{
  "version": 3,
  "sources": ["ssg:https://framerusercontent.com/modules/jhRgt5YhvLJRhvo7Qrss/AQRwEqk4qGCSW6ru0W70/bfkV_Pb3R-2.js"],
  "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as a}from\"framer\";import{motion as n}from\"framer-motion\";import*as i from\"react\";export const richText=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h3\",{children:\"An Illustration of Code-Driven Defense\"}),/*#__PURE__*/e(\"p\",{children:\"In the mesmerizing clockwork metropolis of Valora, danger lurks beneath its polished fa\\xe7ade. The renegade engineers of the Cogwraiths, under the malevolent guidance of the Clockwork King, plot to seize control of the city's lifeblood: its steam-driven core. Amidst this chaos, Amelia, an adept Detection Engineer, and her comrade Max, embark on a daring mission to defend Valora. Armed with the 5 principles of Detection-as-Code, they navigate a world of intricate mechanisms and covert conflicts. Join them in a thrilling saga where the art of detection engineering is put into action, forging a path to safeguard Valora's future against the looming shadow of the Cogwraiths.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"500\",src:\"https://framerusercontent.com/images/tMVrpgUh1t7mviUhKxbholS3J0.png\",srcSet:\"https://framerusercontent.com/images/tMVrpgUh1t7mviUhKxbholS3J0.png 900w\",style:{aspectRatio:\"900 / 1000\"},width:\"450\"}),/*#__PURE__*/e(\"h4\",{children:\"Amelia\"}),/*#__PURE__*/e(\"p\",{children:\"The Ingenious Detection Engineer\"}),/*#__PURE__*/e(\"p\",{children:\"Amelia is a seasoned detection engineer with a passion for unraveling the intricacies of threat detection. Armed with her expertise in code-driven defense, she leads the charge in safeguarding Valora from the clutches of the Cogwraiths.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"500\",src:\"https://framerusercontent.com/images/fjVmuEz6nyp45VBvI1JSQlCzp5w.png\",srcSet:\"https://framerusercontent.com/images/fjVmuEz6nyp45VBvI1JSQlCzp5w.png 900w\",style:{aspectRatio:\"900 / 1000\"},width:\"450\"}),/*#__PURE__*/e(\"h4\",{children:\"Councilor Octavia\"}),/*#__PURE__*/e(\"p\",{children:\"Leader of Valora\u2019s Security\"}),/*#__PURE__*/e(\"p\",{children:\"As the esteemed head of the city council, Councilor Octavia commands respect and authority in Valora\u2019s political landscape. With a visionary approach to governance, she steers the city through turbulent times with wisdom and resolve.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"500\",src:\"https://framerusercontent.com/images/sNS20YhlwsigVMhiwmiFVsmMJeg.png\",srcSet:\"https://framerusercontent.com/images/sNS20YhlwsigVMhiwmiFVsmMJeg.png 900w\",style:{aspectRatio:\"900 / 1000\"},width:\"450\"}),/*#__PURE__*/e(\"h4\",{children:\"The Clockwork King\"}),/*#__PURE__*/e(\"p\",{children:\"The Mechanical Machiavelli\"}),/*#__PURE__*/e(\"p\",{children:\"The enigmatic mastermind behind the Cogwraiths, the Clockwork King is a formidable adversary hell-bent on seizing control of Valora\u2019s steam-driven core. With his arsenal of mechanical minions and cunning intellect, he poses a grave threat to the city\u2019s security.\"}),/*#__PURE__*/e(\"h3\",{children:\"Learn the 5 Domains of Detection-as-Code\"}),/*#__PURE__*/e(\"h4\",{children:\"Agile Workflows\"}),/*#__PURE__*/e(\"p\",{children:\"Amelia and Max leverage Agile Workflows to systematically plan, develop, test, document, and deploy threat detection strategies, ensuring Valora\u2019s safety against the Cogwraiths.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/hxn4mSScY8zWKa3IIsbKHQp2yfE.png\",srcSet:\"https://framerusercontent.com/images/hxn4mSScY8zWKa3IIsbKHQp2yfE.png?scale-down-to=512 512w,https://framerusercontent.com/images/hxn4mSScY8zWKa3IIsbKHQp2yfE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/hxn4mSScY8zWKa3IIsbKHQp2yfE.png 1601w\",style:{aspectRatio:\"1601 / 950\"},width:\"800\"}),/*#__PURE__*/e(\"h4\",{children:\"Expressive Languages & Code Reuse\"}),/*#__PURE__*/e(\"p\",{children:\"By leveraging Valora\u2019s existing technologies and expressive languages, our heroes create adaptable and efficient detection logic for defending the city.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/bzxGxK9QbhrtRXihfU32W1Jv8.png\",srcSet:\"https://framerusercontent.com/images/bzxGxK9QbhrtRXihfU32W1Jv8.png?scale-down-to=512 512w,https://framerusercontent.com/images/bzxGxK9QbhrtRXihfU32W1Jv8.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/bzxGxK9QbhrtRXihfU32W1Jv8.png 1601w\",style:{aspectRatio:\"1601 / 950\"},width:\"800\"}),/*#__PURE__*/e(\"h4\",{children:\"Version Control\"}),/*#__PURE__*/e(\"p\",{children:\"Version control supercharges Max and Amelia\u2019s defenses against the Cogwraiths by streamlining code reviews, enforcing reviews and approvals, and simplifying rollbacks.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/DKEIegrykULPqY1RLA2uirZLk.png\",srcSet:\"https://framerusercontent.com/images/DKEIegrykULPqY1RLA2uirZLk.png?scale-down-to=512 512w,https://framerusercontent.com/images/DKEIegrykULPqY1RLA2uirZLk.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/DKEIegrykULPqY1RLA2uirZLk.png 1601w\",style:{aspectRatio:\"1601 / 950\"},width:\"800\"}),/*#__PURE__*/e(\"h4\",{children:\"Continuous Integration & Delivery (CI & CD)\"}),/*#__PURE__*/e(\"p\",{children:\"Amelia harnesses CI/CD through Valora\u2019s intricate mail tube systems to send programming updates in real-time to strengthen their defenses against the Cogwraiths.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/lFh7gqINDzcYK4enKCayFJI6XU.png\",srcSet:\"https://framerusercontent.com/images/lFh7gqINDzcYK4enKCayFJI6XU.png?scale-down-to=512 512w,https://framerusercontent.com/images/lFh7gqINDzcYK4enKCayFJI6XU.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/lFh7gqINDzcYK4enKCayFJI6XU.png 1601w\",style:{aspectRatio:\"1601 / 950\"},width:\"800\"}),/*#__PURE__*/e(\"h4\",{children:\"Test-Driven Development (TDD)\"}),/*#__PURE__*/e(\"p\",{children:\"With TDD, Amelia can continually test detection logic during development and post-deployment to ensure functionality and resilience against evolving threats in Valora\u2019s steam-powered realm.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/v1JYPbpi3WIv2bPyfc5Ku0efwE.png\",srcSet:\"https://framerusercontent.com/images/v1JYPbpi3WIv2bPyfc5Ku0efwE.png?scale-down-to=512 512w,https://framerusercontent.com/images/v1JYPbpi3WIv2bPyfc5Ku0efwE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/v1JYPbpi3WIv2bPyfc5Ku0efwE.png 1601w\",style:{aspectRatio:\"1601 / 950\"},width:\"800\"})]});export const richText1=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h3\",{children:\"A guide to navigating SIEM solution claims and pitfalls\"}),/*#__PURE__*/e(\"p\",{children:\"Hate to break it, but you\u2019ve been lied to. Not all SIEMs do what they say they will do.\"}),/*#__PURE__*/e(\"p\",{children:\"Sadly, this comes at the expense of the security organization, with hidden costs, limitations on data ingestion and retention, creating dependencies and hindering effective security operations.\"}),/*#__PURE__*/e(\"p\",{children:\"Ultimately, they are unable to keep up with the ever-increasing volume, velocity, and variety of security data in today's cloud-based world.\"}),/*#__PURE__*/e(\"p\",{children:\"But there is a better way.\"}),/*#__PURE__*/e(\"h3\",{children:\"In this eBook, you'll learn about:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Common misleading claims made by legacy SIEM vendors\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Key requirements and functions to consider when evaluating SIEM tools\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The advantages and value of modern SIEM platforms\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Decode common SIEM deceptions so you can truly understand how to choose a platform that scales to your needs without breaking the bank.\"}),/*#__PURE__*/e(\"p\",{children:\"Download the eBook today!\"}),/*#__PURE__*/e(\"p\",{children:\"\\xa0\"})]});export const richText2=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/e(\"p\",{children:\"Learn about the deceptive claims and limitations of legacy and other SIEM solutions, and how to choose a modern SIEM that truly empowers your security operations.\"})});export const richText3=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"\u201CWhen you play the game of securing AWS, you win or you die.\u201D - Cersei Lannister, maybe\"}),/*#__PURE__*/e(\"p\",{children:\"Given the return to the screen of shows like Game of Thrones and Lord of the Rings, we\u2019ve been thinking in high fantasy archetypes lately. As security practitioners, tasked with outfitting our organizations with a strong defense against attacks, we see a corollary in the work of the blacksmith.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"Crafting detections for AWS and crafting armor come with similar challenges:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Which materials best suit the job, and how can they be refined for applied use?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Which tools should I use to build my defenses?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"How do I sustainably scale and improve production to meet the needs of a growing organization?\"})})]}),/*#__PURE__*/e(\"p\",{children:\"In this ebook, we\u2019ll lay out how to build a detection & response function for an AWS environment in the way a magical smith of yore might fashion Mithril shirts for a key battle against the forces of evil. \"})]});export const richText4=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/e(\"p\",{children:\"Learn how to build out threat detection for AWS environments in the way a magical smith of yore might fashion Mithril shirts for a battle against the forces of evil.\"})});export const richText5=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h3\",{children:\"The AWS Security Challenge\"}),/*#__PURE__*/e(\"p\",{children:\"Amazon Web Services (AWS) is the world\u2019s most comprehensive and broadly adopted cloud platform. Millions of customers worldwide are using AWS to lower costs, become more agile, and innovate faster. AWS is architected to be the most flexible and secure cloud computing environment available today, and its core infrastructure is built to satisfy security requirements for high-profile organizations across each industry and geography.\"}),/*#__PURE__*/e(\"p\",{children:\"AWS is not immune to challenges, however. One of the top issues every security professional is faced with as part of their daily responsibilities is collecting and normalizing all of the data produced by AWS and then making sense of that information to confirm security controls are being followed properly. This vast environment of cloud resources forces security teams to switch back-and-forth between tools to deal with hundreds to thousands of security alerts every day.\"}),/*#__PURE__*/e(\"p\",{children:\"AWS logs are \u201Cnoisy\u201D and are often voluminous, and this drives the need for a robust architecture to optimize speed, flexibility, and scale. AWS requires significant configuration out of the box, which can be taxing on resources because they might not have the necessary skill set and time to implement this properly. This adds to unnecessary operational and security risks. Eliminating or redirecting logs out of AWS into your SIEM is technically challenging, unnecessarily costly, and will most likely have significant ETL challenges. Most organizations do not have the skill or the will to effectively and efficiently implement, operate, and maintain an unnecessarily complex environment like AWS as provided to its customers.\"}),/*#__PURE__*/e(\"p\",{children:\"Security teams need a single platform for aggregating, organizing, and prioritizing security-relevant data from AWS accounts and combining signals from multiple hybrid platform environments across the organization.\"}),/*#__PURE__*/e(\"h3\",{children:\"What is Panther?\"}),/*#__PURE__*/e(\"p\",{children:\"Panther takes vast amounts of security logs and provides normalization, real-time analysis, and a scalable data warehouse to store and query them.\\xa0\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther is the core of detection and response for modern, cloud-focused teams, especially built on AWS. It\u2019s a SaaS solution \",/*#__PURE__*/e(\"strong\",{children:\"designed for speed, scale, and flexibility \"}),\"while removing the operational burden of managing data. With Panther and AWS, security teams get a centralized store of all activity across security-relevant logs like CloudTrail, Application Load Balancers, VPC Flow, Guard Duty, and more, queryable with SQL and processed with Python.\"]}),/*#__PURE__*/e(\"p\",{children:\"Panther\u2019s utilization of detection-as-code, security data lakes, and real-time alerting gives teams powerful capabilities to meet their unique needs, discover attacker behavior quickly, and answer difficult questions during a breach.\"}),/*#__PURE__*/t(\"h4\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"h3\",{children:\"Key Highlights\"}),/*#__PURE__*/e(\"h4\",{children:\"#1 Speed: Detection and Real-Time Alerting at the Speed of Now\"}),/*#__PURE__*/e(\"p\",{children:\"With traditional SIEMs, queries over several weeks or months of data can take multiple hours and even up to a day to return results. In an investigation, every second counts, which is why Panther\u2019s architecture is built on a scalable and serverless data warehouse that removes all DevOps overhead. By leveraging an architecture that separates storage (where the data lives) and compute (how the data is loaded and queried), Panther is uniquely designed to provide fast searches across extremely large amounts of data, so security teams can get the answers they need quickly.\"}),/*#__PURE__*/e(\"p\",{children:\"Additionally, Panther also analyzes all log data streamed into the platform in real-time to provide security teams immediate signals right when new suspicious activity happens. This complementary mechanism is designed to save money and time by bypassing the data warehouse and greatly decreasing the latency for receiving an alert. Customized alert grouping and thresholds enable the ability to analyze up to 24 hours worth of data for a given detection.\"}),/*#__PURE__*/e(\"p\",{children:\"Thanks to the elastic nature of the cloud, security teams can now quickly load all of the data they need, scale up on-demand, and bypass all ops overhead to drive better security outcomes and improve visibility.\"}),/*#__PURE__*/e(\"h4\",{children:\"#2 Scale: Ingest All of Your Data\"}),/*#__PURE__*/e(\"p\",{children:\"Security teams are too often holding back all of the data they need to send for storage and analysis due to ops or licensing costs. Panther alleviates these pains with a fully serverless and cloud-native architecture along with native support for Snowflake, allowing for all security data to be sent, regardless of size. The separation of storage and compute enables both data ingestion at a massive scale and fast queries.\"}),/*#__PURE__*/e(\"p\",{children:\"Panther\u2019s data lake is built on parsed and normalized data, which is configured automatically for common log types. This works by comparing incoming data to a collection of schemas, conforming them into a consistent structure, and extracting common atomic indicators such as IPs, domains, ARNs, and more. This critical step ensures that data is searchable at scale, enables fast queries over massive amounts of security data, and enables complex analytics such as joins across log types. Additionally, automatically structured data means no guessing field names or fussing around with regular expressions while in the middle of an investigation.\"}),/*#__PURE__*/e(\"h4\",{children:\"#3 Flexibility: Detections-as-Code and Data Normalization (extracting ARNs, account IDs, etc.)\"}),/*#__PURE__*/e(\"p\",{children:\"Detection and alerting logic in traditional SIEMS is often limited and often even impossible to customize. With Panther, security data is analyzed with expressive Python-based detection-as-code, enabling teams to build robust and tailored security alerting pipelines with version control, unit tests, reusable code, and CI/CD.\"}),/*#__PURE__*/e(\"p\",{children:\"Python is the most popular programming language in the world today and is used extensively in cybersecurity by analysts, engineers, and many experts in the field. By supporting common programming paradigms and best practices such as the use of helper functions, reusable code, existing libraries, peer reviews and comments, and dedicated functions to decorate alerts like alert titles, deduplication logic, and alert destinations, Python enables significantly more flexibility than traditional SIEM domain-specific languages (DSLs) for writing custom, business-specific detections.\"}),/*#__PURE__*/t(\"p\",{children:[\"Panther also ships with AWS detection packs that cover common attacks, vulnerabilities, and security best practices. These detections are mapped to frameworks such as MITRE ATT&CK and CIS, and are continually improved with a community-based approach. As more experts collaborate to improve the industry as a whole, the \",/*#__PURE__*/e(a,{href:\"https://medium.com/@johnlatwc/the-githubification-of-infosec-afbdbfaad1d1\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"\u2018Githubfication\u2019 of Infosec\"})}),\" has been emerging as a trend and Panther\u2019s support for detection-as-code enables teams to embrace an open, shareable, and contributor-friendly model for speeding up infosec learning and collaboration (\",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OSS detections can be found here\"})}),\").\"]}),/*#__PURE__*/e(\"p\",{children:\"Finally, Panther seamlessly fits into a modern, best-of-breed detection and response stack, and can easily be integrated with other security tools to enable automation and collaboration across teams. Examples include SOAR, SIEM, endpoint security tools (e.g., EDR), IDS, Firewalls, Active Directory, LDAP, and more.\"}),/*#__PURE__*/e(\"h3\",{children:\"The Magic Equation: Panther + AWS\"}),/*#__PURE__*/e(\"p\",{children:\"Panther brings disparate security logs from multiple AWS accounts together into a single view and makes them usable with speed, scale, and flexibility while operating as a robust security data platform.\"}),/*#__PURE__*/e(\"p\",{children:\"Panther\u2019s data pipeline is built on the idea of \u201CStreaming ETL (Extract, Transform, and Load)\u201D where real-time security data is parsed, normalized, and stored in an efficient and compressed format at machine speed. By using a method of micro-batching, latency is measured in a few minutes versus hours or more. This brings structure to security data and enables teams to connect the dots during an investigation by querying the extracted fields, such as common IOCs, IOAs, and other telemetry across all data. This provides an extremely scalable operational environment that enables security teams to process, analyze, and retain exabytes of security data at unprecedented low costs when they need it, which is right now.\"}),/*#__PURE__*/e(\"p\",{children:\"Data lake architecture enables the ability to collect data up and down the stack to get as much context as possible to include but not be limited to cloud, network, database, host, and application data. By prioritizing the collection of logs that have security value, ensure that time and resources are used efficiently. This can be a particularly important challenge to overcome early on as analyzing a number of data sources can quickly become very noisy, irrelevant, and can take up unnecessary space and cycles. In addition, organizations can ingest, parse, normalize, and analyze their security data and store it for long-term retention, creating a well-structured and scalable security data lake.\"}),/*#__PURE__*/e(\"p\",{children:\"There are many benefits to going serverless that cannot be met with alternative approaches.\\xa0\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Elastic and Scalable: \"}),\"Use what you need when you need it at machine speed.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Cost-Effective: \"}),\"Extremely high return on investment due to low license and administrative costs.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Security: \"}),\"Eliminates the need for OS patching of EC2 servers that are no longer needed to run your SIEM infrastructure.\\xa0\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Ease of Use: \"}),\"Anyone can do it. Onboarding takes minutes, not days. By eliminating infrastructure constraints, operating teams can reprioritize resources and focus on other priorities.\"]})}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Visibility:\"}),\" By having more, you see more. Many legacy approaches with on-prem infrastructure have strict limits on ingestion and retention. Tier 1 security analysts can quickly uplevel to tier 2 and so on due to the eliminated overhead and added functionality an operating environment like this can provide.\\xa0\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]})]})]}),/*#__PURE__*/e(\"h3\",{children:\"AWS Tools of the Trade\"}),/*#__PURE__*/t(\"p\",{children:[\"In June 2021, Amazon published their \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/welcome.html\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"AWS Security Reference Architecture\"})}),\" which shows AWS account structure, security services, and features to maximize security workloads in their infrastructure. This guidance is broken into 4 major components.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Security Foundations\"})}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"AWS Organizations, Accounts, and IAM Guardrails\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The AWS Security Reference Architecture\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"IAM Resources\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Code Repository for AWS Security Reference Architecture Examples\"})})]}),/*#__PURE__*/e(\"p\",{children:\"\\xa0Below is a list of the most critical AWS security tools and features as well as useful third-party tools that operate seamlessly with Panther - in a simple and straightforward manner. This then becomes a synergistic combination that can turn a traditional formula of 1+1=2 into 1+1=50x or more.\"}),/*#__PURE__*/e(\"p\",{children:\"The key benefit of putting Panther in charge is that it can effortlessly collect all security-relevant AWS log types into a centralized and normalized single view, such as:\\xa0\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Application Load Balancers\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"RDS MySQL Instances\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"CloudTrail Events\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"CloudWatch Logs/Events\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"GuardDuty Alerts\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"S3 Access Logs\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Firewall Events\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"and VPC Network Traffic Flow\"})})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"AWS use creates a myriad of disparate logs, with differing data types, data structures and many alerts. It is virtually impossible to parse, normalize and understand all of this data without the right automated solution.\"})}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"Panther quickly and easily centralizes all of your AWS data in a data lake, normalizes the data, and enables you a single view, providing greater situational awareness.\"})}),/*#__PURE__*/e(\"h3\",{children:\"Integrations and Data Store Connectors\"}),/*#__PURE__*/e(\"p\",{children:\"In addition, Panther has out-of-the-box native integrations that make it easy to analyze your data, triage alerts quickly, and remediate incidents using the tools your teams love.\\xa0 Custom workflow integrations can be implemented with PagerDuty, Slack, Jira, Asana, Microsoft Teams, and many others. For more complex users, integrating SOAR can produce unique use cases and can be incorporated into innovative workflows.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://panther.com/integrations/snowflake/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Snowflake\"})})}),/*#__PURE__*/e(\"strong\",{children:\" benefits:\"})]}),/*#__PURE__*/e(\"p\",{children:\"With Panther and Snowflake, you can:\\xa0\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Collect terabytes of normalized security data in Snowflake for affordable, long-term retention\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Scale up your warehouse with the click of a button when you need to query months or years of data during an investigation\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Join Panther data (e.g. alerts) with other data sources in your Snowflake in a single interface to assess the security posture of your organization.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Take advantage of Snowflake\u2019s rich ecosystem of integrations to gain new insights from your security data.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Recommended best practice is to have Panther manage this environment to ensure environments are always operating at optimal levels 24x7x365.\"})})]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(a,{href:\"https://panther.com/integrations/lacework/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"LaceWork\"})})}),/*#__PURE__*/e(\"strong\",{children:\" benefits:\"})]}),/*#__PURE__*/e(\"p\",{children:\"Lacework logs to gain complete visibility into processes and applications in your cloud and container environments with Panther\u2019s Lacework integration. It generates findings about that account and checks accounts for vulnerabilities.\"}),/*#__PURE__*/t(\"p\",{children:[\"See \",/*#__PURE__*/e(a,{href:\"https://panther.com/integrations/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Panther Integrations\"})}),\" for a full list.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Common Security Use Cases\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Traffic monitoring of Netflow, IDS (traffic mirroring), ALB logs, WAF\"})}),/*#__PURE__*/e(\"p\",{children:\"Analyzing network traffic is often very difficult because the volume of data is so high and most SIEMs cannot handle that much load. Luckily, because of Panther\u2019s Data Warehouse and ETL design, teams can onboard all helpful network traffic, such as netflow, IDS/IPS, or web traffic firewall logs. The benefit of having this data in Panther is that it can be joined to other context from hosts or applications inside of VPCs and detect behaviors like exfiltration, vulnerability scanning, access to sensitive administrative ports, and more.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Detect access to sensitive S3 data sources\"})}),/*#__PURE__*/t(\"p\",{children:[\"Here is an example based on \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/aws_s3_rules/aws_s3_unknown_requester_get_object.py\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"S3 server access logs\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Sensitive data stores should only be accessed by a small and known list of trusted entities. This rule monitors access to sensitive data (in this case S3 buckets) and ensures only certain entities (in this case predefined IAM roles) are accessing that data store. Here we're using some minorly complex python to handle a variety of cases in just a few lines of code.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Aggregation of other AWS security sensors\"})}),/*#__PURE__*/e(\"p\",{children:\"GuardDuty, Macie, Config, and TrustedAdvisor\"}),/*#__PURE__*/e(\"p\",{children:\"Most security sensors provide their own analysis and generate alerts that can be normalized into a single place for additional filtering, analysis, and incident response purposes. Detection-in-depth is an approach all security teams should take to build confidence that some activity is in fact bad, and Panther is the place where teams can centralize this data and detection logic.\"}),/*#__PURE__*/t(\"p\",{children:[\"Here is an example of a rule for \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/aws_guardduty_rules/aws_guardduty_high_sev_findings.py\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"AWS GuardDuty logs\"})}),\" which can also be used for any type of traffic monitoring, but is particularly useful for detecting suspicious activity via CloudTrail.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Detect sensitive API calls in CloudTrail\"})}),/*#__PURE__*/e(\"p\",{children:\"Often, organizations want to reuse base images for EC2\\xa0 instances in the form of AMIs, and one easy way to do this is just to make the image public. But this makes the image accessible to anyone in the world, which is often (almost always) not a good idea because these base images may contain sensitive company IP or secrets like API keys.\"}),/*#__PURE__*/t(\"p\",{children:[\"This rule will catch said \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/blob/master/rules/aws_cloudtrail_rules/aws_ami_modified_for_public_access.py\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"API call\"})}),\" as it happens in an AWS account, allowing the security team to react before any potential damage is done. CloudTrail will also show a history of interactions to that image to understand the blast radius and potential impact.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Threat Hunting and Investigations\"})}),/*#__PURE__*/t(\"p\",{children:[\"Panther's \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/data-analytics/panther-fields\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"log processing extracts\"})}),\" a set of standard fields (atomic IPs, domains, etc.) in all log records, enabling fast and easy data correlation from multiple data sources.\"]}),/*#__PURE__*/e(\"p\",{children:\"As an example, Panther\u2019s Indicator Search allows teams to take an IP address and search for all related activity between logs like CloudTrail and S3 Access Logs to map the history of an attack.\"}),/*#__PURE__*/e(\"p\",{children:\"Additionally, Panther has a high emphasis on AWS-specific indicators, such as AWS instances, ARNs, AWS Account IDs and more.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Incident Response\"})}),/*#__PURE__*/e(\"p\",{children:\"Rules and alerts have Criticality levels often numbered from 1 to 5 (e.g. Criticality levels: INFO, LOW, MEDIUM, HIGH, CRITICAL), which determines the response velocity and vigilance that is required to mitigate the incident.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Analyzing custom internal application logs\"})}),/*#__PURE__*/e(\"p\",{children:\"Most Enterprises have production application workloads running on AWS either on EC2 or systems like Kubernetes, that contain context about how users interact with applications. Most security teams want to ingest this data for the purpose of understanding access to sensitive user data, whether it\u2019s personal, financial, or otherwise.\"}),/*#__PURE__*/e(\"p\",{children:\"Typically, these logs are sent to CloudWatch logs and are difficult to ingest into other SIEMs. Luckily, Panther can ingest and normalize this data for correlation, detection, and investigation. In comparison to built-in log types, users can define a YAML-based data schema to describe the field structure, type, and other metadata to parse the log into structured, searchable data.\"}),/*#__PURE__*/e(\"h3\",{children:\"Combining Use Cases\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",children:[/*#__PURE__*/e(\"p\",{children:\"Joining AWS cloud security posture to log data \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Panther scans AWS infrastructure and applies policies to it to detect misconfigurations.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"This data in AWS can be joined with the collected and normalized log data to tell the full story\"})})]})]}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(a,{href:\"https://aws.amazon.com/blogs/aws/learn-from-your-vpc-flow-logs-with-additional-meta-data/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Utilize VPC Flow Logs With Additional Meta-Data\"})})})}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",children:[/*#__PURE__*/e(\"p\",{children:\"VPC Flow+ALB \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(a,{href:\"https://www.bluematador.com/blog/static-ips-for-aws-application-load-balancer\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Correlates AWS requests to client IP addresses\"})})})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Combines both network logs in the AWS network stack\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Provides proactive load balancing in AWS\"})})]})]}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",children:[/*#__PURE__*/e(\"p\",{children:\"CloudTrail + VPC Flow Logs \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Provides the ability to create and maintain custom rules from AWS telemetry data\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Allows the ability to provision new instances to your existing AWS infrastructure\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Enhances Crypto Mining detection\"})})]})]}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",children:[/*#__PURE__*/e(\"p\",{children:\"Okta + CloudTrail logs \"}),/*#__PURE__*/e(\"ul\",{children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Increases visibility into AWS and provides a bigger picture\"})})})]})]}),/*#__PURE__*/e(\"h3\",{children:\"Best Practices and Takeaways\"}),/*#__PURE__*/e(\"p\",{children:\"Log everything into a centralized AWS account controlled by the security team.\\xa0Prioritize implementing and monitoring S3 access logs.\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"See \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/s3-bucket-access-logging/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"AWS Security Logging Fundamentals \u2014 S3 Bucket Access Logging\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"See \",/*#__PURE__*/e(a,{href:\"https://panther.com/resources/webinars/detecting-s3-breaches-with-panther/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Detecting S3 Breaches with Panther\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Leverage \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Organizational CloudTrails\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Use VPC logs to monitor selective traffic\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Implement redundancy and high availability failover of your data\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Mandate \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis.html\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CIS AWS Foundations Benchmark Controls\\xa0\"})})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Implement \",/*#__PURE__*/e(a,{href:\"https://matthewdf10.medium.com/aws-accounts-as-security-boundaries-97-ways-data-can-be-shared-across-accounts-b933ce9c837e\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"AWS-as-Security Boundaries\"})})]})})]}),/*#__PURE__*/e(\"p\",{children:\"Recommended Integrations:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"AWS services with Amazon \",/*#__PURE__*/e(a,{href:\"https://aws.amazon.com/sqs/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SQS\"})}),\", a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"AWS services with Amazon \",/*#__PURE__*/e(a,{href:\"https://aws.amazon.com/sns/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SNS\"})}),\", a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"See the Amazon blog on \",/*#__PURE__*/e(a,{href:\"https://aws.amazon.com/blogs/aws/queues-and-notifications-now-best-friends/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SQS Queues and SNS Notifications \u2013 Now Best Friends\"})}),\"\\xa0\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Slack, Jira, Asana, etc\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Easily leverage automation with \",/*#__PURE__*/e(a,{href:\"https://www.tines.com/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Tines.com\"})}),\" (see their free community edition)\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"\\xa0Platforms such as Tines are highly complementary to modern solutions to take action on generated alerts. Analysts and Engineers should not be performing manual and repetitive tasks and it is recommended to prioritize the ability to easily configurable alerts on to automation for taking action. This helps scale detection programs by pinging users, opening cases, or preventing unnecessary alerts from reaching your security team. When an alert is generated from the detection engines (or other sources), a modern solution will dispatch a notification to security teams to triage the alert in systems like PagerDuty, Slack, Jira, and Microsoft Teams.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"With the swivel seat removed from the equation, security teams can better streamline their process workflows. Organizations are now able to implement complex tasks such as instantly mitigating vulnerabilities as well as implement automated actions at will and as needed. The use cases and examples for this critical capability are endless.\\xa0\"}),/*#__PURE__*/e(\"h3\",{children:\"Get Started with Panther and AWS Today\"}),/*#__PURE__*/e(\"p\",{children:\"Panther brings logs from all of your AWS accounts together into a single view and makes them searchable and digestible with speed, scale, and flexibility while operating as a robust security data platform. Panther\u2019s utilization of detection-as-code, security data lakes, and real-time alerting gives teams powerful capabilities to meet their unique needs, discover attacker behavior quickly, and answer difficult questions during a breach. Built fully on cloud-native technology, Panther will be there to meet the most demanding needs of teams.\"}),/*#__PURE__*/e(\"p\",{children:\"When Panther combined with Amazon Web Services (AWS) it quickly became the world\u2019s most powerful security duo. There are many benefits that cannot be met with alternative approaches.\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Elastic and Scalable: Use what you need when you need it at machine speed.\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Cost-Effective: Extremely high return on investment due to low license and administrative costs.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Ease of Use: Anyone can do it. Onboarding takes minutes, not days. By eliminating infrastructure constraints, operating teams can reprioritize resources and focus on other priorities.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Visibility: By having more, you see more. Many legacy approaches with on-prem infrastructure have strict limits on ingestion and retention. Very quickly Tier 1 security analysts can uplevel to tier 2 and so on due to the eliminated overhead and added functionality an operating environment like this can provide.\\xa0\\xa0\"})})]}),/*#__PURE__*/t(\"p\",{children:[\"\\xa0Learn how to secure your cloud, network, applications, and endpoints with Panther. Revolutionize your security operations and \",/*#__PURE__*/e(a,{href:\"https://panther.com/request-a-demo\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"request a demo today\"})}),\".\"]})]});export const richText6=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/e(\"p\",{children:\"Bring disparate security logs from multiple AWS accounts together into a single view and make them usable with speed, scale, and flexibility while operating as a robust security data platform. \"})});export const richText7=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h3\",{children:\"Introduction: The Detection Blacksmith\"}),/*#__PURE__*/t(\"p\",{children:[\"\u201CIt is a strange fate that we should suffer so much fear and doubt over securing AWS.\u201D\",/*#__PURE__*/e(\"br\",{}),\" \",/*#__PURE__*/e(\"strong\",{children:\"\u2014\\xa0Boromir, maybe\"})]}),/*#__PURE__*/t(\"p\",{children:[\"Given the return to the screen of shows like Game of Thrones and Lord of the Rings, we\u2019ve been thinking in high fantasy archetypes lately. As security practitioners, tasked with outfitting our organizations with a strong defense against attacks, we see a corollary in the work of \",/*#__PURE__*/e(\"strong\",{children:\"the blacksmith\"}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"A smith starts with raw iron and materials then leverages their knowledge of potential attacks (bows, swords, maces) to smelt and cast the armor needed to protect the warriors of their house or city-state. (Gondor calls for aid!) As their house gains glory and prominence, the standing army a blacksmith needs to protect gets larger, requiring a sustainable way to produce and test the armor used in battle.\"}),/*#__PURE__*/t(\"p\",{children:[\"But, what house banner do modern security practitioners often find themselves protecting? To state some facts about how the \",/*#__PURE__*/e(a,{href:\"https://cdn.vox-cdn.com/thumbor/P1B93V04RV5saBRNKKAuVJNoIqY=/0x0:2730x1540/1720x0/filters:focal(0x0:2730x1540):format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/24133820/paintedtable.png\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"pieces are set\"})}),\":\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"The adoption and scale of \",/*#__PURE__*/e(a,{href:\"https://www.gartner.com/en/newsroom/press-releases/2021-08-02-gartner-says-four-trends-are-shaping-the-future-of-public-cloud\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"cloud infrastructure is expanding rapidly\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Amazon Web Services is the \",/*#__PURE__*/e(a,{href:\"https://www.statista.com/chart/18819/worldwide-market-share-of-leading-cloud-infrastructure-service-providers/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"market leader for cloud infrastructure and service\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Security Teams are often tasked with securing the data within AWS.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"A critical component of securing a cloud environments is quickly and effectively detecting malicious activity.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"From here, things get murkier. If you\u2019re hired to build out a detection & response function for a growing SaaS startup, where do you start? What if you have scars from trying to build an internal security stack in the past? Or, perhaps, scars from implementing a clunky, expensive tool that wasn\u2019t a fit for your growing AWS environment?\"}),/*#__PURE__*/e(\"p\",{children:\"This content is meant to provide some helpful guidance when it comes to creating and maintaining a viable detection & response function for an AWS-centric environment. This guide is meant to be introductory, but we\u2019ve linked to relevant articles and technical documentation throughout - oh, and some gifs.\"}),/*#__PURE__*/e(\"p\",{children:\"Crafting detections for AWS and crafting armor come with similar challenges:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Which materials are best suited to the job and how can they be refined for applied use?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Which tools should I use to build my defenses?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"How do I sustainably scale and improve production to meet the needs of a growing organization?\"})})]}),/*#__PURE__*/e(\"p\",{children:\"The Detection Blacksmith - Created by Dall-E 2\"}),/*#__PURE__*/e(\"p\",{children:\"In the next few sections, we\u2019ll lay out how to build a detection & response function for an AWS environment in the way a magical smith of yore might fashion Mithril shirts for a key battle against the forces of evil.\"}),/*#__PURE__*/e(\"h3\",{children:\"Part I: Refining Relevant Materials\"}),/*#__PURE__*/e(\"p\",{children:\"As a blacksmith, the first thing you\u2019ll need is relevant material.\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"What types of raw material are available? Iron? Steel? Leather?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"What state are the materials in? Is the iron rusty? Will they need refinement?\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Security teams are faced with a similar set of questions when tasked with securing an AWS environment, but instead of raw physical materials they\u2019re supplied with logs. Logs are the raw materials that must be fashioned into usable detections.\"}),/*#__PURE__*/e(\"p\",{children:\"For a blacksmith, the most common materials will most likely be steel and leather. However, the smith may also need specialized metals for certain use cases.\"}),/*#__PURE__*/e(\"h3\",{children:\"If a blacksmith has iron and leather, a security engineer has logs\"}),/*#__PURE__*/t(\"p\",{children:[\"For the security engineer, the most common material will be \",/*#__PURE__*/e(a,{href:\"https://medium.com/panther-labs/aws-security-logging-fundamentals-cloudtrail-c7733789a5dd\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CloudTrail logs\"})}),\". These logs are the \u201Csteel\u201D that gives teams the strength and ability to analyze \",/*#__PURE__*/e(\"strong\",{children:\"every single activity\"}),\" (user, role, service, and even API) that occurs within an AWS environment. Properly configured, CloudTrail enables the security teams to discover and troubleshoot both operational and security issues. Given their breadth of service coverage and volume, there are \",/*#__PURE__*/e(a,{href:\"https://medium.com/starting-up-security/investigating-cloudtrail-logs-c2ecdf578911\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"many ways to use CloudTrail logs in practice\"})}),\" - so it\u2019s important to collect and protect them.\"]}),/*#__PURE__*/t(\"p\",{children:[\"There are also cases when a security engineer would want to supplement CloudTrail logs with specific service logs to enable more granular detection. For example, since it\u2019s still common to hear about \",/*#__PURE__*/e(a,{href:\"https://www.darkreading.com/cloud/twilio-security-incident-shows-danger-of-misconfigured-s3-buckets\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"unknowingly misconfigured S3 buckets\"})}),\", it can be beneficial to collect \",/*#__PURE__*/e(a,{href:\"https://medium.com/panther-labs/aws-security-logging-fundamentals-s3-bucket-access-logging-93099ab80e38\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"S3 Server Access logs\"})}),\" to provide context into public S3 access. Or, given the use of RDP and SSH for high sensitivity remote traffic, it can be good to bring in \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/aws-security-logging-vpc-flow-logs/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"VPC flow logs\"})}),\" to highlight these connections to the AWS environment. Security engineers may also want to ingest \",/*#__PURE__*/e(a,{href:\"https://panther.com/integrations/cloudwatch-log-group/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CloudWatch logs\"})}),\". \",/*#__PURE__*/e(a,{href:\"https://medium.com/awesome-cloud/aws-difference-between-cloudwatch-and-cloudtrail-16a486f8bc95\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CloudWatch and CloudTrail\"})}),\" are both AWS-wide logs, but CloudWatch is typically used for application monitoring and metrics. CloudWatch can help security engineers react to resource changes and fire alarms for certain events.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The supplementary logs a team chooses to ingest will depend on the AWS services deployed - if an organization is leveraging container infrastructure, they might include \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/data-onboarding/supported-logs/aws#amazon.eks.audit\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"EKS logging\"})}),\". Or, if they\u2019re using AWS security services like \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/data-onboarding/supported-logs/aws#aws.guardduty\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GuardDuty\"})}),\" or \",/*#__PURE__*/e(a,{href:\"https://docs.panther.com/data-onboarding/supported-logs/aws#aws.wafwebacl\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Web Application Firewall\"})}),\", logs from those services also provide relevant context.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Unstructured, unorganized AWS logs are like rusty iron\"}),/*#__PURE__*/e(\"p\",{children:\"For materials to be workable, they need to be melted down into a uniform substance that can applied quickly into any armor mold \u2014 an arduous task. It\u2019s interesting to remember that the Bronze Age and Iron Age are named in part due to the heating ability of the forges in each age. Bronze Age forges could only reach temperatures hot enough to melt bronze. In order to smelt iron into steel, forges need to reach a certain temperature that wasn\u2019t possible before the blast furnace came to prominence at the beginning of the Iron Age.\"}),/*#__PURE__*/e(\"h3\",{children:\"By normalizing AWS logs, you remove rust and add carbon to that iron - producing highly usable steel\"}),/*#__PURE__*/t(\"p\",{children:[\"For security teams, in order for logs to be usable they need to be ingested, normalized and organized effectively. However, the same technological constraints remain in place today. The forge in today\u2019s SIEM tools is the ingestion and storage mechanism used to bring in the logs. \",/*#__PURE__*/e(\"strong\",{children:\"There are SIEM tools today that are stuck in the Bronze Age - leveraging out-of-date technology leading to expensive ingest and difficult log normalization\"}),\". When thinking about organizing logs, it\u2019s important to use tools built in the Cloud Age, with modern architecture, specifically for cloud environments. SIEM tools leveraging a serverless backend and/or a \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/security-data-lake/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"security data lake\"})}),\" are likely to be much more efficient and scalable when it comes to ingesting and organizing log data.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Part II: Enemy Tactics & Tools of the Trade\"}),/*#__PURE__*/e(\"p\",{children:\"It\u2019s time for the smith to heat, hammer, and craft them into relevant pieces of armor for the elves, dwarves, and humans to fend off the forces of a ring-crazed, eye in the sky - i.e. attackers.\"}),/*#__PURE__*/e(\"h3\",{children:\"A good blacksmith understands the weapons of their enemy\"}),/*#__PURE__*/t(\"p\",{children:[\"Before swinging the hammer, it\u2019s important to understand common tactics used by the enemy and typical attacks and weapons they may use. Before writing that first detection, reviewing \",/*#__PURE__*/e(a,{href:\"https://github.com/ramimac/aws-customer-security-incidents\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"common AWS incidents\"})}),\" or understanding \",/*#__PURE__*/e(a,{href:\"https://magoo.medium.com/responding-to-typical-breaches-on-aws-28d6fe4071d0\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"theoretical responses to many AWS attacks\"})}),\" will be helpful in conceptualizing the detections needed. Both \",/*#__PURE__*/e(a,{href:\"https://attack.mitre.org/matrices/enterprise/cloud/iaas/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"MITRE ATT&CK matrix for cloud infrastructure\"})}),\" and \",/*#__PURE__*/e(a,{href:\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis.html\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CIS AWS Foundations Benchmark\"})}),\" are great places to start when laying out baseline requirements.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),\" Blacksmith reviews enemy weapon designs - Dall-E 2\"]}),/*#__PURE__*/e(\"h3\",{children:\"There are helpful, standard armor casts, but the creative craftsperson might want to customize a piece\"}),/*#__PURE__*/e(\"p\",{children:\"After understanding the tactics, the trick for the smith is crafting useful basic armor but also implementing creative custom pieces when required. In many cases, standard armor would suffice (a one-size-fits-all helm for example).\"}),/*#__PURE__*/e(\"p\",{children:\"However, custom armor designs may be required as well. For example, should giants pledge their swords to the cause, customization and creativity will be required to hammer new armor molds to their size. A smith needs both standard molds and also a proper hammer to craft new ones.\"}),/*#__PURE__*/t(\"p\",{children:[\"The same combination is valuable for a security engineer crafting detections for their environment. When possible, it\u2019s helpful to leverage out-of-the-box detection logic. For AWS specifically, detections for highly sensitive activities like root logins, root password resets, or logins without MFA should come ready to turn on. Having \",/*#__PURE__*/e(a,{href:\"https://github.com/panther-labs/panther-analysis/tree/master/rules\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a handy list of relevant detections\"})}),\" in your back pocket is a nice way to start building out defenses. In addition, SIEMs should also provide easy-to-follow mappings to standard attacker techniques. A great example would be the previously mentioned \",/*#__PURE__*/e(a,{href:\"https://panther.com/cyber-explained/mitre-attack-framework-incident-response/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"MITRE ATT&CK\"})}),\" framework. These features make it easier for security teams to ensure they cover the most common use cases with their detections.\"]}),/*#__PURE__*/e(\"h3\",{children:\"For security engineers, Python is a versatile hammer for crafting\"}),/*#__PURE__*/t(\"p\",{children:[\"It is important to note that security engineers also need a \u201Chammer,\u201D or a way to customize detections for their specific environment or use cases. Black box detection logic that can\u2019t be edited or modified often leads to frustrating false positives because detections don\u2019t \u201Cfit\u201D a given AWS environment. Given the \",/*#__PURE__*/e(a,{href:\"https://aws.amazon.com/products/?aws-products-all.sort-by=item.additionalFields.productNameLowercase&aws-products-all.sort-order=asc&awsf.re%3AInvent=*all&awsf.Free%20Tier%20Type=*all&awsf.tech-category=*all\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"number of AWS services\"})}),\" and their potential configurations, it is important for security to have the ability to look under the hood to fix and tune detections to their situation. Moreover, when it is time to customize a detection, writing detections in a highly expressible language like \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/using-python-to-write-siem-detections/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Python is incredibly valuable\"})}),\". To cap off the analogy, Python is a great hammer.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Part III: Scaling The Process\"}),/*#__PURE__*/e(\"p\",{children:\"While it may seem like the blacksmith\u2019s job ends when a piece of armor goes out the door, that\u2019s really just the beginning. There are a few key questions that must be answered to effectively win the war and not just one battle:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"How does armor production scale with different needs and different battles?\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"How effective is the armor? Can we test it? Are there ways to improve it?\"})})]}),/*#__PURE__*/t(\"p\",{children:[\"For a smith overseeing armor production for numerous battles, the process must adapt quickly. Being able to seamlessly re-use old armor molds with new forges and quickly get a new production up and running is critical to making sure defenses are ready when the \",/*#__PURE__*/e(a,{href:\"https://media.tenor.com/w8kAoMlhgjQAAAAC/so-it-begins-raining.gif\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"new battle begins\"})}),\". Moreover, it is critical to improve armor over time. The smith needs to understand which armor design is being used and how each design is performing by testing it.\"]}),/*#__PURE__*/e(\"p\",{children:\"The last thing a blacksmith would want is to send a shipment of faulty armor to the frontlines. Therefore, careful testing of armor before it sees battle is important. Once a piece of armor is tested and validated, getting it into the hands of our heroes as quickly as possible may turn the tides of an important battle.\"}),/*#__PURE__*/e(\"h3\",{children:\"Detection-as-Code helps sustainably craft and deploy detections into battle\"}),/*#__PURE__*/t(\"p\",{children:[\"For our heroic security teams, scale and testing can be accomplished via \",/*#__PURE__*/e(a,{href:\"https://panther.com/blog/modernize-detection-engineering-with-detection-as-code/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Detection-as-Code\"})}),\". One key benefit of the Detection-as-Code revolution is code reuse. When DevOps spins up a new AWS service or additional infrastructure (or orc battle), the security team has a wealth of detection code at the ready to call on in the new situation - saving them time from re-writing logic.\"]}),/*#__PURE__*/t(\"p\",{children:[\"By implementing Detection-as-Code, security engineers can version control their detections and thoroughly test them. This functionality is critical to improving or tuning the logic - and for adding the code to \",/*#__PURE__*/e(a,{href:\"https://aws.amazon.com/getting-started/hands-on/set-up-ci-cd-pipeline/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a CI/CD pipeline\"})}),\". Finally, just like testing armor leads to a reduction in injuries, testing detections before implementing them improves their efficacy. With Detection-as-Code, it is much easier to do unit testing or test using replayed data before deploying detections to production. By building a strong culture of testing and tuning detections, security teams can ensure they\u2019re constantly improving their posture as they face the day-to-day challenges of securing their AWS environment.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Conclusion: Defending Your Banner\"}),/*#__PURE__*/t(\"p\",{children:[\"As a modern, cloud-native SIEM, Panther is built to help security teams defend AWS. If you\u2019d like to make the first step on your quest to defend your kingdom, try \",/*#__PURE__*/e(a,{href:\"https://panther.com/free-trial/\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Panther\u2019s free trial\"})}),\" here. In the trial, you can experiment with ingesting logs, leverage out-of-the-box AWS detections, and craft your own custom detections in Python.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In the same way it is intimidating for a blacksmith to be tasked with outfitting an army to \",/*#__PURE__*/e(a,{href:\"https://thumbs.gfycat.com/AdorableEagerKronosaurus-size_restricted.gif\",motionChild:!0,nodeId:\"bfkV_Pb3R\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"charge at the Black Gate\"})}),\", it is no small ask for security teams to secure ever-changing, ever-growing AWS environments. However, just as a blacksmith can start with only raw materials and end up producing weapon-tested, custom armor for a variety of battle circumstances - we can help security engineers make the same transition from unorganized AWS logs to a sustainable Detection-as-Code practice. As always, we\u2019re here to support you.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"em\",{children:\"Sagon Mijegon A\u016Bgagon | Be Without Fear\"}),/*#__PURE__*/e(\"br\",{}),\" -High Valyrian Proverb\"]}),/*#__PURE__*/e(\"p\",{children:\"\\xa0 Blacksmith and Panther - Dall-E 2\"})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],
  "mappings": "+LAAsJ,IAAMA,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yqBAAyqB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,2EAA2E,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kCAAkC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8OAA8O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,4EAA4E,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kCAA6B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gPAA2O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,4EAA4E,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kRAAwQ,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iBAAiB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wLAAmL,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+JAA0J,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iBAAiB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8KAAyK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6CAA6C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wKAAmK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+BAA+B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oMAA+L,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBH,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,yDAAyD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8FAAyF,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mMAAmM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8IAA8I,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sDAAsD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uEAAuE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yIAAyI,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,EAAeE,EAAuBF,EAAID,EAAS,CAAC,SAAsBC,EAAE,IAAI,CAAC,SAAS,oKAAoK,CAAC,CAAC,CAAC,EAAeG,EAAuBL,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,mGAAyF,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kTAA6S,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8EAA8E,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iFAAiF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gDAAgD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gGAAgG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qNAAgN,CAAC,CAAC,CAAC,CAAC,EAAeI,EAAuBJ,EAAID,EAAS,CAAC,SAAsBC,EAAE,IAAI,CAAC,SAAS,uKAAuK,CAAC,CAAC,CAAC,EAAeK,EAAuBP,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wbAAmb,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4dAA4d,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,quBAA2tB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wNAAwN,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wJAAwJ,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qIAA6IE,EAAE,SAAS,CAAC,SAAS,6CAA6C,CAAC,EAAE,+RAA+R,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gPAA2O,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gEAAgE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qkBAAgkB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wcAAwc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qNAAqN,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yaAAya,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4oBAAuoB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gGAAgG,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wUAAwU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ukBAAukB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kUAA+UE,EAAEM,EAAE,CAAC,KAAK,4EAA4E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,uCAA6B,CAAC,CAAC,CAAC,EAAE,kNAA0NP,EAAEM,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,6TAA6T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4MAA4M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kuBAAmtB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gsBAAgsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iGAAiG,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,sDAAsD,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,kBAAkB,CAAC,EAAE,kFAAkF,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,EAAE,mHAAmH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,4KAA4K,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAS,CAAcA,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,aAAa,CAAC,EAAE,8SAA8S,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wBAAwB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAEM,EAAE,CAAC,KAAK,wGAAwG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAE,8KAA8K,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iDAAiD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yCAAyC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kEAAkE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4SAA4S,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kLAAkL,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,8NAA8N,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,0KAA0K,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,waAAwa,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEM,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAsBP,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0CAA0C,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gGAAgG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2HAA2H,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sJAAsJ,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iHAA4G,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8IAA8I,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEM,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAsBP,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gPAA2O,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAEM,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uEAAuE,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kiBAA6hB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4CE,EAAEM,EAAE,CAAC,KAAK,yHAAyH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,gXAAgX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8CAA8C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gYAAgY,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiDE,EAAEM,EAAE,CAAC,KAAK,4HAA4H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,0IAA0I,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yVAAyV,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0CE,EAAEM,EAAE,CAAC,KAAK,gIAAgI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,mOAAmO,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAEM,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,+IAA+I,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,wMAAmM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kIAAkI,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mOAAmO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oVAA+U,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gYAAgY,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAS,CAAcE,EAAE,IAAI,CAAC,SAAS,iDAAiD,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0FAA0F,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kGAAkG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAEM,EAAE,CAAC,KAAK,4FAA4F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,iDAAiD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeT,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAS,CAAcE,EAAE,IAAI,CAAC,SAAS,eAAe,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAEM,EAAE,CAAC,KAAK,gFAAgF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,gDAAgD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,qDAAqD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAS,CAAcE,EAAE,IAAI,CAAC,SAAS,6BAA6B,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kFAAkF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mFAAmF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAS,CAAcE,EAAE,IAAI,CAAC,SAAS,yBAAyB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6DAA6D,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0IAA0I,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAEM,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,mEAA8D,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAEM,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,YAAyBE,EAAEM,EAAE,CAAC,KAAK,8FAA8F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kEAAkE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,WAAwBE,EAAEM,EAAE,CAAC,KAAK,0FAA0F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAEM,EAAE,CAAC,KAAK,6HAA6H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,2BAA2B,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAEM,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,mJAAmJ,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAEM,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,8HAA8H,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,0BAAuCE,EAAEM,EAAE,CAAC,KAAK,8EAA8E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,0DAAqD,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgDE,EAAEM,EAAE,CAAC,KAAK,yBAAyB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,qCAAqC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,opBAAopB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yVAAyV,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uiBAAkiB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6LAAwL,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gFAAgF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kGAAkG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yLAAyL,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kUAAkU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qIAAkJE,EAAEM,EAAE,CAAC,KAAK,qCAAqC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBR,EAAID,EAAS,CAAC,SAAsBC,EAAE,IAAI,CAAC,SAAS,mMAAmM,CAAC,CAAC,CAAC,EAAeS,EAAuBX,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mGAAsGE,EAAE,KAAK,CAAC,CAAC,EAAE,IAAiBA,EAAE,SAAS,CAAC,SAAS,0BAAqB,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gSAAwSE,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yZAAyZ,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+HAA4IE,EAAEM,EAAE,CAAC,KAAK,+MAA+M,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeT,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0CE,EAAEM,EAAE,CAAC,KAAK,gIAAgI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2CE,EAAEM,EAAE,CAAC,KAAK,iHAAiH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,oDAAoD,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oEAAoE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gHAAgH,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6VAAmV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wTAAmT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8EAA8E,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yFAAyF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gDAAgD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gGAAgG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gDAAgD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+NAA0N,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yEAAoE,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gFAAgF,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yPAAoP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+JAA+J,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oEAAoE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+DAA4EE,EAAEM,EAAE,CAAC,KAAK,4FAA4F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,+FAAkGP,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,2QAAwRA,EAAEM,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,8CAA8C,CAAC,CAAC,CAAC,EAAE,wDAAmD,CAAC,CAAC,EAAeT,EAAE,IAAI,CAAC,SAAS,CAAC,gNAAwNE,EAAEM,EAAE,CAAC,KAAK,sGAAsG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,EAAE,qCAAkDP,EAAEM,EAAE,CAAC,KAAK,0GAA0G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,+IAA4JP,EAAEM,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,sGAAmHP,EAAEM,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,KAAkBP,EAAEM,EAAE,CAAC,KAAK,iGAAiG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,wMAAwM,CAAC,CAAC,EAAeT,EAAE,IAAI,CAAC,SAAS,CAAC,4KAAyLE,EAAEM,EAAE,CAAC,KAAK,+EAA+E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,0DAAkEP,EAAEM,EAAE,CAAC,KAAK,4EAA4E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,OAAoBP,EAAEM,EAAE,CAAC,KAAK,4EAA4E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,2DAA2D,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,SAAS,wDAAwD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qiBAAshB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sGAAsG,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gSAAwSE,EAAE,SAAS,CAAC,SAAS,6JAA6J,CAAC,EAAE,sNAA8NA,EAAEM,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,wGAAwG,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,SAAS,6CAA6C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yMAAoM,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0DAA0D,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+LAAuME,EAAEM,EAAE,CAAC,KAAK,6DAA6D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,qBAAkCP,EAAEM,EAAE,CAAC,KAAK,8EAA8E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAE,mEAAgFP,EAAEM,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,8CAA8C,CAAC,CAAC,CAAC,EAAE,QAAqBP,EAAEM,EAAE,CAAC,KAAK,0FAA0F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,mEAAmE,CAAC,CAAC,EAAeT,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAE,qDAAqD,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wGAAwG,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yOAAyO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0RAA0R,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wVAAgWE,EAAEM,EAAE,CAAC,KAAK,qEAAqE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAE,wNAAqOP,EAAEM,EAAE,CAAC,KAAK,gFAAgF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,oIAAoI,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,SAAS,mEAAmE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6VAA4UE,EAAEM,EAAE,CAAC,KAAK,kNAAkN,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,4QAAyRP,EAAEM,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,qDAAqD,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,SAAS,+BAA+B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+OAAqO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6EAA6E,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2EAA2E,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wQAAqRE,EAAEM,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,wKAAwK,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,kUAAkU,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6EAA6E,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4EAAyFE,EAAEM,EAAE,CAAC,KAAK,mFAAmF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,mSAAmS,CAAC,CAAC,EAAeT,EAAE,IAAI,CAAC,SAAS,CAAC,qNAAkOE,EAAEM,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,keAA6d,CAAC,CAAC,EAAeP,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2KAAmLE,EAAEM,EAAE,CAAC,KAAK,kCAAkC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,2BAAsB,CAAC,CAAC,CAAC,EAAE,sJAAsJ,CAAC,CAAC,EAAeT,EAAE,IAAI,CAAC,SAAS,CAAC,+FAA4GE,EAAEM,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBN,EAAEO,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,oaAA+Z,CAAC,CAAC,EAAeT,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAS,8CAAyC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,CAAC,EACxzkEU,EAAqB,CAAC,QAAU,CAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC",
  "names": ["richText", "u", "x", "p", "richText1", "richText2", "richText3", "richText4", "richText5", "Link", "motion", "richText6", "richText7", "__FramerMetadata__"]
}