{
  "version": 3,
  "sources": ["ssg:https://framerusercontent.com/modules/o9KXpzigBQUT1GLJkGJK/P2PbhwiQHfEqnrlGyy0u/YHdMp3byK-5.js"],
  "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as a}from\"framer\";import{motion as n}from\"framer-motion\";import*as i from\"react\";export const richText=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"em\",{children:\"This post is Part 1 of a series that covers strategic considerations for managing high-scale, high-performance data pipelines and security infrastructure. \"}),/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-to-turn-security-pipelines-into-gold-mines/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"Part 2\"})})}),/*#__PURE__*/e(\"em\",{children:\" dives into specific functionality with more tactical details and scenarios. \"}),/*#__PURE__*/e(a,{href:\"https://panther.com/blog/5-reasons-your-pipeline-is-broken-and-how-to-fix-it/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"Part 3 \"})})}),/*#__PURE__*/e(\"em\",{children:\"wraps up with a list of common pitfalls and how to avoid them.\"})]}),/*#__PURE__*/e(\"p\",{children:\"Today\u2019s SecOps leaders know that security engineering allows you to manage detection and response programs like high-performance software. Automation is the name of the game.\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/t(\"blockquote\",{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"\u201CThe center of gravity for a modern SOC is automation.\u201D\\xa0\"})}),/*#__PURE__*/t(\"p\",{children:[\"Anton Chuvakin, leading security and log management expert, from \",/*#__PURE__*/e(a,{href:\"https://medium.com/anton-on-security/wth-is-modern-soc-part-1-22fefac75f0d\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"WTH Is Modern SOC\"})})]})]})}),/*#__PURE__*/t(\"p\",{children:[\"What might not be immediately clear is that high-performance security engineering depends heavily on high-performance data pipelines\",/*#__PURE__*/e(\"strong\",{children:\", \"}),\"powered by high-scale infrastructure.\\xa0\"]}),/*#__PURE__*/e(\"p\",{children:\"High-fidelity detections, alerts, and investigations start with data quality. Focusing on signal-rich log sources ensures effectiveness and reduces total cost of ownership (TCO), but it requires more nuanced data pipelines.\"}),/*#__PURE__*/e(\"p\",{children:\"Advanced data pipelines weren\u2019t always a priority. Legacy SIEMs like Splunk initially had far fewer data points to collect, so aggregating everything into a single pane of glass for correlation, detection, and reporting made sense. The SIEM monolith model evolved from this backdrop.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"The SIEM Monolith\\n\",className:\"framer-image\",height:\"317\",src:\"https://framerusercontent.com/images/CeJrQXzi6YY32StnAxMDgJZDhB4.png\",srcSet:\"https://framerusercontent.com/images/CeJrQXzi6YY32StnAxMDgJZDhB4.png?scale-down-to=512 512w,https://framerusercontent.com/images/CeJrQXzi6YY32StnAxMDgJZDhB4.png 1024w\",style:{aspectRatio:\"1024 / 635\"},width:\"512\"}),/*#__PURE__*/e(\"p\",{children:\"This monolithic approach broke down as the number of sources generating security telemetry skyrocketed. The rapid expansion of applications, hosts, and infrastructure over the past decade put the SIEM monolith\u2019s shortcomings under the microscope.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"A single pane of glass stops making sense when it\u2019s so densely packed with data that your team doesn\u2019t know what they\u2019re looking at, let alone what to do with it. Even if you could detangle all the data, it would cost a fortune with legacy SIEM licensing models.\\xa0\"}),/*#__PURE__*/t(\"p\",{children:[\"Today the \",/*#__PURE__*/e(a,{href:\"https://jacknaglieri.substack.com/p/the-transition-from-monolithic-siems\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SIEM monolith is fading\"})}),\" in favor of modular building blocks that enable efficient and performant ingestion, detection, and investigation workflows.\\xa0\"]}),/*#__PURE__*/e(\"img\",{alt:\"Decoupled SIEM - Modular Building Blocks\",className:\"framer-image\",height:\"156\",src:\"https://framerusercontent.com/images/aU3RnIubDqbcmp2i8UBczNlOCE.png\",srcSet:\"https://framerusercontent.com/images/aU3RnIubDqbcmp2i8UBczNlOCE.png?scale-down-to=512 512w,https://framerusercontent.com/images/aU3RnIubDqbcmp2i8UBczNlOCE.png 1024w\",style:{aspectRatio:\"1024 / 313\"},width:\"512\"}),/*#__PURE__*/e(\"p\",{children:\"This starts with refactoring data pipelines for the flexibility needed to maximize alert fidelity, ensure consistent performance, and keep infrastructure costs low. Aligning people, process, and technology to make it all happen is easier said than done. Beginning by carefully reviewing a few strategic considerations points the way forward.\\xa0\"}),/*#__PURE__*/e(\"h2\",{children:/*#__PURE__*/e(\"strong\",{children:\"Laying the Foundation: Key Strategic Considerations\\xa0\"})}),/*#__PURE__*/e(\"p\",{children:\"Some foundational considerations for your data pipeline, infrastructure, and detection strategy to get you started on the right path are detailed below.\"}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Cost\"})}),/*#__PURE__*/e(\"p\",{children:\"First thing\u2019s first: what is your budget? If you\u2019re moving from a legacy SIEM, your budget is probably already under scrutiny. If you\u2019re starting from scratch, you\u2019ve likely bootstrapped your team to get this far, and your budget is unlikely to suddenly double.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"The technology required to implement your strategy is your primary cost center. Expect to see vendors pricing based on a few standard parameters:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Licensing Fees\"}),\" for the software performing the core data pipeline functionality (ingestion, filtering, routing, parsing, and normalization) and the analysis of your data for threat detections and investigation workflows.\\xa0\\xa0\\xa0\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Infrastructure Computing Costs\"}),\" to actually perform analyses of ingested data for threat detections and queries. You may see add-ons for faster performance.\\xa0\"]})}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Data Storage Costs\"}),\" for the service that stores the ingested data. Some vendors let you choose between their proprietary storage optimized for their system OR low-cost storage like S3. This presents tradeoffs between cost and speed of analysis.\"]}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Retention \"}),\"is an important component. Platforms typically include a base retention period. If you need anything beyond that, you\u2019ll see an added cost multiplier.\\xa0\"]})})})]})]}),/*#__PURE__*/e(\"p\",{children:\"Whether it\u2019s a hosted or on-premise deployment impacts how these charges show up. Different vendors structure their pricing with varying levels of detail and transparency, and add-ons increase the complexity. But under the hood, these three categories are the key cost drivers.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"The key point: low value data costs as much as signal-rich, high-value data, reiterating the importance of being choosy about your data sources. Prioritizing high-value data creates a virtuous feedback loop of increased data quality leading to higher fidelity detections.\"}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Log Priority, Formats, and Volumes\\xa0\"})}),/*#__PURE__*/e(\"p\",{children:\"Being choosy about your data means answering which sources are the highest priority. This depends on a strong working knowledge of your infrastructure, applications, and endpoints. A firm grasp of emerging threats and relevant tactics techniques and procedures (TTPs) is also key.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Some categories to consider for prioritization might include:\\xa0\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Endpoints and Network Security Solutions\"}),\": logs from endpoint detection and response (EDR) solutions and security appliances like next-generation firewalls help detect imminent security threats.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Cloud Services\"}),\": logs from cloud infrastructure services likeAWS CloudTrail, Azure Activity Logs, and GCP Audit Logs provide visibility into cloud-based attacks, unauthorized access attempts, and misconfigurations.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Web Apps\"}),\": server and firewall logs from employee- or customer-facing applications can provide insights into things like SQL injection, cross-site scripting (XSS), and other web attacks.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Data Stores\"}),\": logs from databases, data warehouses, or data lake servers can reveal unauthorized access, data exfiltration, or other abnormal activities.\\xa0\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Authentication Systems\"}),\": logs from authentication servers, identity providers, and single sign-on (SSO) solutions give visibility into suspicious login activities and account compromises.\"]})})]}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Employee Host Devices\"}),\": logs from employee laptops or workstations can indicate malware infections, unauthorized software installations, and insider threats.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Development Servers\"}),\": logs from servers hosting critical applications can reveal unauthorized access attempts, privilege escalation attempts, and abnormal system activities indicative of compromise.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Network Devices\"}),\": logs from routers, switches, firewalls, and intrusion detection/prevention systems (IDS/IPS) canidentify unauthorized network activities.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"It\u2019s also important to get an idea of two related components \u2013 data formats and volumes:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Formats\"}),\": logs come in a variety of different formats, and many require parsing and normalization before analysis. Knowing what shapes your data takes is important when evaluating pipeline requirements. Bonus points for logs in lightweight, platform-agnostic formats like JSON, since their flexibility and standardization streamlines ingestion for analysis and detection.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Volume\"}),\": the relative volumes of different logs is a key related concern for cost and performance. You should be fairly certain that high volume logs are very high priority before ingesting them. Filtering capabilities can help reduce volume.\\xa0\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"Logs containing sensitive information will generally merit higher prioritization. This includes:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Internal data \u2013 financials, product usage, customer lists, business strategy, etc.\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Customer records with payment information, customer contracts, etc.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Vendor and partner agreements\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Intellectual property such as proprietary datasets, production code, algorithms, etc.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Regulated data within employee or consumer records containing personally identifiable information (PII) or protected health information (PHI)\"})})]}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Time Frame\\xa0\"})}),/*#__PURE__*/e(\"p\",{children:\"Some categories of telemetry data are clearly signal rich. Logs from critical resources indicating high-severity attacker TTPs provide immediate value. Some are not likely to generate high-fidelity detections alone, but their value becomes clear with correlation. Other sources are not valuable for detections but may be required for compliance or training threat models.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"So you can think of 3 categories based on the data\u2019s relevance to your detection and analysis workflows, and which storage is required:\"}),/*#__PURE__*/e(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Immediate \u2013 Hot storage:\"}),\" high value security telemetry data for real-time analysis to create high fidelity detection and alerts. This is best routed to hot storage for immediate analysis within the SIEM.\\xa0\"]})})}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Near-term \u2013 Warm storage:\"}),\" moderate value data that increases when correlated with other data. The specific time frame for \u201Cnear-term\u201D will depend on your threat model\u2013could be 2 weeks, 2 months, etc. This may be routed to \u201Cwarm\u201D storage, or a location where it can be recalled quickly for correlations but isn\u2019t taking up immediate processing resources.\\xa0\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Historical \u2013 Blob storage:\"}),\" data that has low value for threat detections, typically reserved for periodic system performance reporting, compliance, and training models. In most cases it makes sense to route this data to low-cost blob storage outside of the SIEM for later retrieval.\\xa0\\xa0\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"When categorizing logs into these buckets, it\u2019s helpful to consider things like:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Would this log data indicate an incident before it became serious?\\xa0\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Would this data in itself have generated a high fidelity detection, or would it need to be correlated with other data points?\\xa0\\xa0\"})})]}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"How likely are you to query this data within the next 2 weeks or your investigation or threat hunting workflows? Within the next 30 days? Will you need to query it at all?\\xa0\"})}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:[/*#__PURE__*/e(\"p\",{children:\"Which data points are you required to maintain for compliance processes? How often do you need to do compliance reporting?\"}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"If you\u2019re going to store this data in a separate bucket, what integrity controls do you need to protect it from being deleted?\\xa0\\xa0\"})})})]}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"What data points help refine and develop your internal threat modeling? Would they also be useful for immediate or near-term detections?\"})})]}),/*#__PURE__*/e(\"p\",{children:\"You should also get a sense of the relative volumes in each bucket. If you\u2019re like most organizations, you\u2019ll find you have a smaller subset for immediate and near-term vs. historical analysis. And that\u2019s good news, because hot and warm storage are more costly.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"This reiterates the benefits of transitioning from monolithic SIEM to modular building blocks. Decoupling security data acquisition, analysis, and storage enables agility and efficiency. Your pipelines can feed into infrastructure with varying levels of performance to meet the use case\u2019s requirements.\\xa0\"}),/*#__PURE__*/e(\"img\",{alt:\"Operationalizing Immediate, Near-Term, and Historical Data \",className:\"framer-image\",height:\"240\",src:\"https://framerusercontent.com/images/QWBmTJVZW5mFEuV4f95oFbsHY70.png\",srcSet:\"https://framerusercontent.com/images/QWBmTJVZW5mFEuV4f95oFbsHY70.png?scale-down-to=512 512w,https://framerusercontent.com/images/QWBmTJVZW5mFEuV4f95oFbsHY70.png 1024w\",style:{aspectRatio:\"1024 / 480\"},width:\"512\"}),/*#__PURE__*/e(\"p\",{children:\"Immediate and near-term data aligns with higher performance compute and higher availability storage for high-fidelity detections. Historical data goes to low-cost storage: it\u2019s there if you need it later, but it\u2019s not slowing your team down and eating up budget. Say goodbye to bloated SIEM architectures and their super-sized bills. Say hello to lean, agile SecOps and drastic reductions in total cost of ownership\"}),/*#__PURE__*/e(\"p\",{children:\"These timeframes help align your strategy to key functional requirements for your data pipeline workflows and infrastructure\u2026 which is where we\u2019ll pick up in part 2. Stay tuned!\\xa0\"}),/*#__PURE__*/t(\"p\",{children:[\"In the meantime, if you\u2019d like to see how Panther enables high-scale ingestion pipeline workflows,\",/*#__PURE__*/e(a,{href:\"https://old.panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\" request a demo\"})}),\".\"]})]});export const richText1=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"TL;DR To make ingesting noisy VPC Flow logs affordable, invest in filtering, enrichment, and tuning, alongside adopting a cloud-native SIEM with zero infrastructure management.\"})}),/*#__PURE__*/e(\"p\",{children:\"Security practitioners who monitor their cloud networks with VPC Flow know that this AWS service can get excessively expensive, and quickly. \"}),/*#__PURE__*/t(\"p\",{children:[\"This blog will guide you on how to manage VPC Flow logs so that you can not only control costs, but decongest your threat detection environment and enhance the fidelity of your alerts. To this end, you'll learn how to filter out irrelevant log data, enrich logs with context and threat intelligence, and boost your overall signal-to-noise ratio with \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-detection-as-code-revolutionizes-security-posture/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"detection-as-code\"})}),\". You'll also understand the limitations of SIEM infrastructure and licensing that may prevent you from cost-effective ingestion.\"]}),/*#__PURE__*/e(\"p\",{children:\"Let's start by assessing the core issueAinoisy logs.\"}),/*#__PURE__*/e(\"h3\",{children:\"The Problem of Noisy Logs\"}),/*#__PURE__*/e(\"p\",{children:\"When a log source rapidly produces large quantities of logs, practitioners dub these as noisy' to reflect the challenges these log sources present.\"}),/*#__PURE__*/t(\"p\",{children:[\"The first challenge is about threat detection. Any number of irrelevant logs congests the threat detection environment, making the job of accurately identifying threats that much harder. A congested environment can lead to an increase in false positives, mean time to resolve (MTTR), and alert fatigue, all of which increase risk. The March 2023 \",/*#__PURE__*/e(a,{href:\"https://www.crn.com/news/security/3cx-attack-shows-the-dangers-of-alert-fatigue-for-cybersecurity\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"attack on 3CX's supply chain\"})}),\" is a reminder of the consequences of alert fatigue and why teams must address it.\"]}),/*#__PURE__*/e(\"p\",{children:\"The second challenge is a matter of cost. Quite plainly, the more data your Security Information and Event Management (SIEM) platform ingests, the higher the costs will be. But with the volume of VPC Flow logs, expensive easily becomes cost-prohibitive, forcing security teams to stop ingesting and put comprehensive security at risk. \"}),/*#__PURE__*/e(\"p\",{children:\"However, a big culprit driving up spending is SIEM infrastructure and licensing models that are unfriendly to noisy, high-volume cloud logs. To maintain a baseline of performance, traditional SIEMs require ongoing database management to adjust how logs are indexed based on write frequency and infrastructure hardware profile. Despite this overhead, only a small subset of data remains in hot storage for rapid search. Most data resides in warm or cold storage that costs less, but takes much longer to query during incident response and threat hunting. \"}),/*#__PURE__*/e(\"p\",{children:\"Facing these obstacles on top of additional licensing fees for cloud logs, security teams often do not ingest VPC Flow logs into their SIEM, but resort instead to siloing their log data in an S3 bucket, if at all.\"}),/*#__PURE__*/e(\"h3\",{children:\"Why You Should Be Ingesting AWS VPC Flow Logs\"}),/*#__PURE__*/t(\"p\",{children:[\"With \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Amazon's Virtual Private Cloud (VPC)\"})}),\", you can create a virtual network to house your AWS resources with all the typical network controls, like the ability to configure gateways, subnets, IP addresses, and routing. These controls are not just fundamental to network administration, but also for preventing network-based attacks.\"]}),/*#__PURE__*/e(\"p\",{children:\"VPC Flow logs give you visibility into the IP traffic going in between interfaces on your VPC network, enabling you to diagnose issues with security policies and decide how to direct traffic between interfaces. Further, you can correlate this data with users or devices to assist in determining malicious activity. Here are just a few examples of the threats you can detect with VPC Flow logs:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Use of non-standard ports.\"}),\" Using a non-standard port (SMTPS) for a standard request (HTTPS) could indicate that an attacker is trying to communicate with compromised systems on your network. Practitioners can catch these by monitoring inbound traffic that does not meet criteria in allowlists or blocklists.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Requests from known crypto mining domains. \"}),\"If your network receives a DNS lookup request from a known crypto mining domain name, this could indicate an attacker seeking to hijack resources on your network to perform resource-intensive crypto-mining.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Traffic to non-approved DNS servers.\"}),\" When outbound DNS traffic is detected to a non-approved DNS server, this could indicate an attacker is seeking to exfiltrate data or perform command and control for compromised hosts.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"To identify and tackle the most advanced and emerging threats, practitioners need their SIEM to ingest VPC Flow logs alongside all other log sources. Now let's tackle how to manage the challenges caused by noisy VPC Flow logs.\"}),/*#__PURE__*/e(\"h3\",{children:\"Migrate to a Cloud-Based SIEM to Control Costs\"}),/*#__PURE__*/t(\"p\",{children:[\"If you are still using a traditional SIEM, migrating to \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/cloud-based-siem-explained/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a cloud-based SIEM\"})}),\" will have the most significant impact on your ability to cost-effectively ingest AWS logs and gain full system visibility. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Here's why: a cloud-based SIEM leverages serverless architecture to eliminate infrastructure management; further, log data is saved in a \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/security-data-lake/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"security data lake\"})}),\" that uses modern \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/why-panther-chose-snowflake/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"cloud database technology\"})}),\" designed to not only handle cloud-scale data, but guarantee query performance. This enables cloud-based SIEM platforms to deliver exactly what modern security teams need:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Petabyte-scale search.\"}),\" By separating how data is stored and computed, the security data lake provides hot storage going as far back as 365 days for rapid investigation and response, even when running concurrent workloads.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Unified data model (UDM).\"}),\" A UDM configures and standardizes a set of unified fields across all log types, making this work optional rather than required.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Instant scalability. \"}),\"With a security data lake, you can scale resources up or down as needed for incident response and threat hunting.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Fully managed data. \"}),\"The security data lake includes data encryption, compression, governed policies and rules, data-masking, automated JSON parsing, and more, reducing data management workloads. \"]})})]}),/*#__PURE__*/e(\"h3\",{children:\"Filter Raw Log Data to Reduce Noise and Control Costs\"}),/*#__PURE__*/e(\"p\",{children:\"Short of adopting a cloud-native SIEM, the best way to manage AWS VPC Flow noise and cost is to filter out unwanted data. There are a few ways to do this depending on how your log pipeline is set up.\"}),/*#__PURE__*/t(\"p\",{children:[\"Within AWS, the VPC Flow service does not provide log filtering tools. However, if your log pipeline uses AWS \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CloudWatch\"})}),\" to aggregate and forward logs, you can use \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"subscription filters\"})}),\" to control which logs are sent to your SIEM. \"]}),/*#__PURE__*/e(\"p\",{children:\"Within your SIEM, you can create filters by log source to ignoreAior throw outAilog data before it's analyzed for threats and saved to your data lake. Two common methods that SIEMs offer are raw data filters and normalized data filters.\"}),/*#__PURE__*/e(\"p\",{children:\"A raw data filter processes and filters log data before the SIEM normalizes the data according to its schemas. A raw data filter specifies a pattern to match with. If any log matches the pattern, the entire log is ignored and not processed by the SIEM. The available tools for filtering raw log data depends on the SIEM you are working with, but these are the two most common:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Regular expressions (regex). \"}),\"A sequence of characters that represent a pattern that searches for, matches with, and manipulates strings in text. For example, you could specify the regex \",/*#__PURE__*/e(\"strong\",{children:\"/(\\\\bevent\\\\b/g\"}),\" to filter out any raw log data that contains the exact whole word event'. The text no event' would be thrown out, and noevent' and no events' would be processed.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Substrings\"}),\". Text, or a sequence of characters, used as a matcher when analyzing other text. For example, the substring 0.0.0.0' could be used to filter out any raw log data that contains 0.0.0.0' at least once. The text 0.0.0.0' would be thrown out, but 0.0.0.1' would be processed.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"In contrast, a normalized data filter processes and filters log data after the SIEM normalizes the data. The benefit here is a granular filter that can throw out individual fieldsAior keys', pieces of data within a logAiinstead of the entire log. \"}),/*#__PURE__*/e(\"p\",{children:\"To create a normalized data filter, you'll typically need the following information:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"The log type.\"}),\" For example, AWS VPC Flow.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A field.\"}),\" The identifier or key' for the data you wish to remove.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A condition. \"}),\"For example, contains', is less than', or has any'.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A value. \"}),\"The state of the data for the field that you want to remove. This could include having no data. \"]})})]}),/*#__PURE__*/e(\"p\",{children:\"With both filtering methods, any logs that are dropped during the filtering process should not contribute to your overall ingestion quota; verify pricing with your SIEM vendor.\"}),/*#__PURE__*/e(\"h3\",{children:\"An Example: Filtering Out Empty Events\"}),/*#__PURE__*/e(\"p\",{children:\"Filtering starts by determining what information is irrelevant to security. For an example, let's see how to filter out empty VPC Flow log data.\"}),/*#__PURE__*/t(\"p\",{children:[\"When there is no network traffic to or from the network interface during a VPC Flow aggregation interval, \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-no-data\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"VPC Flow generates a default log containing the statement NODATA'\"})}),\", representing an empty' log that has no data. To target these empty logs and filter them out using a raw data filter, use either the regex filter \",/*#__PURE__*/e(\"strong\",{children:\"/NODATA/\"}),\" or the substring filter \",/*#__PURE__*/e(\"strong\",{children:\"NODATA'\"}),\".\"]}),/*#__PURE__*/e(\"h3\",{children:\"Enrich Logs to Increase Alert Fidelity\"}),/*#__PURE__*/e(\"p\",{children:\"Alongside filtering, enriching your log data with context and threat intelligence increases the fidelity of your alerts and speeds up investigation and incident response. A classic example is adding information about business assets to log data, like a user-to-hardware mapping. Another example is mapping numeric IDs or error codes to human readable information.\"}),/*#__PURE__*/t(\"p\",{children:[\"To enrich logs, create a \",/*#__PURE__*/e(\"strong\",{children:\"lookup table\"}),\", a custom data set that you upload to your SIEM and configure to enrich one or more specified log types. The next image shows how this process works, where a lookup table of known bad actors enriches an incoming log by the matching IP address 1.1.1.1.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"141\",src:\"https://framerusercontent.com/images/EKgX5fdPdqBEYNH9gUACpzNprg.png\",srcSet:\"https://framerusercontent.com/images/EKgX5fdPdqBEYNH9gUACpzNprg.png?scale-down-to=512 512w,https://framerusercontent.com/images/EKgX5fdPdqBEYNH9gUACpzNprg.png 1024w\",style:{aspectRatio:\"1024 / 282\"},width:\"512\"}),/*#__PURE__*/t(\"p\",{children:[\"Your SIEM may also partner with third-party threat intelligence providers for out-of-the-box log enrichment. For example, your SIEM may provide a regularly updated list of \",/*#__PURE__*/e(\"strong\",{children:\"Tor Exit Nodes\"}),\". \",/*#__PURE__*/e(a,{href:\"https://www.torproject.org/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Tor\"})}),\" is an anonymizing network for Internet browsing in which the user's client IP addressAior \",/*#__PURE__*/e(\"em\",{children:\"exit node\"}),\"Aiis randomly picked from nodes around the world. A regularly updated list of Tor exit nodes can help you determine if a request is coming from Tor and whether it could be malicious.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Boost Signal-to-Noise Ratio with Detections-as-Code\"}),/*#__PURE__*/e(\"p\",{children:\"Filtering enables you to reduce noise and control cost, and log enrichment improves the fidelity of your alerts. But another essential task is to increase your signal-to-noise ratio by tuning detections. \"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://panther.com/blog/a-quick-and-easy-guide-to-detection-and-query-tuning/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Detection tuning\"})}),\" is the process of customizing detections so they are optimized for your specific environment. This ensures that detections are specific, informative, and cover relevant security threats, so that you can accurately identify threats and resolve them faster. In terms of metrics, detection tuning controls alert fatigue, reduces false positives \",/*#__PURE__*/e(\"em\",{children:\"and\"}),\" false negatives, and improves two key performance metrics for threat detection and response: mean time to detect (MTTD) and mean time to resolve (MTTR). \"]}),/*#__PURE__*/e(\"p\",{children:\"In other words, you'll clearly hear the signal amid the noise.\"}),/*#__PURE__*/t(\"p\",{children:[\"But the ability to customize detections varies across SIEMs. It's well known that legacy SIEMs suffer from inflexible tools that limit the extent to which you can tune and optimize detections for your environment. Platforms that offer \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-detection-as-code-revolutionizes-security-posture/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"detection-as-code (DaC)\"})}),\" are making customization and flexibility fundamental to detection creation by writing, managing, and deploying detections through code. The goal is to make threat detection processes reusable, reliable, consistent, and scalable, all while controlling cost:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Reusability. \"}),\"Detections are written in programming languages that allow for the reuse and adaptation of detection logic across your detection environment and new contexts. A common practice is encapsulating routine processes in functions to use again and again, saving you time and ensuring consistency. \"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Reliability.\"}),\" Coding languages like Python offer extensive built-in tools and libraries for extending or customizing logic so you can cover security gaps and ensure reliable threat detection. Reliability is further verified by writing code-based unit tests that accompany the detection rules. Detection code is managed in version control systems like GitHub, facilitating reliable and accessible change tracking, auditing, and rollbacks.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Consistency.\"}),\" Version control systems facilitate testing and deployment automation by integrating into continuous integration and continuous deployment (CI/CD) pipelines. Automation ensures consistency by reducing manual errors. These systems also provide tools like pull requests for standardized peer review and collaboration, maintaining consistent quality in threat detection development.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Scalability. \"}),\"The automated testing and deployment of detection rules allow for management that scales with infrastructure growth. Code-based detections are reusable and adaptable to changing data sources, supporting scalability. Version control facilitates rapid development and deployment of new rules to meet emerging threats, enhancing scalable threat detection capabilities.\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"Now get a sense of what a code-based detection looks like. The next image shows an excerpt from \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/main/rules/aws_vpc_flow_rules/aws_dns_crypto_domain.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a Python detection for clients that may be performing crypto mining\"})}),\", one of \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/siem-for-aws/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Panther's\"})}),\" 500+ pre-built detections. The logic in this rule will trigger an alert when log data contains a domain that's in the predefined list of \",/*#__PURE__*/e(\"strong\",{children:\"CRYPTO_MINING_DOMAINS\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"188\",src:\"https://framerusercontent.com/images/fVDq9WaV6zeV6UXFZB7Q4U5o.png\",srcSet:\"https://framerusercontent.com/images/fVDq9WaV6zeV6UXFZB7Q4U5o.png?scale-down-to=512 512w,https://framerusercontent.com/images/fVDq9WaV6zeV6UXFZB7Q4U5o.png 864w\",style:{aspectRatio:\"864 / 376\"},width:\"432\"}),/*#__PURE__*/t(\"p\",{children:[\"In the code excerpt, notice \",/*#__PURE__*/e(\"strong\",{children:\"rstrip \"}),\"(line 7); this is a built-in Python function for routine string manipulation, in this case removing trailing characters from a string. Access to reusable code is one of the benefits of writing detections in code discussed earlier. What's not shown in this excerpt is \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/main/rules/aws_vpc_flow_rules/aws_dns_crypto_domain.yml\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the logic\"})}),\" that defines what information goes into the alert, tests for the detection, and other ways to customize how and when the alert is triggered. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Best of all, the benefits of DaCAiincluding expressiveness, testability, CI/CD integration, and reusabilityAiare available to practitioners without programming experience. Security teams can implement \",/*#__PURE__*/e(\"strong\",{children:\"no-code workflows\"}),\" using forms or a user-friendly markup language to create, test, deploy, and automate detections. To get a closer look at DaC, including no-code workflows, check out \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-to-create-a-code-based-detection/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"how to create a code-based detection.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"To summarize, detection-as-code is all about efficiency and reliability; it gives security practitioners the flexibility to optimize their detections and the agility to stay on top of threats in a dynamic cybersecurity landscape.\"}),/*#__PURE__*/e(\"h3\",{children:\"A Cloud-Native SIEM\"}),/*#__PURE__*/t(\"p\",{children:[\"When you need to manage high-volume AWS logs, the most important tool is a cloud-native SIEM that can handle cloud-scale data. Traditional SIEMs can't keep up with the demands of cloud workloads, compromising on timeliness and cost. Learn \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-to-evaluate-a-security-detection-platform/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"how to evaluate security platforms\"})}),\" to determine whether it's fit for your cloud data.\"]}),/*#__PURE__*/t(\"p\",{children:[\"For a comprehensive review on managing AWS logs, read the ebook \",/*#__PURE__*/e(a,{href:\"https://panther.com/resources/ebooks/keep-aws-logs-from-running-wild-by-putting-panther-in-charge/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Keep AWS Logs from Running Wild by Putting Panther in Charge\"})}),\". Panther is a cloud-native SIEM that empowers modern security teams with real-time threat detection, log aggregation, incident response, and continuous compliance, at cloud-scale. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Ready to try Panther? \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Get started by requesting a demo.\"})})]})]});export const richText2=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Being on a security team these days can be brutal. There is more data to monitor than ever, and hackers are developing attacks using sophisticated social engineering tactics. Not to mention the omnipresent rise of AI that spawns new, emerging threats to try to stay ahead of. And youre supposed to do it all with technology that is old enough to drink.\"}),/*#__PURE__*/e(\"p\",{children:\"SIEM vendors are letting security teams down, but lets focus right now on one specific feature they lack: flexible detections. We all know that inflexible detections suck. Weve weathered the alert storms they generate and wasted too much time cleaning up the aftermath. Its time to evolve beyond these legacy SIEMs that set us up for headaches. Security teams deserve better than these outdated solutions to meet the realities of modern-day challenges.\"}),/*#__PURE__*/e(\"h2\",{children:\"The Pitfalls of Inflexible Detections\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Vague detections that cannot be tuned or edited lead to a barrage of false positives and alert storms that your team has to deal with instead of focusing on legitimate alerts.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Teams leave critical gaps in their threat coverage without the option to write custom detections.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"The limitations of basic detection logic limit rule efficacy and lead to numerous detections to replicate the impact of a single detection built with advanced features.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Incident response times increase when analysts dont have access to adequately enriched alerts and have to hunt down critical alert context.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Dont Get Caught in an Alert Storm\"}),/*#__PURE__*/e(\"p\",{children:\"Every security analyst has dealt with it: alert fatigue. Security engineers writing inflexible detections set their analysts up for a bad time. When your detection quality is poor, your alert quality will also be poor. You know the saying: garbage in, garbage out. Your team will be hammered by high volumes of false positive alerts and forced to spend valuable time wading through them instead of focusing on high-value alerts in the first place. This ultimately drives up the cost of securing your organization by requiring more butts in seats to get enough eyes on glass. Its either that or risk not triaging all your alerts and potentially missing legitimate threats.\"}),/*#__PURE__*/e(\"h2\",{children:\"CYA and Plug Those Gaps\"}),/*#__PURE__*/e(\"p\",{children:\"Each security team has a unique environment and its own set of needs to meet with its SIEM. Rigid, predefined rule logic is going to lead to poor threat coverage. Most legacy OOTB rules arent customizable, and at worst, you have no visibility into how they were constructed, leading to a black box effect that only exacerbates coverage gaps. Even when you get some coverage, however weak, from OOTB rule sets, what about your custom log sources? Most teams will have at least one custom log source to ingest and monitor, and legacy SIEMs rarely offer the flexibility to create custom rules to cover that data. Leaving log sources unsecured defeats the entire purpose of having a SIEM and leaves teams vulnerable to attacks.\"}),/*#__PURE__*/e(\"p\",{children:\"OOTB rules are an OK starting point, but they wont provide enough threat coverage alone. Tuning existing rules or creating new high-fidelity rules is the best way to plug the gaps in your coverage and reduce false positive alerts. Restrictive query languages, like LogScales LQL, can make it challenging to create high-quality detections that actually deliver the threat coverage youre trying to achieve with a SIEM. You could spend extra time creating multiple, redundant rules, needlessly increasing the complexity of your environment and generating redundant alerts, further burdening your analyst team.\"}),/*#__PURE__*/e(\"h2\",{children:\"The Clocks Ticking\"}),/*#__PURE__*/e(\"p\",{children:\"During a potential incident, every second counts, and inflexible detections will eat up a lot of valuable seconds. The limitations of basic detection features result in poor alert quality compared to detections built with advanced features like enrichment and actor profile context. The more detail your alerts can deliver to your analysts up front, the easier it is for them to triage the alert and investigate the related events appropriately. For even faster alert remediation, contextually enriched alerts pair wonderfully with a SOAR platform that can automate incident response for low-level alerts, freeing up your teams time to focus on higher-priority work.\"}),/*#__PURE__*/e(\"h2\",{children:\"Evolve Your Team with Flexible Detections\"}),/*#__PURE__*/e(\"p\",{children:\"Flexible detections help your team:\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\",\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(21, 22, 25)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Reduce false positive alerts with high efficacy, properly tuned, and customized rules\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Deliver advanced features like dynamic severities, alert enrichment like GreyNoise and actor profiles, rigorous unit testing, and lookup tables\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Scale security operations without requiring an ever-increasing headcount\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Improve threat coverage with customizable OOTB detections and the ability to create from-scratch new detections\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"18px\",\"--framer-line-height\":\"27px\"},children:/*#__PURE__*/e(\"p\",{children:\"Speed up incident response and investigations with contextually enriched alerts to help your analysts move faster\"})})]}),/*#__PURE__*/e(\"p\",{children:\"As organizations wrestle with the increasing volume of data to monitor, inflexible detections trip up otherwise effective security teams. With the rise of hackers employing sophisticated social engineering tactics and emerging threats like AI-based attacks, the need for agility and adaptability in detections becomes more critical. Security teams that step into the future and embrace flexible detections will enhance their security posture, reduce false positives, minimize gaps in threat coverage, and expedite incident response efforts.\"})]});export const richText3=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h3\",{children:\"Streamlining Incident Response with Automated Workflows\"}),/*#__PURE__*/t(\"p\",{children:[\"The Panther team is excited to unveil our latest alert destination integration: Torq! \",/*#__PURE__*/e(a,{href:\"https://torq.io/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Torq is transforming cybersecurity\"})}),\" with its pioneering enterprise-grade, AI-driven hyperautomation platform. By connecting the entire security infrastructure stack, Torq makes autonomous security operations a reality. It empowers organizations to instantly and precisely remediate security events, and orchestrate complex security processes at scale. Panther users can now \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/alerts/destinations/torq\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"set up Torq as an alert destination with just a few clicks\"})}),\" and start leveraging Torq to automate their incident response workflows, from alert triage to fully automated remediation for low-level alerts. \"]}),/*#__PURE__*/e(\"p\",{children:\"Torq helps you get more value from Panther through its ability to orchestrate and automate the resolution of security alerts detected by your Security Operations Center (SOC). Torq HyperSOCTM was engineered to solve the existential challenges faced by SOC teams including alert volume, alert fatigue, and the global talent shortage. By leveraging external threat intelligence feeds and infinite integration possibilities, Torq enriches alerts with contextual data, enabling seamless prioritization and routing of alerts to the appropriate security analysts or team members for any necessary further investigation and response work. This streamlined process ensures critical alerts reach the right practitioner first and receive prompt attention, enhancing overall response efficiency and detection time. \"}),/*#__PURE__*/e(\"p\",{children:\"Torq enables SOC teams to auto-remediate up to 95% of Tier-1 cases by leveraging AI to execute SOC-defined automation runbooks at machine speed. Automating remediation for low-level alerts frees up the security teams time to focus on more critical alerts and potential threats, increasing total threat model coverage. While some security teams overwhelmed with alert volume may be forced to choose to disable low-level alerts  potentially losing crucial historical context for future investigations  automated alert remediation is a solution that leaves the alert intact without the need for any tradeoffs. \"}),/*#__PURE__*/e(\"p\",{children:\"Lets examine how Panther users can leverage Torq for incident response workflows. In this example, Panther has detected the creation of a user role with sensitive permissions in AWS and generated an alert, given the potential security risk for this action. The alert is sent to Torq and triggers predefined automation for this type of alert. Torq enriches the alert with relevant IP data, asks the user involved if they performed the action, and remediates the alert by automatically deleting the user role in AWS. This proactive approach to incident response, leveraging Torq as an alert destination for Panther, frees up valuable security team members time without sacrificing security posture. \"}),/*#__PURE__*/e(\"p\",{children:\"Panther and Torq now seamlessly integrate, pairing the power of Panthers detection-as-code workflows with Torqs automated incident response workflows. Whether automating alert triage, prioritization, or remediation, Torq empowers security teams to respond swiftly and decisively to potential threats, bolstering the resilience of their organizations security posture.\"}),/*#__PURE__*/t(\"p\",{children:[\"Ready to experience the power of Torq plus Panther? \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Request a demo of Panther. \"})}),\" \"]})]});export const richText4=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Panther is excited to share that we now integrate with Observo.ai, enabling Panther users to leverage \",/*#__PURE__*/e(a,{href:\"https://www.observo.ai/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Observo.ai's powerful data pipeline features\"})}),\". Observo.ai was created to help Security and DevOps teams solve their biggest telemetry problems. Using Artificial Intelligence, Observo.ai optimizes and transforms data from any source and routes it to the destinations where it has the most value. \"]}),/*#__PURE__*/e(\"p\",{children:\"Panther users can now leverage Observo.ai to streamline data ingestion for particularly challenging data sources, making collecting all critical security data into Panther more straightforward. Observo.ai uses unique machine learning-based models specific to each data type to transform data into the schema used by the destination tool in real-time, all within the stream. Regardless of how the data comes into Observo.ai, it leaves properly formatted and routed to Panther. \"}),/*#__PURE__*/e(\"p\",{children:\"One commonly tricky data source to collect into a SIEM is on-prem logs, like ZScaler and Palo Alto Network Firewalls. To help ingest these into Panther, Observo.ai pipelines can be installed on-prem where your data resides. Transform modules convert data to the desired format and can be routed to a cloud SIEM through an HTTP source or AWS S3. \"}),/*#__PURE__*/e(\"p\",{children:\"Observo.ai can enrich logs with sentiment analysis to help prioritize the most meaningful events. It can also enrich logs with Threat Intel or Geo-IP to add event context and speed up SIEM queries. Observo.ai helps protect sensitive data by automatically detecting and masking or obfuscating it, even if it's in an unexpected field. Data enrichment and PII detection are done in real-time as the data moves through an Observo.ai pipeline on its way to Panther. \"}),/*#__PURE__*/t(\"p\",{children:[\"Observo.ai's powerful data pipeline enables Panther users to streamline their data ingestion and manipulate it with filters, enrichment, and transformations to improve their SIEM data hygiene and unlock immense security value. By summarizing normal, less interesting events, Observo.ai can dramatically reduce costs by reducing the amount of data stored in your SIEM index and ease the compute burden. Panther users can start using Observo.ai's data pipeline features following \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/data-onboarding/data-pipeline-tools/observo\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"these steps\"})}),\". \"]}),/*#__PURE__*/t(\"p\",{children:[\"Ready to increase the value of your security data?\",/*#__PURE__*/e(a,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\" Schedule a demo of Panther\"})}),\" today to see how it works. \"]})]});export const richText5=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"It's a sad fact, but most alerts just aren't useful - like at all. We know it, you know it, every vendor knows it, but still, every tool in your stack seems to want to drown you in alerts.\"}),/*#__PURE__*/e(\"p\",{children:\"So this RSA, we're going to do something different. We're not going to try to scare you about what attackers might be hiding under your bed in your logs and how you should spend every waking moment writing detections and searching for them. \"}),/*#__PURE__*/t(\"p\",{children:[\"We're going to tell you why you should be focusing your attention on \",/*#__PURE__*/e(\"strong\",{children:\"NOT\"}),\" generating alerts and \",/*#__PURE__*/e(\"strong\",{children:\"NOT\"}),\" investigating false positives. \"]}),/*#__PURE__*/e(\"p\",{children:\"To help us do this, we're unveiling our new Correlation Rules and AI capabilities at RSA. \"}),/*#__PURE__*/t(\"p\",{children:[\"** Quick Marketing Aside ** Make sure to come to booth #3416  to check it out live or hit us up to \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"schedule a demo\"})}),\"! Our SWAG has been called epic by some.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"Ok, now back to the blog.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Detections are Dumb. Correlation Rules Make Them Smart\"}),/*#__PURE__*/e(\"p\",{children:\"Imagine a scenario where one of your finance execs logs in from a new IP and then downloads a sensitive file within a short time frame. On their own, these activities might not be a big deal or trigger any alarms. Employees frequently work remotely and download files. There is nothing too crazy here, and it's probably not worth sending an alert. \"}),/*#__PURE__*/e(\"p\",{children:\"But when these things happen in rapid succession or in conjunction with something else sketchy, they could probably use a closer look. This is what we're solving with Correlation Rules. We give you the control to decide what combinations of conditions, events, and people, across which timeframes, merit an alert. This way you don't waste time triaging an alert every time Carl from Accounting decides to work from Starbucks.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"I spoke with Nick Hakmiller, one of the leads on the feature, and he emphasized the same sentiment, \\\"With Correlation Rules it's not just about reducing noise. It's about putting threat detection precision at the center of the experience. By allowing people to combine different detections together to ignore things that aren't risky, it makes everyone's lives less annoying. And it makes us safer by focusing attention on things that actually are risky.\\\"\"})}),/*#__PURE__*/e(\"p\",{children:\"https://www.youtube.com/watch?v=TQQp0RbxlGM \"}),/*#__PURE__*/e(\"h3\",{children:\"Don't Other SIEMs Already Do Correlation?\"}),/*#__PURE__*/t(\"p\",{children:[\"Now, you're probably asking why this is different from other vendors' Correlation features that they've launched, and that's a great question. The answer is easy - they tried to do it using \",/*#__PURE__*/e(\"em\",{children:\"queries\"}),\" \",/*#__PURE__*/e(\"em\",{children:\"instead of using code\"}),\". \"]}),/*#__PURE__*/e(\"p\",{children:\"The best analogy to use here is the difference between monoliths (other vendors) and microservices (Panther). \"}),/*#__PURE__*/e(\"p\",{children:\"With other vendors, every correlation has to be written as a long, complex query. Want to write a new one? Start from scratch. Want to share it with your team? We better hope like hell they don't change anything. It just doesn't scale when the threat landscape changes as fast as it does. \"}),/*#__PURE__*/e(\"p\",{children:\"For Panther, Correlation Rules are declared as reusable, customizable, testable code using the same Detection-as-Code principles we're known for. An alert is noisier than you want? Cool, just tweak the Correlation Rule. New TTPs just dropped? Great, re-use your existing rules to make writing new ones even faster.   \"}),/*#__PURE__*/e(\"p\",{children:\"In the same way, a microservices architecture creates a set of modular services that can be combined and reused across different products, Panther creates a set of modular detections that can be combined and reused across different Correlation Rules.   \"}),/*#__PURE__*/e(\"h3\",{children:\"Ok, Now for the AI\"}),/*#__PURE__*/e(\"p\",{children:\"It wouldn't be a product blog at RSA 2024 without AI, so here it is. Simply put, our upcoming new AI capabilities will help you save time. \"}),/*#__PURE__*/e(\"p\",{children:\"Tell me if you've been here before: you joined a new team at a new company, and you're a couple of months in. All of a sudden, a new high-severity alert hits that you've never seen before. \"}),/*#__PURE__*/e(\"p\",{children:\"You try to figure out what it means and why it's important, but you can't find anything. There's no documentation, nobody on your team knows, nada. Finally, someone on your team suggests that it was probably Jen's alert. \"}),/*#__PURE__*/e(\"p\",{children:\"Jen left for another job 5 months ago. Great, now what? \"}),/*#__PURE__*/e(\"p\",{children:\"We're building new AI capabilities to make that problem go away. Even better: with our AI, it simply just won't occur. \"}),/*#__PURE__*/e(\"p\",{children:\"Our AI helps everyone on a security team understand the nuances behind each alert. It speeds up the process of determining whether an alert requires attention, and if so, what to do about it. This means less time wasted trying to understand what something is and more time spent dealing with it.\"}),/*#__PURE__*/e(\"p\",{children:\"I asked Russel Leighton, our Chief Architect and the originator of our AI project, about how he thinks it will help teams. \"}),/*#__PURE__*/e(\"p\",{children:\"\\\"It's about being able to understand and process information as quickly as possible,' he said.  You shouldn't have to dig around for information on what an alert is or whether it's worth your time. With AI now, we can inject all the context for you. That means all the individual events in your Correlation Rule and all the relevant enrichment data from the most relevant sources. I think it makes our Correlations even better, and it's going to save people a ton of time gathering all the info they need to make a determination on an alert.\\\"\"}),/*#__PURE__*/e(\"h3\",{children:\"Seriously, Come Check It Out at Booth #3416\"}),/*#__PURE__*/e(\"p\",{children:\"Talk is cheap, so we'd much rather show you these things live. If you're going to be at RSA, stop by our booth to check it out. Or even better, attend one of our events and chat with us. Who doesn't like free food and swag.\"}),/*#__PURE__*/e(\"p\",{children:\"See you there!\"})]});export const richText6=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"TL;DR Cost-effective ingestion of noisy GuardDuty logs requires investment in filtering, enrichment, tuning, and a cloud-native SIEM that eliminates infrastructure management overhead and outmoded licensing fees.\"})}),/*#__PURE__*/e(\"p\",{children:\"Cybersecurity professionals know that visibility is foundational to security. Quite plainly, how can you spot malicious activity if you can't see what's going on? But gaining system visibility at cloud-scale is not without its challenges: cloud providers like AWS generate voluminous logs that can break budgets and clog up the threat detection environment.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),\"In this blog, you'll dig into AWS GuardDuty logs to understand why you should be ingesting them into your Security Information and Event Management (SIEM) platform, and how you can manage these noisy' logs to control costs and improve detection. With this in mind, you'll learn how to filter raw log data to only ingest relevant security information and boost your signal-to-noise ratio with log enrichment and \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-detection-as-code-revolutionizes-security-posture/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"detection-as-code\"})}),\". You'll also understand the limitations of SIEM infrastructure and licensing that may prevent you from cost-effective ingestion. \"]}),/*#__PURE__*/e(\"h3\",{children:\"Why you should be ingesting AWS GuardDuty logs\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Amazon GuardDuty\"})}),\" is a security monitoring service that uses threat intelligence feeds and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. Examples include identifying anomalous behavior like unusual API calls, deployments, or network traffic. When GuardDuty identifies suspicious activity, it records the activity as a security \",/*#__PURE__*/e(\"strong\",{children:\"finding \"}),\"within the GuardDuty console or another AWS integration.\"]}),/*#__PURE__*/e(\"p\",{children:\"Notably, GuardDuty is a security solution for AWS resources only. That's why practitioners who secure a multi or hybrid cloud environment use a SIEM to ingest GuardDuty logs alongside other log sources to monitor their entire attack surface on one platform. With a SIEM, practitioners have granular control over aggregating, normalizing, analyzing, and correlating logsAiacross all log sourcesAito comprehensively identify and address threats. \"}),/*#__PURE__*/e(\"h3\",{children:\"Noisy logs are problematic\"}),/*#__PURE__*/e(\"p\",{children:\"While log monitoring is ubiquitous in cybersecurity, the nature and structure of logs is not, which is why log management is necessary. This practice includes normalizing, analyzing, and storing logs to render them useful. With particularly voluminous AWS logs, log management becomes vital. Left unmanaged, noisy AWS logs create two major problems.\"}),/*#__PURE__*/e(\"p\",{children:\"The first problem is about budget constraints. The high volume of AWS GuardDuty logs can lead to prohibitive ingestion costs, forcing an impossible choice: increase the budget, or don't ingest at all. While more logs always require greater storage capacity, a big culprit driving up spending is traditional SIEM infrastructure and licensing structures that are unfriendly to high-volume cloud logs. \"}),/*#__PURE__*/e(\"p\",{children:\"To maintain a baseline of performance, traditional SIEMs require ongoing database management to adjust how logs are indexed based on the write frequency and hardware profile. Then, there's the high price of hot storage causing most data to reside in warm and cold buckets that take much longer to query during incident response and threat hunting. Facing these obstacles on top of additional licensing fees for cloud logs, security teams often do not ingest GuardDuty logs into their SIEM, but resort instead to siloing their log data in an S3 bucket, if at all.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/t(\"p\",{children:[\"The second problem is about threat detection. Any number of irrelevant logs ingested into your SIEM congests the threat detection environment. Congestion contributes to well-known operational issues that increase risk, including alert fatigue, false positives, and slow mean time to resolve (MTTR). A prime example of the impact of alert fatigue on effective threat detection is \",/*#__PURE__*/e(a,{href:\"https://www.crn.com/news/security/3cx-attack-shows-the-dangers-of-alert-fatigue-for-cybersecurity\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the March 2023 attack on 3CX's supply chain\"})}),\".\"]}),/*#__PURE__*/e(\"h3\",{children:\"Migrate to a cloud-based SIEM to control costs\"}),/*#__PURE__*/t(\"p\",{children:[\"If you are still using a traditional SIEM, migrating to \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/cloud-based-siem-explained/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a cloud-based SIEM\"})}),\" will have the most significant impact on your ability to cost-effectively ingest AWS logs and gain full system visibility. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Here's why: a cloud-based SIEM leverages serverless architecture to eliminate infrastructure management; further, log data is saved in a \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/security-data-lake/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"security data lake\"})}),\" that uses modern \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/why-panther-chose-snowflake/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"cloud database technology\"})}),\" designed to not only handle cloud-scale data, but guarantee query performance. This enables cloud-based SIEM platforms to deliver exactly what modern security teams need:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Petabyte-scale search.\"}),\" By separating how data is stored and computed, the security data lake provides hot storage going as far back as 365 days for rapid investigation and response, even when running concurrent workloads.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Unified data model (UDM).\"}),\" A UDM configures and standardizes a set of unified fields across all log types, making this work optional rather than required.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Instant scalability. \"}),\"With a security data lake, you can scale resources up or down as needed for incident response and threat hunting.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Fully managed data. \"}),\"The security data lake includes data encryption, compression, governed policies and rules, data-masking, automated JSON parsing, and more, reducing data management workloads. \"]})})]}),/*#__PURE__*/e(\"h3\",{children:\"Filter raw log data to reduce noise and control costs\"}),/*#__PURE__*/e(\"p\",{children:\"Short of adopting a cloud-native SIEM, controlling noisy log data requires investment in filtering, a key log management practice. There are a few ways to create filters, depending on how your log pipeline is set up.\"}),/*#__PURE__*/t(\"p\",{children:[\"Within AWS, you can create GuardDuty \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"finding filters\"})}),\" that only report findings that match with your specified criteria. Unmatched findings are ignored and thrown out. You can also implement GuardDuty \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/guardduty/latest/ug/findings_suppression-rule.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"suppression rules\"})}),\" to automatically archive findings that match the specified criteria. AWS recommends using suppression rules to filter low-value findings, false positive findings, or threats you do not intend to act on,' reducing overall noise. \"]}),/*#__PURE__*/t(\"p\",{children:[\"However, if your log pipeline uses AWS \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CloudWatch\"})}),\" to aggregate and forward logs, you may prefer to use \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"subscription filters\"})}),\" to control which logs are sent to your SIEM. \"]}),/*#__PURE__*/e(\"p\",{children:\"Within your SIEM, you can create filters by log source to ignoreAior throw outAilog data before it's analyzed for threats and saved to your data lake. Two common methods are raw data filters and normalized data filters.\"}),/*#__PURE__*/e(\"p\",{children:\"A raw data filter processes and filters log data before the SIEM normalizes the data according to its schemas. A raw data filter specifies a pattern to match with. If any log matches the pattern, the entire log is ignored and not processed by the SIEM. The available tools for filtering raw log data depends on the SIEM you are working with, but these are the two most common methods:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Regular expressions (regex). \"}),\"A sequence of characters that represent a pattern that searches for, matches with, and manipulates strings in text. For example, you could specify the regex \",/*#__PURE__*/e(\"strong\",{children:\"/[[:digit:]]/g\"}),\" to filter out any raw log data that contains numerical digits. The text there was 1 fox' would be thrown out, and there was one fox' would be processed.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Substrings\"}),\". Text, or a sequence of characters, used as a matcher when analyzing other text. For example, the substring hello' could be used to filter out any raw log data that contains hello' at least once. The text hello world' would be thrown out, but world wide web' would be processed.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"In contrast, a normalized data filter processes and filters log data after the SIEM normalizes the data. The benefit here is a granular filter that can throw out individual fieldsAior keys', pieces of data within a logAiinstead of the entire log.\"}),/*#__PURE__*/e(\"p\",{children:\"To create a normalized data filter, you'll typically need the following information:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"The log type.\"}),\" For example, AWS GuardDuty.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A field.\"}),\" The identifier or key' for the data you wish to remove, like any \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings-summary.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"finding detail.\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A condition. \"}),\"For example, contains', is less than', or has any'.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A value. \"}),\"The state of the data for the field that you want to remove. This could include having no data.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"With both filtering methods, any logs that are dropped during the filtering process should not contribute to your overall ingestion quota; verify pricing with your SIEM vendor.\"}),/*#__PURE__*/e(\"h3\",{children:\"An Example: Filtering out sample GuardDuty findings\"}),/*#__PURE__*/t(\"p\",{children:[\"Filtering starts by determining what information is irrelevant to security. Let's look at an example of how to use a substring filter to exclude sample GuardDuty findings.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"AWS GuardDuty assigns a \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"severity level\"})}),\" to all its findings, and it's common to create detections that target these categories:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"High severity.\"}),\" A resource is compromised and is actively being used for unauthorized purposes, and needs to be addressed immediately. High severity findings are assigned a numerical value from 7.0 - 8.9.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Medium severity.\"}),\" There is suspicious activity that deviates from normal behavior, and may be indicative of a resource compromise. The activity should be investigated as soon as possible.  Medium severity findings are assigned a numerical value from 4.0 - 6.9.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Low severity.\"}),\" There is suspicious activity that was attempted, but failed, like a port scan to discover weak points in a network. Low severity findings are assigned a numerical value from 1.0 - 3.9.\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"For testing purposes, you can generate sample GuardDuty findings. Like real findings, sample findings will also have severity levels assigned. \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/guardduty/latest/ug/sample_findings.html#sample_console\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"To distinguish sample data from actual data\"})}),\", GuardDuty includes the value \",/*#__PURE__*/e(\"strong\",{children:\"\\\"sample': true \"}),\"within the log data. Within your SIEM, you can use that exact textAi\\\"sample': trueAias a substring filter to exclude all sample data from being ingested into your SIEM.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Using GuardDuty finding filters, you need to specify filter criteria for what you want to surface: you'll create a filter with the attribute \",/*#__PURE__*/e(\"strong\",{children:\"sample \"}),\"set to the value \",/*#__PURE__*/e(\"strong\",{children:\"false\"}),\". With this finding filter, you'll only see actual data and filter out any sample data. \"]}),/*#__PURE__*/t(\"p\",{children:[\"With a GuardDuty suppression rule, do the opposite: create a filter with the attribute\",/*#__PURE__*/e(\"strong\",{children:\" sample \"}),\"set to value\",/*#__PURE__*/e(\"strong\",{children:\" true\"}),\", in order to filter out all sample data.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Enrich logs to increase alert fidelity\"}),/*#__PURE__*/e(\"p\",{children:\"Alongside filtering, enriching your log data with context and threat intelligence increases the fidelity of your alerts and speeds up investigation and incident response. A classic example is adding information about business assets to log data, like a user-to-hardware mapping. Another example is mapping numeric IDs or error codes to human readable information.\"}),/*#__PURE__*/t(\"p\",{children:[\"To enrich logs, create a \",/*#__PURE__*/e(\"strong\",{children:\"lookup table\"}),\", a custom data set that you upload to your SIEM and configure to enrich one or more specified log types. The next image shows how this process works, where a lookup table of known bad actors enriches an incoming log by the matching IP address 1.1.1.1.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"202\",src:\"https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png\",srcSet:\"https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png?scale-down-to=512 512w,https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png 1467w\",style:{aspectRatio:\"1467 / 404\"},width:\"733\"}),/*#__PURE__*/t(\"p\",{children:[\"Your SIEM may also partner with third-party threat intelligence providers for out-of-the-box log enrichment. For example, \",/*#__PURE__*/e(a,{href:\"https://ipinfo.io/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"IPInfo\"})})}),\" is a threat intelligence provider that compiles IP address data, like geolocation. With IPInfo you can preemptively identify and block traffic from high-risk locations or networks.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Boost signal-to-noise ratio with detections-as-code (DaC)\"}),/*#__PURE__*/e(\"p\",{children:\"Filtering enables you to reduce noise and control cost, and log enrichment improves the fidelity of your alerts. But another essential task is to increase your signal-to-noise ratio by tuning detections. \"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://panther.com/blog/a-quick-and-easy-guide-to-detection-and-query-tuning/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Tuning detections\"})}),\" is the process of customizing detections so they are optimized for your specific environment, address emerging threats, and cover any security gaps. When detections are specific, informative, and cover relevant security threats, you'll be able to more accurately identify threats and resolve them faster. In other words, you'll clearly hear the signal amid the noise. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Boosting signal-to-noise has important downstream effects on your operations and cost: it reduces alert fatigue, false positives, \",/*#__PURE__*/e(\"em\",{children:\"and \"}),\"false negatives, and it improves mean time to detect (MTTD); practitioners can get out from the endless cycle of responding to alerts, and spend more time tuning detections, creating a positive feedback loop. \"]}),/*#__PURE__*/t(\"p\",{children:[\"But the ability to customize detections varies across SIEMs. It's well known that legacy SIEMs suffer from inflexible tools that limit the extent to which you can tune and optimize detections for your environment. Platforms that offer \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-detection-as-code-revolutionizes-security-posture/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"detection-as-code (DaC)\"})}),\" are taking customization and flexibility to a whole new level, by writing, managing, and deploying detections through code. The drive behind DaC is to make threat detection consistent, reliable, reusable, and scalable, all while controlling cost.\"]}),/*#__PURE__*/t(\"p\",{children:[\"First, get a sense of what a code-based detection looks like. Check out the next image that shows an excerpt from \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/main/rules/aws_guardduty_rules/aws_guardduty_high_sev_findings.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a Python detection for high severity GuardDuty events\"})}),\". This is one of \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/siem-for-aws/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Panther's\"})}),\" 500+ pre-built detections. The logic in this rule will trigger an alert when the log data contains a \",/*#__PURE__*/e(\"strong\",{children:\"severity' \"}),\"key with a value between 7.0 and 8.9. What's not shown in this excerpt is \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/main/rules/aws_guardduty_rules/aws_guardduty_high_sev_findings.yml\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the logic\"})}),\" that defines what information goes into the alert, tests for the detection, and other ways to customize how and when the alert is triggered.\"]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"147\",src:\"https://framerusercontent.com/images/A74eECvC8WCfkYYHzhsPJYMT5Y.png\",srcSet:\"https://framerusercontent.com/images/A74eECvC8WCfkYYHzhsPJYMT5Y.png?scale-down-to=512 512w,https://framerusercontent.com/images/A74eECvC8WCfkYYHzhsPJYMT5Y.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/A74eECvC8WCfkYYHzhsPJYMT5Y.png 1106w\",style:{aspectRatio:\"1106 / 294\"},width:\"553\"}),/*#__PURE__*/e(\"p\",{children:\"Now let's connect the dots and understand how DaC's core features give you the customization and flexibility to optimize your threat detection environment, and your operations:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Python.\"}),\" Widely-used coding languages like Python are expressive and flexible. They give you access to a host of built-in tools and libraries that provide useful out-of-the-box functionality, like crunching numbers (like \",/*#__PURE__*/e(\"strong\",{children:\"float\"}),\", line 9\",/*#__PURE__*/e(\"strong\",{children:\" \"}),\"in the code excerpt), or grouping routine processes or information into reusable functions (like \",/*#__PURE__*/e(\"strong\",{children:\"deep_get\"}),\", line 5\",/*#__PURE__*/e(\"strong\",{children:\" \"}),\"in the code excerpt). This makes writing detections a flexible process where it's easy to customize detections and cover security gaps.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Testing and quality assurance (QA).\"}),\" Teams can create code-based unit tests that sit alongside the code-based detection rule. Code-based unit tests verify the efficacy and reliability of detection logic, ensuring correct, relevant, and high-fidelity alerts.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Managed in version control. \"}),\"Managing detection rules in version control facilitates effective change tracking, rollbacks, and audits. Coded detections are self-documenting and anyone with access can easily understand the detection environment. These systems also provide tools like pull requests for standardized peer review and collaboration, so you can maintain consistent quality in threat detection development.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Automated operations\"}),\". Integrating DaC into CI/CD pipelines automates testing and deployment, streamlining operations and ensuring consistency and scalability by eliminating manual work.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"No-code workflows. \"}),\"Security teams can benefit from DaCAiincluding expressiveness, testability, CI/CD integration, and reusabilityAiwithout requiring every team member to have programming experience. Practitioners can implement a console-based workflow using forms or a user-friendly markup language to create, test, deploy, and automate detections. \"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"To summarize, detection-as-code is all about efficiency and reliability; it gives security practitioners the flexibility to optimize their detections and the agility to stay on top of threats in an ever-changing cybersecurity landscape. To get a closer look at DaC, including no-code workflows, read \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-to-create-a-code-based-detection/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"how to create a code-based detection.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Choose a SIEM that's built for the cloud\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://securityboulevard.com/2023/03/5-tactical-tips-for-security-teams-using-aws/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Traditional SIEMs cannot keep pace with cloud workloads\"})}),\", sacrificing timely and cost-effective service, and increasing overall vulnerability. Whether you control cost and noise with filtering, or boost your signal-to-noise ratio with detection-as-code, \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-to-evaluate-a-security-detection-platform/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"choose a SIEM that is built to handle cloud-scale data\"})}),\", without compromise.\",/*#__PURE__*/e(\"br\",{}),\"Take a deep dive on \",/*#__PURE__*/e(a,{href:\"https://panther.com/resources/ebooks/keep-aws-logs-from-running-wild-by-putting-panther-in-charge/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"how to keep AWS logs from running wild with Panther\"})}),\", a cloud-native SIEM that's built for AWS. Panther empowers modern security teams with real-time threat detection, log aggregation, incident response, and continuous compliance, at cloud-scale. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Ready to try Panther? \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Get started by requesting a demo.\"})})]})]});export const richText7=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"h4\",{children:[\"Announcing Panther's \",/*#__PURE__*/e(\"strong\",{children:\"Amazon Security Lake\"}),\" Integration\"]}),/*#__PURE__*/t(\"p\",{children:[\"As we deepen our partnership with AWS even further after achieving AWS Security Competency status, Panther is excited to announce our integration with Amazon Security Lake is now generally available. Panther users can set up the integration using \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/data-onboarding/supported-logs/aws/security-lake\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"these instructions\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"This integration empowers security teams securing AWS data to harness Panther's robust detection-as-code capabilities. With this integration, security teams can now unlock the full potential of their Amazon Security Lake Data, enabling seamless ingestion of OCSF-formatted data into Panther's platform.\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther users ingesting CloudTrail data, especially through the Amazon Security Lake integration, will now also benefit from our newest enrichment provider: \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/enrichment/traildiscover\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"TrailDiscover\"})}),\". TrailDiscover enriches CloudTrail events to provide critical context, such as IP data, user analytics, and compliance mapping. Panther users can now enable TrailDiscover via CI/CD.\"]}),/*#__PURE__*/e(\"p\",{children:\"The Amazon Security Lake and Panther integration was built to support OCSF version 1.1. This forward-looking approach ensures compatibility and future-readiness, positioning Panther as a leader in leveraging the latest security data standards.\"}),/*#__PURE__*/e(\"p\",{children:\"Panther's integration streamlines the ingestion of security data into its platform, tapping directly into Amazon Security Lake for the seamless flow of OCSF-formatted data from AWS sources like CloudTrail and VPCFlow, as well as third-party sources. Designed to ingest any data in the OCSF format from Amazon Security Lake, this integration expands the scope of security signals available to security teams through additional data sources.\"}),/*#__PURE__*/e(\"p\",{children:\"Security Signal Expansion: \"}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Real-time Threat Detection\"}),\": This integration lets users detect and respond to security threats in real time. For example, you can set up rules and alerts to monitor for suspicious activities in AWS Cloudtrail logs, like unauthorized access attempts or changes to critical infrastructure settings.\"]})})}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Anomaly Detection:\"}),\" The integration enables users to detect anomalies by analyzing VPC flow logs. You can identify unusual network traffic patterns, potential network intrusions, or anomalous behavior that may indicate a security breach.\"]})})}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Compliance Monitoring:\"}),\" Users can use the integration to monitor compliance with security policies and regulatory requirements. For instance, you can track changes to DNS records in Route53 logs to ensure DNS configurations comply with best practices and security standards.\"]})})}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Custom Log Sources\"}),\": Besides native AWS services, users can ingest and analyze any third-party or custom log sources that adhere to the OCSF schema. This flexibility allows them to tailor their security monitoring to their specific environment and threat landscape.\"]})})}),/*#__PURE__*/e(\"p\",{children:\"Security monitoring with Panther goes beyond data collection, enabling real-time detections on ingested data to quickly identify potential threats and vulnerabilities. By leveraging the rich pool of Amazon Security Lake data in Panther, security teams enhance their detection capabilities and proactively mitigate risks.\"}),/*#__PURE__*/e(\"p\",{children:\"Panther empowers security teams to take decisive action through efficient alert response workflows, facilitating rapid incident response with insights from their ingested Amazon Security Lake data. With access to actionable data for thorough investigations, Panther enables comprehensive analysis of historical logs and tracing of the origin of security incidents, empowering informed decisions and improving overall security posture.\"}),/*#__PURE__*/t(\"p\",{children:[\"Ready to leverage the full security potential of your Amazon Security Lake data? \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Sign up for a Panther demo today\"})}),\" to experience firsthand how our integration can transform your security operations, providing seamless data ingestion, real-time detections, and actionable insights to stay ahead of emerging threats and safeguard your environment.\"]})]});export const richText8=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Michael Kuchera, Zapiers Security Incident Response Leader, shared invaluable insights for security practitioners. He highlighted the challenges modern security teams face and how Zapier overcame them by adopting a detection-as-code approach. Keep reading for key takeaways from Michaels insights during the webinar.\"}),/*#__PURE__*/e(\"h3\",{children:\"Transition from Legacy Solutions\"}),/*#__PURE__*/e(\"p\",{children:\"Michael highlighted the limitations of traditional methods like legacy SIEMs or large analyst teams. These approaches often involve many manual processes, deliver outdated information, and increase analyst fatigue. In contrast, detection-as-code offers improved efficacy, scalability, and collaboration, leading to better alert triage and response.\"}),/*#__PURE__*/e(\"h3\",{children:\"Engineering-First Approach to Detection and Response\"}),/*#__PURE__*/e(\"p\",{children:\"Emphasizing the engineering-first approach of detection-as-code, Michael discussed the importance of rigorous testing and how it empowers teams to do more with less. This approach streamlines alert logic adjustments and enhances security posture by facilitating collaboration, increasing detection efficacy, and improving alert fidelity.\"}),/*#__PURE__*/e(\"h3\",{children:\"Practical Implementation of Python Detections\"}),/*#__PURE__*/e(\"p\",{children:\"Michael shared practical aspects of implementing detection-as-code compared to legacy SIEM solutions. Focusing on its flexibility and low barrier to entry for new engineers, he discussed how detections written in Python make detection logic easy to comprehend, leading to improved collaboration and faster onboarding timelines.\"}),/*#__PURE__*/e(\"h3\",{children:\"Analyzing Your Environment for Gaps\"}),/*#__PURE__*/e(\"p\",{children:\"The discussion underscored the importance of analyzing your security environment to identify gaps in threat coverage and prioritize new detections. Michael stressed the need for continuous analysis, creation, tuning, and testing of detections to enhance the detection engine continually. He outlined how to start with a gap analysis of your environment to help prioritize the next steps for security engineers seeking to improve their detection and response efforts.\"}),/*#__PURE__*/e(\"h3\",{children:\"The Scalability of Panther and Detection-as-Code\"}),/*#__PURE__*/e(\"p\",{children:\"Michael discussed Panther's scalability with their other tools and systems, addressing questions from webinar attendees about performance and scalability. Because of Panthers Snowflake Data Lake backend, he found its performance faster than other security tools he has used in the past. Paired with a detection-as-code approach to detection and response, his team of only three can accomplish the same output as much larger security teams.\"}),/*#__PURE__*/e(\"h3\",{children:\"Accessibility and Learnability of Detection-as-Code\"}),/*#__PURE__*/e(\"p\",{children:\"Michael debunked the myth that detection-as-code requires dedicated engineers to maintain. Using detection-as-code enables small security teams to do more with fewer resources without sacrificing their security posture. Affirming its accessibility for teams of varying backgrounds and expertise, Michael highlighted some of the no-code features in Panther that allow newer engineers to use detection-as-code principles regardless of existing skill level.\"}),/*#__PURE__*/e(\"h3\",{children:\"Continuous Improvement and Iteration\"}),/*#__PURE__*/e(\"p\",{children:\"Finally, Michael spotlighted the iterative nature of detection-as-code. Security teams continuously improve alert fidelity by analyzing their environment, prioritizing new detection creation, and iterating on existing detections.\"}),/*#__PURE__*/t(\"p\",{children:[\"By leveraging detection-as-code, security teams can streamline alert triage and response, enhance their security posture, and scale detections effectively without significantly increasing personnel. As security threats evolve, embracing a modern approach like detection-as-code will help security teams adapt ahead of attackers. Couldn't catch the webinar live? \",/*#__PURE__*/e(a,{href:\"https://panther.com/resources/webinars/how-zapier-uses-detection-as-code-to-increase-their-alert-fidelity/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Watch the recording.\"})})]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"627\",src:\"https://framerusercontent.com/images/ati5jCEmafilznXJ5MnyTeeZtWM.png\",srcSet:\"https://framerusercontent.com/images/ati5jCEmafilznXJ5MnyTeeZtWM.png?scale-down-to=512 512w,https://framerusercontent.com/images/ati5jCEmafilznXJ5MnyTeeZtWM.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/ati5jCEmafilznXJ5MnyTeeZtWM.png?scale-down-to=2048 2048w,https://framerusercontent.com/images/ati5jCEmafilznXJ5MnyTeeZtWM.png 2400w\",style:{aspectRatio:\"2400 / 1254\"},width:\"1200\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]})]});export const richText9=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"TL;DR For cost-effective CloudTrail log ingestion, invest in filtering, enrichment, and tuning, alongside adopting a cloud-native SIEM with zero infrastructure management.\"})}),/*#__PURE__*/e(\"p\",{children:\"Cybersecurity practitioners label log sources as noisy' when they produce large quantities of logs, and quickly. This label is meant to be negative, representing log sources that you need to manage in order to prevent serious problems like excessive ingestion costs and a threat detection environment that's clogged with irrelevant information. \"}),/*#__PURE__*/t(\"p\",{children:[\"This blog will guide you on tackling these problems with AWS CloudTrail logs. You'll understand the limitations of SIEM infrastructure and licensing that may prevent you from cost-effective ingestion. You'll also learn practical methods to control costs and improve threat detection:  filtering out irrelevant log data and boosting your signal-to-noise ratio with log enrichment and \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-detection-as-code-revolutionizes-security-posture/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"detection-as-code\"})}),\".\"]}),/*#__PURE__*/e(\"h3\",{children:\"Why you should be ingesting AWS CloudTrail logs\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"AWS CloudTrail logs\"})}),\" enable you to identify actions taken within your AWS infrastructure, including who or what performed the action, on which resource, and when. CloudTrail logs provide this information by recording events that occur in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs. The broad scope in logging makes these logs a goldmine of critical security data. Let's dig into a few examples of the security information that CloudTrail logs report:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Visibility of CodeBuild projects.\"}),\" When an AWS \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/codebuild/latest/userguide/cloudtrail.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CodeBuild\"})}),\" project is made public, this could indicate an exfiltration attack where adversaries may be stealing data from your network. \"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Identity Access Management (IAM) events.\"}),\" When \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"IAM\"})}),\" reports an event about a user assuming a role that was explicitly blocklisted for manual user assumption, this could indicate an attack through privilege escalation.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Lambda or ECR events.\"}),\" An unauthorized create, read, update, or delete (CRUD) event to an AWS \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Lambda\"})}),\" or \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/logging-using-cloudtrail.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ECR\"})}),\" service could indicate an attack to implant cloud or container images with malicious code and establish persistence after gaining access to an environment.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Web Application Firewall (WAF) events.\"}),\" If an AWS \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/waf/latest/developerguide/logging-using-cloudtrail.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"WAF\"})}),\" dissociates a web access control list (WACL) from a source, this could indicate a denial of service (DoS) attack over a network.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"This is just a short list of examples that highlight the critical security information reported in CloudTrail logs. In order for you to have visibility into your AWS infrastructure, ingesting CloudTrail logs into your Security Information and Event Management (SIEM) platform is not optional, but a basic necessity. \"}),/*#__PURE__*/e(\"h3\",{children:\"Challenges with noisy logs\"}),/*#__PURE__*/e(\"p\",{children:\"It is well-known that CloudTrail logs are voluminous and produce large quantities of logs. \"}),/*#__PURE__*/t(\"p\",{children:[\"Just like popups, ads, and notifications \",/*#__PURE__*/e(a,{href:\"https://hbr.org/2022/08/how-much-time-and-energy-do-we-waste-toggling-between-applications\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"degrade your concentration and productivity,\"})}),\" noisy logs overwhelm practitioners and congest the threat detection environment. This leads to well-known issues that increase risk: alert fatigue, false positives, and slow mean time to resolve (MTTR). The March 2023 \",/*#__PURE__*/e(a,{href:\"https://www.crn.com/news/security/3cx-attack-shows-the-dangers-of-alert-fatigue-for-cybersecurity\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"attack on 3CX's supply chain\"})}),\" is a solid example of how dangerous alert fatigue can be.\"]}),/*#__PURE__*/e(\"p\",{children:\"Equally problematic is the issue of cost. The sheer volume of AWS CloudTrail logs makes ingestion very expensive, if not cost-prohibitive, which challenges the basic requirement for visibility in threat detection. While more logs always require greater storage capacity, the real culprits driving up spending are SIEM infrastructure and licensing structures that aren't friendly to high-volume cloud logs.\"}),/*#__PURE__*/e(\"p\",{children:\"In order to maintain a baseline of performance, traditional SIEMs require ongoing database management to adjust how logs are indexed based on the log write frequency and infrastructure hardware profile. Despite this management overhead, only a small subset of your data remains in hot storage for rapid search. Most data resides in warm or cold storage that uses fewer resources, but takes longer to query during incident response and threat hunting. When faced with these challenges on top of additional licensing fees for cloud logs, security teams often don't ingest CloudTrail logs into their SIEM, resorting instead to siloing their log data in an S3 bucket, if at all.\"}),/*#__PURE__*/e(\"h3\",{children:\"Migrate to a cloud-based SIEM to control costs\"}),/*#__PURE__*/t(\"p\",{children:[\"If you are still using a traditional SIEM, migrating to \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/cloud-based-siem-explained/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a cloud-based SIEM\"})}),\" will have the most significant impact on your ability to cost-effectively ingest AWS logs and gain full system visibility. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Here's why: a cloud-based SIEM leverages serverless architecture to eliminate infrastructure management; further, log data is saved in a \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/security-data-lake/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"security data lake\"})}),\" that uses modern \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/why-panther-chose-snowflake/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"cloud database technology\"})}),\" designed to not only handle cloud-scale data, but guarantee query performance. This enables cloud-based SIEM platforms to deliver exactly what modern security teams need:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Petabyte-scale search.\"}),\" By separating how data is stored and computed, the security data lake provides hot storage going as far back as 365 days for rapid investigation and response, even when running concurrent workloads.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Unified data model (UDM).\"}),\" A UDM configures and standardizes a set of unified fields across all log types, making this work optional rather than required.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Instant scalability. \"}),\"With a security data lake, you can scale resources up or down as needed for incident response and threat hunting.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Fully managed data. \"}),\"The security data lake includes data encryption, compression, governed policies and rules, data-masking, automated JSON parsing, and more, reducing data management workloads. \"]})})]}),/*#__PURE__*/e(\"h3\",{children:\"Filter raw log data to reduce noise and control costs\"}),/*#__PURE__*/e(\"p\",{children:\"Short of adopting a cloud-native SIEM, the best way to manage AWS CloudTrail noise and cost is to filter out unwanted data. There are a few ways to do this depending on how your log pipeline is set up.\"}),/*#__PURE__*/t(\"p\",{children:[\"Within AWS, you can configure CloudTrail using \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EventSelector.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"event selectors\"})}),\" and \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"advanced event selectors\"})}),\" to identify which events you want a trail to log. The AWS docs explain, for each trail, if the event matches any event selector, the trail processes and logs the event.' Any other events are filtered out. \"]}),/*#__PURE__*/t(\"p\",{children:[\"However, if your log pipeline uses AWS \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CloudWatch\"})}),\" to aggregate and forward logs, you may prefer to use \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"subscription filters\"})}),\" to control which logs are sent to your SIEM. \"]}),/*#__PURE__*/e(\"p\",{children:\"Within your SIEM, you can create filters by log source to ignoreAior throw outAilog data before it's analyzed for threats and saved to your data lake. Two common methods are raw data filters and normalized data filters. With both methods, any logs that are dropped during the filtering process should not contribute to your overall ingestion quota; verify pricing with your SIEM vendor. \"}),/*#__PURE__*/e(\"p\",{children:\"A raw data filter processes and filters log data before the SIEM normalizes the data according to its schemas. A raw data filter specifies a pattern to match with. If any log matches the pattern, the entire log is ignored and not processed by the SIEM. The available tools for filtering raw data depends on the SIEM you are working with, but these are the two most common:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Regular expressions (regex). \"}),\"A sequence of characters that represent a pattern that searches for, matches with, and manipulates strings in text. For example, you could specify the regex \",/*#__PURE__*/e(\"strong\",{children:\"/\\\\d/g\"}),\" to filter out any raw log data that contains a number. The text 5 events' would be thrown out, and five events' would be processed.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Substrings\"}),\". Text, or a sequence of characters, used as a matcher when analyzing other text. For example, the substring get' could be used to filter out any raw log data that contains get' at least once. The text get event' would be thrown out, but post event' would be processed.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"In contrast, a normalized data filter processes and filters log data after the SIEM normalizes the data. The benefit here is a granular filter that can throw out individual fieldsAior keys', pieces of data within a logAiinstead of the entire log. \"}),/*#__PURE__*/e(\"p\",{children:\"To create a normalized data filter, you'll typically need the following information:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"The log type.\"}),\" For example, AWS CloudTrail.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A field.\"}),\" The identifier or key' for the data you wish to remove.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A condition. \"}),\"For example, contains', is less than', or has any'.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"A value. \"}),\"The state of the data for the field that you want to remove. This could include having no data.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"With both filtering methods, any logs that are dropped during the filtering process should not contribute to your overall ingestion quota; verify pricing with your SIEM vendor.\"}),/*#__PURE__*/e(\"h3\",{children:\"An example: Filtering out irrelevant S3 events\"}),/*#__PURE__*/t(\"p\",{children:[\"Filtering starts by determining what information is irrelevant to security. For an example, let's work with S3 buckets.\",/*#__PURE__*/e(\"br\",{}),\"There are a variety of actions that you can make on an S3 bucket that gets reported as a CloudTrail data event. The action \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"HeadBucket\"})}),\" is useful when you need to see if a bucket exists and if you have permission to access it, but tracking these events is not vital to security. To prevent raw log data that contains HeadBucket events from being processed in your SIEM, create a filter with the regex \",/*#__PURE__*/e(\"strong\",{children:'/\\\\\"eventName|\":|\"HeadBucket\\\\\".'})]}),/*#__PURE__*/t(\"p\",{children:[\"With an AWS CloudTrail event selector, do the opposite: identify the events that you want your trail to process, such as \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DeleteBucket\"})}),\".\"]}),/*#__PURE__*/e(\"h3\",{children:\"Enrich logs to increase alert fidelity\"}),/*#__PURE__*/e(\"p\",{children:\"Alongside filtering, enriching your log data with context and threat intelligence increases the fidelity of your alerts and speeds up investigation and incident response. A classic example is adding information about business assets to log data, like a user-to-hardware mapping. Another example is mapping numeric IDs or error codes to human readable information.\"}),/*#__PURE__*/t(\"p\",{children:[\"To enrich logs, create a \",/*#__PURE__*/e(\"strong\",{children:\"lookup table\"}),\", a custom data set that you upload to your SIEM and configure to enrich one or more specified log types. The next image shows how this process works, where a lookup table of known bad actors enriches an incoming log by the matching IP address 1.1.1.1.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"202\",src:\"https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png\",srcSet:\"https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png?scale-down-to=512 512w,https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/pluIN4zq7bR18xxElaW9yT5o.png 1467w\",style:{aspectRatio:\"1467 / 404\"},width:\"733\"}),/*#__PURE__*/t(\"p\",{children:[\"Your SIEM may also partner with third-party threat intelligence providers for pre-configured log enrichment. For example, \",/*#__PURE__*/e(a,{href:\"https://www.greynoise.io/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"GreyNoise\"})})}),/*#__PURE__*/e(\"strong\",{children:\" \"}),\"is a threat intelligence provider that collects, analyzes, and labels Internet-wide data on IP addresses to identify noiseAiirrelevant or harmless activityAithat saturates security tools. When AWS S3 object-level logging is enabled for a given bucket, GreyNoise can identify S3 operations from known malicious classifications.  \"]}),/*#__PURE__*/e(\"h3\",{children:\"Boost signal-to-noise ratio with detection-as-code\"}),/*#__PURE__*/e(\"p\",{children:\"Filtering enables you to reduce noise and control cost, and log enrichment improves the fidelity of your alerts. But another essential task is to increase your signal-to-noise ratio by tuning detections. \"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://panther.com/blog/a-quick-and-easy-guide-to-detection-and-query-tuning/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Detection tuning\"})}),\" is the process of tailoring detections so they are optimized for your specific environment. This ensures that detections are specific, informative, and cover relevant security threats, so that you can accurately identify threats and resolve them faster. This approach controls alert fatigue, reduces false positives, and improves two key performance metrics for threat detection and response: mean time to detect (MTTD) and mean time to resolve (MTTR). \"]}),/*#__PURE__*/t(\"p\",{children:[\"But the ability to customize detections varies across SIEMs. It's well known that legacy SIEMs suffer from inflexible tools that limit the extent to which you can tune and optimize detections for your environment. Platforms that offer \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-detection-as-code-revolutionizes-security-posture/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"detection-as-code (DaC)\"})}),\" are making customization and flexibility fundamental to detection development by writing, managing, and deploying detections through code. The goal is to make threat detection consistent, reliable, reusable, and scalable, all while controlling cost and providing the flexibility and customization you need to increase alert fidelity:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Written with widely-used programming languages.\"}),\" Coding languages like Python are expressive and flexible. They give you access to a host of built-in tools and libraries that provide useful out-of-the-box functionality, like crunching numbers, or grouping routine processes or information into reusable functions or variables. This makes writing detections a flexible process where it's easy to customize detections and cover security gaps.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Testing and quality assurance (QA).\"}),\" Teams can create code-based unit tests that sit alongside the code-based detection rule. Code-based unit tests verify the efficacy and reliability of detection logic, ensuring correct, relevant, and high-fidelity alerts.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Managed in version control. \"}),\"Managing detection rules in version control facilitates effective change tracking, rollbacks, and audits. Coded detections are self-documenting and anyone with access can easily understand the detection environment. These systems also provide tools like pull requests for standardized peer review and collaboration, so you can maintain consistent quality in threat detection development.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Automated operations\"}),\". Integrating DaC into CI/CD pipelines automates testing and deployment, streamlining operations and ensuring consistency and scalability by eliminating manual work.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"No-code workflows. \"}),\"Security teams can benefit from DaCAiincluding expressiveness, testability, CI/CD integration, and reusabilityAiwithout requiring every team member to have programming experience. Practitioners can implement a console-based workflow using forms or a user-friendly markup language to create, test, deploy, and automate detections. \"]})})]}),/*#__PURE__*/e(\"p\",{children:\"Check out the next image to get a sense of what a code-based detection looks like. \"}),/*#__PURE__*/t(\"p\",{children:[\"The image shows an excerpt from \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/main/rules/aws_cloudtrail_rules/aws_iam_assume_role_blocklist_ignored.py\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a Python detection for Identity Access Management (IAM)\"})}),\", one of \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/siem-for-aws/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Panther's\"})}),\" 500+ pre-built detections. The logic in this rule will trigger an alert when a user successfully assumes a role ARN (\",/*#__PURE__*/e(\"strong\",{children:\"roleArn) \"}),\"that's defined in \",/*#__PURE__*/e(\"strong\",{children:\"ASSUME_ROLE_BLOCKLIST\"}),\", a predefined list of blocklisted roles.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"327\",src:\"https://framerusercontent.com/images/WFCu3kUVoH93gtoZxb52GmdWINQ.png\",srcSet:\"https://framerusercontent.com/images/WFCu3kUVoH93gtoZxb52GmdWINQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/WFCu3kUVoH93gtoZxb52GmdWINQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/WFCu3kUVoH93gtoZxb52GmdWINQ.png 1362w\",style:{aspectRatio:\"1362 / 654\"},width:\"681\"}),/*#__PURE__*/t(\"p\",{children:[\"In the code excerpt, notice \",/*#__PURE__*/e(\"strong\",{children:\"aws_cloudtrail_sucess \"}),\"(line 12) and \",/*#__PURE__*/e(\"strong\",{children:\"deep_get \"}),\"(line 16); these are custom helper functions that encapsulate routine processes to be reused across your detections, one of the benefits of writing detections in code discussed earlier. What's not shown in this excerpt is \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/main/rules/aws_cloudtrail_rules/aws_iam_assume_role_blocklist_ignored.yml\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the logic\"})}),\" that defines what information goes into the alert, tests for the detection, and other ways to customize how and when the alert is triggered. To get a closer look at DaC, including no-code workflows, check out \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-to-create-a-code-based-detection/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"how to create a code-based detection.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"To summarize, detection-as-code is all about efficiency and reliability; it gives security practitioners the flexibility to optimize their detections and the agility to stay on top of threats in a dynamic cybersecurity landscape.\"}),/*#__PURE__*/e(\"h3\",{children:\"Built for the cloud\"}),/*#__PURE__*/t(\"p\",{children:[\"Traditional SIEMs struggle with the demands of cloud workloads, often compromising on timeliness and cost. Whether you control cost and noise with filtering, or boost your signal-to-noise ratio with detection-as-code, \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/how-to-evaluate-a-security-detection-platform/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"choose a SIEM that is built to handle cloud-scale data\"})}),\", without compromise.\"]}),/*#__PURE__*/t(\"p\",{children:[\"For a comprehensive review on managing AWS logs, read the ebook \",/*#__PURE__*/e(a,{href:\"https://panther.com/resources/ebooks/keep-aws-logs-from-running-wild-by-putting-panther-in-charge/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Keep AWS Logs from Running Wild by Putting Panther in Charge\"})}),\". Panther is a cloud-native SIEM that empowers modern security teams with real-time threat detection, log aggregation, incident response, and continuous compliance, at cloud-scale. \"]}),/*#__PURE__*/t(\"p\",{children:[\"Ready to try Panther? \",/*#__PURE__*/e(a,{href:\"https://panther.com/product/request-a-demo/\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Get started by requesting a demo.\"})})]})]});export const richText10=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h3\",{children:\"Account Takeover via Password Reset without user interactions\"}),/*#__PURE__*/t(\"p\",{children:[\"On January 11th, \",/*#__PURE__*/e(a,{href:\"https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/#account-takeover-via-password-reset-without-user-interactions\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GitLab announced\"})}),\" an issue had been discovered in GitLab CE/EE several versions in which user account password reset emails could be delivered to an unverified email address. This critical vulnerability was given the highest CVSS severity score of 10.0 due to the remote, unauthenticated nature of the attack vector and the low complexity and lack of user interaction required to exploit the issue. Panther Labs' Threat Research Team has released new rules to detect when this vulnerability is exploited.\"]}),/*#__PURE__*/e(\"p\",{children:\"GitLab is a DevSecOps platform for managing code repositories and CI/CD workflows. If an administrator account was compromised by exploiting this vulnerability, it could lead to loss of access to code repositories, theft of intellectual property, and malicious code being pushed downstream into the organization's supply chain.\"}),/*#__PURE__*/e(\"p\",{children:\"Having 2FA enabled somewhat mitigates the issue Ai passwords can still be reset, but attackers would be unable to authenticate without the 2FA code. This could still lead to loss of access to the GitLab server, and sophisticated threat actors have been known to use social engineering techniques and SIM swapping attacks to compromise 2FA codes as well.\"}),/*#__PURE__*/e(\"h3\",{children:\"Vulnerability Details\"}),/*#__PURE__*/e(\"p\",{children:\"Below, are specific vulnerability details from the NIST NVD database.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"491\",src:\"https://framerusercontent.com/images/HaH2vgSLQyvKAJgiqDTZeRVF0.png\",srcSet:\"https://framerusercontent.com/images/HaH2vgSLQyvKAJgiqDTZeRVF0.png?scale-down-to=512 512w,https://framerusercontent.com/images/HaH2vgSLQyvKAJgiqDTZeRVF0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/HaH2vgSLQyvKAJgiqDTZeRVF0.png 1370w\",style:{aspectRatio:\"1370 / 983\"},width:\"685\"}),/*#__PURE__*/e(\"h4\",{children:\"Exploit\"}),/*#__PURE__*/t(\"p\",{children:[\"The exploit works by sending a specially crafted payload to the \",/*#__PURE__*/e(\"code\",{children:\"/users/password\"}),\" API endpoint requesting a password reset. The payload contains 2 emails Ai one of a legitimate user on the GitLab server and the other controlled by the attacker. The password reset email is sent to both email addresses, giving the attacker the opportunity to change the user's password without any interaction on their part.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The only piece of information an attacker would need would be the email address of a user on a vulnerable GitLab server Ai a piece of OSINT any attacker with basic skills should be able to get with ease. In fact, one user on the X Platform (Formerly Twitter) went so far as to \",/*#__PURE__*/e(a,{href:\"https://twitter.com/Jayesh25_/status/1747548320032010731\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"provide a playbook\"})}),\" for anyone interested in doing so. This drew some fire from other members of security research community who questioned the ethics of posting a fully fledged attack plan.\"]}),/*#__PURE__*/e(\"h4\",{children:\"Detection\"}),/*#__PURE__*/e(\"p\",{children:\"Exploiting vulnerable systems in the wild is generally frowned upon, but when executed in a controlled environment, this type of adversary emulation is essential for building robust detections. For this reason, the Threat Research Team at Panther Labs deployed a vulnerable GitLab server in our lab and ran the exploits. The log telemetry generated helped us create high fidelity detections for these attacks.\"}),/*#__PURE__*/t(\"p\",{children:[\"We have published \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/pull/1157\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"two new detections\"})}),\" for GitLab logs based on our research. The first leverages the GitLab Audit log looking for Ask for password reset' messages where the recipient email address is an array of multiple emails. The second looks at the GitLab Production log, watching for requests to the \",/*#__PURE__*/e(\"code\",{children:\"/users/password\"}),\" API endpoint with an array of email addresses in the request payload.\"]}),/*#__PURE__*/e(\"div\",{children:\" https://github.com/panther-labs/panther-analysis/pull/1157 \"}),/*#__PURE__*/e(\"h4\",{children:\"Exposure\"}),/*#__PURE__*/e(\"p\",{children:\"GitLab stated they had not detected abuse of this vulnerability on any managed GitLab platforms, but self-managed GitLab servers could be impacted. While the vulnerability was addressed in GitLab release 16.7.2, analysis of internet facing GitLab servers shows that there are still thousands of vulnerable systems publicly accessible from the internet. Vulnerable version are also still available for installation from GitLab's RPM repository.\"}),/*#__PURE__*/t(\"p\",{children:[\"Self-managed GitLab users should upgrade to the latest version and enable 2FA for all user accounts. If you believe you have been compromised, you should follow GitLab's \",/*#__PURE__*/e(a,{href:\"https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#suspected-compromised-user-account\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"incident response protocol\"})}),\" and rotate all secrets stored in GitLab.\"]}),/*#__PURE__*/e(\"p\",{children:\"UK-based Shadowserver's indicated that, as of January 2024, over 5300 instances of Gitlab were running while vulnerable to CVE-2023-7028. A more recent scan shows the number slowly trending downward, but there are still a concerning number of affected servers running globally with the United States, China and Russia among the more prevalent.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"789\",src:\"https://framerusercontent.com/images/lRJqbIjpyxk1KKnUnme9Soy90.png\",srcSet:\"https://framerusercontent.com/images/lRJqbIjpyxk1KKnUnme9Soy90.png?scale-down-to=512 512w,https://framerusercontent.com/images/lRJqbIjpyxk1KKnUnme9Soy90.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/lRJqbIjpyxk1KKnUnme9Soy90.png 1620w\",style:{aspectRatio:\"1620 / 1578\"},width:\"810\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),\"We urge you to familiarize yourself with the techniques used in this attack and refer to the detections we have created - whether you are a current Panther customer or not. If you have any questions, please feel free to reach out to our team\"]}),/*#__PURE__*/e(\"h3\",{children:\"References\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(a,{href:\"https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/#account-takeover-via-password-reset-without-user-interactions\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6\"})})})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(a,{href:\"https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/#google_vignette\",motionChild:!0,nodeId:\"YHdMp3byK\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Over 5,300 GitLab servers exposed to zero-click account takeover attacks\"})})})})]})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],
  "mappings": "+LAAsJ,IAAMA,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAS,6JAA6J,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,2EAA2E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+EAA+E,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,gFAAgF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gEAAgE,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qLAAgL,CAAC,EAAeA,EAAE,aAAa,CAAC,SAAsBF,EAAE,aAAa,CAAC,SAAS,CAAcE,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uEAA6D,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oEAAiFE,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,uIAAoJE,EAAE,SAAS,CAAC,SAAS,IAAI,CAAC,EAAE,2CAA2C,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iOAAiO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sSAAiS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI;AAAA,EAAsB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,yKAAyK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iQAA4P,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2RAA4Q,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAEC,EAAE,CAAC,KAAK,2EAA2E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,kIAAkI,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,2CAA2C,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,uKAAuK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2VAA2V,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,yDAAyD,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0JAA0J,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+RAA2Q,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mJAAmJ,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,EAAE,4NAA4N,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,EAAE,mIAAmI,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAS,CAAcA,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,mOAAmO,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,EAAE,iKAA4J,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gSAA2R,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iRAAiR,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8RAA8R,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mEAAmE,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,0CAA0C,CAAC,EAAE,2JAA2J,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,EAAE,yMAAyM,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,mLAAmL,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,aAAa,CAAC,EAAE,mJAAmJ,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,sKAAsK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,yIAAyI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,EAAE,oLAAoL,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,EAAE,6IAA6I,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oGAA0F,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,6WAA6W,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,EAAE,iPAAiP,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kGAAkG,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,6FAAwF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,qEAAqE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,uFAAuF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,+IAA+I,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yXAAyX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8IAAyI,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA0B,CAAC,EAAE,yLAAyL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gCAA2B,CAAC,EAAE,4WAA8U,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iCAA4B,CAAC,EAAE,0QAA0Q,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uFAAkF,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,4EAA4E,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,uIAAuI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,iLAAiL,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAS,CAAcE,EAAE,IAAI,CAAC,SAAS,4HAA4H,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,6IAAwI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,0IAA0I,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0RAA2Q,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yTAAoT,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,8DAA8D,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,yKAAyK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2aAAia,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iMAAuL,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0GAAkHE,EAAEC,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBL,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,kLAAkL,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+IAA+I,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iWAA8WE,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,mIAAmI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,sDAAsD,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qJAAqJ,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6VAA0WE,EAAEC,EAAE,CAAC,KAAK,oGAAoG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAE,oFAAoF,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,iVAAiV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4iBAA4iB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uNAAuN,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqBE,EAAEC,EAAE,CAAC,KAAK,2EAA2E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,EAAE,qSAAqS,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,2YAA2Y,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,4BAA4B,CAAC,EAAE,2RAA2R,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,6CAA6C,CAAC,EAAE,gNAAgN,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sCAAsC,CAAC,EAAE,0LAA0L,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oOAAoO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2DAAwEE,EAAEC,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,8HAA8H,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4IAAyJE,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,qBAAkCF,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,6KAA6K,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,yMAAyM,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,kIAAkI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,mHAAmH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,iLAAiL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uDAAuD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yMAAyM,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iHAA8HE,EAAEC,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,+CAA4DF,EAAEC,EAAE,CAAC,KAAK,uFAAuF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,gDAAgD,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,8OAA8O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0XAA0X,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,gKAA6KA,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,EAAE,oKAAoK,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,EAAE,kRAAkR,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yPAAyP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sFAAsF,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,6BAA6B,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,0DAA0D,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,qDAAqD,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,EAAE,kGAAkG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kLAAkL,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kJAAkJ,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6GAA0HE,EAAEC,EAAE,CAAC,KAAK,4GAA4G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mEAAmE,CAAC,CAAC,CAAC,EAAE,sJAAmKF,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,4BAAyCA,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6WAA6W,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,8PAA8P,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,uKAAuK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+KAA4LE,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,8FAA2GF,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,wLAAwL,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qDAAqD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8MAA8M,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,0VAAuWF,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAE,4JAA4J,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gEAAgE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8OAA2PE,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,mQAAmQ,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,qSAAqS,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,0aAA0a,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,6XAA6X,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,+WAA+W,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mGAAgHE,EAAEC,EAAE,CAAC,KAAK,+GAA+G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qEAAqE,CAAC,CAAC,CAAC,EAAE,YAAyBF,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,6IAA0JF,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,kKAAkK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4CE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,8QAA2RA,EAAEC,EAAE,CAAC,KAAK,gHAAgH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,gJAAgJ,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4MAAyNE,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,EAAE,yKAAsLA,EAAEC,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,uOAAuO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kPAA+PE,EAAEC,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAE,qDAAqD,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgFE,EAAEC,EAAE,CAAC,KAAK,qGAAqG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8DAA8D,CAAC,CAAC,CAAC,EAAE,uLAAuL,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsCE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeE,EAAuBN,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,kWAAkW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,scAAsc,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uCAAuC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,iLAAiL,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,mGAAmG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,0KAA0K,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,6IAA6I,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iqBAAiqB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qtBAAqtB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gmBAAgmB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4pBAA4pB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2CAA2C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qCAAqC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,QAAQ,sBAAsB,kBAAkB,6BAA6B,MAAM,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,uFAAuF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,iJAAiJ,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,0EAA0E,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,iHAAiH,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,MAAM,EAAE,SAAsBA,EAAE,IAAI,CAAC,SAAS,mHAAmH,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8hBAA8hB,CAAC,CAAC,CAAC,CAAC,EAAeK,EAAuBP,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,yDAAyD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,yFAAsGE,EAAEC,EAAE,CAAC,KAAK,mBAAmB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAE,sVAAmWF,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4DAA4D,CAAC,CAAC,CAAC,EAAE,mJAAmJ,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,syBAAsyB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,imBAAimB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2rBAA2rB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iXAAiX,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uDAAoEE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeI,EAAuBR,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,yGAAsHE,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8CAA8C,CAAC,CAAC,CAAC,EAAE,4PAA4P,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,8dAA8d,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2VAA2V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+cAA+c,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,ieAA8eE,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,qDAAkEE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeK,EAAuBT,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,8LAA8L,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mPAAmP,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wEAAqFE,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,0BAAuCA,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,kCAAkC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4FAA4F,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sGAAmHE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,2CAAwDF,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wDAAwD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8VAA8V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2aAA2a,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,ycAA2c,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8CAA8C,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2CAA2C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iMAA8ME,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,IAAiBA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gHAAgH,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mSAAmS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+TAA+T,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+PAA+P,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6IAA6I,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+LAA+L,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+NAA+N,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0DAA0D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yHAAyH,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ySAAyS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6HAA6H,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,giBAAkiB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6CAA6C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iOAAiO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBV,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,sNAAsN,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uWAAuW,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAE,8ZAA2aA,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,oIAAoI,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,kYAA+YF,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,0DAA0D,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8bAA8b,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+VAA+V,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iZAAiZ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ojBAAojB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8XAA2YE,EAAEC,EAAE,CAAC,KAAK,oGAAoG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2DAAwEE,EAAEC,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,8HAA8H,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4IAAyJE,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,qBAAkCF,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,6KAA6K,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,yMAAyM,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,kIAAkI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,mHAAmH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,iLAAiL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uDAAuD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0NAA0N,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,uJAAoKF,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,uOAAuO,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuDE,EAAEC,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,yDAAsEF,EAAEC,EAAE,CAAC,KAAK,uFAAuF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,gDAAgD,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,6NAA6N,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kYAAkY,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,gKAA6KA,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,EAAE,2JAA2J,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,EAAE,yRAAyR,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wPAAwP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sFAAsF,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,8BAA8B,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,qEAAkFA,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,qDAAqD,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,EAAE,iGAAiG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kLAAkL,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qDAAqD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8KAA2LE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,2BAAwCA,EAAEC,EAAE,CAAC,KAAK,sGAAsG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,0FAA0F,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,EAAE,+LAA+L,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,kBAAkB,CAAC,EAAE,qPAAqP,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,2LAA2L,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kJAA+JE,EAAEC,EAAE,CAAC,KAAK,sFAAsF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,EAAE,kCAA+CF,EAAE,SAAS,CAAC,SAAS,iBAAkB,CAAC,EAAE,0KAA2K,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gJAA6JE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,oBAAiCA,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,EAAE,0FAA0F,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,yFAAsGE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,eAA4BA,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,EAAE,2CAA2C,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6WAA6W,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,8PAA8P,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,8PAA8P,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6HAA0IE,EAAEC,EAAE,CAAC,KAAK,qBAAqB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,uLAAuL,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2DAA2D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8MAA8M,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,mXAAmX,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,qIAAkJE,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,mNAAmN,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8OAA2PE,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,yPAAyP,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,qHAAkIE,EAAEC,EAAE,CAAC,KAAK,0HAA0H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uDAAuD,CAAC,CAAC,CAAC,EAAE,oBAAiCF,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,yGAAsHF,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,EAAE,6EAA0FA,EAAEC,EAAE,CAAC,KAAK,2HAA2H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,+IAA+I,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kLAAkL,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,wNAAqOA,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,EAAE,WAAwBA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,oGAAiHA,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,WAAwBA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,yIAAyI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,EAAE,+NAA+N,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,8BAA8B,CAAC,EAAE,qYAAqY,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,uKAAuK,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,EAAE,4UAA4U,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+SAA4TE,EAAEC,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,sFAAsF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yDAAyD,CAAC,CAAC,CAAC,EAAE,yMAAsNF,EAAEC,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wDAAwD,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAE,KAAK,CAAC,CAAC,EAAE,uBAAoCA,EAAEC,EAAE,CAAC,KAAK,qGAAqG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qDAAqD,CAAC,CAAC,CAAC,EAAE,qMAAqM,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsCE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeO,EAAuBX,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,KAAK,CAAC,SAAS,CAAC,wBAAqCE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,cAAc,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0PAAuQE,EAAEC,EAAE,CAAC,KAAK,4EAA4E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,gTAAgT,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gKAA6KE,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,wLAAwL,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,qPAAqP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ybAAyb,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6BAA6B,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,4BAA4B,CAAC,EAAE,gRAAgR,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,4NAA4N,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,6PAA6P,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,wPAAwP,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kUAAkU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,obAAob,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oFAAiGE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAE,yOAAyO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBZ,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,8TAA8T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8VAA8V,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sDAAsD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mVAAmV,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yUAAyU,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,odAAod,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kDAAkD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ybAAyb,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qDAAqD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wcAAwc,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sCAAsC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uOAAuO,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6WAA0XE,EAAEC,EAAE,CAAC,KAAK,6GAA6G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,qWAAqW,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,MAAM,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeW,EAAuBb,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,6KAA6K,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2VAA2V,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kYAA+YE,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,iDAAiD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,wFAAwF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,mdAAmd,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,mCAAmC,CAAC,EAAE,gBAA6BA,EAAEC,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,gIAAgI,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,0CAA0C,CAAC,EAAE,SAAsBA,EAAEC,EAAE,CAAC,KAAK,+EAA+E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,wKAAwK,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,2EAAwFA,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,uFAAuF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,8JAA8J,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wCAAwC,CAAC,EAAE,cAA2BA,EAAEC,EAAE,CAAC,KAAK,sFAAsF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,mIAAmI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,8TAA8T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6FAA6F,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyDE,EAAEC,EAAE,CAAC,KAAK,6FAA6F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8CAA8C,CAAC,CAAC,CAAC,EAAE,8NAA2OF,EAAEC,EAAE,CAAC,KAAK,oGAAoG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAE,4DAA4D,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,uZAAuZ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oqBAAoqB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2DAAwEE,EAAEC,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,8HAA8H,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4IAAyJE,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,qBAAkCF,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,6KAA6K,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,yMAAyM,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,kIAAkI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,mHAAmH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,iLAAiL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uDAAuD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2MAA2M,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAEC,EAAE,CAAC,KAAK,uFAAuF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,+FAA+F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,gNAAgN,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuDE,EAAEC,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,yDAAsEF,EAAEC,EAAE,CAAC,KAAK,uFAAuF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,gDAAgD,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,qYAAqY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sXAAsX,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,gKAA6KA,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,EAAE,sIAAsI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,EAAE,+QAA+Q,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yPAAyP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sFAAsF,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,+BAA+B,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,0DAA0D,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,qDAAqD,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,EAAE,iGAAiG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kLAAkL,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0HAAuIE,EAAE,KAAK,CAAC,CAAC,EAAE,8HAA2IA,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,6QAA0RF,EAAE,SAAS,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4HAAyIE,EAAEC,EAAE,CAAC,KAAK,wEAAwE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6WAA6W,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,8PAA8P,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,8PAA8P,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6HAA0IE,EAAEC,EAAE,CAAC,KAAK,4BAA4B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,0UAA0U,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oDAAoD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8MAA8M,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,wcAAwc,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,8OAA2PE,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,gVAAgV,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iDAAiD,CAAC,EAAE,0YAA0Y,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,EAAE,+NAA+N,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,8BAA8B,CAAC,EAAE,qYAAqY,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,uKAAuK,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,EAAE,4UAA4U,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qFAAqF,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgDE,EAAEC,EAAE,CAAC,KAAK,iIAAiI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yDAAyD,CAAC,CAAC,CAAC,EAAE,YAAyBF,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,yHAAsIF,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,EAAE,qBAAkCA,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,2CAA2C,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4CE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,iBAA8BA,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,EAAE,iOAA8OA,EAAEC,EAAE,CAAC,KAAK,kIAAkI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,qNAAkOF,EAAEC,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,uOAAuO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6NAA0OE,EAAEC,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wDAAwD,CAAC,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgFE,EAAEC,EAAE,CAAC,KAAK,qGAAqG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8DAA8D,CAAC,CAAC,CAAC,EAAE,uLAAuL,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsCE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeU,EAAwBd,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,+DAA+D,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oBAAiCE,EAAEC,EAAE,CAAC,KAAK,+JAA+J,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,yeAAye,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,yUAAyU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mWAAmW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uEAAuE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgFE,EAAE,OAAO,CAAC,SAAS,iBAAiB,CAAC,EAAE,wUAAwU,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wRAAqSE,EAAEC,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,6KAA6K,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2ZAA2Z,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAEC,EAAE,CAAC,KAAK,6DAA6D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,+QAA4RF,EAAE,OAAO,CAAC,SAAS,iBAAiB,CAAC,EAAE,wEAAwE,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,SAAS,8DAA8D,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6bAA6b,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6KAA0LE,EAAEC,EAAE,CAAC,KAAK,+GAA+G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,2CAA2C,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,yVAAyV,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAE,mPAAmP,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,+JAA+J,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0DAA0D,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,2IAA2I,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,UAAU,CAAC,EAAE,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0EAA0E,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAC1z6IW,EAAqB,CAAC,QAAU,CAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC",
  "names": ["richText", "u", "x", "p", "Link", "motion", "richText1", "richText2", "richText3", "richText4", "richText5", "richText6", "richText7", "richText8", "richText9", "richText10", "__FramerMetadata__"]
}