From 1b7c9295def061d353bce262a0152ee196757582 Mon Sep 17 00:00:00 2001 From: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Date: Tue, 19 Sep 2023 15:05:55 +0300 Subject: [PATCH 01/18] Microsoft updated docs (#1395) * updated docs * updated docs --- content-repo/extra-docs/articles/microsoft-auth-guide.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content-repo/extra-docs/articles/microsoft-auth-guide.md b/content-repo/extra-docs/articles/microsoft-auth-guide.md index 5db7b84d3..f3ee8943c 100644 --- a/content-repo/extra-docs/articles/microsoft-auth-guide.md +++ b/content-repo/extra-docs/articles/microsoft-auth-guide.md @@ -149,7 +149,7 @@ After you a redirected to the next page, in the **Overview** tab you will find y ![Overview](../../../docs/doc_imgs/tutorials/tut-microsoft-auth-guide/subscription_id_resourse_group.png) -## Self Deployed Application - Example +## Self Deployed Application - Example for [Microsoft Graph User integration](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user) 1. In Microsoft Azure portal, create a new app registration. 1. Select Azure Active Directory> App registrations> New registration. @@ -267,3 +267,5 @@ For example, when using the "self-deployed Azure app" for Microsoft Graph Mail S 2. Validate that all the credentials you entered are correct (Client ID, Client Secret, Tenant ID, Application redirect URI). 3. Run !msgraph-mail-generate-login-url to generate a new *Authorization code*. 4. Run !msgraph-mail-test to test the connectivity of the email. + +**Note**: If encountering an "Insufficient privileges to complete the operation" error, ensure the necessary permissions were added, according to the integration documentation. Subsequently, reset the authentication and initiate the authentication process again. \ No newline at end of file From 4a904ce372bc1d7430570cfb8afd8a0f4a3dbe56 Mon Sep 17 00:00:00 2001 From: tkatzir Date: Tue, 19 Sep 2023 17:25:00 +0300 Subject: [PATCH 02/18] Update parameter-types (#1393) --- .../integrations/Screenshot-long-encrypted.png | Bin 0 -> 7669 bytes docs/integrations/parameter-types.md | 17 ++++++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 docs/doc_imgs/integrations/Screenshot-long-encrypted.png diff --git a/docs/doc_imgs/integrations/Screenshot-long-encrypted.png b/docs/doc_imgs/integrations/Screenshot-long-encrypted.png new file mode 100644 index 0000000000000000000000000000000000000000..9cfabb8b1775e9d2ed079a3bdf21ce5b1375dd16 GIT binary patch literal 7669 zcmch5Wmp`|67J#_Bv=GOa0u@1?k1_|!2L4&*8UGklC zzUSWmcb}e_?y0w`x}g0h)s5rvCV&VTD$UVYlQn9V*wjmH1_%J)hFY~(@e@b+STo2P_p3qeX;TJjWIVZ0>KJtAza^gv=PMNKrKh41wex+Hy9Q9I|~@D z_q#U>nkWudu84*V=2*ZpGM9d2QxW@UZhX{W(JB=IN`HxHd|ec~fRh~Z!e_-n?{l(p z*j4CVF?RzG#XpYFo*~~L<{7goe5^C30K*OXr#J$L;h2Mwj^ubSh65V9^BoC%@a=>2 zR*4+B1ppoXeX0OSv7&5ORYF?i@L+VQo*Z0N+zDh2l43;7;9}{zY(5naRfNK%!YC_- z)bMY4j3Z1|!mgC55r$z){!AiCIW{Aof4iRqv}?mu zjwO_}fHjGAG1+9$n}M(-kh7Q1^uDrc#(ZDb7S3I`9?tvueDIsDFYAsxoawy71TP}j zSJ)hz8rvH48ZjFA8%-8a1kfrzHgw*utRIp4aJ3`)A^MT{p$G?NQPSc(LmLh_Rq@D4xxdCx~&X-Kwh!Gs!C;tzYrfR}N~cSYO#kg2 zAuWk&>$fWfv;y<58)ZM#f2#5oy2@IA3eVkD*U?~d!#Kw|XLCyq$$vFIQ){j(bnvn) zj_X_LSK9*O{8rs2{p<7-e{{JXnc%Y6VzokNv3%*xae*?=LC-tS`K`%cE$j|rn&Ok< z2^FaYbJ=rcH?p70x5^T8>($F-4`TRq7Zn6GJ|x`0oe%6Xb6UM-daeIi;4|K9Yz`Ae z_92#`x>OWShxcD>tZlB}ht*xYHyHCOD$6~{$tX1_{b1;=5n8wN3Jc;R6!5V<(IIPY&j^$_du9pCYJ zi^`NXomicwSw@$cg-(5|_T^R^A&d5LpV7PG>o!7jjBk?PBr|%l^TR>epn6c;W(g89 z#v0+i{z%nINkW@u@g!ME=#<>l!_@2)P@L9<+Lx_)`$C4+@ z@nO8Di>hby(?CsdFUB68kAG6Aa00zn$!aOrtzgdr`nQH4N-k^|KrnLliQ`h>iM;IsI$SdF}w>)K!3 zv-raK^51*S>e@23Bnoc*`Q5S9A?QzxL!v@>L^;Bsf;&@+6u4QSk6uy)|Bu7}hRJ|lbnlY^S zbLyvyaHepQPdYd?LR(U$UZpJcyjU+@5P0y|`&3=7Ek=YU%`ig@#%d4w4Z{3b?SFOzx}yFYZEt`M9`U6+n$xzb0Ji1I z+cFIkV3)cYHhFI*Q;InAypc0XT}l@f56MeY!`tx~>r`kMJQ>6;$<@lxFKg7Tz1ezQ z!#O_{X?|^fUrX4Q*ivtoao9Yxhdj+bt!?kmMQLj_U)aHFxqd{wtjL)bmZr}2m}-|` z5Pxqkf0md?T$ZlLE53Z~tDQujL=QPw+^w!#^FF)m`orHaYd_y|U_-+E$E#h_SN35W z-oEqvZK)sa{p$S1kAsY0tY8#(V~8OI@8bM-={4r`uTb zXrBC+C7~_1(x#={_G;05vPT{sCc%fh?W-(rCB$?qeh80_-_N6o_VI~v&(A9Bsl8R- zzJ3eXn%OF6f3Td>)z?*eG`*HT*IBID+>ZZ6kV%vIi}&$BY%2ITVl9GM52;MtZeX6o zFucjNLa?^&)cN~niMCI<{;sjRe&ep!`99~ijb%A|IrpMt<0yFiVQa_ez)x^-XJi&U zaIAG|S1`|LfYCC%?9?&tHNAJ3;Jxq7-Tbk+#f#kg#w+Oz>+JX@b5XhN@kVs(BP2BK zhV|Yv3ZEoFV9H1TJZ;AT69Efh8@UbHK?u$7#PJjV+1lmVvM~0xK)wLutI=0QA1qGy z_X~ghKG=@P!tTK7NcKs&4PASCYnal?cV5t!#ocGx8)77H=;y6|q;+6-&fnr;w@$Vm zwOr7amEM1weUY<8v2NB^@LQQ8u0&{ED9M-ge(Z#E#pbc0)?xVvF`A_pz6cqHk^&6Io4v9GS)r(kY z1*-)D%33HY0_dQ9Q~+G4H2@LXgM(hLp%(yv5E}wOfj)7emqa%Ff2eTb*$DsX1C(Jv zQFU=yS?E*U%ozl-cd>GCMR2AJf{L27)&RN!6&3i*9PF4(%pFWYOkg`l7z;oE%m?k- zfm}^U!FIOxE_`4?@+Slzv=4jDOiua)akUX72P&$NiaR)iNV%9;m{`b#&`C*21)R+- z_|zn%{$YoX1j(&jT^;$DnLRu_m^|2-9GoqgS$TPRnOWGF+1MDN2u2rAdsh=MqrD5o zUm^dIBLQ+TbGCMLwRW&4g~>HBb#QYPBqxU{`tR@WJV9XV|7o&!`Nu4%fy^)pGbrra{|n4N%>O3-!zjQEGyGqU`0M4Tw@^0=p$jnoH)KNSN&BD}005_5Rzg$* z40n(*>!L4B&>MB}Vfk`#j=|xi{l^R%H6pwYE$I;;0p*JOWYC6$R1+VcARD|w_70cs zU8VRwW&Juh%ucdi%ciDIxB3D^>C~QRA@F+0*^(_*dTg4>Tk7)SK}{|A~=uB>@oJMNhI!)7|AWJ*&iN zYL;tW(?|S*s4WA>nSru$6IJ2|Xrp7ZVsbPlCN?gGoOM){O_2Xj<6TSN1tegO?fP4u zcGqND>&>02tXyP5duQJlKE315EmipD1p_vG?dmAI=1UfF#j!rKEhQRKjdxoubCoa2J-;)93XJ=q~xZKTi3X88kUFvah4-=GlIN`hpog z#&>e+=T(%q`6W}>C!kJbq@n_(L%4;B!YmHAg1sZC5jakn4g!OLBk2~3Isx$;pn*Q4 zg|lh%j=ih}BMSD@Q|Gp#?scHjen|}Kn`M-w_Sn@?CxZTP2f?MyO%R39^q)HU%Wjj7 z{V!j_<2QnMC`Nn@eoKRDjSQn1lRDbBFX&tzKMLH29=)-fq1t&Dc5(&zI`8WljVNPm zhIU1T-{Lmq<>T;q_>csG>1Lt&{CRc9H+_pO!YQ4m##+k9yI-4beF%claWQmFDMbN> zhtqC7o;qw-S7Ga~J zl)Z}!70+YiVm&xK3n5NRPE9y`cwVD>yD_(jx%2TeG`wJ%746?U(goN>amlflO!}N; z1z|fn)(5_n7$rGagEwYoxtn{p*a{WGe#b$Sy9~7+#y{@T6EYc?NtT&^aZbsm3@e28 z_JX`DhE+XOEhjJ&dQR?QkRbzdaVCPoCFHIrB4rbagfi*%2AZ*!T8tN5Lp?XxUB*_I z`#H!26>I_H2Rm=Mj?XB(i#O6kBrmkr!L@TWxacJ%46%50K6vBofmNWA55QOE`PA}q zrmY%#VCu>Cs^fP~Bm?pVuc_EMWpUTmzczCi**CaCX1g(~m2caoXDt;@%&{#tUt)`C z6-If9NA*!ry)!fv`kVue>NrDu*GZWm24s)R5dtoPvEZq8&H#FlM)p@j6*H=4g~ z_8ihSlx#|IJ~b?8dfRt#sHR$>MZ<4Ccl3i~wKF{uf5(f*e6F+6$ZxgKWQ`70nyC0| zo`c9uXy4SC-6Pzku#`4egI=sE>dPS)p&Xj-IfD` z;{<3f;GqGPEDDM##MP?GwqrIO)x4_t#wS(qiO)(bqtGq3w<{L8hWAkluwI7-9_Jp; zer)+{)-k`t2)dpfQ_*~{a<()0!OLB#q6)HDZ_ggbO{4WF+K)WkBGvO%F=MRGVb0w2 zeQ&zpw_#^Lx2AG`zCk*xsQRXs;{Nmqb()N<1SV$US&D-X_hY41=ZW?kFD0ZjaYm={ zK1e!|$cJ78IIR%xk`5-8Vi774_M{1h9aqsISDk>=OZX;GoEzKK=;WM1?!KZKH*$?= zyl-mxg&pG7?i8*w!}X(vi-p@p%@KF`e?s(%%4p-I2wL~}EC&1As^0ntSV+9%W9#D3 z(Mo0nG71tC8%!g85!Wb-XAkv|FGnAF(Qr60Hda0DbX9HQ^M0;#N^ZGS9G((KA3iY{ zo*p4SrKtd7Pqp5A6^&uElu**32a;GHO{U5t zZDlViN#e~gFuPbPQ5tVDK36S-Y_`}5I;)C{c<44O3QmXyHszNnr_OulH{~gd(?oF& zXYMr;Hzm@0=xzL*X6)r%(~TcJmK_giY2?wu#6cfyG>Nh~w!jwSe!MwLb^Q%Qk?J*< z(`LYtEG^~px=~aIB4ry;LdcveSAQPdh9LZSR>G=GCEe{}sUcIoU>$RDm~hcr<)CH} z^ID8yIz?E{)1=&0@HJNn&bAOsN#CxeT5zBCte!gEBo)%h>NfWvI{tav=k6rT#>-09 zcP3Pin<`-gGv`Ysy2{)n|c@WZz?MBK%-O}n}wA()T-T1G@R+7nzOO$1`g{YJa{=0%3L!ZPLe?trC$2C z8^566B_jFn)ha8(?CBm=d_3E0yYcD2cssHtqI+WbDmr|@s=eCXVmwi1TJ>>j^9iIJ zhv*jRw6i-!yZf2pNESO*kL`!)yng3j*42VSS_#tYP2&o<1ZF?p6cFuE(F;m0-LLpr za2}7l^u1ZvjU{O5njD?S5VLyOy&RubGnv`z@6&fQ6EvF=LVyIkHT5ef8whHMeiUsl zs`2=~)VA*C?4@){9+B!2o+FjLO4tO1GL}JjJKr$F+QQHFZPdaw#A>M8N}Frp|hd2QQ9w=k({HaOSDHfxY^#jI)uF8SLp=b zghhx;8Zbn&GF@JufQ<37to!vG2nTDN&;)!8QhQ{oXLeEzq9BBl!nU5Wxq3BHY!bnY<65__ZREIA6f0 zEhGqlLPugh3`#a9G^lw{m>|Fb{o%CmXU>Bbw#%}`qK~3%|gwjP=EZSL&o}LxZL!?Z`r#Vg`R-LQG2EKn1iR+nz{1T0uKBM zzI*lb`NeM7z0P93MzQRD@wIOjZVUMLI9JpVyz(Zud{=HT}&k!`I0TPK`Bi zEmccC=SZiu=3=k7F2&bcI6_m+KE_KefF(EL&)!>LrU4R_l& z??&6O_-bv%q$<=h$bD?|Js3^Ci1s zWwmhx-uH_SX?BqP;@aj{JZ<(KHKPw3 zSLX7GCPQc@?h%J8FeqsC)SVW$z41frv!SdEMh)U^FPcaig?Fb^v16STPop zp0zLyg-*wc{RhMEKkHzX5G*WSh>0(@LB{3_1tw|rxkuJ$^nX(>h!Pq~nI*#4k}zD3 zxWCwQzRSQw7*Rw98ls>LyByUg34GA#<+w0gp*`i_|5r9!^Z@AtMc;GroFj}E^l`8p znW6^7fVVS*uQ*ZBgN+)2DX^n#Jri7uOzU||!~JW-;4WtUQU#b%dT}Dz2b4{{Q&2EYY5EK?l=LD2yEjgOEzIfYp_40WF?g(%EgQW{||M334s6r literal 0 HcmV?d00001 diff --git a/docs/integrations/parameter-types.md b/docs/integrations/parameter-types.md index 88df48802..f71f97beb 100644 --- a/docs/integrations/parameter-types.md +++ b/docs/integrations/parameter-types.md @@ -12,7 +12,7 @@ See [here](https://xsoar.pan.dev/docs/integrations/yaml-file#configuration) for This type of parameter creates a checkbox in the integration configuration. When the checkbox is ticked, the value in the integration code is `True`, and `False` otherwise. -The type number is: 0. +The type number is: 8. ![image](/doc_imgs/integrations/54881985-48654700-4e5e-11e9-8e1c-7a95d1b84328.png) @@ -24,7 +24,7 @@ Access: `demisto.params().get('proxy')` This type of parameter is used for short input parameters, such as server URLs, ports or queries. It creates a small sized text box in the integration configuration. -The type number is: 8. +The type number is: 0. ![image](/doc_imgs/integrations/54881995-616df800-4e5e-11e9-8f15-475422b97066.png) @@ -44,7 +44,7 @@ The type number is: 12. Access: `demisto.params().get('cert')` -## Encrypted +## Short Encrypted This type of parameter is used for encrypted inputs, such as API tokens. This should not be used for username-password credentials however. It creates a small sized text box with an encrypted text, which would also be stored encrypted in @@ -57,6 +57,17 @@ The type number is: 4. Access: `demisto.params().get('token')` +## Long Encrypted + +This type of parameter is used for long encrypted inputs, such as certificates. +It creates a text-area with encrypted text. The text would also be stored encrypted in +the database. +The type number is: 14. + +![image](/doc_imgs/integrations/Screenshot-long-encrypted.png) + +Access: `demisto.params().get('cert')` + ## Authentication This type of parameter is used for username-password credentials - username as plain text and an encrypted password. From 634c1050a607492fa0b2c8ec8621745fa19e38ac Mon Sep 17 00:00:00 2001 From: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Date: Wed, 20 Sep 2023 12:49:31 +0300 Subject: [PATCH 03/18] Add Incidents Fetch Interval configuration parameter (#1396) * Add Incidents Fetch Interval * New screenshot for Incident Fetch Interval param --- docs/doc_imgs/integrations/fetch-incidents.png | Bin 0 -> 39059 bytes docs/integrations/fetching-incidents.md | 9 +++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 docs/doc_imgs/integrations/fetch-incidents.png diff --git a/docs/doc_imgs/integrations/fetch-incidents.png b/docs/doc_imgs/integrations/fetch-incidents.png new file mode 100644 index 0000000000000000000000000000000000000000..78ab95d23afef19986844d61cef302c6ba6bc036 GIT binary patch literal 39059 zcmdSAWmFwe)9*<_f+Sdw;1Jv;xD(tVxVyW%CTIwfKyVENcXxMpcXv6sGn?nGcdhv_ z_rCXjnKko)b&`F$`|RFT^{?7pzy9%6Rt)hS&O0b5C`1WyVFf6tS3jYkUMs-CfDtCn zJqY-Kw-Z-)gn~lqeEEA7LxY4124S5fWJF+h;L+icaNLIn)&4UiqUI#v>||!^0F_rf zC=P}YoWPKPfA=yjWNYW{U~X#W1XYMU$OT4`{xj-etp9T8 zCns}jV<^^ZWO(om{L43rwkA%l`VPiW+IG(`hrj>N#myZJt@Od64p23%m62c=?qyh2 z-@(S*#uTa*cRLu2!Tyi)ogEB~p)Q~O5B}>gAzN!}V;d)^tHIb7Fb4B-n3B1Zl`&NA z@i+w()F&tjVF4w#&k``I`DCCFSsLE5cy%3Slc{IRe(aLkrixaPX z8H!W}?k*4P?d;O!()c*Ixiz5)(CCM7X)h(yN^$K-cQkhMM zPy1;~(p3sh>QfXvno`}*x5uijHS3)Zg2KZQ@2`$FF7_tgz`~+oVZr(J85vCFD;H|j zp}M+WGwFXIBpeYV^cH@8daU!fq%JEf)2es+@$`5DUB|CAtJ_1<^`nI;dGe?WZ>s>z|9?nN< z>*`*u?(T+&X0Gi|6==2iER}1isC;a2J%L$$xIK^E6V3encz%N8i;KY|QoetGJ-`#) zCk!rXZfPtD%< zy#oW8`W-<=rly+J_D>J)S4RtC;^J_~{11#K6$z`WdR)%?M(`});vODcJ&}ZBB{Ok( zQu63vVmWeYq6JgLz8+F=5Ldk_Txwokd?-0NIVEb0uU>*INkeXKZma9-?bX%`@qFG~ zguV}-HEV3PX3Gp|)k^(-(X-&Z=!zvYHc`a{#jDOFc8OJx;LIBEGoKw za4@i7+ad$ZN~c+EbTnT@tJ{pHtE=1C)MW4CQoSgU%;^|p*b^~UWvNQwbt>TC=ve1+ zgriXu8xZgYhuuaRMBS@eFru!mKAEQo>vz(8kCZvq3&dcq!W5a%`{IMXzW(l|2jA@` z8Y(KPTCE+C=hYz*IeCyw65H>T6zv0sWE8#w` zYv_U4WXh&+#eRW@hhGb4U;a|0QsH`{Q*AZZF2&F!?BvA4#>RGWv=A4L%kFSE`+2^` zR!(02!}9X-&E4Jl@o_|-5iuKE?8AeXXgE$_TpVW0!`b^d2HkAnURdFx(}n8(KYzZD zrjXkPUi9V@2L~1I~omNyH*fCl%$?>x+xE8({n*Bazu{mn#>KpnwfW^Astd2A-Y{bf1Z7X~W)Q z(%WqhVmCH6(h86Sp!g~)2L-n2tpYdu0=fCFQPjP%l4hFf9@InVix(~`Bp~o=Zf*`J z>O_sL?xY24Xa?{&;BeX23)QhXS%-(A?5aviM&=81bJ${HVo=4pEyKS_#Agyf`pgdQGR$tH6M7#SHQL^-WN&nyrQ+JN(8s3Q6CN>910PKrM0Uo@buJ<@A<(I1_@8R zM5oDZEfCXeH2oDY6*>k61O!EyQ6DOB8jvnb+XLWZ+gv~t6y!6}hKZ5@mx*nD4wW4R zGN#qwg2>O$@8#|NO_NBm#ztF9ON(|OHUgXHX4M}Z9sO5oYQ)cP>!2K={xYkyw8(}A&n(p*a0|OmTtN6u>x4>cYI1Cr>VXG?n}lMw zS=5^;)@HF;j0ci=;lT?$qjP3vraaZ(A37o;g2imqueVn`kmrC z+?W|q#2o3}x%qhzaP6>!USB}cqm$#|f>BCS@utxSzUL_`E!gYWS|aeaL~p4XEN0)Ze9^5GE@ z5(1T@q@^WgWsLz@2+SiA1Qt;(%M?00g;CMaeuRXyc69iMgunqm1>r_YPagp$cXlx$ zcMj040bVg>Tdb1a2US3`pAwK~(H#ZQJE}%L$#|0PGn}LVPINHX?2Sr97NS=qyyB5ow{icKOA0)K?yZb zIF?HOpVW{4-#F#aqWm-_IoVUWXGMXRp@hHw4N*WYhJ)$K2ObEn-fKl+$|n~R=We^D~3#nm3DHp};pC^PC~d_+(`e(WTR(b_EphWtYHOk)+(0oqB83pi zV6);;&8yKx5>0SX^O}~{XFf%IRI%iP>uzV$eCNtnmJLkr{+yqD#!vrrYL7Gq2cESg zL-%YJ28?!+<8Go)9sGBICro2KYd%lrdt{Amd0?u}m2AM$|Oo?~^jLvEK)yrPIDF}bJ&$0Hr(AzdUG@de-C$q8 zlGz*>Ol1xEh*T4!G>_V?4X4ZIPgnSnWJHea5I#=gDt%|ahtF8TtL==sb z?gz2Oq=5O3KdCl8I<$O|_$ z{m^QecAA3HM3rEAjm24QiQk>B-*_ts%h8;06IGl$Ny6PL+~F7UCEdukUPfP$zU%%o zRcPHk_w$(^cX)685pk5Byw*Zvu0bcl@*t&%#%b{s%XUheHw|8P!1ibDHZ09v5 z(hGyCG>Wb6jQHOr$;lavbrjH5sxi0#Fe3B}W_#PpL_>G&3gNShT~+`YQ|AMSa&7U?~Q znrE$kD>g%V^Nr!HA(O4@E%br28run{g^`#krF#`dP)(GUG7`he>O1OuBEbx!(9-7O zPc(NFn_wnR){~+3^pOrM)klc1d)vyoj-7gfkYKsa`8Ib6|0}cw1%uX-w!N~@_%PYO z@x(9J2&hP;zkVU;2>eQn@4W3yv6}8!_3d0Ofl(@cPGNt+7msGwbq8qemwWU^S;o-c^ zun$^nDzlpQL@oTL_yeAl)MRxVGsNB-H4lRYc(<#?g{o=6#`+eXgTuMmbS;siN+C2i zw-2xD??zmY#RHBwO`oUhq+1(H9(p8;WdhD$O%haAvz}ODHAS1~9JDY*DTFH1=)0rfgOyzT)`*>GuY_us??_eWR4BC*BIo zA8KPZ^7e9%ln{=_euoWO>EJEm8tQ+b@tyCB_q{N@Gkwl-uOPpfzV4j1GFiS(%G<~_ zxrBYr=#Wy(J=qS8jwX5k#2U3>%5b`HE3M;MFGok%WY*1qBmBwFACpewc0*%(Ghbjs z=dS6MHTf!RP5mS9*v+eke7Czkvo{Dv*`&X|at+y%k~BRCw4lND=qmb0L3f0>1Yz(W z>j&E4iw?baGSktr?BQ!0e6ph`!_}JePi*@@M{OmD|2fq-y3*@nj;9+j8TNQ=P>V0= zlo$%uK>B4_=M8MvIQM4fUsEm@D=?WHG(JJ~bzQ>``aV2-pDDSdq+?hRzf8QRhw!5B_V5nc5xljmYZZ39Op z#Gz-R2q`k?jdJOAiz)=l^)^%KgDQ)_m(*8utMFgQ^ZNX{kE)^S4CzkRebQI?GO-tP z4|z6p2=!R0%tc3Y2THU)D8J{rP^?&Qa4uZ1sYK9&Hf#4l?X`-fRfLA#MNv>svUm+U zY_zvA(JP}qbYZ&l*;oeEv%|~pjTcu->u!j}G;mQ0izeKCqG!=cpVH5vb8pC**+K;y zf)mGT1-fRwQ)_CP_@WJ*GxKl#IL80{_w+Hs8zGS~N#fZn^c*`5&U~!0_9(kqYq(CM zJX@v@Q_pe$nftoTpkqX`RSFpx@zypi0SPe{vodiDtF8~ObXb24rLdvX5EK9 zu7A+`o9=^}vBD-g^i=%x+XcdK1USlG?J5{E@rhnxe=_0!?YHsoV{>s(d_HOFBGsDw z+YsNmkF0Cb-z`0<&x@V?Z7OZh&{2cF{wF+b3S;098FW9A%NLDzJyFr(9GV{28QIRk zufC8cB;dd})mndTXGo6!#JC@Rs)p4TlXAj*U1}inIswMc`MP}y`(a62KKRn;U)t{} zM?PXUPRyk(r7PNm-T|qo8%r-M`H+@Kjh2d=BSG?^M;50@gtm?%q?t-~iKh6zzDXwy z7OIsNeWoOLXFG<}!|{)v+}u|L{DB40BtnD-y?_5rG~OuLl6yCXH80Iq`0V(QhvTW0 zXMb0x;;W;{CdP61TvMLG5cBjbuVlYDJs_m&Wgo3}{?xP(oF0$yCyLQdVPRr4lipc7 z`7@PC@up5s*VwDUcOoW%%D6t=O~o|DHqN8VlbP{DH)c3?mnM8B72k`BWUL9R8`kGM zkp>*d8D09s?-*Vu^X@UaP%*>a#nFy_YlD8ot}!7NV)sBjU#^i3-|tH{hT%)R`@q28 zj1D!U;_vR53p0t+&5-!xcxX==yB6mw+RaVUpcCxrzmC?nn@H`UPScsSIbZS>*`M8L zUxS_X7z@;ku)hQ|r6rwGG|GJ<%^78;#+#A65{gR_Y#%2ZydQnM_-^tEh1?H_=C$P(RXzW?zRHO4s`G)J&HwUQNdJSi2Fuo9 z7R}=5UINoPd^g`x%^(-Wi0QgcPeM>?R|-VJba+E^CA!`@`3JYtcbm1M-g<{{UJ0sz zYOBzeY(A)#)TR)*CRn%DBBWrs6cUmhoX`xEIcgMkObQoLf}Syfp-duy+4)(!hr_ox z9(;aro)D@7t!?8;YE2~HD=@f8`+;4L4|49JO&_Wp$#TACewf4 zM4c-lML~g-QlQ$0xDxq_fBoNoXgsy+`0{Z1iM=o7fA(DYe^GA#pP#Z19yfT`bX)F? zb6yOvxg7Efk3*QXsv+5BHO%?RZXZV^TC=23E-kVewbuFXkue|I%@4hHE|4Yceh}xn zusOv!Lv2Pk+me(upo(*)iatT}-Ap^z=1ieycb+{@Z?6*0$8)((eUI2gY^WXI71*C! z;p0uYiIJFvVec+dp>C3z@*>=mwKBS_ek8@0qkiJ@#V}>p<?OH6x!4ub9%Q-i=B#t@Xv({7a0b}Z6nAj56aYb7?dD=fcR^Sb*Gs)vK zpV8B>7UNFl(1e1L*K9nVW&9M&H5 z-!l>#%)u`77LQ4KFh#MQZDm*+#m(guB+K#)DO(npS{rrGNU+jY!sOrbjhm9%--J3s z?n{kP1Z-62ZuX2!3T4R&bdlF+YUo(6vdy0h!3^$%dGVI zxH9pJ>5VlR8uK!HhcR*%7|wakFjY zh_TWzZxM3>3no&5@45^JrI)=fl?3}5&YQG$Gx)0@iDvnJ6T@xxo|Vr2c?-t;!<43~gU^zHhLi7SqvMfG+q_}o$<@;`5^HyZ*OhV)K)k-pi zG*_Q5r($vUaomiH?M(#3Mpeh(hx@uH-JS&>dg&iq8^*zQ7RSi$b7sz?#Zh!dCwJd( z8~lmSW)cl2xSH7I&9s4T*V7g^CX{iu zp`D+ZHkDQg*gK)SH-h%zQw1H^6g35%*0XZE%txoqyeMZ#WmZ14^P;b6%_n-Vyrb-) z{q0_t*Nhk+UlG4fGIY@q>MVPfgUu4_88rVeRARCAM`7 zvS(YGId=Uq&jxc8-U#|V!gHaNG3g^!2d0q_<8B4F?IWy*{$#7A5FE~ci>!0?ZSI&4 zMaNz;&UhMJ!D>bPuWU5N9lYGnrYPY1!3q7Oj43Abo|a}y6rq#P*<*&oaNn)}o~~j_ zFK!Oix*D89m)H385kt-i9SbIHrc-yp6m9u8f&&SNn6I$%V{b*{6sW`|miJFyk>`K>sfF#jXdlQrFd zrJ>fIKl*KowX_UB`r*2dg)Mb=IOJoI`~GEwTm5Ty`@xj5m`$6J)kX@W`(s=^oC5IGwQ5{;E03NnrAUveVm=-{+=P6q9+kqAIH1b4#A~*VGllpS*#Fzh<)L+ub-1&D;?;k|Wb(Yk0?P|%R zfh{lp8^fNOFL=g0EAr>KW{st<&98i>4vNqA1YBFpI|+TF(p4ln)8Mi<6qS?BaIZ`{4f_VQo5NRU zY@NkYcp5vn`YPH18;X<7b`qXIc7PR!fMK8e_J7ovI$`NcW&M+E=kc%5>Bd3 z`B`Sw$!qHbmc4ahq=kc$c6^S@mhV#yU+G((hfJX<_=}9l}V) zm82HZZ;!CYLsp_>2Ox?+%#|vJ;2|yPCQDys9#8AM{QeCr4QK^EVWZ>xY{fo{^zDFs zRu#^nZ@Xc=YJ;bPxf$oSEDoj9ym?ZOclsdu;PS027)Rp9;#DfP{T zTU4$Pp~GDUzDu=Fr!{`w-_?u_EOGdsno}Im+CJE>|pN$nobO({dBW z=Oid8^x3&@x@quX2S$&=NAq0hHGw@GMSY^UcPz_Ai>FVwq~^9Y&Z+aF3<%##is4{9T4LCq!|Q67Ur9fUjUF%FlL=Mo_}p-1IoxSUkkmVkJIBN+no-Uf=raXJ zC7a#;!oRP>Ue0QV`@gxnR;C4%I%IjgSWwjC8;QXUo9;Pnl zBI|Q`&?~ndT(Tj~ummaSBh^Lx)XLyD-8R?Rvx4J6KiEe;gOJ*;@$vS*SO7ZcQ*llw z%Ooy*E=P=>O`FO?@y?-e+B^Q;**q@jG1)iB*rEdy63O%ls3>^SE)U0=a#9%EQQC8c z3di~Z^`vDMKVwIyi&s&kOBaY#j>JiFvvln}m755u^-m^}KKtv*)a6uD%ja%f$o;%o z6J-3nWOGzw*+8k0ZDlm2AF_+5w6`x?6vRlnN=l=}ePvCZr|?{j$glako)sYDdx8l&b=;DpXGfsYJ{ z!joO2=7Q2XB|ZoGW_1D{uV5pfLKnR)22ptZn|HrKwsmh{J26i~m|=1x#hkU*?9HQB z>=Cqe$EQYKsCN~><^&XPY-qRH!(E?4#S_D&@wSG{TpHr{tP6KUJ> zoovh&pQ4~sg?Y@uG&V$T&(`TUS)sJQ4Z)`F0^E5wQH*$w_vUeQW>vR!@8>1Q0t zcy2%5zt%iAHYtR1u{>4ETlat8$rgz+l3UXMY=&$X?R+1IjKkONwiJ_Uu5oPNSvwAM z=YH3+fawI6wL!vvYOLa#LF3K;isQq>Ah@5>5C)%w&RVg8l_ToTm6Y%d%6>xafLv>? zbxfZx9yL*~Jix>Ml+6+E2mF*3iN$cr3{uJflq%ul|G{*){%_G9|6NsnY^esQgP|mL z03tvo^LoZsn2s!09HoGN4Gs=^j=PwcZ1Wa1k%RUZXo+tDF2Q$}?cKX~H&+X`eFFmp zE=i#o=@WaS2bWdK**8C_0CQ0=Wx%GoLl~>n=woF?3wma`Tm79W7QD1C-6J(MwYn0} zp>c$)iv%Iz_s7y{Le19Nli;%3ya|=V+Zj&T*d9u%QW*d(ED34phovJWB~1f^jI1lq zq4~10gUi7r_Q=V}Nlz93Dr-DGulVzwk&VMcY0xqo;l0+%8o)t-X@0!Yyt_J*Qc^;H zY4HD`NL>XDnszgm*P!({oG#!$+u&-O;B32C+XgyWw@>#c1JVq%v__zPOsif0C;y3U z8}wS;w_;RBEvhhvTkJPrUic2sexj|AH9pzv-{wCbWVV_s?<(j2Qn%r7bE+SNOsJ#Z zO0QKrs_@e0Rm_%Nd%Rv@m{>k4uc*N0a>~uh_B^_}vjMC?&*@qRr`HYRSD&<3(&T7> zl`!u8MdWli`+IlSjLYS)ce5|Lub=wK^djqCYwT%pIlHNe7xbwPS6ZG4j`Ap-<&J4n zJ&!p-cWl7x@??e3*49?XV~-59qWX&r8L`xwJXk?Xycv`1k>1zI+V|qB=rd0E3)TXN z8rUig?X7aa+gz{srY$wNGP@pYA>nbf0z@R9#T?agx=??v+&EsEe1E1yu0W-T1F#wi z(Y_iQI61N@>!W{#jE}`Zn_SSrfeCc;05PPb-T|6cx3@cKG%1*bgt|5!V1YunPZnw- z;nB!TO@?q@tS%rR5Ob+C11!twabZ@s7n)IOK0yxp(-y|u*HHlP0i88kt=eB>nPO<5 z{|WdF0QKD5-&cUnICaO9EOkt%PLoHO^a3W_YImbYZP4-uShFTsm#YH%w5TlD<;erjXAy9PqILmLPY^V!qN` z$icxOfj-C|7J0l#lf77{Nm5ia$oQ_#amUWiE>{H+G;m1(s&IH%{#?(-&K?Iaps_5e zIEy1!h$>rl5n(x>c_Q+Vj9W89>*N)uJRl-LJ8c=iU4F zG|9SmK803KOC0v=Z<5%o4Th6BosJh@C;=-gt6bF*0*2-r;t{_4!l}|0MbPkPOpw-U zbSsJ4NA zw6|YyARV7uW6=n_zQF`$y1({-{(0%f0wSana6|E|mLENun){Dbw*iSFoyM24))9OT z;4wz88@u5YZZSYCbp#{t0Pl`924otbKgg-5^7=QlW2EBf$4d2u78e)uwTi)Ff@ba* zFc#>+s@gQCr4fGk@ZsTXfC0F>MwNvKz^Zme(qO;jO#DtxmR@Q0hKGYI)iS0DZ7(zI zfkQ;>T3Wh${tY~m4!E<`d}SZ%DeztiV6dMyy;fX>JQf0b71P0udIEI8_A25;r~Zb<=-^MVI?-5=G&t^@*IWcIwW0Kt4wnUx`{drV8Uf@QLh5DlbiP zi9#M&tIgFme*jdiA05d61cei@b}vXAP+QQzU)$Lc14xv5ix02&-9?)oqa6_XRNtpt z3+$(;gP;A}TDa{c5)PE-_z+vRYzsAhQ`IQG^wr^6;(n(tHH)()T-fM6(Y zxqw(bJv%c1zrVS&qggb7qpGS3Xq(;{UEddM3s5^C9-DOcY6%*4Xgv_h7 zb-(Ar|NKy4jF+jTqob1m;l{cTn;Lg7I6WU<*KcEY|brKy3i9qGbLR>IJz0JkjgXT6;r~cf_TnHvR?^lqYi} zv08QmW^T-)3LH{A&suFh0TV6?{RK?de6iL(;Z-ll788Z)%uvH={3F1P0WrdW_7B`h zCJ-bR+vP>3A^?c7n2&E3!`wS_;REs~8x$URTuyM51eHy05MqG7I33N$kV(a+Pg&U8 z+v|gq1A>AKEG;cB-Bi1JdUCp}G+s&qu%Z;Q$)EW7(?CmAqsAt@qJkL|Iur~Hkzrv7 z2r$s((R~hu1sx+JkpL6{?mzINfO7ng!bV1YKj980JL1O%Lp z_&%MxR>`ZW^#bq(?%lg`X~lvmfH96cI9uD=Mn*>~RxMQ4)btDuA^NxZNoHk$g&$1g zPXj5v9N>n;#KeUzS(Cy*8)#ds0KL@F)s;0k14z6M%ZUy}gYsrUYPGXwkj@8HL&F$t9xpT5?Htw1P;vrT;TNL!U%wlq-11}Zd}`k<9eEx zb<-#!=isPaWKaYV=D0ohSGhoiR-+OwMpAjr@W<5J{(dOn_JG#`=2^8?8puCz?Kdzm zs90Fy;9{SXhFrZHd3kumWn@I;|4^3*Pg$@6lNtaGd@1W}ZBLlaCji<9Xi@-BRaRz> znVp`VzVM=;Tp56>27cjvfAvCy0uWhBRYwL$DH3 zkpi9%YKVV1IU8$h`U$C^Yz4@Y`+i;ywH5oPPkx|B|B+U$6)YVMLQFp(qyWDpE+@D1 zTa2Jgy2bsR9B6Wp%k}8e{%je^i{hJ(q-Kfy{P+c8xwpNolKEJx2=r1WktMH)N#yO5 zQrap#Ep4Y6ivbIce4di9u<$8B$2IQ0Ai_Wc{*cupe-9WJPvm+i-sg*6jqx>EWg@X4p0JyX4tK@zkSJWz*A~L{sWmiSBV;cl{&|L z5&JeRKx-<^CxTclr`77qY`}(~%^#LdH5^cH;MOaA9zE(^jx5}X_iQ3-L^Fvmfl5ZzI2eLX4;PCwW= z(P@9pN@TYk2C)OM;3|aU?X9gci>Z7IeqI34voHHTdjm*S*?1HiA&BW-p`ITD?04{Z z+^TcsJA1cW_)l zaIoY4WFFJwgR5sFE{mBT;4VQCS2O8-G|vhuN_CSu^NH-S7GK|GuXC9f&e-#$$&^zc z7(5K1|8?y%M1bQ31xRciYS4OdE}%=#&d=$zQC?6_fKX2ss78VmtfJ12uFH6_JJzx9 z0Cq($ZzEtFBe#OQJp}#`(UH?@fER%aCIAZFz)};!njo3=f{FvN4Fsih=9EQQMMWm4 z^cv5Hxs_dhc(}PKsk?$|Xdsp@(|91(cvjyw4>5wzA5P~df-1o-GfCrM&9)HHoB2V+HLk7k9 z*E}UwpXoareBedEgrAN3|1hZ*`3hT$h={!G-f%Ro?`J1Ff%|cSodu{yi^itR_hO8# zU3{%(OTVS3r(1+qJpi2hyG}{Z*jSlL@v#g!+KTTpFW5YmjHwMjny@8-O@C`&-(KG?)NP&f7SLP0!1+@qkQU*sUYqa+Xl zRBiLYweudVTxMpbWgU}!4*yb0*WLl3z{7>HZ`R|?p{Xe`S^xvIgak-NJ zdQ-avB-x-u&|AgDwX(LhFVU>2mO=%+Wp04vfYN@ywpPzlvm)tZ#oS0P>8 zip5g+CMq{unEip{z(_sbKy9ggr%o|s`vlpWT*B1Z*9pT{rjCl#7{@kAkM!J)x`uG* zA43Dmlp_IrH@E83hE{V_NAXevB~t>#d@|ryDV$(CvDrNBFXHF~?FLu-TghQU?Q9g4 zzWA=kiv?yw^1*XVLWNe%g5qkgSe8-U&&tI z(}OiP7HZ+4_ArN|eb#tjgkCj=C!t)}Sw=<6iR*>%H?{bx?K{qBAf|ig0eS z_=Fo*cx1>cmmogVJ!1bpC+C;j*W>(*jXan=VCqw-H6AmGJW!JP1GlsGZC)!udo1(_ zJ(<0gT};(xF=0;#^BRKqN@s)==Rcj}-a+Hf$%$z!R4p;kC7LIk$Cqo11@CFbKgWL?B9vXttT25VT^t5Y566se_uWGhPvxLgK2LcWUY#GeGwZk{Yei77x zxM)VIwRR$L7P?uZ>l#~*a^Ut+g&J({WWu`^JvE%PcRB4(+4^Z}yCS@O`%jk#`3vs} z43t)1v+!LY%l_1LciY&96;T-u?`?!{L(usxABc`AvSPQkx2eJF2(FhgNlBXFbeoh1 zI*7{M-P?cCVwz;Jak*5~BwC@plc z*@83fyvE*IC@2iKO!@==m*me0{U7>VWws{leCgT3A}@Rqc?W|Y>c8iaOBO4Vbev^| zF{7$2^21BC2{jf0@xrk6d&LHkOcS`B40V0KVJbsJb5UHUvsfOAJcx zo=I2J53&KaN2L#c1LE_-vSSM|(hlLl~= zeG*Az8`b9;-7AbWT!vYVSDqeOmm>h=yHbPOzx4BCUzt}6Z;Td6x=NA7R)!CS2FcxJ7wza)AtsJ6G| zfXW?fJX+z&QJi&YVSvT(tJ{ikjkXF-Q;~<(0m+R-& zgk|U&p_A}0N@T-3adNI6g)ST&@N$I6=_2H4F$j@a`z4<8F|?kkp@#h`H-5{r5Zy{$ zt@#^gNco(B0u8 zTTNA=5~8s~t*Rf=PKOWn_|OEA#d?G+2&oN!^pTRVF5O7wNlYr3(MGp`^@@#E;EYBy zcHmuG22!es-BzXJ`6Jv9u1no-0Y+54dYij$!{XfOHa&>2v-t2=Sd_QBc8hA#X|uhp zt*m{ouP5?vlMWuKK#@iqJi32C;0@aS`v`Tnabn?)FldQgf|);@L|f!XL?RP7&rv@m zMpQnBJ(C7O>d{pidH+OKTj~2$WSgC}^3yinY}!~`VpNSSRBT$*^RL*#by~W=hbfs+ z)7?QT4!2YpIB`B6B$zxNi6exf|LY?Ai4`qZm#Zs87Wvy#m)M+}7ktHaH>2+~BDq&> zz^<(rn$~!{<>V)rk;Jy`OO&*S*S5p?Ml`8yona|*gIM@fD>C}Ki$hkoooU%P_$==z z8W)#(n+*J1{P(7$!(+#2ar5hrkiLdzpEH`c5Ofa?a3?&r!^H+18aoy2*Vq_B&mXwQ zatAA9@y8)~Y35T=ru+EAv^b^#9{MTD_2V~h(Fy$%r*7}qFWJLzqWB37+n-%*Ui0=K z5uk z$akb4TQJ3fsTfAr${>UAnr&fO5;euOQ)>vg2VLuX6}C&pF@~hfMgRO|wnAGz;F{^wP$_FBVe8XCfHHJsP1yjy?FA8lop)y*gL7{KT*pBw|kIBZU zgu1+cv3ywvdy(Bs?|X2Thgr?i1w0=;>h@loq9GHi)`2q#c9GYjnM81r!nck4eY%g_ zc1gh81o^nHM4xSyCr5`#vA)+%RKepXP0vNr$BRdsN({RL? zb!#QVpC&w^HgYQIYZ4?EDE}h;G+>0(Uc$FrDk)(cxCMz!=pS4rToF$ns;b zi2crwW?z!8aM_5SyYUIz9ELrMtjEiCK+Z9#qCNdbTdqBfV?PYL9(-gk_U(RtT6`G8Anw#g&pgQV4w>kEIt}IrJkCWgeDK)VSex$+a%N+F z=tT&ujL=Vf{a>6o`e&njh3Va^%w{rn>A~0ZdQ^9Q+boHBeBH#WkWpo+pN?BLc>pKKZ#)9c4CC< zpMN#?YKSmxxsDWq7WwCJ(tgvaJ+txe$xm|b81CEaI}?F$V?u)cY~;sPB@N?psF4oE=}35x>hQ1OtE-+2iM4+GD4nA!ZvgBQVs+vWp2pGFgFyTcFC zKAR4wNv5M*H$iOGA0Uyg7oXamPbqwvQl}C)5;1pR3BqDo6plNhTee+B9VWt@uPBd6 z8_@FK-}k@|dRxSE=bni1;@ITidpf?i{>LpYjCqJ>rL3w}c!MCJ+neVE6%F%PK(-MzcLCV@*bQ6Ow z-*5`rL&1q)PPpSiQuetq*1C@B!$jm`Eu6h?!Y@7jp`nh)XzIjz7`jnBr6ZT9XiNNh zg}6|z#BA@VgvReYgA)D&U*(1F1z9jIk?IRzT-nWzyA1ojzcRStt-8;iqm(i1r8M2jEKoxM!z#ItUCuIqifu!Z?Fg51;pahAKBeACOUiP z<5p0y?$-zM(tqa8sh3d8wgb5@%WY5W!`37Oj1DU z)FgeB%oVHcovTOGJnDX8Yw7>)zn3 zQ0iNv#fPmzu+*Sy`W)^o2%Z+UeQH`H&DD8Z-9GiZp|BjrF!A?>^ zZ>_rA9x?26IQ6A%&EM7TK0#_^tJYYa%^9)4ETnTe!c6^ZbuM(|;uUPFdGB9Ua+gz$ zCCSvuq9l?vup=|m_NU=I(q&I8$C(S_1uKG=Vx{}5Z>RaN7u8vsby|Za9*f>+-kMXl zh{SIc1#!|-dEaL@5=ZIPh1N|1C((w0XNItM*mmQWQ7nZwm{M z3-9DAC6j%!O9Jf{7cGW9+ObI8bB3D@^~cMdJ3h~Ssf)q>*ya=OqPw}3%C|Gmn@0w` z=OrWi`1QpH^8q%(?FUOk2nd z-bPu?V;D=qf5VXAX zH|=?0=kn;}_WS*1g0t9n=kXG}X;q`<;3cQt=2L{=_$i0*yjtqDr`NvsBbT`U!OOs$(<9JTC?v;Yd;^{^O! zMvCeE#gWW6>+`)G-{d@oVw5_Md%bW}lteFS8%u>1w*Vx|*tc-*et`&P{B2{<_xG zR963-BRYsb_Anq8zE;NcC(r5g=tkZGLz}1-|GFe7Q8Z|moo9pH+4b8 z(E8G^^!PXedOrUZ{XB(KBA}eH%hW$8Ht8d7LwDPhMyyRCwVLhyDIW=mEl+Y8F?inR`ZUl zs7Ksdn!(R_6FYE98jvnrZVdXBUfSR+Q^+#O$|o|s@lvHvBp_1M)ndJSaZ@3w&f7zQ z@aiA)Y?rEd)c3XNIotw$(4Wc#3oaC!}9Mc*b^M6ku&=AyH zZt)x2(s=1H?d1&r$|(M;mVK5dV$QZ1WGlk*Gu_ z3WsZGi##H|UPP9lwsn`-0_+{hS`N)YHeRWl97)}FPmZ31_e_u*{ zpuUH^2F*gRK30u*$enq%I}^BrVRay7l9CK1OLlNovNbE1erYIRBsf|i?WB0+PO>DI znQyPKJ*_NE(D1T?D0fqE(r^G3$NZ-$!d(-D8IP)6bHn5q{UqC{&BYv@@iwTOKd6Xs z1dG;eOHp=vi(iz$wl^>l={?S-FUtn!PM+rxI}PWl-c?w)u1cM@Sr;24Of_`Y2EaEe zk6tmIE-=9<(qtRnsxVgIdjys1@WLr%Ja zE;gA_aLN(%1+T!R860}sZCKv8(A*TxNBy0MOC+XkkbgLASJn zc{m994RXJ4DI5L#apqu-o@RAKO{R^}S+ENh1JZ)U!mTOhaFv6GYDM_T7~AFUnnJ>} z8zWVLb6#H?cJ+XEW%%(i^sP6>Vql)$^Q<{vVipzWZ%qd7;7floQ;&q`+QMif#40MT z_3->N#2>Fngf~$?IdS-L+PdZl#eAr0P+LJ#zY}!ZcdBP~Ypd3Nuw61Uub|giWy+77 z30LcW%Z*BZ&Sk+f-eN9C=?s?gSSfjz5dwO1TOT1!d8?qbGY(X!M zRE8fULsrC8m^+sY378mFbeyTkW1c8&8PjuJKV=O5j?*NA<$4Y2)x|e*=- z4Vj)JwDTn6%h3w*mQKDu0-$Y<`z1oDxGdF8h)qJogwAWsjBvM|#-9ugi{!(i7{5;e zyBvnTkhrt`V6-61T(rVTk4SQw7J8Hu7Er*-BvW0*{l8I^ zHx+aWD+RZ$>i`iL&n6(h-W&IC^jLJA?c~ZnGwtf&hKy3$ssXQ}AA8k^3+~1kj8;HT z#cob!K*>ZUm~i|tm#v*`1Tm_Nv*HCDF@Kw3e1#5YJEzq2+b@WfcR(s5WD$T54NB+} zRq~aY4(DCd-L1HC-7j~V^6hGUmy}QC9?Uz@nM(sjh^rUnp+IlSj`^ii*kQtx$3M8~ zc%G5RwlRR5bh&PpG2qADC?;Tn(#Yjfj&X?h9%R~T)P{7UYYhXy}y1& z$F18w$baSni-$wqb|?NKeZ7Q+20npq1SF}qWJj6kJJC}Tq@Y;+_SUWK$`A#vK8#|0 z2g(LzTE4j>iOXxb7-$}WJf-hvG#tLe71Dg4$6!dqmL8FjOWywjoC;3vdsHlj0>T|T zR_Zsb)0G>Yxj~;BmV4|HK&kwb?603nbqk-aDQ$+hdh2G*w7^?gqE}N~hjw5eOxpWR zRu$%^;Q3Ca(3xfkHCmx6oXxGM6$pr`?{gawhBAQ-+vA>m(;YWV4PKDFl=0o6-nLox z-I9P+U!D2H?Z0yrRcYm`?^z6hFOXL6ep6YLM;SjJ9>S1hDXa{Pn6c1%k{*9OkRRYK z4EZXS!9)AM4ASuC`n{f(e$j3vrvvW+4p{D_e|?XGAfStd7V{PnI5OJT*Eqd@Z-}KK zlW(m7+v!P3NgmpP?^!>qzx5MofFJ;077Yaj1r8k?#DxXt1D&HbDqP^|st(BB!GD-y zoC1-gr)L7{`PwXB`rvFMlMaduhYs2|r@lTBc#*ridvsz30!h#Qa+_D`{Jc8I0K7)a zj|<%w4RtD%)c`0rS_`8-2=h%?ueHg@$)UEkw#NMddkYPdvdJ$uIfa>#yoc0QebkvPpEj zLhne#$*#2)rl(mA8}rSmLO&h{;VqM0W#QTOq1Mm^A!60rtmQX1rvmX^&ELPgUY7wG z*WD3k<|*PXE-tpqpeh^|e3}o;@Tem_y}dxHUsMhiAVYvpRf{75A&`iE&aTIN>lcu3 zCgLY%8b<2a3cpgpxdRI=UI>VE0r~S+Ny$$nB))*u0~i}Z7=KNi7Ie(_tUKuK!`>Ob z$6y+HyENJu_YP_Q^1Dg&8EArTS3fU)CV@m(4*jP?yPGjq3&x}2&)J2j(# zKn4(nmM@$B4Fm#J(3*Go1?J~~IzH@<37y)1su|=nh0HRVV(E{ zJT_d{Hj+(AIG`jJL-@!sq+LvFJ(#N`G>Xi5YNe2$jnnpTTAtd$FE*~Ne#xxjjfe3# zAW&#wRbmYDB1rHh)AMYF;FvsSj^Ly&@)T#e^LCBd$LB0w{q&v*!45k>_U&Vp%;nD} zBeanG?q_6ac&2L)Hq2VYk4SLwos>aD$SOC!ppNL7yI+%!9~qI$0tB`FIw#b|)-NS! z3??3*hgTW|17?zNf>bqnC7^?Bz4S>qDTAIH1B&AA?$m;31uMQahcec+FHcxSs8fo2 zAa&XJ^gI_86}H73v2ZcQ3O8dtgRL5>0vk|aPucMg2)H!F2tH7ry#w=i1e5u{whuSs+||f-m}+6J7%x56x9rF{4MvIq5nODR;5{s7+%O{71vu z)NtB`V{#&|lN3?2vhu-@{9#bme6}?EFy*~cY)}Djs+FK-m=l`_9NEmEohfc!v$ha= zf=I_u+sVxT0Om@+tEs_AT*>`WW^pvaFD8+{Wh3DHwG(_o{ZB-YfcsVRO3+= z-`mjQ-=_*%?-I{x`lDvfFr2PG=o;HTBGZ<_b5?Fxp;DkXl+(~H5e@+PjafL4tc=)GnWs~xu=;khNo6xf;>8|O~Q#h~O&iB6D}EgdVFl4QGI zrlIkk!&=){yB>=l2*4@=`RYPep#Ct-c{%HjKX20dy{i+R`-kM;%#9;z+^Uixt_|of z4L;-0t0c*(#-5!8U1Tgv_2w=$RP@ifTpmq*qCSS(Y%uM|eo7NMoW}jk7A{}#OM*K= z>)YwyME}lcB1-lnnxwW1wt~I8z&C$S$UEQA{OFcB9FMeTgWWd=9X*{8JdabV-}Iyt z_%ki}kWRhSR09{Q`8fL>J!EEpQKw|@36GW=?#-`0-PuaVued?#m{z;AX_w zysm96LD;e-r1YVGfMNsHWh0r8F3!cdTpSxkyP`Bsj1Y zTXxcPkdiVCm)^K+=Ysa*3ejkbS(;?+?p4 z(T#UdymCCN(~Rf7_z_gBcoV|y#G@~v$9Xws6k`exvi$=c{9@QZ>e`wrQo%~#j0CVIIFE~h;GApAkPy9ZgppqJ+cM$PR8?tV_Uam2muoL2}6n zHhTF&3%T(j7dQLc<^d-phrU*Y^OcinnC-G8Td0ZKSh}0xdc74P$R@yf;J2QK6LFu0 zL2&|0dAPyS;k>4X!YSNsTva$v-Tx#S^x|DIwW{kz&C6yZ;0->=7_#ztHDOpX3 zBossZUXGUER0Z6KXKfo6*1RTjH@Q{O+Pxi(OVg`d|MPpl42vIWpG9l#54-Z+RB(@V0K$N4so57 z({16go7b#5aGlhq)8DPUFrSY91DA3)SNk=U?9inx+|?f1Z&s-%<0nl_9Eu7Den8Fe z0Hmu`iWd= zvkTxgN&;LlU%!4uhcrYrm%`&LKTqe0;Vfrl*`EczFAL81C9O8<{XDUh0=i#PW@a=o1&ZEA#Z^5FrsbdZIWS@k|J?a40tu1j$5*SH=;zK? z{g&we{svn%Q1}0B;~b5!Yy5!z)!Ro{)JE7Z@YarBQ_V02tOzx3f?ahJ?x8#^CfIL{ zn6MJLksz;MDSxq{T|NcF_-9QwDm93HxZTIQa^Ebtp$4<7F&P{iiqxLn)MIYYL z#<+sU^ILm9d|Fe}D0|=_)G2G3hgpx{US)2c9FLQ;#3X}ySg9}UW44qKB5bE#5^TOz zxLFgE>X&P-K)rJGU`_nYmY$G4Zgtanh&STl-H`fA0OW=hlAnKJBZ4K>BgJzQ9ZYKpfJg-r(cw$wk72D)1#PBRf^f416yPE9B~ zxrKUK`Y3I1+S{^5pw9&FWP*I$XMbEL@BZ7jb*#j9hQQ1*V_jaf-M}S{~%^HQ(9{|Ts7G`X;h99Gz~=m{!#C=y#sP3o~d+! zJbck@vU`L3B6rw$Qerl?JAbf~1oCBo$D|Eg0P&30!A_>1AKS3UI-Em~vO*CYr>_ll z`4>>9AYYrB@}u4}hhBrPk31CO;O{U4gOO10Io4o@S`w*QF%<1S6KmRiKlhkpq%9n# z$#s?`L{@`Y<0-5t@q-zS=l|;xqxj#E;!NOaReb@CuP@bZjV1B5n=4 z@z9g$uRCNv#5&1)(R@Mo@E}w1Kx%Ow>ASu=6xRZKR!1%JOHfNe3zTJ_=h5If)W@)H zvdbcHYsyxynP!`->PEj=cjwpSXd3VVvprB`N#vRBeWYQ?Fz#+qjeMH>>I~(Gy%Gqf z)8b-GN=hXvi(;9w_oaq8;ycP}M-na%_FU29Kwb`hUx`piGl>GhB}U-aPf>q~GY|bJ zTe;gyR~6KCIq#6_l-L;CRWJq_P7yW~7-BnfY6`vHut;&5N<(!}Sfa+SX-&oqtO z_^^f04LtqDLVu-|z#YngqkfndB_EayivTs^c%gapZ8->@J{ zWxXeSOB0f&;YqlZ{%fi&r*D5m%Wj|$o>#ZX< z)MkzO)3`sNK3X?t6?YB2e@a*LEc|aRz|TqW#PoFc$x{8n;bBg7HM)w*S4Qgh6qYNk z`2L+8faV>DekTP$=qm#N0-fsL1b)zkBh%4@J53C!qXnZd{%C4$_TL)<%$|P052&N@ zQkRyN83&2)dO`$1xPXKFH69N%hCFOHHRvhoEdQP zT}DQ2@PXJ?k7(XqZUYckR>`V*f7f;nf`_7Y>t zjug@nDRY@?>7aR~=Wd`}$cLh2m&dp7s84$m>A8@wIMk6=nE~SB`uh4U1c)~O_yo{! z6wMvnl>kKmtQ-Kf*Uji(sEOs%WW6FfD+09NEqnzqdLfB#k>(WmG&Dc4;D38P1$}_B zh=>HvP~1j{Q(0Pi6wGFfgEqDF9)=5(*f=A-dwJm5A>9PXT7d6gcd} z(o$HynQ01^r=gptC*NzPb~eCeG}^JG69D#YJ+MGkN^158IubhOYb0b&vW7e0u?9{2(DIs1$7oD;~v0KSF_ zLyUx(IRt16y#fZ4PWXG95n4>fS`5go8j>n+?)hckK= zNsjc0I9#e|A3_qcpY4H<{RrDf1+X1{*mM4xSaBO&?gMXJ_TglcS;)Df(I2HT0B*}m zxcM9gdl@hq#aY+w|40xM(j$X0!1VRCeC1l1<@fJT))(aC@>HNcWawEtX=~V3F5KUXG$m9)PWD}+>ul^VEzxY--r+q;HqxYGaxwESvr>^)%=#ez0 zCTgIR6twQr2mC@IZes+vDWif+O4tu!FjV1hrmp|#piw<;|@3S`MwIwg` zDP-GYV19u8;$|`lcT5o`{`Sm1EO9?(%2gcxyjV~MXeySZBt5$(KlVfnKDG1;J$$fF zdaxTt;^pj~Zb#ZSgozi1)_EqCsev0PE9Cr*NREu*+7t$;s6eN&;>Y+7Nr+4Uo(%P| zQ{=(bu-2M%w0chx@Gd2ZIgC8Dh+lcQ-21y|SF#e9jjSZ~1oC}zz2BzLmlH$=;4AOz z4M4G_O{le`wXNP6bzkO3mlpyWNbI)jEyKaV%Hf0P@);k5J-^DF%eW!nT5u>`pJ`I_ zZy$px2Hy~K**^FOyBFd1<2cCutMS5F?4^5MIPat2f0SogGL$|C-2bAPKQoc@3@e=P zjMLUuMSG`f`C%15IvS zPiW68@hYfKtRS$#hK#`tAm1MU^;Otc<`xynEjkOh3PV1>ih4pM|G^XguWgtL6MuF+ znx*IA;b{OoZHp&Mz!Dw8n=?hPu3Ny#7|GDhfQbnc^gH^@olQBD<-D0$!A{#Ukd1a1 zynnI#y*VhBZhQhSVHd(baEb=%l2ISte2l<VvlSOT@~dgNAhbsPD>y!Wg%)BcEXqjm=5 zh&q@tjx)Muv?iX4>+2j!RZ;OXFJJi(Dyx4hYWLy3bJxu zLu~xD;6^vjj_Tzj78SHumV-ZkfQukImBxl zip)y$Q#o^+$uh^9=t^BHSB{1c8+cN8uQL^g#tj|35M!vZ*@X zTRTEcZ~4G!Q_+Ll^@l|sl(v{)YSnH#TjZq`v11>8`0jW86D{_XjP05ODKf^9CnNnB zywW*DoX9q1CLVx_2k*2PfqRE{p+)Z=E9Xua_NYF+%Y;oh5gzM!dp!jSqoZ<3IKqxK z-^IM*j>@&HNs_)Ouc-scw86XaC%cVX#rJToR89GCad|97@2q!g)`-Q0`Hi2+F1=4L zrfN+1HSs)gBC^~*fo)K#Zrg0Wytm7o=m%CMnY$Kz+Cc3b9~~Wa2O?ikknW|VrDsx8 zQ~eKK<&pbZRPgNZ9mCa3;(oFqSDA;S_T0^@Vusay za4B3L%QQKJ zec`$NMOYYIR$PIM^ z*Typ*KRzcr_21M9rSpyfN}~C)_O0epgb!eKHU%ukTpR9%- ztW(ek5G>nluOD}ET)vDft_`v7DAmmLUQp~sm$aO*PhA`01<5^w^BXZ$m=#t>r{uexNdlL~b;dHyK&R+%iz&}H4gX?vM^Vs(!-2?| ze6!c)lpuUlMi6=voq&Jb0 zVEie!Mv!C#sUkm->&(FQ1fvO~!CG9=By32h^uw{|^xzfw5p%mXn_kSUQSZ}!$M$=> zYxs^2MCFJ`vrtZw0LUE2>E#$x9~ce`U8qvn;0;5rAzF~K7_=S|Uvb#(^uR<~!;wd{ zEI;k$vZ!%;f3d@seWxLfF+DPwDGlSvH+V)#k>__cUMk3TLjmCdB>b%hl~Z}`8zs0!@Zi0l7Wd?f7)ubh5Np- zx;n0h$;E+I&N~=+&9>@bNkg3uiw<$t)>@VvtQN_m{KL2--lE&Mnnk47RZXAIEkhqPaPPp()V!ZAtau!%v|dKLtZWq zIiRYi=ZH`dEH*q9#Eh%e!wn1rBTg)K;C*e$ofWk$hpH$=TME!e2Q*z8fb)=!f zXF~M34%(jfBp1nD@4qLzshZ5+k>IQ?$OCKW%m~^wUIQ)Ub(hz9!P~nnBPpqnl7iw8 za16s33*X${9%eRZJpzVbGVJx{>LObDU&)WRcW~Zww_)s$tl;mbRBM$MfSk~JZtV=^ zxeO3jKAT+gN4}>jk`(P7Sv=-i}?+$P6E@^#s2#2 zq-3!|^>h(ylOgO?Z+s>V69rDX7$DO>+njYuKjO50<!%}I8v{8MlP%n^mI$~p;cA<0wQ3wzcREeIu`E>Ky2EpUCdqujTf}_} zX5dPT1=4w>Q#t6l@@|1#6X1!dmxn#zi3r>%J{GiIpo+$kK*yr{w2ih?Z=G%CB@+A1 zlMlE^4Ln2}fy&wgB<%kxz8L(n8c+FO;tTgr#CIfpYsgW1I%@h;?mb+8D3jjX>Bchu zQ%~_~RQ~@`l>e)cr?~#&*O^GX((=<8%<%>&U%8zAv^+_MT+HTXH)+>2@%}jYJ;rRn zvb^AN6!GGA8@RBL}!A(@$`rlT zHnC-XV`K8J1Fs~n>d38wuWDFo6EUC&{GEb`ood$R8c8U}S?MiDwl!6DV5ih>hDhk+ z6g?_6#pHUT3}H&73xfqPs>+TNmn2#H(3bzhG=MpRh71q>8H2Uob2EhI)!6JFU76`n~()CoIu z^+?E=`bT*B?GYR&(Pc@JOV~!q20EEBQPV#hy9rrcVDfsMlIjQyx}UPOxld_Jadhd) zeDWcP{=d>-@oo~eUVusEtA$2$Pxwc~9=wXN`s{SGUiMoV1jX@_JpEOUp$x@!cbGib z@`^j{^7dk-UORjE;?QEdTPnkrCgi2TR<_8AQJNmfKBphexw-z^!Nf$BV$AB&(ny1- zg3=Na{Yh{wf2G(h)zt#~4TUcnY*Xi|d`!^HzGiu8jo*%9ru7F@t_1StrY&+_GW9|O zmX0;8@q7n7<2dMVG~&o3F$l-blMQ)(UTU7}&YP8%h`Zb%x9ldZnX^SvG4!NZ{)V#g zyr&72OX-gP3EcRnbKoE#bnrJ&u;)5bmhYsPu2|_~{$)!vTnBK^#V>-;vN_wC(jQCj z5owB6O}pQisvRxVI5QH3VQv}m(ublMXh9=#sw%OW=s8JzYd-%*9ag?8e_EzDjf=UI zFs;1%XzJ>~zw}BQ+v=(eP_GT{!cx2;_=nL#X6K`iUbD`B(9Nq!;(sLar_SOo)M-wy z>w2~vBic0=4BcYWTN39n&gXN^7!dgiEpatLDjnurVWVeVs2zRL02y`7=c_xxZHQdj z5!TQWb-z!M7#uBHJivG!frQDhG2gw11z*nyfI-cCq4PfDy1fC zGK$N|4V%x)pzZlS!X$I{@7jy%-GlfV>*3YIb+KA`kTy|W)I*fX&0Hq!WYm)f6J={& zm5|TwKehhgG?SYvU!#@GeTlZzqV^ZrU;u!uPFCoQKb->DL`cwP4-8-kg>a3hhuaqc z69~@{{^KPt3HbZy#d! zCA-$`MrfY}uN%4|)PsiqSQ)0Bv~B*Q%CCrOJ;5e--`%8XRhe^YZB`L%0WeN+QF{vs zd!%ie@ZGdzKb^Aj7Qq-z>w4qdO|=g}Q(>uHRGZfd=MAQyK$*`Jw>^i#0atOmfUD=9 zr2_C1c=;;z#QlqLenxVmu;At;<6YX66m&Z)Fc@hyXS2zW2?%)49037e@CCDxL3hIZ z$O(ZhANJvdNOH468Vm3%i?jG*{OK#`W~Cpevz*O-B<4>?s3&ggp=g;=@CUi6`m9EZ z1Y(q3Ls};#E6_pSM0G-Pabi=g#k{n$T(w zC}TvHWM|_gIM7aP{{ki^NuemlfIvh#OY}cFd(br1Vs%ti3EFo|kvgw+I|R%d=CGcX zf!TI}Kr0t+?m-c3{5E59kAvag^{N#&NmpYgy(`KJCdqJ-a=kQE4QBI6GN-6Vw%O5j zkL(F!myB}E`b6iv=%nuG?wP#-M{sZu|DQ0hm^T#B+r1Y@-7^H$({QHNOuw$lubf0u zxIG<~EopPr=ly|~)9NC`plKWFV^^mFph24#z8LOGgph#-{C@E>CbkaC zBaC<=Dryl;T z#uoY2xIB!s!R*J;??V{t-3WAlC#~#%yGzKCv76w|N^~aHMd-GsOmV*R=r{ZFwQ9>A zhV^ky?G@4VRp%}RqQe|~HP9p!j#4VzkJ3ELTAm=SstDp9S+Q5+Z;$~qX)Sbj<7Fu&3_XAo6bpheO0#r={wtK_geqNs_-r051y``;@6PnMJZ z(|ep4Q6OY%;eDizDMQ8MhUmbU5L(YzWKK*S_Ym&Bg?{>i>D52&`9-@>4IG~l4~ z$vXG4fnRe=ds)kG*An^8Gt^mn+=_GWpE010~Q z@T)IZHh~_e1vMaKtf7uBUoLa(Ob{Hty}ey%B6`py3*O6oWmS!~10=o;3VeJNL;E{w z6i=+Y(8irua;uD_>nf?OEN=A^6E-4HFl{X5?{Fa}wRC268fhwWvyatu*wXy%7iQQi z=PdHP7)UNlsJ#WLteLVjp3G5VEtglLbA;#o8IcRC|(sZPSH=`O<#Tpy$%vD_X(5Okq`0tS_XB)1~QK_iQE zQV`~=@DQ-uDVn+F#y1sr91Rzuj&fMA7P#!i#in&zcr07G(_;@iABHi86+inEC-N{4V67_Gs>A9EcO; zc{Z6VJD4leB|bC1MocELR}0T+VU{MqC!PZ+E=J->_+{R;=e9Q5YEeP<`_s+I--M<5 zE<#~#v|Ow-;THlKE?bH&sOiAgUqd&$sFQ^dWkiMnmn6XC70k;cgI$p z^F`{`6YCe=4{>7+sJ7#-+h~i+)@9o5ua)8ZrLKv8V<(wEX3%?H{WQyeC5j?)S}KvI z!@~?&%}(+xSJH(h`Opz`()v*hbf57o;B_w}DNalyoZ!QmbXe-1PP=SGle1W)-Hy3T zb9URyK)4*C35!YK(lb4IO}n(htW$Y(x&`SQeB9^i=>Qym9Ds-XIdBiK{r?X*%SzeB zBg}3lce80G;JH=q9EW&IBP=3ZLmw_nBJMV_sDYtL(v=4$j*rPnnXNo5A)n&-6s2Rp zV66g_Za^V+n~MYgU-0aqzy}x*fiCb6*-+qzO(+&X^aS`Ewm;bnq5qeH{r@Is|37kL zk{tGI zhx73{p;#+F*-f9PF3I2x>{)ZZT7Zz~$b44fX7KMJESpYC3zGO;tCi!ln+V(0h8d?3EmmSE(= zkm$nbm>b;_NK!f%e}3}@o8hbI7v&Tj$?1AoKN5z9uoE)=Sv{UdnH${&dfXZ^r#;;a8sW729)_e zgbt*?)(|xy#z?4gFqw! zbmI+5hZx~O4kn4boqGCte=>W%z^7~Sa1n>*Z8ZP%^!mmb87I&Njv1T#xSoQl%J^;D z$Y1>7f@l>!-x-E=i@S==_ia-paeMDjadg6mh9P42DKFRWNUSqN=3^F5fB6D~x4?-H z-<$7;efD>*T-P}~pNrnom@FF~@U}jo+ghz*dp$V&=fc0(1CMBL{iZnsMFge0+(mM? zAqRkKWWQw%Dii$4z#3X`I5HU0-U>#Itdc$EdRbljyzJMyEfkj{9wScxvuf0epR){W z=!daU2J0vtnb2`9RF=j0%MLDb>}?u%Cy#IBJN^!=+ybF;`|qeIfmrWL8C2i%OEERj z^t=CFpsn~=HU4r)4EC3iyrg^op2S;+l~@1H?H25Lx3Tcdw?;gEn#_@K7JB}`gh)2t z=QfT|zrD1;*WESigH(-RXkk+EOaqJIKL&F_;6r__CbKCL@{BwbF@16z=kL2vu zz3fsB^R9Ad4YYhIgMCEF{ZX5(7OmskpgJvQ8}3f}hvmJ{OC6=~3xo7{y{+ZXln{-5 z!v^*t-u8w88k-PY){n%yR%8S%iU$FRR&;9w8xa)hA6eC%3CwqQSjg58vfq(NgmczO zJXnT@@hcI0U@ZhUb|#=RBQ4Wl-SNTSD)76PSFz;iNgoZ=$sM8 zXJ@s?i9-hsx8WGH@djXSo!Djr%pvEz8h`v;+uXNR0rgfcY}AfQ)yvh|b5ukJ94Ome zQlAUOrzvp|ld&QLdu~axEWq$UNa}Df&G05$`Z5Mj_C$|Ru1C_3E~{{SY;n-%61H$D>w&vqHU(5cBQ=&5$V(Gy2p<*nG~U4eitA- z@g$ZOq_289DA(qhNSMgp_fxQ=GD_GJ^1%4;V(i}(HgOJS8ZF>0S=-U6R$}p@f>av5 zgQ)0l?IuuF>sV|pL;749k!%RerQ%!py971~z}j-R*@2r1KM@-2=|0GYr#A$3g*e#B zrbSIGV{8Rqq(RjKL=Ay*VQWC=>#~`WmqbSwjDm!8=b9c8u{tRGQ9@UEk0;ev z<5TkRWAKxc1PX8cve}+Z3S-5MAs_b#>+IcNkz}5d?xucsojK`lDZ&yiyxlWzTu{T( zP;9Vvyt;3y{d^0Tv_I#_>>YB(W$*oYHj05LDJjKct&!d7Gu8NFiKWgHyN=YFy}A$j zF%MeM>puf+?*@Vb!#u_=#+`EUv_XU~$c=CGAYtdtx0-z4!HZ_(Ht=mUjUYd=-oXLO zWQ0ub8qy>|=$C=@EJoSEceG^Uz(Q_pvMbGl6F3v_4h%(m>A!3@io%}an;Bfi_i%gu9igK1Hj2Kp zBxTCST6A@1TeeS)z${~$HrKpZ-qpMNOp7Rt*7jgYt90ggITUbwYfaTJtb&qu)o&Wo z=eD;-mPUA@2aZrkAVRR4h287IdNGSE9$wHQCDpF%*}52$joWGZxEonDsB zqa&{#5)wk4?i~vJ4h#$lNmBgB6aW8tSmm=k<5+t1iIfy3jhrZ|zubvjRMb#Ui8KEH zkdrygtYCU#J6-AQlfhqT@ZwyR^Is6;R3Be-`!z!-wJO-?-+QH6EjU5Rj)@i{du^pI z>d$7WEB(-uJfhp4`q+Il)2`Bgxv(=*v=AkjB8JnE@$qgUZX6tMMz}$o zt#9HhN>Zv_-L&AjUi@(1M}pB(iDU zaprGl)X?ms>delkIvyEDPS=27^fLs>*lV_mNnm+k=tRC&UkRM`21h~srsZSWNydlI zt{fqg*|lir;7@lJ4RN%Yw;m)uINdzfXO_`=6Z<(V>4_&6d~fTqY}xUsNlE=Rhy%r< zMR0hm`01Z1?Ab69#{CB21oj2uFpTJ3DWr%vR<5pHC@ms5u|xsWl!~PoH?VO zhqXfEiZ&T&O&G$s9X}7$fRR0AA81EyW@N^HfP6>Zq zWR1cKO)&kKPJ8)qSwJp91?}z0MeWSnS-96x40jqTV)>v!cmv;BgTdF4%UEtQOLgAb zlp17LeSc7@ZOJ#`hl-jJqfK|_YthIkCiH`9`6 z#u32E9S6lw*7d<2XTgsrj8hZt51T&(-Ne$T-@jn7Fis*8%#UXH1xn*euzcXd$ZLvW z5nPX>kM;wh_U10ai!~ju!R{X}ws!0Z;HX8fTx+Anls5>ZAnzD2PGu_2YW3&j;TJ*J zgw8FaI|_81`BVn|rF47n11i^&r8+lOjs+4z!q$VATsLtARoGQ9mfo~SxnJ5+2Gc=j zg0u8+x-Ert-W$2FE8Y!xLo0kTUl&xD+PVJT0vFy226LfW@AQ)WtU~tTuZ^NJaA~GJ zM+!F;cl{Y6SwMH;%D1W(h)?OF)SRC{ILP#gGpcGK>T3VVY!J!{W~~el%W7UE3p0&u zNL{@;^l)l>xu9NE@x@SJDUwh8{ltBjG>xEo$0~C5$LicCutqb;smhbmEe@;7Sd2ZR zMRXxzDY4SjKk-vy;^OC-Y{E78GE}4v!z4#YEdkA1UcXMYo&s%c-!@(3B7m(a@OlDn9&AAM!tv ze$h@L@#+OtY5|E>l9W{lVai;NH)`AF73y>c75n#UqGj~cv<+Jqt~?l^N}PnyQ17B7 zPp96y(_Zsh8YWS=XlqTZqO6c!P!EVXXOij>kNm)5!xpD`rL5xvu22=;x-6_17s2V# zW5@@T;Gd$TJ)lYpZA`SUELIwZaAKO8_#&(cknzVGV8U}Y@#2BOU?uEtDN&_0NMw*< zw6U;|f-He5Yb^9b25R+rItZismjcD|fyJeO@aPrT*wPWZibzWQ=y!;zqd|YodyT90 zE7f_l@8`w}(qFf4tXMipv7=-W zGF++Jr=#oIU{Wn+=f|P8Cs(8-A?&9>>XsDDSU^CFv7jtokT0t4h_w0Myb{^H(Q)9o zY0EXG4S&cGU1nHEh4g;~2MPH0!@w|%%O*}_9&ZW?k%1xWi}F%$;7ksOgPfckTrO9- z+dyF<-N~FZ(bm@1>G7hV5E*!~>V`_`_@;I`ow!^sa&mGQGGqvLyFEQ1Dbkr#w`MdN zO&=$kA}ccR_2|2yQXCEkE|-fTLxzx(laua>Qdme=GRMF&Cr@P3@gp+u^eQZDHXC-k zJw0}zun;rxcs$+plsa}aIYMOMyP~k@7y_y3vNoHo-A!R3UCI2OvDAbJg@wq#*Q=IA z>SDakZX#VVJ6?4BhzvYBr4tbmQwj?a5i!-PZm77C$7FTR}d zloa&g7qc5dg1B+_auY@{2)S;YwoaGgKX#PRC=W$9^lm#M^3`&llsXKEh)YdQn{f4E!IS#yz13cW;Xlk?TgEghjuYw~Zr9ORo57 zf%=VXWmO*rz?I0u^T=|RdEEs?f!U8$Jw!PKa-C<#+C1V5xHIs-Z6{T zAi=Z7We=bBdplo0Y7jgdB-q;dVxya7U2Q8}W+#hM@=E72xAgK4c_SDk*wqtTg9Oh8 zF`~))wmdwu=i=#DOjq^Fa(Sn92>9`JwsP{drt2gkgUa>Wvgk^yj~!1fVryeQ`MJ>2 zQpn?5)-tUi!2VT_u<}g-AYTU%!x8tDb*xeNr7K2V}8?Qs+#NA z>34#^5$<2lwkOLH&r5Fa`493b$cL7eVLbHoTB`5zQCnIKTaw*OQ9t{C_5>>r7!(ya z!C6SY0Y#?!i0nok zeo|s=#Aqd}-!JzcZlrMYPIl%2t@W&)^fWvF>{nEefyS4YQR`mC-q*`;+kl{-fbH^; zgWy}WEN^;%oqMY&vH`7LY9HR8T-sf|=i=(F4tG_t^JO>7ru$fs?uKe$Pr;mwWI946r$IDl0?=o$I${arayvUDRQSHMpM^^2u*^vR%xa=SnE-YRYH? zxV7NQ2bhB`-E7NA!IE99+qIF}`4c(rEaTB<)=@RCcb}q0tB0bI=IezbP+ZhSH&D0r z?n$i*nET8&TrX{9(GON)+&-6|KDC_5>V*;+RIcB!=#0CN+X{j(%7bTImd~*RO+EsY zTv=e4ZOd6e*}OHB&09m@z*^=n+Cs^}M|(Ac$eHWK=Lbe~zn;quzRv?Np_5l+Qtv=d zDwbEmtflLjwIoR6t1GE|W>4>?0*lCibNzNhb*h-MAGp}EWjFrRtQ^CS_h2KLb9!1X zo=^6zL*B$$O#85o7moxJ3!_0A_SRo|eh;@5_|!)*`FP&V1-Ne*f~!}rt%ND_3)!(f zV|%CS+4E7y*-UwqOe~@Pt+&(b1&_Q)-Qn!&ogE`F!^ zBO=$2K^7KJJZ}^0$L(i+c{y_)sbJ#tl^i&G>7#4xq$-Scb140G1yAht!wr*JwP_Z< zRTY%auB4)3He1iQv%27{>um)&{nlD$R?MMtUL_TOUC#qQtD?BquWdbRM(n1tyn@Qv z<&>|gr?X4H3x2SMHSVp<{&p#)lPan8mr+%b{XXheo`=bkUSrwBQYQZ87QBJeG`zHw z^68aS&YQ!7n_%sd$+}=qWRS7MyZG(O)Q{AJ!(m!mTe)!I0>NOAu}hbx*Ezmn18%pQ zp+kp~o12Tn;ouXWk1==L(WAVLrA0y%AkPD_o2<%#rIN)$Y3z&x}iiw^nr zu1{AK79HQ{u~>{~G@8CyEEeMNxW+7`TaieFNF#A31ZKzC|@J9T`ejxmcuLu9}(ZCRv(!e+CjTM(%; z!_;y}d;n-Blw>3G+6s%sk`9Q}@#Szhu-onFzz~sZugkE=JgZB+kzFoVx&>jg+0t)% zodL>~=y*|H>ez9)T~=d2ha=sZ=U(|UYRH^Kks7~HP>2jHSx=o!y>UB^SBUghDiAV{vCJ_r1%}AAXNhO| uiJv(rnfbTla*=Fx41vzVK|vuhF#JFKQ!#Q~ Date: Wed, 20 Sep 2023 20:21:11 +0300 Subject: [PATCH 04/18] Change to incidentFetchInterval parameter (#1397) --- docs/integrations/fetching-incidents.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/fetching-incidents.md b/docs/integrations/fetching-incidents.md index 075c6f0fc..62e2d2582 100644 --- a/docs/integrations/fetching-incidents.md +++ b/docs/integrations/fetching-incidents.md @@ -14,7 +14,7 @@ This topic provides: ## fetch-incidents Command The ***fetch-incidents*** command is the function that Cortex XSOAR calls to import new incidents. It is triggered by the *Fetches incidents* parameter in the integration configuration. It is not necessary to configure the ***fetch-incidents*** command in the integration settings. -When you select the the *Fetch incidents* parameter in the integration configuration, you should also configure the *Incidents Fetch Interval* parameter. This controls how often the integration will perform a ***fetch_incidents*** command. The default is 1 minute. +When you select the *Fetch incidents* parameter in the integration configuration, you should also configure the *incidentFetchInterval* parameter (displayed as *Incidents Fetch Interval* in the integration configuration window). This controls how often the integration will perform a ***fetch_incidents*** command. The default is 1 minute. ![screen shot 2023-09-20](/doc_imgs/integrations/fetch-incidents.png) From 6cec5afaac8fe976040d3fd77724878a693c7c61 Mon Sep 17 00:00:00 2001 From: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Date: Tue, 3 Oct 2023 12:59:23 +0300 Subject: [PATCH 05/18] Playbook name - no special characters (#1400) * Playbook name - no special characters * Update docs/playbooks/playbook-conventions.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> --- docs/playbooks/playbook-conventions.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/playbooks/playbook-conventions.md b/docs/playbooks/playbook-conventions.md index 72931c5fe..4391edf7c 100644 --- a/docs/playbooks/playbook-conventions.md +++ b/docs/playbooks/playbook-conventions.md @@ -8,6 +8,11 @@ To keep playbook consistency, usability and readability, we've created some conv ## Wording ### Playbooks - Names are **T**itle **C**ase. + - The playbook name cannot contain the following special characters: + + Punctuation marks: ! " # $ % & ' ( ) * + , . / : ; < = > ? @ [ \ ] ^ ` { | } ~ + Symbols: © ® ™ ° µ ± ß + Formatting characters: ¶ § - Before specifying whether the playbook is generic or of a certain integration, add a dash (-). - Before adding "Test", add a (dash), but add it only at the very end of the name From 12e856958052814f91835bd59e8cf2ac777cce6f Mon Sep 17 00:00:00 2001 From: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:27:24 +0300 Subject: [PATCH 06/18] New topic in Pan Dev - Images in Doc Files (#1402) * New topic in Pan Dev - Images in Doc Files * Update sidebars.js * Update sidebars.js * Update readme_file.md * Update integration-description.md * Update sidebars.js --- .../images_in_documentation_files.md | 88 +++++++++++++++++++ docs/documentation/integration-description.md | 4 + docs/documentation/readme_file.md | 51 +---------- sidebars.js | 5 +- 4 files changed, 98 insertions(+), 50 deletions(-) create mode 100644 docs/documentation/images_in_documentation_files.md diff --git a/docs/documentation/images_in_documentation_files.md b/docs/documentation/images_in_documentation_files.md new file mode 100644 index 000000000..cf4798cd9 --- /dev/null +++ b/docs/documentation/images_in_documentation_files.md @@ -0,0 +1,88 @@ +--- +id: images_in_documentation_files +title: Images in Documentation Files +--- + + + +Images in documentation markdown files are divided into 2 different types: +- Images that appear in integration/script/playbook readmes. These images only appear in https://xsoar.pan.dev/. They do not appear in the Cortex XSOAR/XSIAM product UI. +- Images that appear in pack readmes and integration description files. These images appear in both https://xsoar.pan.dev/ and in the Cortex XSOAR/XSIAM product UI. + +## Integration/Script/Playbook Readme Images + +When creating markdown `README` documents for playbooks, integrations, or scripts that appear in https://xsoar.pan.dev/ only, you can use a relative or absolute URL. + +### Relative Image URLs for Integration/Script/Playbook Readmes +You can use relative URLs to documentation images stored in the `doc_files` or `doc_imgs` directories. To use relative URLs simply link the image using a relative path such as: +``` +![Setup Account](./../../doc_files/create-account.png) +``` + +Make sure to view the `README.md` file in GitHub's web interface and validate that the images display properly. + +**Documentation with Relative URL examples:** +* Google Calendar: https://github.com/demisto/content/blob/master/Packs/GoogleCalendar/Integrations/GoogleCalendar/README.md +* G Suite Admin: https://github.com/demisto/content/blob/master/Packs/GSuiteAdmin/Integrations/GSuiteAdmin/README.md + +### Absolute Image URLs for Integration/Script/Playbook Readmes + +To obtain an absolute URL to an image from GitHub: + +* Commit the image and push to GitHub. +* View the file in the GitHub web interface. +* Copy the URL from the `Download` button. +* Make sure the URL you are copying is not referring to a branch which will be deleted after the PR is merged. The URL should refer to a commit hash or the `master` branch. +* Note: if you click the `Download` button, GitHub will perform a redirect and the url in the browser will point to the domain: `raw.githubusercontent.com`. You may also use this URL as the absolute URL. + + +Embed the image in the README.md using a Markdown Image Link, such as: +``` +![Playbook Image](https://github.com/demisto/content/raw/2d6e082cfb181f823e5b1446ae71e10537591ea6/Packs/AutoFocus/doc_files/AutoFocusPolling.png) +``` +If you want more control on the image (for example setting width dimension) you can use the HTML `` tag, such as: + +``` + +``` +**Screenshot of `Download` button:** +![Github Download](/doc_imgs/integrations/github-download-button.png) + +**Absolute Image URL Examples:** +* URL to commit hash: https://github.com/demisto/content/raw/2d6e082cfb181f823e5b1446ae71e10537591ea6/Packs/AutoFocus/doc_files/AutoFocusPolling.png +* URL to `master` branch: https://github.com/demisto/content/raw/master/Packs/AutoFocus/doc_files/AutoFocusPolling.png +* URL after redirection (also valid): https://raw.githubusercontent.com/demisto/content/master/Packs/AutoFocus/doc_files/AutoFocusPolling.png + +:::note +To keep our main Content repo small we limit images to 2MB. For larger images, follow the instructions for [Videos](#videos) on how to store large media files in our [content-assets](https://github.com/demisto/content-assets) repository. +::: + +## Pack Readmes and Integration Description Files Images + +When creating a markdown pack `README` or an integration description file for XSOAR/XSIAM entities you must use an absolute URL. + +To obtain an absolute URL to an image from GitHub: + +* Commit the image and push to GitHub. +* View the file in the GitHub web interface. +* Copy the URL from the `Download` button. +* Make sure the URL you are copying is not referring to a branch which will be deleted after the PR is merged. The URL should refer to a commit hash or the `master` branch. +* Note: if you click the `Download` button, GitHub will perform a redirect and the url in the browser will point to the domain: `raw.githubusercontent.com`. You may also use this URL as the absolute URL. + + +Embed the image in the README.md using a Markdown Image Link, such as: +``` +![Playbook Image](https://github.com/demisto/content/raw/2d6e082cfb181f823e5b1446ae71e10537591ea6/Packs/AutoFocus/doc_files/AutoFocusPolling.png) +``` + +**Screenshot of `Download` button:** +![Github Download](/doc_imgs/integrations/github-download-button.png) + +**Absolute Image URL Examples:** +* URL to commit hash: https://github.com/demisto/content/raw/2d6e082cfb181f823e5b1446ae71e10537591ea6/Packs/AutoFocus/doc_files/AutoFocusPolling.png +* URL to `master` branch: https://github.com/demisto/content/raw/master/Packs/AutoFocus/doc_files/AutoFocusPolling.png +* URL after redirection (also valid): https://raw.githubusercontent.com/demisto/content/master/Packs/AutoFocus/doc_files/AutoFocusPolling.png + +:::note +To keep our main Content repo small we limit images to 2MB. For larger images, follow the instructions for [Videos](#videos) on how to store large media files in our [content-assets](https://github.com/demisto/content-assets) repository. +::: \ No newline at end of file diff --git a/docs/documentation/integration-description.md b/docs/documentation/integration-description.md index 044dc3fd7..cc2bc1d6a 100644 --- a/docs/documentation/integration-description.md +++ b/docs/documentation/integration-description.md @@ -34,6 +34,10 @@ The file's content can include troubleshooting tips and advanced details for dif This should not be confused with the integration README file, documented [here](../documentation/readme_file). ::: +## Images +Images can be added to your documentation files. For information, see [Images in Documentation Files](https://xsoar.pan.dev/docs/images_in_documentation_files). + + ## Example This is the contents of the `HelloWorld_description.md` file: ``` diff --git a/docs/documentation/readme_file.md b/docs/documentation/readme_file.md index c38acdc26..c57dca95e 100644 --- a/docs/documentation/readme_file.md +++ b/docs/documentation/readme_file.md @@ -60,59 +60,14 @@ demisto-sdk generate-docs -i Packs/Nmap/Integrations/NmapV2/NmapV2.yml --old-ver Though not advised, if you do not wish to create the version differences section in the documentation you can run the command with the `--skip-breaking-changes` flag. ## Images -Images in the documentation should be added to the relevant pack under a `doc_files` or `doc_imgs` directory. Images may be included with **absolute** or **relative** URLs. - -### Relative Image URLs -When creating Markdown `README` documents for XSOAR entities (Playbooks, Integrations, Scripts, etc.), you may use relative URLs to documentation images stored in the `doc_files` or `doc_imgs` directories. To use relative URLs simply link the image using a relative path such as: -``` -![Setup Account](./../../doc_files/create-account.png) -``` - -Make sure to view the `README.md` file in GitHub's web interface and validate that the images display properly. - -**Note**: Relative image URLs are not supported for [Pack `README`s](https://xsoar.pan.dev/docs/documentation/pack-docs). - -**Documentation with Relative URL examples:** -* Google Calendar: https://github.com/demisto/content/blob/master/Packs/GoogleCalendar/Integrations/GoogleCalendar/README.md -* G Suite Admin: https://github.com/demisto/content/blob/master/Packs/GSuiteAdmin/Integrations/GSuiteAdmin/README.md - -### Absolute Image URLs -To obtain an absolute URL to an image from GitHub: - -* Commit the image and push to GitHub. -* View the file in the GitHub web interface. -* Copy the URL from the `Download` button. -* Make sure the URL you are copying is not referring to a branch which will be deleted after the PR is merged. The URL should refer to a commit hash or the `master` branch. -* Note: if you click the `Download` button, GitHub will perform a redirect and the url in the browser will point to the domain: `raw.githubusercontent.com`. You may also use this URL as the absolute URL. - - -Embed the image in the README.md using a Markdown Image Link, such as: -``` -![Playbook Image](https://github.com/demisto/content/raw/2d6e082cfb181f823e5b1446ae71e10537591ea6/Packs/AutoFocus/doc_files/AutoFocusPolling.png) -``` -Or if you want more control on the image (for example setting width dimension) you can use the HTML `` tag, such as: - -``` - -``` -**Screenshot of `Download` button:** -![Github Download](/doc_imgs/integrations/github-download-button.png) - -**Absolute Image URL Examples:** -* URL to commit hash: https://github.com/demisto/content/raw/2d6e082cfb181f823e5b1446ae71e10537591ea6/Packs/AutoFocus/doc_files/AutoFocusPolling.png -* URL to `master` branch: https://github.com/demisto/content/raw/master/Packs/AutoFocus/doc_files/AutoFocusPolling.png -* URL after redirection (also valid): https://raw.githubusercontent.com/demisto/content/master/Packs/AutoFocus/doc_files/AutoFocusPolling.png - -:::note -To keep our main Content repo small we limit images to 2MB. For larger images, follow the instructions for [Videos](#videos) on how to store large media files in our [content-assets](https://github.com/demisto/content-assets) repository. -::: +Images can be added to your documentation files. For information, see [Images in Documentation Files](https://xsoar.pan.dev/docs/images_in_documentation_files). -## Videos +## Videhttps://xsoar.pan.dev/docs/documentation/readme_fileos A video can provide a great addition to the documentation either as a demo video or tutorial. The preferred video format is `mp4`. ### Videos Stored in GitHub -Because of their size and in order to keep our main Content repo small, we store large media files in a separate repository: [content-assets](https://github.com/demisto/content-assets). +Because of their size and in order to keep our main Content repo small, we store large media files in a separate repository: "documentation/images_in_documentation_files". To add the video file, open a pull request with the video file at [content-assets](https://github.com/demisto/content-assets/pulls) repository. The file should be placed in the directory: `Assets//`. diff --git a/sidebars.js b/sidebars.js index 19863b302..feaba023f 100644 --- a/sidebars.js +++ b/sidebars.js @@ -224,8 +224,9 @@ const sidebars = { "documentation/pack-docs", "documentation/release-notes", "documentation/readme_file", - "documentation/integration-description" - ] + "documentation/integration-description", + "documentation/images_in_documentation_files" + ] }, { type: "category", From 4e68e6ebf80c9f205b3e947aa1cde449b7eb606c Mon Sep 17 00:00:00 2001 From: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Date: Sun, 8 Oct 2023 09:05:43 +0300 Subject: [PATCH 07/18] Fix broken link (#1403) * Fix broken link * Update integration-description.md --- docs/documentation/integration-description.md | 2 +- docs/documentation/readme_file.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/documentation/integration-description.md b/docs/documentation/integration-description.md index cc2bc1d6a..5abce9e48 100644 --- a/docs/documentation/integration-description.md +++ b/docs/documentation/integration-description.md @@ -35,7 +35,7 @@ This should not be confused with the integration README file, documented [here]( ::: ## Images -Images can be added to your documentation files. For information, see [Images in Documentation Files](https://xsoar.pan.dev/docs/images_in_documentation_files). +Images can be added to your documentation files. For information, see [Images in Documentation Files](https://xsoar.pan.dev/docs/documentation/images_in_documentation_files). ## Example diff --git a/docs/documentation/readme_file.md b/docs/documentation/readme_file.md index c57dca95e..a9200d6e9 100644 --- a/docs/documentation/readme_file.md +++ b/docs/documentation/readme_file.md @@ -60,10 +60,10 @@ demisto-sdk generate-docs -i Packs/Nmap/Integrations/NmapV2/NmapV2.yml --old-ver Though not advised, if you do not wish to create the version differences section in the documentation you can run the command with the `--skip-breaking-changes` flag. ## Images -Images can be added to your documentation files. For information, see [Images in Documentation Files](https://xsoar.pan.dev/docs/images_in_documentation_files). +Images can be added to your documentation files. For information, see [Images in Documentation Files](https://xsoar.pan.dev/docs/documentation/images_in_documentation_files). -## Videhttps://xsoar.pan.dev/docs/documentation/readme_fileos +## Videos A video can provide a great addition to the documentation either as a demo video or tutorial. The preferred video format is `mp4`. ### Videos Stored in GitHub From cd47bed7217cf6f6bc60eeee5ff07fcf48bc4b1f Mon Sep 17 00:00:00 2001 From: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Date: Sun, 8 Oct 2023 16:07:44 +0300 Subject: [PATCH 08/18] Added SDK to Developer Docs Sidebar (#1404) --- sidebars.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sidebars.js b/sidebars.js index feaba023f..aa8c8a6b1 100644 --- a/sidebars.js +++ b/sidebars.js @@ -60,7 +60,8 @@ const sidebars = { "contributing/docs-contrib", "contributing/marketplace", "contributing/demo-prep", - "contributing/sla" + "contributing/sla", + "contributing/sdk" ] }, { From 6728892969e963771bf4d0c707ae4430d6cbe454 Mon Sep 17 00:00:00 2001 From: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Date: Tue, 24 Oct 2023 09:47:41 +0300 Subject: [PATCH 09/18] add supportlevelheader to docs (#1411) * add supportlevelheader to docs * Update docs/documentation/integration-description.md Co-authored-by: Judah Schwartz * Update docs/documentation/integration-description.md Co-authored-by: Judah Schwartz --------- Co-authored-by: Judah Schwartz --- docs/documentation/integration-description.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/documentation/integration-description.md b/docs/documentation/integration-description.md index 5abce9e48..af27454d5 100644 --- a/docs/documentation/integration-description.md +++ b/docs/documentation/integration-description.md @@ -60,3 +60,14 @@ The content of the description file will be displayed: Starting from version 6.1, the content of the description file is shown on the side of the configuration data: ![](/doc_imgs/integrations/integration-config-panel-61.png) + +### Support Level Header YML metadata key +The `supportlevelheader` key can be set to one of the following values to set the `support level header` in the content description. +* `xsoar` - The description would specify that PANW supports this integration. +* `partner` - The description would specify that this integration is partner supported and list the partner's contact information. +* `community` - The description would specify that this integration is community supported or list the pack's author. + +#### How To Set the Support Level Header YML metadata key +Open the yml of the integration in the same folder where the description file is located and add the `supportlevelheader` key with one of the `xsoar/partner/community` values. + +If this key is not set in the integration's yml, the support level header is set to the `support` key in the `pack_metadata.json`. \ No newline at end of file From 2395b0062c44381b7302b0bf644ab418f212b993 Mon Sep 17 00:00:00 2001 From: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Date: Sun, 29 Oct 2023 11:04:36 +0200 Subject: [PATCH 10/18] Update troubleshooting.md (#1414) --- .../extra-docs/articles/troubleshooting.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/content-repo/extra-docs/articles/troubleshooting.md b/content-repo/extra-docs/articles/troubleshooting.md index 04ef8d142..81b8ccb4c 100644 --- a/content-repo/extra-docs/articles/troubleshooting.md +++ b/content-repo/extra-docs/articles/troubleshooting.md @@ -231,6 +231,14 @@ For example for an integration instance name of: `Cortex_XDR_instance_1` run the !Cortex_XDR_instance_1-test-module debug-mode=true ``` +**Note:** +- If the instance name contains spaces, replace the space with an underscore (`_`). +- The "Do not use by default" checkbox should be unchecked on the integration instance you are testing. + +Screenshot of running a `test-module` command with `debug-mode=true` and the resulting log file (`test-module.log`): + +![test-module-debug](../../../docs/doc_imgs/reference/test-module-debug.png) + ### Fetch Incidents in `debug-mode` Starting with Cortex XSOAR 6.0 it is possible to run the fetch incidents command from the Cortex XSOAR CLI with `debug-mode=true`. This is done by issuing a command of the form: @@ -250,13 +258,6 @@ For example for an integration instance name of: `Cortex_XDR_instance_1` run the Screenshot of running a `fetch` command with `debug-mode=true` and the resulting log file (`fetch-incidents.log`): ![fetch-incidents-debug](../../../docs/doc_imgs/reference/fetch-incidents-debug.png) -**Note:** -- If the instance name contains spaces, replace the space with an underscore (`_`). -- The "Do not use by default" checkbox should be unchecked on the integration instance you are testing. - -Screenshot of running a `test-module` command with `debug-mode=true` and the resulting log file (`test-module.log`): - -![test-module-debug](../../../docs/doc_imgs/reference/test-module-debug.png) ## Integration Debug Logs :::caution Important Note From d2ddb0bc779d2859f9a968c674815c5e6272fc01 Mon Sep 17 00:00:00 2001 From: merit-maita <49760643+merit-maita@users.noreply.github.com> Date: Wed, 1 Nov 2023 13:03:44 +0200 Subject: [PATCH 11/18] removed references to xsoar version 6.2 from docs (#1415) * removed references to xsoar version 6.2 from docs * revert * revert --- content-repo/extra-docs/releases/22.2.0.md | 1 - docs/integrations/scheduled-commands.md | 2 -- docs/playbooks/generic-polling.md | 2 +- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/content-repo/extra-docs/releases/22.2.0.md b/content-repo/extra-docs/releases/22.2.0.md index d4a9f0690..bd31208b8 100644 --- a/content-repo/extra-docs/releases/22.2.0.md +++ b/content-repo/extra-docs/releases/22.2.0.md @@ -160,7 +160,6 @@ Maps incoming Trend Micro Vision One alerts. Trend Micro Vision One is a threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. It provides deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks. Trend Micro Vision One prevents the majority of attacks with automated protection. #### Layouts **Trend Micro Vision One XDR Incident** -(Available from Cortex XSOAR 6.2.0) --- diff --git a/docs/integrations/scheduled-commands.md b/docs/integrations/scheduled-commands.md index 4624244e9..d821f7803 100644 --- a/docs/integrations/scheduled-commands.md +++ b/docs/integrations/scheduled-commands.md @@ -3,8 +3,6 @@ id: scheduled-commands title: Scheduled Commands --- -### Available from Cortex XSOAR version 6.2.0 and later. - A command can schedule the future execution of another command. diff --git a/docs/playbooks/generic-polling.md b/docs/playbooks/generic-polling.md index a0a4ef13f..42be36a23 100644 --- a/docs/playbooks/generic-polling.md +++ b/docs/playbooks/generic-polling.md @@ -7,7 +7,7 @@ In some cases, when working with 3rd party software (detonation, scan, search, e Due to hardware limitations, you can not achieve this via integrations or automations. The `GenericPolling` playbook, however, enables you to pause a playbook and resume execution after a remote host finishes a process. -* Starting in Cortex XSOAR version 6.2.0, you can implement polling in integrations and automations via [Scheduled Commands](./../integrations/scheduled-commands). +* You can implement polling in integrations and automations via [Scheduled Commands](./../integrations/scheduled-commands). ## What it does The playbook periodically polls the status of a process being executed on a remote host. When the host returns that the process execution is done, the playbook finishes execution. From 96963c7a023d70717fa2337a2d2036c5e96ec020 Mon Sep 17 00:00:00 2001 From: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com> Date: Wed, 1 Nov 2023 15:24:08 +0200 Subject: [PATCH 12/18] Update content-management.md (#1416) --- content-repo/extra-docs/packs/content-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content-repo/extra-docs/packs/content-management.md b/content-repo/extra-docs/packs/content-management.md index 644d3d921..c96bb9d3d 100644 --- a/content-repo/extra-docs/packs/content-management.md +++ b/content-repo/extra-docs/packs/content-management.md @@ -84,7 +84,7 @@ For general information about the CI/CD process, see [CI/CD FAQs](#cicd-faqs). | `config.yml` | The CI/CD configuration file (in the `.github\workflows` folder), which validates the content pack, creates an ID set, runs tests, etc. When you want to deploy your content, you need to update the file with your repository and whether you want to use an artifact server. For more information, see Configure the config.yml file in [Deployment](#deployment). | | `pre-commit` | Within the `.hooks` folder, the pre-commit file uses the Git rebase interactive tool for manual control of your history revision process. | | `.vscode` | Used when using VSC as your IDE. | - | `build_related_scripts` | Contains the CI/CD scripts. The `build_related_scripts/bucket_upload.py` script enables you to upload to Google Cloud Storage (artifact server). Before deploying your content, you need to update the name of the bucket list when uploading the Google Cloud Storage. For more information, see Configure the the bucket_upload.py file in [Deployment](#deployment).
**NOTE**: If using another storage application such AWS, you need to replace Google Cloud Storage. Contact Customer Support to assist with this.
The `get_modified_packs.py` script enables you to get the latest version of the content pack before merging. | + | `build_related_scripts` | Contains the CI/CD scripts. The `build_related_scripts/bucket_upload.py` script enables you to upload to Google Cloud Storage (artifact server) and the `build_related_scripts/bucket_upload_aws.py` script enables you to upload to AWS s3. Before deploying your content, you need to update the name of the bucket list when uploading the Google Cloud Storage. For more information, see Configure the the bucket_upload.py file in [Deployment](#deployment).
The `get_modified_packs.py` script enables you to get the latest version of the content pack before merging. | | `dev_envs/pytest`| A folder that contains the `conftest.py`, which validates python files. | | `.demisto-sdk-conf`| The custom configuration file for the `demisto-sdk` commands. For more information, see [Setting a preset custom command configuration](https://xsoar.pan.dev/docs/concepts/demisto-sdk#setting-a-preset-custom-command-configuration). | | `.gitignore` | Specifies intentionally untracked files that Git should ignore. | From 08b227d65a563afb4993fd18bbc6918fc76d7625 Mon Sep 17 00:00:00 2001 From: OmriItzhak <115150792+OmriItzhak@users.noreply.github.com> Date: Mon, 6 Nov 2023 17:21:36 +0200 Subject: [PATCH 13/18] article - add cortex xdr lite incident handling (#1417) * article - add cortex xdr lite incident handling * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix after review * layout * layout * fix after review --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --- ...cortex-xdr---investigation-and-response.md | 63 ++++++++++++------- 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/content-repo/extra-docs/packs/palo-alto-networks-cortex-xdr---investigation-and-response.md b/content-repo/extra-docs/packs/palo-alto-networks-cortex-xdr---investigation-and-response.md index d48ad905a..5ab286918 100644 --- a/content-repo/extra-docs/packs/palo-alto-networks-cortex-xdr---investigation-and-response.md +++ b/content-repo/extra-docs/packs/palo-alto-networks-cortex-xdr---investigation-and-response.md @@ -19,14 +19,32 @@ The playbooks included in this pack help you save time and keep your incidents i - Remediates the incident by blocking malicious indicators and isolating infected endpoints. The Palo Alto Networks Cortex XDR - Investigation and Response pack enables the following flows: +- [Lite Incident Handling](#lite-incident-handling) - A lite playbook for handling Palo Alto Networks Cortex XDR incidents, which encompasses incident enrichment, investigation, and response for each incident. - [Device Control Violations](#device-control-violations) - Fetch device control violations from XDR and communicate with the user to determine the reason the device was connected. - [XDR Incident Handling](#xdr-incident-handling) - Compare incidents in Palo Alto Networks Cortex XDR and Cortex XSOAR, and update the incidents appropriately. -- [AWS IAM User Access Investigation](#aws-iam-user-access-investigation) - Investigates and responds to Cortex XDR Cloud alerts where an AWS IAM user's access key is used suspiciously to access the cloud environment. +- [Cloud IAM User Access Investigation](#cloud-iam-user-access-investigation) - Investigates and responds to Cortex XDR Cloud alerts where an Cloud IAM user's access key is used suspiciously to access the cloud environment. - [Cortex XDR - Cloud Cryptomining](#Cortex_XDR_-_Cloud_Cryptomining) - Investigates and responds to Cortex XDR XCloud Cryptomining alerts. The playbook Supports AWS, Azure and GCP. +## Lite Incident Handling +This playbook is a lite default playbook to handle XDR incidents, and it doesn't require additional integrations to run. +The [Palo Alto Networks Cortex XDR - Investigation and Response](#palo-alto-networks-cortex-XDR---investigation-and-response) integration fetches Cortex XDR incidents and runs the [Cortex XDR Lite - Incident Handling](#cortex-xdr-lite---incident-handling) playbook. - +First, the playbook runs the ***xdr-get-incident-extra-data*** command to retrieve data fields of the specific incident including a list of alerts with multiple events, alerts, and key artifacts. + +Then, the playbook uses the [Entity Enrichment Generic v3](https://xsoar.pan.dev/docs/reference/playbooks/entity-enrichment---generic-v3) sub-playbook which takes all the entities in the incidents and enriches them with the available products in the environment. + +In the investigation phase, the playbook uses the [Command-Line Analysis](https://xsoar.pan.dev/docs/reference/playbooks/command-line-analysis) sub-playbook to analyze the command line if it exists to determine whether the command line usage was malicious or suspicious. + +The playbook also uses the [Cortex XDR - Get entity alerts by MITRE tactics](https://xsoar.pan.dev/docs/reference/playbooks/get-entity-alerts-by-mitre-tactics) sub-playbook to search for alerts related to the endpoint and to the username from Cortex XDR, on a given timeframe, based on MITRE tactics. + +Based on the enrichment and the investigation results, the playbook sets the verdict of the incident. Whether the incident verdict is not malicious, the analyst decides whether the incident verdict is malicious or benign. + +Whether the verdict is set to malicious by the playbook or by the analyst's decision the playbook will perform remediation actions by isolating the endpoint and blocking all the indicators that were extracted from the incident either manually or automatically using the [Block Indicators - Generic v3](https://xsoar.pan.dev/docs/reference/playbooks/block-indicators---generic-v3) sub-playbook. After the remediation stage, the playbook will close the incident. + +If the verdict is set to benign, the playbook will close the incident. + +As part of this playbook, you'll receive a comprehensive layout that presents incident details, analysis, investigation findings, and the final verdict. Additionally, the layout offers convenient remediation buttons for quicker manual actions. ## Device Control Violations If a user connects an unauthorized device to the corporate network, such as a USB dongle or a portable hard disk drive, the connection creates an event in Cortex XDR. @@ -44,7 +62,9 @@ All collected data is displayed in the XDR device control incident layout. ### XDR Incident Handling -The [Palo Alto Networks Cortex XDR - Investigation and Response](#palo-alto-networks-cortex-XDR---investigation-and-response) integration fetches Cortex XDR incidents and runs the [Cortex XDR incident handling v3](#cortex-xdr-incident-handling-v3) playbook. The playbook runs the ***xdr-get-incident-extra-data*** command to retrieve data fields of the specific incident including a list of alerts with multiple events, alerts, and key artifacts. +The [Palo Alto Networks Cortex XDR - Investigation and Response](#palo-alto-networks-cortex-XDR---investigation-and-response) integration fetches Cortex XDR incidents and runs the [Cortex XDR incident handling v3](#cortex-xdr-incident-handling-v3) playbook. This playbook will be triggered by fetching a Palo Alto Networks Cortex XDR incident, but only if the classifier is set to 'Cortex XDR - Classifier' and the incident type is left empty during the integration configuration. + +The playbook runs the ***xdr-get-incident-extra-data*** command to retrieve data fields of the specific incident including a list of alerts with multiple events, alerts, and key artifacts. The playbook then searches for similar incidents in Cortex XSOAR to link to the current incident. If a similar incident is found, the analyst will be asked whether to close the current incident as a duplicate since there is an older incident already being handled. The analyst will review the linked incident and decide if the incident should be resolved and closed as a duplicate incident. @@ -69,36 +89,28 @@ After the remediation, if there are no new alerts, the playbook stops the alert ### Syn Indicators between Cortex XSOAR and Cortex XDR The [Cortex XDR - IOCs](https://xsoar.pan.dev/docs/reference/integrations/cortex-xdr---ioc) feed integration syncs indicators between Cortex XSOAR and Cortex XDR. The integration syncs indicators according to the defined fetch interval. At each interval, the integration pushes new and modified indicators defined in the Sync Query from Cortex XSOAR to Cortex XDR. Additionally, the integration checks if there are manual modifications of indicators on Cortex XDR and syncs back to Cortex XSOAR. Once per day, the integration performs a complete sync which also removes indicators that have been deleted or expired in Cortex XSOAR, from Cortex XDR. -## AWS IAM User Access Investigation -The [AWS IAM user access investigation](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr---aws-iam-user-access-investigation) playbook investigates and responds to Cortex XDR Cloud alerts where an AWS IAM user's access key is used suspiciously to access the cloud environment. +## Cloud IAM User Access Investigation +The [Cloud IAM user access investigation](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr---cloud-iam-user-access-investigation) playbook investigates and responds to Cortex XDR Cloud alerts where an Cloud IAM user's access key is used suspiciously to access the cloud environment. The playbook fetches data from the incident and then retrieves additional cloud alert data that was not available in the incident. It then checks if the alerts are one of the following XCLOUD supported alerts: - Penetration testing tool attempt - Penetration testing tool activity -- Suspicious API call from a Tor exit node. +- Suspicious API call from a Tor exit node If the alert is not one of the supported alerts, the playbook ends. Otherwise, the incident type is set to XCLOUD and the playbook starts to collect additional information pertaining to the alert. First the source IP addresses are enriched. These are the IP addresses that are used to connect to the environment. -Then the playbook enriches information about the user who connected to the environment through the AWS IAM integration using the [AWS IAM - User enrichment](https://xsoar.pan.dev/docs/reference/playbooks/aws-iam---user-enrichment) sub-playbook. The sub-playbook lists the user access keys and retrieves information about the IAM user, including the user's creation date, path, unique ID, and ARN. From this, it can be seen if these user keys are active and the analyst can block these keys later in the investigation if they are causing malicious activities. - +Then the playbook enriches information about the user who connected to the environment through the relevant IAM integration using the [Cloud IAM Enrichment - Generic](https://xsoar.pan.dev/docs/reference/playbooks/cloud-iam-enrichment---generic) sub-playbook. The sub-playbook lists the user access keys and retrieves information about the IAM user, including the user's creation date, path, unique ID, and ARN. From this, it can be seen if these user keys are active and the analyst can block these keys later in the investigation if they are causing malicious activities. -Then the playbook validates that the access key type is AKIA (which marks this as a user key). If the access key is AKIA, queries are run to retrieve the last 100 API calls made with the access key and retrieve actions performed by the user in the last 7 days. This information shows who made the call, and provides information about the IP address and data about which user was used in the request, what operation was performed, the status of the operation and on what resource it was executed. - -Now the investigation starts. -First the playbook checks if there were new IP addresses that were found on the XQL queries that did not appear in the original alert and enriches them. -Then the analyst manually reviews the results of the XQL queries from the previous steps to determine if this is a true positive event. The analyst investigates the operations performed by the access key and the user. The analyst examines the executed operations, by who it was executed, on which resource, and the operation status. +Based on the enrichment and the analysis results, the playbooks sets the verdict of the incident. If malicious indicators are found, the playbook takes action using [Cloud Response - Generic](https://xsoar.pan.dev/docs/reference/playbooks/cloud-response---generic) sub-playbook. +If the verdict not determined, it lets the analyst decide whether to continue to the remediation stage or close the investigation. The analyst looks at any persistence, for example, a new user or key creation or for any lateral movement operations. For example, an operation can be = AsumeRole. As an extra validation step, it is recommended to query the user and/or the user’s manager regarding the investigated suspicious activity. Based on this investigation, the analyst manually decides if the alert is a false or true positive. If false, the playbook ends. -Otherwise the remediation steps begin -The IP address is checked to see if it is a Tor IP. If it is not a Tor IP, the IP is blocked (either manually or automatically) and the analyst can tag the indicator for EDL. -The compromised IAM access keys are deactivated. -The analyst manually checks if the user has an AWS login profile and deletes it. ## Cortex XDR - Cloud Cryptomining @@ -394,6 +406,14 @@ The collected data generates a CSV report, including a detailed list of the disc The report will be sent to email addresses provided in the playbook input. The playbook includes an incident type with a dedicated layout to visualize the collected data. +#### [Cortex XDR Lite - Incident Handling](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr-lite---incident-handling) +This playbook is a lite default playbook to handle XDR incidents, and it doesn't require additional integrations to run. +The playbook is triggered by fetching a Palo Alto Networks Cortex XDR incident. +First, The playbook performs enrichment on the incident’s indicators. +Then, the playbook performs investigation and analysis on the command line and search for related Cortex XDR alerts by Mitre tactics to identify malicious activity performed on the endpoint and by the user. +Based on the enrichment and the investigation results, the playbooks sets the verdict of the incident. If malicious indicators are found, the playbook takes action to block these indicators and isolate the affected endpoint to prevent further damage or the spread of threats. +If the verdict not determined, it lets the analyst decide whether to continue to the remediation stage or close the investigation as benign. +As part of this playbook, you'll receive a comprehensive layout that presents incident details, analysis, investigation findings, and the final verdict. Additionally, the layout offers convenient remediation buttons for quicker manual actions. #### [Cortex XDR Incident Handling](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr-incident-handling) This playbook is triggered by fetching a Palo Alto Networks Cortex XDR incident. @@ -409,7 +429,7 @@ Based on the severity, it lets the analyst decide whether to continue to the rem After the remediation, if there are no new alerts, the playbook stops the alert sync and closes the XDR incident and investigation. #### [Cortex XDR incident handling v3](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr-incident-handling-v3) -This playbook is triggered by fetching a Palo Alto Networks Cortex XDR incident. +This playbook is triggered by fetching a Palo Alto Networks Cortex XDR incident, but only if the classifier is set to 'Cortex XDR - Classifier' and the incident type is left empty during the integration configuration. The playbook syncs and updates new XDR alerts that construct the incident and triggers a sub-playbook to handle each alert by type. Then, the playbook performs enrichment on the incident’s indicators and hunts for related IOCs. Based on the severity, it lets the analyst decide whether to continue to the remediation stage or close the investigation as a false positive. @@ -442,11 +462,10 @@ Executes specified shell commands. Kills the specified process. +#### [Cortex XDR - Cloud IAM user access investigation](https://xsoar.pan.dev/docs/reference/playbooks/cloud-iam-user-access-investigation) +Investigates and responds to Cortex XDR Cloud alerts where an Cloud IAM user`s access key is used suspiciously to access the cloud environment. -#### [Cortex XDR - AWS IAM user access investigation](https://xsoar.pan.dev/docs/reference/playbooks/cortex-xdr---aws-iam-user-access-investigation) -Investigates and responds to Cortex XDR Cloud alerts where an AWS IAM user`s access key is used suspiciously to access the cloud environment. - -The following alerts are supported for AWS environments: +The following alerts are supported for all cloud environments: - Penetration testing tool attempt - Penetration testing tool activity - Suspicious API call from a Tor exit node From e07feba58af8e8590972c5e039fb8dfecfae19ea Mon Sep 17 00:00:00 2001 From: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Date: Sun, 12 Nov 2023 12:28:41 +0200 Subject: [PATCH 14/18] updated docs (#1418) * updated docs * Apply suggestions from code review * Update content-repo/extra-docs/articles/microsoft-auth-guide.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --- content-repo/extra-docs/articles/microsoft-auth-guide.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/content-repo/extra-docs/articles/microsoft-auth-guide.md b/content-repo/extra-docs/articles/microsoft-auth-guide.md index f3ee8943c..14170296b 100644 --- a/content-repo/extra-docs/articles/microsoft-auth-guide.md +++ b/content-repo/extra-docs/articles/microsoft-auth-guide.md @@ -76,13 +76,14 @@ Alternatively, instead of providing the *Client Secret*, you can authenticate us * Private Key - The private key of the registered certificate -### Authorize on Behalf of a User +### Authorization Code flow Some Cortex XSOAR-Microsoft integrations (e.g., Microsoft Graph Mail Single User) require authorization on behalf of a user (not admin consent). For more information about this authorization flow, refer to the [authorization code flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow). To configure a Microsoft integration that uses this authorization flow with a self-deployed Azure application: 1. Make sure the needed permissions are granted for the app registration, e.g., for Microsoft Graph User: API/Permission name `Directory.AccessAsUser.All` of type `Delegated`. -2. The Redirect URI can direct any web application that you wish to receive responses from Azure AD. If you are not sure what to set, you can use `https://localhost`. +2. In your app. click **Authentication** > **Platform configurations** > **Add a platform.** Choose **Web** and add [Redirect URI](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-a-redirect-uri). +The Redirect URI can direct any web application that you wish to receive responses from Azure AD. If you are not sure what to set, you can use `https://localhost`. 3. Enter your client ID in the *ID* parameter field. 4. Enter your client secret in the *Key* parameter field. 5. Enter your tenant ID in the *Token* parameter field. From 4b5c434354d89aa51bc3c399e2a7a191eb07a808 Mon Sep 17 00:00:00 2001 From: Judah Schwartz Date: Tue, 21 Nov 2023 09:27:21 +0200 Subject: [PATCH 15/18] Use correct key for Contents (#1408) (#1420) Co-authored-by: Mika Luhta <12100880+mluhta@users.noreply.github.com> --- docs/integrations/code-conventions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/code-conventions.md b/docs/integrations/code-conventions.md index 62207fb61..a16ae70ad 100644 --- a/docs/integrations/code-conventions.md +++ b/docs/integrations/code-conventions.md @@ -1029,7 +1029,7 @@ demisto.results( { 'Type': EntryType.NOTE, 'ContentsFormat': EntryFormat.TEXT, - 'Content': res, + 'Contents': res, 'HumanReadable': 'Submitted file is being analyzed.', 'ReadableContentsFormat': EntryFormat.MARKDOWN, 'EntryContext': entry_context, From fa98b947fdb4a7598c17f503e62c2ea81ca60f92 Mon Sep 17 00:00:00 2001 From: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Date: Tue, 21 Nov 2023 10:44:02 +0200 Subject: [PATCH 16/18] updated docs (#1419) --- content-repo/extra-docs/articles/microsoft-auth-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content-repo/extra-docs/articles/microsoft-auth-guide.md b/content-repo/extra-docs/articles/microsoft-auth-guide.md index 14170296b..2ca3f762f 100644 --- a/content-repo/extra-docs/articles/microsoft-auth-guide.md +++ b/content-repo/extra-docs/articles/microsoft-auth-guide.md @@ -249,7 +249,7 @@ After you a redirected to the next page, in the **Overview** tab you will find y | Azure Active Directory Identity And Access | yes | yes - support both client secret and certificate | yes | no | yes | no | | Microsoft Graph Mail Single User | yes | no | no | yes | yes | no | | O365 Outlook Mail | yes | yes - support both client secret and certificate | no | no | yes | yes - self-deployment only | -| Microsoft Graph Security | yes | yes - support both client secret and certificate | no | no | yes | no | +| Microsoft Graph Security | yes | yes - support both client secret and certificate | no | yes | yes | no | | Microsoft Graph User | yes | yes - support both client secret and certificate | no | yes | yes | no | | Microsoft Management Activity API (O365 Azure Events) | yes | no | no | yes | yes | no | | Microsoft Teams | no | yes | no | yes | no | no | From bf37ab0c22df1af0396318d54f6152a8cc4f882d Mon Sep 17 00:00:00 2001 From: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Date: Tue, 21 Nov 2023 13:03:50 +0200 Subject: [PATCH 17/18] Splunk add-on fix typo (#1421) --- content-repo/extra-docs/articles/splunk-add-on.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content-repo/extra-docs/articles/splunk-add-on.md b/content-repo/extra-docs/articles/splunk-add-on.md index 807acff59..5c2882e81 100644 --- a/content-repo/extra-docs/articles/splunk-add-on.md +++ b/content-repo/extra-docs/articles/splunk-add-on.md @@ -46,7 +46,7 @@ In order to use the add-on and create incidents in XSOAR, you must complete the * Additional Settings (optional): * If you have an SSL certificate, provide its full path under the **"Location to Certificate"** field. By default, **"Validate SSL"** is enabled. - * If you would like to extend the incident creatiin request timeout, provide the desired timeout under the "Timeout Value" field. + * If you would like to extend the incident creation request timeout, provide the desired timeout under the "Timeout Value" field. By default, timeout value is 10 seconds. ![splunk-add-on-config.png](../../../docs/doc_imgs/reference/splunk-add-on-config.png) From 45607ed696ebe8b38fb288385cdb3ea5a8f0aece Mon Sep 17 00:00:00 2001 From: Anar Azadaliyev Date: Tue, 21 Nov 2023 14:52:24 +0200 Subject: [PATCH 18/18] Update collectors.md (#1412) * Update collectors.md * Update collectors.md --- docs/integrations/collectors.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/integrations/collectors.md b/docs/integrations/collectors.md index 867f0109e..488af356d 100644 --- a/docs/integrations/collectors.md +++ b/docs/integrations/collectors.md @@ -30,7 +30,7 @@ marketplaces: ## Commands Every Collection integration will at minimum support these three commands: - `test-module` - this is the command that is run when the `Test` button in the configuration panel of an integration is clicked. -- `-get-events` - where `` is replaced by the name of the Product or Vendor source providing the events. So for example, if you were developing a Collection integration for Microsoft Intune, this command might be called `msintune-get-indicators`. This command should fetch a limited number of events from the external source and display them in the war room. +- `-get-events` - where `` is replaced by the name of the Product or Vendor source providing the events. So for example, if you were developing a Collection integration for Microsoft Intune, this command might be called `msintune-get-events`. This command should fetch a limited number of events from the external source and display them in the war room. - `fetch-events` - this command will initiate a request to the external product chosen endpoint(s) using the relevant chosen params, and send the fetched events to the XSIAM database. If the integration instance is configured to `Fetch evnts`, then this is the command that will be executed at the specified `Events Fetch Interval`. ## API Command: send_events_to_xsiam() @@ -67,6 +67,7 @@ def main(): Notice: - You should always path the `events` to the `send_events_to_xsiam()` function, also in cases when no events were fetched. This is important as the `send_events_to_xsiam()` function also updates the UI for the number of events fetched which could also be 0. Don't be troubled, in such cases the empty data will not be sent forward to the DataBase. - In the given example we assume the events are **not** in a `cef` or `leef` formats and therefore the `data_format` argument is not used. +- `send_events_to_xsiam()` function will work only if the integration is a system integration. The function will fail if it will be called from a custom integration. Fore more info on the `send_events_to_xsiam()` function visit the [API reference](https://xsoar.pan.dev/docs/reference/api/common-server-python#send_events_to_xsiam).