins, data is parsed and normalized automatically and then stored in AWS S3. Panther then runs a real-time detection engine against the logs that are within S3. This includes all of the enabled out-of-the-box rules or custom rules created by a security team that applies to the ingested log source. If a detection is triggered, it will fire off an alert. If not, it will pass over to the next detection. \"}),/*#__PURE__*/e(\"p\",{children:\"With this process, an engineer can potentially receive an alert less than 5 minutes after the original log was generated in its source. Let's walk through how to get this set up for yourself. \"}),/*#__PURE__*/e(\"h3\",{children:\"Setting up Real-Time Threat Detection & Alerting in Panther\"}),/*#__PURE__*/t(\"p\",{children:[\"Once you've received access to the Panther console, you can immediately begin by setting up different log sources to ingest data. The easiest way to get started is with either a \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/data-onboarding/data-transports\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"cloud service\"})}),\" like AWS or GCP, or with an \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/data-onboarding/supported-logs\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"API-based source\"})}),\" such as Okta, 1Password, or Crowdstrike. Most API-based sources take under 10 minutes to set up by simply creating an API token and sharing it in the Panther console. Steps are laid out for each integration in our \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"documentation\"})}),\". \"]}),/*#__PURE__*/e(\"img\",{alt:\"Screenshot of Panther console showing field for 1Password Access Token\",className:\"framer-image\",height:\"250\",src:\"https://framerusercontent.com/images/fLK8S1KIdzZY3mBI74HqMdgr1HA.png\",srcSet:\"https://framerusercontent.com/images/fLK8S1KIdzZY3mBI74HqMdgr1HA.png?scale-down-to=512 512w,https://framerusercontent.com/images/fLK8S1KIdzZY3mBI74HqMdgr1HA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/fLK8S1KIdzZY3mBI74HqMdgr1HA.png 1880w\",style:{aspectRatio:\"1880 / 500\"},width:\"940\"}),/*#__PURE__*/t(\"p\",{children:[\"Once the source is logging properly, you can either enable a \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/detection-packs\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"detection pack\"})}),\" provided out-of-the-box by Panther or begin to \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/rules#how-to-write-rules\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"write your own\"})}),\" detections in the console or locally with the \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/rules#how-to-write-rules\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Panther Analysis Tool\"})}),\". The fastest way is to enable a pack that can be located directly in the console under \",/*#__PURE__*/e(\"em\",{children:\"Build > Packs. \"}),\"If we onboarded 1Password logs, there will be a specified pack in correlating to that log source.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Panther's console showing our managed 1Password Pack\",className:\"framer-image\",height:\"126\",src:\"https://framerusercontent.com/images/2Zp4Dj4U2XeN3yupjV9CrVV3zs.png\",srcSet:\"https://framerusercontent.com/images/2Zp4Dj4U2XeN3yupjV9CrVV3zs.png?scale-down-to=512 512w,https://framerusercontent.com/images/2Zp4Dj4U2XeN3yupjV9CrVV3zs.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/2Zp4Dj4U2XeN3yupjV9CrVV3zs.png 1999w\",style:{aspectRatio:\"1999 / 252\"},width:\"999\"}),/*#__PURE__*/t(\"p\",{children:[\"Once enabled, detections will analyze log data as it's being sent into Panther. The last step in this process is setting up an \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/destinations\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"alert destination\"})}),\" in which you and your team can receive alerts. This can be set up in the Panther Console by selecting \",/*#__PURE__*/e(\"em\",{children:\"Configure > Alert Destinations > Create New \"}),\"and then selecting the source you'd like to set up\",/*#__PURE__*/e(\"em\",{children:\". \"}),\"The full list of supported sources can be found below.\"]}),/*#__PURE__*/e(\"img\",{alt:\"An array of alert destinations: Slack, Microsoft Teams, Opsgenie, Jira, GitHub, PagerDuty, AWS SNS, AWS SQS, Asana, and Custom Webhook\",className:\"framer-image\",height:\"463\",src:\"https://framerusercontent.com/images/tWjewwqEjwk0M79IzeH6Ngv4rX8.png\",srcSet:\"https://framerusercontent.com/images/tWjewwqEjwk0M79IzeH6Ngv4rX8.png?scale-down-to=512 512w,https://framerusercontent.com/images/tWjewwqEjwk0M79IzeH6Ngv4rX8.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/tWjewwqEjwk0M79IzeH6Ngv4rX8.png 1548w\",style:{aspectRatio:\"1548 / 926\"},width:\"774\"}),/*#__PURE__*/e(\"p\",{children:\"When this is completed, you now have coverage of the log source that you integrated, and you will have enabled instant real-time threat detection and alerting of that source in your environment. The following graphic recaps the flow we just discussed: \"}),/*#__PURE__*/e(\"img\",{alt:\"Diagram showing complex logs being parsed, normalized, analyzed and simultaneously being ran through detections in addition to being stored in the data lake\",className:\"framer-image\",height:\"886\",src:\"https://framerusercontent.com/images/YeObpBgYhrbxOAVt9asJdis8xm4.jpg\",srcSet:\"https://framerusercontent.com/images/YeObpBgYhrbxOAVt9asJdis8xm4.jpg?scale-down-to=512 512w,https://framerusercontent.com/images/YeObpBgYhrbxOAVt9asJdis8xm4.jpg?scale-down-to=1024 1024w,https://framerusercontent.com/images/YeObpBgYhrbxOAVt9asJdis8xm4.jpg?scale-down-to=2048 2048w,https://framerusercontent.com/images/YeObpBgYhrbxOAVt9asJdis8xm4.jpg 2300w\",style:{aspectRatio:\"2300 / 1772\"},width:\"1150\"}),/*#__PURE__*/e(\"h3\",{children:\"Get Started\"}),/*#__PURE__*/e(\"p\",{children:\"With the ability to set up Panther in under an hour, security teams have immediate access to add real-time threat detection to their organization. Our platform provides teams with more detection coverage, development efficiency, and accuracy with alerts, and can also lead to significant reductions in total cost of ownership.\"})]});export const richText7=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Security is constantly evolving, with new attacker groups, ways to break into machines, and clever tools to defend against them. But, becoming talented in security is often the unfortunate result of experiencing incidents first-hand, a true trial-by-fire.\"}),/*#__PURE__*/e(\"p\",{children:\"Interviewing security teams is the most insightful way to learn whats happening right now on the front lines. How are we building effective detection teams? What tools and processes work the best for protecting our organizations? How do we maintain our composure in the stressful world of incident response?\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"This post details five lessons from 20+ conversations\"}),\" with CISOs, SecOps managers, engineers, and analysts from Netflix, Dropbox, and more.\"]}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/t(\"p\",{children:[\"You can listen back to the full episodes on my \",/*#__PURE__*/e(o,{href:\"https://open.spotify.com/show/6xa9t5dty4eH0UXDQXIew9\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Detection at Scale podcast\"})}),\".\"]})}),/*#__PURE__*/e(\"h3\",{children:\"Lesson 1: Start with high-quality log data\"}),/*#__PURE__*/e(\"p\",{children:\"You cant protect what you cant see, so start with a reliable, structured, and expansive data set. A frequent quote is:\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/t(\"em\",{children:[/*#__PURE__*/e(\"strong\",{children:\"All data is security data\"}),\" because you dont know where attackers will come from. Application logs, network logs, everything.\"]})})}),/*#__PURE__*/e(\"p\",{children:\"Collecting high-quality data means having an authoritative source of truth during an incident. Does it cover our threat model and the most sensitive assets within the organization? Does it add helpful context and increase our confidence during an incident?\"}),/*#__PURE__*/e(\"p\",{children:\"The ROI of gathered logs should also be thoughtfully considered. You do not always NEED everything, especially from high-volume sources like network logs, which can greatly increase cost and provide low value for detection or response.\"}),/*#__PURE__*/t(\"p\",{children:[\"To learn more about logging, check out \",/*#__PURE__*/e(o,{href:\"https://panther.com/blog/think-like-a-detection-engineer-pt-1-logging/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"this post\"})}),\".\"]}),/*#__PURE__*/e(\"h3\",{children:\"Lesson 2: Detection is becoming an engineering function\"}),/*#__PURE__*/e(\"p\",{children:\"A shift is occurring where Detection teams are adopting software engineering patterns to operate effectively at scale.\"}),/*#__PURE__*/t(\"p\",{children:[\"Detections are moving into code, getting peer-reviewed, checked into version control, and staged before landing in production. \",/*#__PURE__*/e(\"strong\",{children:\"This creates a virtuous cycle\"}),\" that promotes a growth mindset in security:\"]}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"We should always be striving to get better. Relentless iteration is one of my teams core tenants.  JJ Agha\"})})}),/*#__PURE__*/e(\"p\",{children:\"By pushing security into code, we gain structure, power, and reliability, enabling compliance, collaborating with various internal teams, and becoming clever and comprehensive in detecting and responding to attacker behaviors.\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"You either write code or work with people writing it for you  Nir Rothenberg\"})})}),/*#__PURE__*/e(\"p\",{children:\"These patterns become the basis for adopting automation, whether in the form of remediation, deployment, or enrichment.\"}),/*#__PURE__*/e(\"h3\",{children:\"Lesson 3: Automated response is the holy grail\"}),/*#__PURE__*/e(\"p\",{children:\"Its no secret that humans are prone to errors from repetitive work. It leads to burnout and job dissatisfaction and is an inefficient use of security talent:\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"If we respond manually more than once, it needs to be automated\"})})}),/*#__PURE__*/e(\"p\",{children:\"Automation increases the impact of security work and enables teams to focus on the areas where humans are truly needed. There is no replacement for human intuition!\"}),/*#__PURE__*/e(\"p\",{children:\"This trend shows that we are evolving from reactive security (responding to incidents) to proactively detecting bad behaviors to taking automated action to resolve issues. The days of ten monitors in a SOC have died, and automated analysis and response will continue to mature SecOps teams into the cloud era.\"}),/*#__PURE__*/e(\"p\",{children:\"Practical examples of automation include:\"}),/*#__PURE__*/t(\"ol\",{style:{\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Adding context to an alert (e.g., which team is this person on? what did they do the hour before the alert?).\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Pinging users to confirm potential phishing activity.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Isolating machines that have been confirmed to have malware.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Destroying or correcting insecure cloud resources.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"As data volumes continue to rise, we will continuously need to automate more!\"}),/*#__PURE__*/e(\"h3\",{children:\"Lesson 4: Alerts always need a purpose\"}),/*#__PURE__*/e(\"p\",{children:\"If alerts are not actionable, they are just noise!\"}),/*#__PURE__*/e(\"p\",{children:\"Actionability starts with a question: What behaviors are we protecting against? Whats at risk if this activity happens? What would we do about it? This can be based on internal threat models, compliance frameworks, or prior internal/external attacks.\"}),/*#__PURE__*/e(\"p\",{children:\"There should always be a clear next step when an alert is fired, whether automation (mentioned above) or manual intervention.\"}),/*#__PURE__*/t(\"p\",{children:[\"Alerts should also (\",/*#__PURE__*/e(\"em\",{children:\"obviously\"}),\") be built for high-fidelity, which gauges quality, and following lessons #1 and #2 above encourages continuous improvement.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Lesson 5: Focus!\"}),/*#__PURE__*/e(\"p\",{children:\"The last lesson is to start small and do the basics well.\"}),/*#__PURE__*/e(\"p\",{children:\"Optimize for quality over quantity and prioritize the most important assets first. Premature bloat can slow teams down! Lets keep the agile methodology and move faster than attackers can.\"}),/*#__PURE__*/e(\"h3\",{children:\"Applying these concepts\"}),/*#__PURE__*/e(\"p\",{children:\"These lessons can be applied to new security teams or those looking to evolve their program to be future-proofed.\"}),/*#__PURE__*/e(\"p\",{children:\"Change is slow, but the insight above shows how security teams are becoming proactive against the rise of SecOps complexity.\"}),/*#__PURE__*/e(\"p\",{children:\"Thank you to all guests who took the time to join our podcast! Check out the latest episode here:\"})]});export const richText8=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Over the last decade, businesses and organizations have rapidly adopted cloud infrastructures and remote working arrangements, resulting in more security data than ever before. As the amount of data has evolved, so too has the need for powerful, flexible queries to accurately and quickly identify potential threats. \"}),/*#__PURE__*/e(\"p\",{children:\"Historically, security teams have utilized legacy Security Information and Event Management (SIEM) tools with proprietary coding languages to create detections and protect their organizations. In contrast, some modern SIEMs allow you to write detections with open-source languages like Python, which can vastly improve the speed, power, and cost-efficiency of your security operations.\"}),/*#__PURE__*/e(\"p\",{children:\"In this blog, we're covering some of the challenges of proprietary SIEM coding languages, ways to optimize threat detection with Python-based rules, and the impacts on mean-time-to-detection (MTTD) and overall SIEM costs.\"}),/*#__PURE__*/e(\"h3\",{children:\"Proprietary SIEM Coding Languages \"}),/*#__PURE__*/e(\"p\",{children:\"Before getting into Python, let's dig into how the industry has been centered around proprietary coding languages as the backbone of its threat detection capabilities. \"}),/*#__PURE__*/e(\"p\",{children:\"For years, legacy SIEM solutions have offered a number of operation challenges for a security team. They're a handful to onboard, take massive teams to operate, and cost a fortune with mediocre results. One of the key pillars contributing to these challenges is the usage of proprietary SIEM languages within the tools. Let's dig into the specifics of these challenges in more detail. \"}),/*#__PURE__*/t(\"p\",{children:[\"First off, coding languages created for SIEM specifically do not possess the \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Expressive_power_(computer_science)\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"expressiveness\"})}),\" of open-source languages. This can lead to less coverage of your environment, simply because the proprietary code can not express the ideas that security engineers want to convey. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Second, proprietary languages lack code templates, modules, and 3rd-party libraries that support \",/*#__PURE__*/e(o,{href:\"https://skaffolder.com/blog/five-considerations-for-code-reusability/#:~:text=Code%20reusability%20is%20the%20use,standards%20and%20improved%20overall%20quality.\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"code reusability\"})}),\". This typically requires security engineers to reinvent the wheel for each new set of detections. \"]}),/*#__PURE__*/e(\"p\",{children:\"Lastly, proprietary SIEM languages are constrained by a lack of universal data models. This presents difficulties for data structure and configurations that can help security teams standardize coding fields to search over all log types at once. \"}),/*#__PURE__*/e(\"p\",{children:\"Needless to say, it's no wonder organizations have been frustrated with legacy SIEM tools, but with modern platforms, Python offers an easier, faster, and more robust way to create, modify, test, and deploy new detections. \"}),/*#__PURE__*/e(\"h3\",{children:\"Python in Modern SIEM Solutions\"}),/*#__PURE__*/t(\"p\",{children:[\"Instead of proprietary languages, \",/*#__PURE__*/e(o,{href:\"https://panther.com/cyber-explained/next-gen-siem/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Modern SIEM\"})}),\" platforms typically give security teams the flexibility and speed to write and deploy detections in hours instead of weeks and at a fraction of the cost of legacy SIEM solutions. Python provides advantages to security teams by: \"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Offering simple code reuse through modules and \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/globals?q=helper\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"helper functions\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Creating easier pathways to hire more affordable talent \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Leveraging data models for mapping common detections to different logging sources\"})})]}),/*#__PURE__*/e(\"p\",{children:\"These advantages help a security team move fast while providing a business with incredible cost savings that far outweigh that of legacy SIEM solutions. Detection development time is reduced from weeks to hours with the usage of simple helper functions. This allows engineers to create libraries of common Python functions and pull them into any new detection. \"}),/*#__PURE__*/t(\"p\",{children:[\"Another payoff is Python in a SIEM solution offers a much larger talent pool to hire from. Python is one of the \",/*#__PURE__*/e(o,{href:\"https://www.infoworld.com/article/3669232/python-popularity-still-soaring.html#:~:text=In%20the%20just%2Dpublished%20August,time%20high%20for%20the%20language.\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"top 3 most popular\"})}),\" coding languages in the world with over 50% of developers stating they've had some exposure to it. The average salary for a Python developer is around \",/*#__PURE__*/e(o,{href:\"https://www.salary.com/research/salary/posting/entry-level-python-developer-salary\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"$80,000\"})}),\" whereas a proprietary language coder may warrant a salary of at least \",/*#__PURE__*/e(o,{href:\"https://www.ziprecruiter.com/Salaries/Splunk-Architect-Salary\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"$150,000\"})}),\". With it being easier to find talent in-house, Python also eliminates the need for 3rd-party services, reducing the total cost of SIEM operations in a security budget.\"]}),/*#__PURE__*/e(\"p\",{children:\"Ultimately, the benefits of Python can immediately outweigh any proprietary language SIEM offering. This is why Panther has opted to leverage Python as its primary coding language. Integrating a powerful and flexible coding base with the real-time analysis of Panther's detection engine enables our platform to modernize the threat detection capabilities of security teams. \"}),/*#__PURE__*/e(\"h3\",{children:\"Using Python in Panther SIEM\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther is a modern SIEM built for security operations at scale with Python as its backbone. Teams can get started in less than 10 minutes with direct API integrations for the industry's most \",/*#__PURE__*/e(o,{href:\"https://panther.com/integrations/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"common log sources\"})}),\", and we also offer pre-built \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/detection-packs\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"packs\"})}),\" of detection rules. Once logging from a cloud or on-premises source is configured, Panther analyzes data with these Python-based rules in real-time to provide instant feedback.\"]}),/*#__PURE__*/e(\"p\",{children:\"A simple Boolean function defines a Python detection rule. If it returns true, it will fire an alert, and if not, it'll pass over to the next detection. There are supplementary functions that can also be used to provide dynamic alert context to titles, descriptions, severity, and more. \"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/TbhpORLndv1iOkZzyo83/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:'## Required Function # The logic for sending an alert, return True = Alert, False = Do not Alert def rule(event): if event.get(\"Something\"): return True return False',language:\"JSX\"})})}),/*#__PURE__*/t(\"p\",{children:[\"All detections can be customized or modified with Python and come with provided helper functions out-of-the-box. Rules can be written both in the console UI as well as locally within a Continuous Integration/Continous Development\",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/panther-developer-workflows/ci-cd-onboarding-guide\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\" (CI/CD) pipeline\"})}),\". This is typically leveraged with the \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Panther Github repository\"})}),\", allowing security teams to manage detections similar to that of software engineers by reviewing code changes, modifying and reusing existing code, and owning agile workflows. All of this is made possible with Python as the centerpiece.\"]}),/*#__PURE__*/e(\"p\",{children:\"Let's say an organization onboarded a new Single Sign On tool to house employee data. The security team is tasked with building a detection to alert against potential Brute Force and DDoS attacks against their new system. \"}),/*#__PURE__*/e(\"p\",{children:\"The team would begin by sending logs from the SSO tool to Panther. This can either be done via direct API integration or by transferring logs to a supported cloud data transport source such as AWS S3, SQS, CloudWatch, or GCP Cloud Storage.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"202\",src:\"https://framerusercontent.com/images/9XmBYLBhiaDUBn6G6JOz5MlZjzk.png\",srcSet:\"https://framerusercontent.com/images/9XmBYLBhiaDUBn6G6JOz5MlZjzk.png?scale-down-to=512 512w,https://framerusercontent.com/images/9XmBYLBhiaDUBn6G6JOz5MlZjzk.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/9XmBYLBhiaDUBn6G6JOz5MlZjzk.png 1999w\",style:{aspectRatio:\"1999 / 405\"},width:\"999\"}),/*#__PURE__*/e(\"p\",{children:\"With logs streaming into Panther, there are several ways we can build a Python detection: \"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Reuse the detection \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/okta_rules/okta_brute_force_logins.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"out-of-the-box\"})}),\" and slightly modify it to fit our new log source\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Create a \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/data-models?q=data+mo\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"data model\"})}),\" to map the new log source to the existing pre-built detection\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Pull in new helper functions or 3rd party libraries to create a brand new detection from scratch\"})})]}),/*#__PURE__*/e(\"p\",{children:\"With Panther, a security team can build a new detection with any of these tactics in just a few hours.\"}),/*#__PURE__*/e(\"h3\",{children:\"Get Started\"}),/*#__PURE__*/e(\"p\",{children:\"By enabling Python-based detections, Panther has flipped the script on legacy SIEM solutions. Our platform provides organizations with more detection coverage, development efficiency, and accuracy with new alerts, and can also lead to significant reductions in total cost of ownership.\"})]});export const richText9=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"If youve ever wanted to chat with one of the security industrys leading detection engineering experts and the founder and CEO of Panther, nows your chance! \"}),/*#__PURE__*/t(\"p\",{children:[\"On September 22, 2022 12-1 pm Pacific time, well be holding an ask me anything (AMA) session with Jack Naglieri in the \",/*#__PURE__*/e(o,{href:\"https://panther.com/community-sign-up/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Panther Community Slack\"})}),\". Everyone is welcome to join in and chat directly with Jack and other community members during the event. \"]}),/*#__PURE__*/e(\"p\",{children:\"Jack is a security practitioner turned entrepreneur. He experienced the pains of detecting security breaches at scale and built Panther to solve these problems. Jacks exposure to security began as an incident responder at companies like Yahoo, where he worked in vast, challenging infrastructures. Out of necessity, Jack learned software engineering and DevOps to deploy security tools at scale to collect pertinent data for identifying breaches. He later joined Airbnb and built an open-source framework that enabled security teams to analyze data with Python, without the need to manage servers. This project was called StreamAlert and became very widely adopted in the security community. \"}),/*#__PURE__*/e(\"p\",{children:\"With those learnings, Jack founded Panther to build an enterprise-grade solution with the goal of providing a platform with speed, scale, and flexibility for security teams with cloud-based environments. \"}),/*#__PURE__*/t(\"p\",{children:[\"You can submit your questions before the event \",/*#__PURE__*/e(o,{href:\"https://docs.google.com/forms/d/e/1FAIpQLSeFb_nNc1LYPws7tWtMozW_gnV3pybOFvcqvFQMlLxffhbriw/viewform?usp=sf_link\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"using this form\"})}),\" to help ensure that the topics youre interested in are covered. Community members will also be able to ask questions directly during the AMA.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To add the AMA to your Google Calendar, \",/*#__PURE__*/e(o,{href:\"https://calendar.google.com/event?action=TEMPLATE&tmeid=NnRzNGYycmt0cGdiZW05aW91cDZqN2hoamQgbWF0dGhldy5rb3JvdmVzaXNAcGFudGhlci5jb20&tmsrc=matthew.korovesis%40panther.com\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"click here\"})}),\". If youre not already a member of the Panther Community, \",/*#__PURE__*/e(o,{href:\"https://panther.com/community/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"click here to sign up\"})}),\".\"]})]});export const richText10=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"As the threat landscape evolves and the magnitude of potential threats skyrockets, security teams often struggle to keep up. Compounding the issue, organizations are ingesting more data from cloud infrastructure, applications, networks, and hosts than ever before. \"}),/*#__PURE__*/e(\"p\",{children:\"As data volumes explode, adding automation can help security teams increase efficiency and scale their efforts. Currently, the threat detection and response process is very time-consuming. Security teams spend hours reviewing false positive alerts or performing mundane tasks to resolve security incidents. \"}),/*#__PURE__*/e(\"p\",{children:\"Panther and Tines are modern solutions that work together to rapidly detect and respond to threats, saving time and improving security operations.\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther is a modern Security Information and Events Management (SIEM) platform that transforms terabytes of raw logs per day into a structured security data lake for real-time detection and investigations. With \",/*#__PURE__*/e(o,{href:\"https://panther.com/cyber-explained/detections-as-code/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"detection-as-code\"})}),\" and native integrations with dozens of log sources, Panther is built for scale.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Similarly, Tines is at the forefront of no-code automation, and provides a best-in-class solution for automating repetitive, manual processes  from simple tasks to complex workflows. With Tines, security teams can simply drag and drop \",/*#__PURE__*/e(o,{href:\"https://www.tines.com/docs/actions\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Actions\"})}),\" into a \",/*#__PURE__*/e(o,{href:\"https://www.tines.com/docs/stories/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"workflow\"})}),\", wire them together, enter the parameters, test, and deploy. \"]}),/*#__PURE__*/e(\"h3\",{children:\"How Panther and Tines can work together \"}),/*#__PURE__*/e(\"p\",{children:\"In this article, we will outline three common use cases that many organizations use to automate their detection and response. \"}),/*#__PURE__*/e(\"h3\",{children:\"Use Case 1: Proactively prevent an attacker from escalating privileges\"}),/*#__PURE__*/t(\"p\",{children:[\"Any infrastructure or SaaS application has a number of accounts. Most of the accounts are user accounts with limited privileges that only allow users to access features limited to their accounts. The remaining are administrative accounts that have the ability to create or remove users, assign privileges, modify system settings, access user data, and more. For attackers, escalating privileges to compromise administrative accounts is an effective way to access sensitive files and documents. Privilege escalation maps to \",/*#__PURE__*/e(o,{href:\"https://attack.mitre.org/tactics/TA0004/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Privilege Escalation Tactic\"})}),\" (in MITRE ATT&CK TA0004). \"]}),/*#__PURE__*/t(\"p\",{children:[\"Lets assume an organization uses Okta for identity and access management. Panther provides \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/tree/master/rules/okta_rules\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"several out-of-the-box detections\"})}),\", one of which checks when a user is assigned admin privileges. When this rule triggers an alert, Panther sends the alert to Tines which checks an enrichment database (such as VirusTotal) to determine if the IP is malicious. If the IP is deemed malicious, Tines generates an API call to lock the account in Okta. All of this without any analyst intervention.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To set up this scenario in your environment, follow the steps \",/*#__PURE__*/e(o,{href:\"https://panther.com/blog/security-automation-panther-tines/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here. \"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Use Case 2: Automatically quarantine malicious host\"}),/*#__PURE__*/t(\"p\",{children:[\"In this scenario, the organization is using an Endpoint Detection and Response (EDR) tool such as Crowdstrike or Sophos that can detect malware on a host. If malware is detected on a host, the EDR delivers an alert to Panther. A Panther detection, such as \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/crowdstrike_rules/crowdstrike_detection_passthrough.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"this\"})}),\" for CrowdStrike, will then generate an alert.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.tines.com/story-library/15059/run-a-crowdstrike-real-time-response-command\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Learn more\"})})}),/*#__PURE__*/e(\"em\",{children:\" about running a Crowdstrike real-time response command in Tines \"}),/*#__PURE__*/e(o,{href:\"https://www.tines.com/story-library/15059/run-a-crowdstrike-real-time-response-command\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"here\"})})}),/*#__PURE__*/e(\"em\",{children:\". \"})]}),/*#__PURE__*/e(\"p\",{children:\"First, Tines can create a task in Asana for case tracking. Next Tines makes a call to external services to validate that the hash of the file is malicious. If the indicators are deemed malicious, Tines will send an API call to the EDR to isolate the device, automatically preventing the malware from communicating with its command and control server or moving laterally.\"}),/*#__PURE__*/e(\"h3\",{children:\"Use Case 3: Reduce analyst friction due to accidental account lockouts \"}),/*#__PURE__*/e(\"p\",{children:\"One of the common ways adversaries try to compromise user accounts is through brute force. Without knowledge of the password, an adversary may systematically guess the password using a repetitive or iterative mechanism. To defend against brute force attacks, the application may be set up to lock user accounts after a number of unsuccessful attempts. In many cases, legitimate users may find themselves accidentally locked out if they arent able to log in within the allowed number of attempts. \"}),/*#__PURE__*/t(\"p\",{children:[\"In this scenario, lets assume that a user changed their password recently, but forgot their password. They attempt to enter their username and password, and after 5 unsuccessful attempts, they are locked out. Simultaneously, if \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/standard_rules/brute_force_by_ip.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Panther is set up\"})}),\" to detect brute force attempts, it generates an alert after 5 unsuccessful attempts.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.tines.com/story-library/26592/monitor-okta-for-invalid-sign-in-attempts-and-resolve-via-slack\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Learn more\"})})}),/*#__PURE__*/e(\"em\",{children:\" about monitoring Okta for invalid sign-in attempts in Tines \"}),/*#__PURE__*/e(o,{href:\"https://www.tines.com/story-library/26592/monitor-okta-for-invalid-sign-in-attempts-and-resolve-via-slack\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"here\"})})}),/*#__PURE__*/e(\"em\",{children:\". \"})]}),/*#__PURE__*/t(\"p\",{children:[\"Panther will route the alert to Tines which automatically generates an email or Slack message to the user asking if they tried to sign into their account at Okta. If the user confirms it wasnt malicious, Tines will call the Okta API to automatically unlock the account. If the user cannot confirm it was malicious, Tines will create a high-severity alert and send it to Panther and the security team. Throughout the process, \",/*#__PURE__*/e(\"em\",{children:\"no analyst interaction is required\"}),\".\"]}),/*#__PURE__*/e(\"h3\",{children:\"Get Started\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther can analyze log data from hundreds of systems including AWS, GCP, Microsoft 365, G Workspaces, Crowdstrike, OSquery, and more. Check out a list of all our \",/*#__PURE__*/e(o,{href:\"https://panther.com/integrations/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"supported integrations\"})}),\". Get started today by \",/*#__PURE__*/e(o,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"contacting us\"})}),\" for a demo.\"]})]});export const richText11=/*#__PURE__*/t(r.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"If youve ever been around security operations, you can probably relate to at least one of these:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"As a security practitioner, you create a new detection, turn it on, grab a coffee and wait for the adversary. Five minutes later, your new alert generates 100(0)+ false positives that you have to clean up.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"A pen test report details the successful Tactics, Techniques, and Procedures (use of a technique you know is covered by an existing detection). An alert never fired. After investigation, you uncover that the logic was erroring out. No one knew.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"An existing detection starts generating false positives after being quiet for months. You try to figure out if the detection logic was changed, who changed it, and what changed? You cant. Audit logs are difficult to find and arent detailed enough to tell the story.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"These are just a few challenges teams experience when managing threat detection content. Detection-as-Code principles are the long-needed missing link that enables security practitioners to apply 50+ years of learnings from software engineering to the discipline of building and maintaining threat detection.\"}),/*#__PURE__*/e(\"h3\",{children:\"What is Detection-as-Code?\"}),/*#__PURE__*/e(\"p\",{children:\"Detection-as-Code is the application of software engineering best practices to detection engineering. By adopting this new paradigm, teams can build scalable, repeatable processes for writing, maintaining, testing, and deploying detection content.\"}),/*#__PURE__*/e(\"h3\",{children:\"Why now?\"}),/*#__PURE__*/e(\"p\",{children:\"Threat detection is not a new concept. Detection and response teams have been around for decades though the term detection engineer is relatively new. Pre-2018, most organizations called the same position a SOC use case analyst. The scale at which detection and response teams must operate has changed. Teams face more data, more diverse technologies, and more advanced and tailored threats than ever, which drives the need for environment-specific, custom threat detection logic.\"}),/*#__PURE__*/e(\"h3\",{children:\"Detection Defined\"}),/*#__PURE__*/e(\"p\",{children:\"Anything that helps your organization detect threats can be considered detection content. We can categorize detection content into three major buckets: custom logic, vendor-defined logic, and end-users.\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Custom logic \"}),\"is any detection content the security team builds from scratch or edits in some way. The logic in this category aims to tailor detection content to your environment. For example, a detection that alerts on the use of an emergency-only admin account or tuning a service account out of an impossible travel alert provided by your Security Information and Events Management (SIEM) vendor.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Vendor-defined logic\"}),\" is any detection capability you are receiving from a vendor. An example of this would include Endpoint Detection and Remediation (EDR), cloud threat detection tools, threat intel Indicators of Compromise (IOCs), or built-in SIEM rules. For the sake of definition, a security practitioner cannot modify the logic that falls into this category. You trust the vendor to provide detection as a service (e.g., a machine learning-based threat engine leveraged by your EDR).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[\"Let us not forget about your \",/*#__PURE__*/e(\"strong\",{children:\"end-users\"}),\". They can often be your best source of detection in an unexpected scenario. \"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"For the remainder of this article, we will focus on \",/*#__PURE__*/e(\"strong\",{children:\"custom logic\"}),\". \"]}),/*#__PURE__*/e(\"h3\",{children:\"Copy and Paste Deployment\"}),/*#__PURE__*/e(\"p\",{children:\"As a security practitioner, what would you do if you found out your orgs SREs were deploying the latest production code base by hand? That sounds crazy, right? Think about how youve deployed detection logic in the past, though. I would be willing to bet nearly everyone reading this has had to copy and paste logic into a SIEM or, at a minimum, made a change to production detection logic directly in your SIEM.\"}),/*#__PURE__*/e(\"p\",{children:\"Over time these manual processes lead to inconsistent results. Many things can go wrong in this scenario because a human is too directly involved. These manual mechanisms for managing detection logic increases mistake leading to more false positives and fewer true positives.\"}),/*#__PURE__*/e(\"p\",{children:\"The good news is that the industry is starting to recognize these problems, and vendors are providing native solutions to fix them. \"}),/*#__PURE__*/e(\"h3\",{children:\"Five Domains of Detection-as-Code\"}),/*#__PURE__*/e(\"p\",{children:\"Detection-as-code is a framework composed of five domains applied to detection engineering that help address the problems we have covered up to this point.\"}),/*#__PURE__*/e(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Agile workflows\"}),\"  Agile processes allow a detection engineer to take a structured approach to the development lifecycle of threat detection content, defining phases for planning, development, testing, documentation, and deployment. By defining a prioritized backlog and explicit steps for testing and documentation, engineers can more clearly define what they should be working on.\"]})})}),/*#__PURE__*/e(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Expressive languages & code reuse\"}),\": The expressiveness of the SIEMs language directly contributes to the flexibility an engineer has when writing detection. Modern platforms leverage languages like Python, which ensure the languages capabilities do not restrict an engineers detection logic. SIEM-specific functionality such as lookup tables and data models also allow for code reuse by enabling a single piece of logic to cover events from many log sources.\"]})})}),/*#__PURE__*/e(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Version control:\"}),\" Using version control (e.g., GitLab, GitHub, etc.) as the source of truth for detection logic benefits the team by streamlining code reviews, enforcing reviews and approvals, and simplifying rollbacks. Version control is also the foundation that enables CI/CD workflows and test-driven development.\"]})})}),/*#__PURE__*/e(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Continuous integration & delivery (CI & CD)\"}),\": If detection logic lives in version control, it enables CI tools to enforce automated testing and linting before pushing changes to production. Linting is a static analysis method used to identify syntax errors. As applied to detection logic, linting can help enforce both code quality and detection metadata quality (e.g., is a response runbook linked to the detection, or are log fields added to the alert output).  After merging a change, the updated detection can be automatically deployed to the SIEM using CD infrastructure.\"]})})}),/*#__PURE__*/e(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Test-driven development (TDD)\"}),\": In detection engineering, our test cases are log events. Malicious log events and log events representing regular activity make up our test coverage for each detection use case. Historically in detection engineering, we gather these test cases for development, but after deploying the logic, we discard the tests. Following a TDD methodology, we retain these use log events and retest the detection logic when changes are made or periodically on a schedule to ensure it is still functional.\"]})})}),/*#__PURE__*/e(\"h3\",{children:\"Implementing Detection-as-Code with Panther\"}),/*#__PURE__*/t(\"p\",{children:[\"From the beginning, \",/*#__PURE__*/e(o,{href:\"https://panther.com/product/video-tour/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Panther was architected\"})}),\" around detection-as-code principles. Because of this design, Panther natively provides workflows and tools that enable teams to easily integrate external systems like version control and CI/CD pipelines into their detection engineering processes. In addition, Panther uses Python to define detection logic and bundles pre-defined test cases with each detection use case in our \",/*#__PURE__*/e(o,{href:\"https://github.com/panther-labs/panther-analysis\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"public GitHub repo\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"At a high-level the detection-as-code workflow in Panther looks like this:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Security engineers edit or build a detection rule on their laptops and run tests locally.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"They commit their changes to a new branch and create a pull request against their panther detection repository. Linting and tests run automatically.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"A peer reviews the change and provides feedback or approves\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Once all tests have passed, and approval is received, the authoring engineer merges the pull request.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Upon merge, CI/CD workflows deploy the detection into Panther.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Example: Editing a detection\"}),/*#__PURE__*/e(\"p\",{children:\"Lets walk through what it would look like to make a small change to an existing detection in Panther while following detection-as-code principles. The detection below will alert if the user deletes an S3 bucket: \"}),/*#__PURE__*/e(\"p\",{children:\"In this example, let us say we know the operations team will delete specific buckets. To prevent those actions from generating unnecessary alerts, we need to add an allowlist.\"}),/*#__PURE__*/e(\"p\",{children:\"A few notes:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Code reuse (L1,2):\"}),\" We import three functions that enable us to reuse code written to solve different problems across any detection use case.  \"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"aws_cloudtrail_success (L11):\"}),\" validates if an action in AWS was successful.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"pattern_match_list (L13):\"}),\" used for determining if an event value matches any entry in a list.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"deep_get (L13):\"}),\" efficiently pulls a field value from nested JSON.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"Once the detection engineer has completed their change locally, they start by submitting a pull request to their Panther detection repo. Opening a pull request notifies team members that a review is needed, and the diff view in version control enables the reviewing engineer to identify the changes.\"}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"334\",src:\"https://framerusercontent.com/images/JRGaLJjAWsBIZsFdxYAnlszL45g.png\",srcSet:\"https://framerusercontent.com/images/JRGaLJjAWsBIZsFdxYAnlszL45g.png?scale-down-to=512 512w,https://framerusercontent.com/images/JRGaLJjAWsBIZsFdxYAnlszL45g.png 1024w\",style:{aspectRatio:\"1024 / 669\"},width:\"512\"}),/*#__PURE__*/e(\"p\",{children:\"Tests and linting run automatically in CI validate that all detection logic is functional, which gives the engineers the confidence their changes wont break production logic.\"}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"150\",src:\"https://framerusercontent.com/images/29ObhbACDCnjAt2ng6hMl61hyfU.png\",srcSet:\"https://framerusercontent.com/images/29ObhbACDCnjAt2ng6hMl61hyfU.png?scale-down-to=512 512w,https://framerusercontent.com/images/29ObhbACDCnjAt2ng6hMl61hyfU.png 844w\",style:{aspectRatio:\"844 / 300\"},width:\"422\"}),/*#__PURE__*/t(\"p\",{children:[\"Finally, upon merging the pull request, the detection logic is automatically uploaded to Panther. A Panther maintained open-source tool called \",/*#__PURE__*/e(o,{href:\"https://docs.panther.com/writing-detections/panther-analysis-tool\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Panther Analysis Tool (PAT)\"})}),\" enables CI/CD workflows. This command-line-based tool allows security practitioners to quickly leverage their organizations existing CI/CD infrastructure for testing and linting their detection logic.\"]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"190\",src:\"https://framerusercontent.com/images/jUoHTBWqPjgrF1WhnqRZnYA5nM.png\",srcSet:\"https://framerusercontent.com/images/jUoHTBWqPjgrF1WhnqRZnYA5nM.png?scale-down-to=512 512w,https://framerusercontent.com/images/jUoHTBWqPjgrF1WhnqRZnYA5nM.png 1024w\",style:{aspectRatio:\"1024 / 380\"},width:\"512\"}),/*#__PURE__*/e(\"p\",{children:\"A GitHub Action which runs the Panther Analysis Tool.\"}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"319\",src:\"https://framerusercontent.com/images/TP5R7I9JMKYocPxd0vx2WpuWes.png\",srcSet:\"https://framerusercontent.com/images/TP5R7I9JMKYocPxd0vx2WpuWes.png?scale-down-to=512 512w,https://framerusercontent.com/images/TP5R7I9JMKYocPxd0vx2WpuWes.png 1024w\",style:{aspectRatio:\"1024 / 638\"},width:\"512\"}),/*#__PURE__*/e(\"p\",{children:\"The logic uploaded in Panther.\"}),/*#__PURE__*/t(\"p\",{children:[\"By following detection-as-code principles, security practitioners can make the lifecycle of detection content more consistent. Learn how, one of Panthers customers, \",/*#__PURE__*/e(o,{href:\"https://panther.com/resources/webinars/scaling-security-detections-as-code-panther-cedar/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cedar scaled their security program\"})}),\" with detection-as-code. \"]}),/*#__PURE__*/e(\"h3\",{children:\"Get Started\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther is a modern SIEM platform that solves the challenges of security operations at scale. Panther can analyze log data from hundreds of systems, including AWS, GCP, O365, G Suite, Crowdstrike, OSquery, and more. Check out a list of all our \",/*#__PURE__*/e(o,{href:\"https://panther.com/integrations/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"supported integrations\"})}),\". Request a personalized \",/*#__PURE__*/e(o,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"demo\"})}),\" to get started. If you are interested in learning more about detection-as-code, ask us about a workshop in your area. \"]})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],
  "mappings": "oeAA4Y,IAAMA,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,4ZAA4Z,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qDAAqD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0eAA0e,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2eAA2e,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iDAAiD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mNAAmN,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sPAAsP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+LAA+L,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iWAAiW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4PAA4P,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yCAAyC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0XAA0X,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4VAA4V,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sDAAsD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kPAAkP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mUAAmU,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uTAAuT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4RAA4R,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ygBAAygB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mOAAmO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wMAAwM,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBH,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,oWAAoW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kSAAkS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wcAAwc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0NAA0N,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sEAAmFE,EAAEE,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,oOAAoO,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,oYAAiZE,EAAEE,EAAE,CAAC,KAAK,8JAA8J,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,0HAA0H,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,mcAAmc,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8KAA2LE,EAAEE,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,SAAsBH,EAAEE,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,+UAA+U,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,yLAAyL,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iCAAiC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+NAA+N,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuDE,EAAE,KAAK,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,+CAA+C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,2GAA2G,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,sFAAsF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,yFAAyF,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,8EAA8E,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,oKAAoK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,geAAge,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0dAA0d,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gEAAgE,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,wEAAwE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,0DAA0D,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,yDAAyD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oIAAoI,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mDAAmD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEE,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,yMAAsNH,EAAEE,EAAE,CAAC,KAAK,8EAA8E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,gMAAgM,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,yGAAyG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,kEAAkE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,2LAA2L,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,oKAAoK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,0HAA0H,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iVAAiV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qMAAkNE,EAAEE,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,iOAAiO,CAAC,CAAC,EAAeL,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,OAAO,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwDE,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,qDAAqD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,4GAA4G,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,8PAA8P,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+JAA+J,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yNAAyN,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mFAAgGE,EAAEE,EAAE,CAAC,KAAK,iCAAiC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBN,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,8NAA8N,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4CE,EAAEE,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBJ,EAAEK,EAAE,EAAE,CAAC,SAAS,CAAC,IAAiBH,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,yCAAsDA,EAAEE,EAAE,CAAC,KAAK,wKAAwK,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,mNAAmN,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,+HAA+H,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sCAAsC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mKAAmK,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,4DAA4D,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ySAAyS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4CAA4C,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6GAA6G,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sCAAsC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sYAAsY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yPAAyP,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,oHAAoH,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2YAA2Y,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,sFAAsF,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,sKAAsK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uRAAuR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6RAA6R,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gIAA6IE,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAE,2EAA2E,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,0GAA0G,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uCAAuC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,0DAA0D,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8GAA2HE,EAAEE,EAAE,CAAC,KAAK,+GAA+G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeH,EAAE,MAAM,CAAC,IAAI,+FAA+F,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,kKAAkK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yJAAyJ,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,8NAA8N,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,wKAAwK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2NAA2N,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mVAAmV,CAAC,CAAC,CAAC,CAAC,EAAeK,EAAuBP,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEE,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAsBH,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8RAA8R,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mvBAAmvB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wjBAAwjB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2vBAA6vB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kmBAAkmB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2DAA2D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0rBAA0rB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iWAAiW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kEAAkE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4bAA4b,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6dAA6d,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4CAA4C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ytBAAytB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0hBAAuiBE,EAAEE,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,gKAA6KE,EAAEE,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeG,EAAuBR,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,wFAAwF,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iRAAiR,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kFAA+FE,EAAEE,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,0BAAqB,CAAC,CAAC,CAAC,EAAE,kIAAkI,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyDE,EAAEE,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAkBH,EAAEE,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,mhBAA8gB,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,2DAAwEE,EAAEE,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,4LAAoMH,EAAEE,EAAE,CAAC,KAAK,uCAAuC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,SAAI,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mZAA8Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yUAAyU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wYAA8X,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sRAAiR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0OAA0O,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEO,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBR,EAAES,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sEAAsV,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeR,EAAE,IAAI,CAAC,SAAS,wZAAyY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iPAA4O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6MAA6M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6TAA6T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4TAAyUE,EAAEE,EAAE,CAAC,KAAK,mBAAmB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,qBAAW,CAAC,CAAC,CAAC,EAAE,0fAAgf,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEE,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,yfAA0e,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,wQAAwQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qaAAga,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qMAAgM,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2JAAmKE,EAAEE,EAAE,CAAC,KAAK,oGAAoG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,sGAAmHH,EAAEE,EAAE,CAAC,KAAK,6HAA6H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,oCAAoC,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,yHAAsIE,EAAEE,EAAE,CAAC,KAAK,sHAAsH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeH,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEO,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBR,EAAES,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yEAA0rB,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeV,EAAE,IAAI,CAAC,SAAS,CAAC,0DAAkEE,EAAEE,EAAE,CAAC,KAAK,gHAAgH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,mHAAgIH,EAAEE,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0LAAuME,EAAEE,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,KAAkBH,EAAEE,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,6BAA6B,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeO,EAAuBZ,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,uGAAoHE,EAAEE,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,6LAA6L,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,sCAAmDE,EAAEE,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,2CAA2C,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,6DAA6D,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,mOAAgPA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,yCAAyC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,2IAAwJA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,wFAAwF,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,2OAAwPA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,sEAAsE,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,EAAE,+GAA+G,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,2BAA2B,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,8CAA8C,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,+EAA+E,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,2CAA2C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gIAAgI,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,yMAAsNA,EAAEE,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAiBH,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,wHAAwH,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,2LAAwMA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAEE,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAsBH,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,gSAA6SA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,6FAA6F,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,kKAA+KA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,uEAAuE,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,kQAA+QA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,6GAA6G,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,8PAA2QA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,+JAA4KA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,4DAA4D,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,yKAAsLA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,yKAAyK,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAE,kFAAkF,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeW,EAAuBb,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,8DAA2EE,EAAEE,EAAE,CAAC,KAAK,mIAAmI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,yiBAAyiB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mYAAmY,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAE,KAAK,CAAC,SAAS,2HAA2H,CAAC,EAAE,sHAAsH,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8CAA8C,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gFAAgF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uDAAuD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sCAAsC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uVAAuV,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4IAAyJE,EAAEE,EAAE,CAAC,KAAK,oKAAoK,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,4UAA4U,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,6CAA6C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iNAA8NE,EAAEE,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,wIAAwI,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,mXAAgYE,EAAEE,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,aAA0BH,EAAEE,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,sIAAsI,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,wWAAwW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uCAAuC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qQAAkRE,EAAEE,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,sEAAsE,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,qhBAAqhB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kMAAkM,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6DAA6D,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qLAAkME,EAAEE,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,gCAA6CH,EAAEE,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,0NAAuOH,EAAEE,EAAE,CAAC,KAAK,4BAA4B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeH,EAAE,MAAM,CAAC,IAAI,yEAAyE,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gEAA6EE,EAAEE,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,mDAAgEH,EAAEE,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,kDAA+DH,EAAEE,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,2FAAwGH,EAAE,KAAK,CAAC,SAAS,iBAAiB,CAAC,EAAE,mGAAmG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,uDAAuD,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kIAA+IE,EAAEE,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,0GAAuHH,EAAE,KAAK,CAAC,SAAS,8CAA8C,CAAC,EAAE,qDAAkEA,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC,EAAE,wDAAwD,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,yIAAyI,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8PAA8P,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,+JAA+J,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,qWAAqW,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,MAAM,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wUAAwU,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAuBd,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,iQAAiQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qTAAqT,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uDAAuD,CAAC,EAAE,wFAAwF,CAAC,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAEE,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,4CAA4C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wHAAwH,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,oGAAoG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kQAAkQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6OAA6O,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuDE,EAAEE,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,yDAAyD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wHAAwH,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kIAA+IE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,8CAA8C,CAAC,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,4GAA4G,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oOAAoO,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,8EAA8E,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yHAAyH,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+JAA+J,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sKAAsK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uTAAuT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2CAA2C,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,+GAA+G,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uDAAuD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8DAA8D,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oDAAoD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+EAA+E,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oDAAoD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4PAA4P,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+HAA+H,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,8HAA8H,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2DAA2D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6LAA6L,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mHAAmH,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8HAA8H,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mGAAmG,CAAC,CAAC,CAAC,CAAC,EAAea,EAAuBf,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,+TAA+T,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mYAAmY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+NAA+N,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0KAA0K,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mYAAmY,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gFAA6FE,EAAEE,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,uLAAuL,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,oGAAiHE,EAAEE,EAAE,CAAC,KAAK,oKAAoK,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,qGAAqG,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,uPAAuP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iOAAiO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iCAAiC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qCAAkDE,EAAEE,EAAE,CAAC,KAAK,qDAAqD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,uOAAuO,CAAC,CAAC,EAAeL,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAEE,EAAE,CAAC,KAAK,+DAA+D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0DAA0D,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mFAAmF,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2WAA2W,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mHAAgIE,EAAEE,EAAE,CAAC,KAAK,kKAAkK,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,2JAAwKH,EAAEE,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,0EAAuFH,EAAEE,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,0KAA0K,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,wXAAwX,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mMAAgNE,EAAEE,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,iCAA8CH,EAAEE,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,mLAAmL,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,iSAAiS,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEO,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBR,EAAES,EAAE,CAAC,GAAGD,EAAE,KAAK,wKAAwK,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeV,EAAE,IAAI,CAAC,SAAS,CAAC,wOAAqPE,EAAEE,EAAE,CAAC,KAAK,8EAA8E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,0CAAuDH,EAAEE,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,+OAA+O,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,gOAAgO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iPAAiP,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4FAA4F,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAEE,EAAE,CAAC,KAAK,2GAA2G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,mDAAmD,CAAC,CAAC,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,YAAyBE,EAAEE,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,gEAAgE,CAAC,CAAC,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kGAAkG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wGAAwG,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+RAA+R,CAAC,CAAC,CAAC,CAAC,EAAec,EAAuBhB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,8JAA8J,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0HAAuIE,EAAEE,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,6GAA6G,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,srBAAsrB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8MAA8M,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAEE,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,gJAAgJ,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwDE,EAAEE,EAAE,CAAC,KAAK,4KAA4K,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,6DAA0EH,EAAEE,EAAE,CAAC,KAAK,iCAAiC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAwBjB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,2QAA2Q,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qTAAqT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oJAAoJ,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sNAAmOE,EAAEE,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,kFAAkF,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,8OAA2PE,EAAEE,EAAE,CAAC,KAAK,qCAAqC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,WAAwBH,EAAEE,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,gEAAgE,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gIAAgI,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wEAAwE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8gBAA2hBE,EAAEE,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,6BAA6B,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,8FAA2GE,EAAEE,EAAE,CAAC,KAAK,gFAAgF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,wWAAwW,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8EE,EAAEE,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,qDAAqD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mQAAgRE,EAAEE,EAAE,CAAC,KAAK,4HAA4H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,gDAAgD,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEE,EAAE,CAAC,KAAK,yFAAyF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAsBH,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mEAAmE,CAAC,EAAeA,EAAEE,EAAE,CAAC,KAAK,yFAAyF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAsBH,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oXAAoX,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yEAAyE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kfAAkf,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uOAAoPE,EAAEE,EAAE,CAAC,KAAK,yGAAyG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,uFAAuF,CAAC,CAAC,EAAeL,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEE,EAAE,CAAC,KAAK,4GAA4G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAsBH,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+DAA+D,CAAC,EAAeA,EAAEE,EAAE,CAAC,KAAK,4GAA4G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAsBH,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4aAAybE,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sKAAmLE,EAAEE,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,0BAAuCH,EAAEE,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,EAAea,EAAwBlB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,kGAAkG,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,+MAA+M,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,sPAAsP,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,2QAA2Q,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sTAAsT,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yPAAyP,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,keAAke,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4MAA4M,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,mYAAmY,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,sdAAsd,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,gCAA6CE,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,EAAE,+EAA+E,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uDAAoEE,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6ZAA6Z,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qRAAqR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sIAAsI,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6JAA6J,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,EAAE,+WAA+W,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,mCAAmC,CAAC,EAAE,0aAA0a,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,kBAAkB,CAAC,EAAE,6SAA6S,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,6CAA6C,CAAC,EAAE,shBAAshB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,8eAA8e,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6CAA6C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAEE,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,6XAA0YH,EAAEE,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeH,EAAE,IAAI,CAAC,SAAS,4EAA4E,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,2FAA2F,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,sJAAsJ,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,6DAA6D,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,uGAAuG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,gEAAgE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sNAAsN,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iLAAiL,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,cAAc,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,8HAA8H,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,gDAAgD,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,sEAAsE,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,EAAE,oDAAoD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6SAA6S,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,yKAAyK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gLAAgL,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,wKAAwK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kJAA+JE,EAAEE,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,2MAA2M,CAAC,CAAC,EAAeH,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,uKAAuK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uDAAuD,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,uKAAuK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gCAAgC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wKAAqLE,EAAEE,EAAE,CAAC,KAAK,4FAA4F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC,EAAeH,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uPAAoQE,EAAEE,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,4BAAyCH,EAAEE,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBF,EAAEG,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,yHAAyH,CAAC,CAAC,CAAC,CAAC,CAAC,EAChgiIc,EAAqB,CAAC,QAAU,CAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC",
  "names": ["richText", "u", "x", "p", "richText1", "Link", "motion", "richText2", "richText3", "richText4", "ComponentPresetsConsumer", "t", "CodeBlock_default", "richText5", "richText6", "richText7", "richText8", "richText9", "richText10", "richText11", "__FramerMetadata__"]
}